Posted on 04/03/2004 1:24:42 PM PST by Swordmaker
To many Mac users, the recent news report of an Apple OS X security vulnerability seemed like an anomaly. While Windows users are greeted almost weekly with a new virus or worm, OS X users tend to view their systems as impervious to such concerns.
The steady stream of Windows bugs is a phenomenon far removed from their computing experience -- or so it seems. But the late February security report cast Apple in a new light.
Chris Adams, a systems administrator in San Diego, discovered a flaw in the Apple Filing Protocol (AFP), a tool in OS X 10.3, code-named "Panther." AFP enables a secure connection using the secure shell (SSH) protocol. The flaw is in AFP's warning mechanism: Users may request a secure connection, but Panther will not warn users if the connection is in fact not a secure one. So, a user may send sensitive information -- like passwords -- on an insecure connection, not knowing that they are using an easily hacked protocol.
In short, the flaw is similar to a host of Windows flaws, suggesting that the concept of Apple invulnerability may be closer to myth than fact. That said, What is the big picture when it comes to Apple security? Is OS X safe enough to be a viable contender for running public Web sites and general enterprise applications?
Peer Review
Apple's OS X is based on Berkley secure distribution (BSD), a Unix variant. OS X is "a version of Unix, with an Apple personality on top of it," IDC analyst Dan Kusnetzky told NewsFactor.
That could be the source of some security vulnerabilities for OS X. Because the Unix code has been public for so long, hackers are well positioned to exploit its weaknesses. Indeed, the existing hacks of OS X, for the most part, have been adaptations of Unix hacks, noted Gartner analyst Ray Wagner, though he pointed out that such attacks have been rare.
Yet, Wagner is in the camp with those who believe just the opposite about OS X: "The more eyes that look at code, the more chances that vulnerabilities will be caught and fixed by the good guys," he told NewsFactor. "It's not possible for one person to write an operating system, so I can't get the most security-conscious person on earth to go and write an OS -- it has to be done by a team, and the more peer review, the better."
"Any security issues that have come up in the version of BSD upon which [Apple] based their efforts would also very likely be in the Apple product," Kusnetzky said, but he said that he had not heard of such hacks.
OS X's Unix underpinnings mean it is "probably far more secure" than earlier Mac OSes, Jupiter analyst Michael Gartenberg told NewsFactor. "Previous Mac OSes were not overly robust in terms of withstanding attacks. If you tried to attack a system 7 Mac in its heyday, it would probably have crashed before you got into it."
The Network Age
One of the chief security problems facing Microsoft, experts say, is that it was created prior to the age of the Internet. Before mass public networking, code was not exposed to the amount and sophistication of attacks that today's networked software is. Although many recent Windows OSes are post-Internet, "there's still a legacy code base," Wagner noted.
Code developed after the rise of the Internet is built with that environment in mind. "Certainly, OS X falls into this category," Wagner said.
"So you've got newer operating systems designed with the best principles of the mid '90s as opposed to the mid '80s," he said. "People thought about security more -- they designed thinking about security more from a ground up perspective."
In contrast to OS X, earlier Mac OSes were built when "connected computing meant hooking six computers together via AppleTalk to a laser writer," Gartenberg said. "You're clearly talking far more overall security than any previous effort."
Security Through Obscurity
If Windows-based enterprises were to use non-Windows systems -- like OS X -- on at least certain hardware in their system, they would gain "security through obscurity," Wagner suggests.
"Maintaining some corporate users on non-Windows desktops offers a huge advantage, in terms of attack avoidance, because the most popular target for virus and worm writers will always be the consumer desktop," he says in a security report.
As Gartenberg notes, "The fact that Apple is not in as many hands as Windows means there are fewer people trying to exploit those vulnerabilities in the marketplace."
There is "no question" that its low profile is the biggest factor behind the low amount of attacks on the OS, Wagner said, also pointing out that Apple tends to inspire less animosity in the hacker community than Windows.
This low profile alone does not make OS X a safe bet for corporate Web sites. "If Windows with its known vulnerabilities has proven good enough for corporate use, OS X is certainly as good as that standard, if not better in certain ways," Gartenberg said
| Rank | Location | Receipts | Donors/Avg | Freepers/Avg | Monthlies | |||
|---|---|---|---|---|---|---|---|---|
| 22 | Arizona | 185.00 |
5 |
37.00 |
|
|
145.50 |
12 |
Thanks for donating to Free Republic!
Move your locale up the leaderboard!
Yeah, thats right, not daily.
In other words "Shhhhh". Keep your market penetration below 10% and you'll be safer. I've never understood MAC evangelicals - the very insignificance of MAC's market share is your protection.
Windows has more virus and hacker problems because there are so few Macs out there. They hackers are not going to waste their time writing a virus to go after 5% of the computer population.
As for the myth that Macs never crash, my work computer can put that to rest right now. It crashes about once a day while the very few PC problems I've ever had were caused by a hardware problem, not an OS problem.
I'm already on the Moonies and JW's do-not-call list. What's another cult.
Running XP for the last year. Now when I have problems I call a guy to run me through the protocols and such. Pay him if necessary, sometimes just free over the phone.
I'm not a tech person. I'm a computer user who doesn't know protocols or the various elements of system software. I just want a computer that works.
In the next year I will buy a new computer. It will be a Mac.
Part of the protection. The rest is a more robust OS that's both new and has a core with years of peer review. If you look at it realistically, if you decided to get Macs for your business to avoid viruses and attacks (even if it were as buggy as Windows), that is still an advantage. Mac will never gain enough marketshare to be a good target before those machines amortize. You've just saved yourself years of grief on the popularity aspect alone.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.