nick chen

March is Hack-a-Mac month

March 7, 2006

Mac OS X hacked under 30 minutes: ZDNet Australia: News: Security:

"Gaining root access to a Mac is 'easy pickings,' according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability."

(Via Mac OS X web server security competition over in six hours.)

What does that article show? Does it show that Macs are not as secure as most people think they are? Somewhat true especially if the owner is trying to be idiotic and enables ports and announces it to everyone. Does it show that all Mac users should go get themselves an antivirus suite? Probably not. McAfee and Symantec are leaping for joy now from all the publicity they are receiving and will probably try to get as many people as they can to buy their products. Does this mean that I can no longer boast to my friends that the Mac is the most secure platform in the world? Probably but then again, to claim that your machine is the most secure and announcing it to the world is probably asking for trouble anyway. There are various other ways to exploit a machine more effectively: social engineering comes to mind.

The lesson from all this is that every operating system out there has its set of vulnerabilities. Period. Some, like < insert the stereotypical example here > are probably more vulnerable to everything else just because it has been configured that way. Some are going to be more secure because they were designed with security in mind. So, if really great security matters to you, you should probably not be using any of the common operating systems anyway.

In a sense, OSX is still great because it protects most users from things that most common users will suffer from. Whether or not this is because of the small OS X user base will still have to be determined. Though highly controversial, there is this article that says Mac users are slightly more intelligent than their PC-counterparts. So in a sense, Mac users might have better security just because they don't do stupid things. Not doing stupid things is always a good idea.

The best attitude to take with security is to NOT take it for granted.

Incidentally, Rixstep has some articles on some holes in OS X that should be addressed immediately. Here is one

comments powered by Disqus