Friday, September 18, 2009

FUD report: Snow Leopard 'not as secure' as Windows...

"Another week, another lax Mac OS X security FUD emanating from the usual quarters, making the risible claim Apple’s platform is inherently less secure than Windows.

Story goes like this: The hacker who successfully broke into a Mac at a hacker’s conference some time ago has tested Snow Leopard against WIndows 7, and accuses the Mac OS as being “less secure” than Microsoft’s Vista upgrade.

Charlie Miller is one of the team from Independent Security Evaluators who successfully "pwned and owned" an Apple MacBook Air, in a hacking contest sponsored by TippingPoint's Zero Day Initiative."

Read the full story at 9 to 5 Mac by Jonny Evans

"He conveniently forgets all of the other security features in Snow Leopard. Why doesn't he touch on:
- stack frame protection
- code injection protection
- automatic replacement of common C functions (e.g. srtcpy) with hardened versions
- heap consistency checks
- the reduction in setuid executables
His opinion on ASLR is valid, but extrapolating that to the overall security of the OS is garbage."

No comments: