Let me know if you want to be 1 or 0. (That's ON or OFF, for those who are not binary-compliant)
A well written, factual article... a rarity on the topic of IT Security.
Posted on 06/08/2005 5:33:33 PM PDT by Swordmaker
Apple Computer's switch to Intel chips is no reason to raise the security alarm, experts say.
Yes, Macs will have the same hardware at their core as Windows PCs, but it is the operating system, not the hardware, that has made those Microsoft-based computers vulnerable to attacks, analysts and security researchers said.
"Mac OS has generally a better track record and reputation than Windows for security. I don't think taking Mac OS to Intel silicon would change the robustness of the operating system," said Dana Gardner, a senior analyst at research firm the Yankee Group.
The Mac OS enjoys a reputation as a secure operating system, with far fewer flaws than Windows. So far, it has largely been immune to the worms and viruses that have hit Microsoft-based systems. That is unlikely to change with the shift announced Monday from niche Power PC processors to mainstream Intel hardware.
Theoretically, though, it is possible that security flaws in lower-level system software could be used to attack both Windows and Mac computers, several security experts said. However, such attacks, for example on the system BIOS, are rare. Furthermore, it is not known if Apple will use the same low-level software common in Windows PCs, the experts said.
Another unknown is to what level Intel will customize its chip products for Apple.
"The fact that Macs are running the same processors as Windows PCs may mean that some code can be executed on both platforms," said Russ Cooper, a senior scientist at security provider Cybertrust of Herndon, Va. "But I don't think that virus writers are writing at that level, so it is probably not going to have any security implications."
Soft target
Most attacks target operating system, application and networking vulnerabilities, said Chris Christiansen, an analyst at IDC. "Threats are not written to the silicon, because it is too hard," he said.
BIOS-level exploits exist, but those are rare and well-defended against, Christiansen said. BIOS, or basic input/output system, is software that links the hardware to the operating system.
BIOS attacks are one example of possible security problems. Intel chips could also expose Macs to such issues as the hyperthreading flaw. This recently reported vulnerability in the Intel processor technology could allow a local hacker to steal sensitive information held on servers configured to allow multiple users to log in simultaneously, according to the security researcher who discovered the flaw.
"Theoretically, it is possible," said IDC's Christiansen. "But I think it is an awfully skinny theory."
Still, the move to Intel could make it easier for hackers to develop an exploit to target both systems, said Gerhard Eschelbeck, chief technology officer at Qualys, a Redwood Shores, Calif.-based vulnerability management company.
Ken Dunham, director of malicious code at iDefense, a security intelligence company in Reston, Va., disagreed. "Because of a chip change, there does not appear to be any significant malicious code implications for the operating system," he said.
While the hardware shift itself may not lead to major security issues, its side effects raise some concerns. Apple's products on Intel may become cheaper and more popular, which would make the Mac OS a bigger target, experts said.
Also, Mac applications have to be rewritten to run on the new hardware. Software makers will have to watch out for sloppy coding, said Charles Kolodgy, an analyst at IDC.
"With many developers making changes to their programs en masse, there is much more opportunity for vulnerabilities to be created--not intentionally, but accidentally," he said.
On the other hand, the switch to Intel could also enhance Mac security, if Apple decides to support hardware security features typically found in Windows PCs, Kolodgy said. Intel hardware offers security such as no-execute protection to prevent buffer overflow attacks.
In addition, a secondary, security-oriented chip, known as a trusted platform module, is becoming common in Windows PCs as a means for securing encryption keys. Apple has yet to incorporate such a chip into the Mac.
"It could improve Apple security," Kolodgy said. "Previously, Apple hasn't been interested in hardware security."
If you want on or off the Mac Ping List, Freepmail me.
I agree... the Intel processor is not inherently unsecure... Any processor must be fed the code by a operating system... and it is the OS that allows or does not allow malicious code to get to the processor.
Give these researchers top honors in the skill of stating the glaringly obvious!
Anyone asking the question in the title knows little of computer security.
My thinking exactly. And Intel and AMD both are working on preventing buffer overflows via hardware. I believe it's called zero-bit technology.
WHAT !?!?!
I'm curious why Apple would go with a 32 bit company instead of AMD. Maybe Intel will have a 64 bit chip in production in two years.
64 bit chips have built in protection against the commonly used buffer overrun exploit.
Whatchu Talking 'Bout Willis?
It's a done deal with AMD64. The OS needs to work with the chip, but if the OS is aware of the security fix it covers all apps, even poorly written ones. XP with SP2 works with AMD64.
AMD64 is getting cheap. I just built a business rig with 512 megs of memory and a WD Raptor drive. It came in under $600 including Windows. Boots XP in about 10 seconds.
Not a bad setup. I'm becoming disenchanted with desktops and towers, though. They sound like vacuums, they take up an inordinate amount of space, and laptops/HTPCs are increasingly offering more than the standard desktop.
Apple may apply some of its R&D to helping Intel improve their chips. Apple's RISC experience may be handy. But these improvements will be applicable to all of Intel's chips, if any such improvements come about.
"It could improve Apple security," Kolodgy said. "Previously, Apple hasn't been interested in hardware security."
Ahem, these "trusted" modules have nothing to do with the security of the system for the user. They are anti piracy measures.
Laptops are slow....
I'm typing this on a 1.6Ghz Pentium M with 1GB DDR2. This thing is every bit as responsive and quick as my 2.8Ghz P4 desktop. The only bottlenecks are the 5400RPM hard drive and the ATI X300 video chip, but I can still play games pretty decently. I just finished a replay of Half-life 2, in fact.
Laptops are plenty fast, and growing faster. Q1 2006 will see the launch of a dual-core Pentium M, which actually looks to be a proper dual-core solution (as opposed to Intel's halfassed P4 dual-core.) Seagate is getting ready to launch 7200RPM laptop drives, and the GeForce6800 is already available in some Dell laptops.
Slow nothing.
Take a look at the Aspire cases, or the Shuttles. That's what I like to build.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.