Monday, March 16, 2009

Apple: Cracking Under Increasing Marketshare

Via -

At the SOURCE Boston conference, Dino Dai Zovi, an independent security professional, called Mac OS X, "one of the easiest operating systems to crack." He went on to state, "Steve Jobs' fairy dust only protects against the most naive attackers...Writing exploits for [Microsoft] Vista is hard work. Writing exploits for Mac is a lot of fun."

Full story is here: Serious holes in Mac OS X memory, researcher shows.

To quote:

Dai Zovi said the Mac OS X operating system lacks sufficient memory corruption defense features built into its internal coding. For years Macintosh users have remained shielded by attackers who targeted Microsoft Windows, in an attempt to steal passwords, account information or other sensitive data from its massive user base. But Apple's growing market share is gaining attention in the hacking community, Dai Zovi said.

When clear, observable, and reliable signals about software security are not available to the market, consumers have little more to go on than vacuous, un-provable assertions by software manufacturers. In Dai Zovi's words, these assertions, specifically Apple's assertions, are "fairy dust." As a result, secure software remains undersupplied, and inconsistently distributed across the market. By the time consumers find out the assertions were false, it is already too late.

This is the unfortunate truth for Apple's consumers: their primary defense from mainstream cyber attacks was Apple's relative market obscurity.

This scenario should serve as a reminder that no software product is inherently "more secure" than another software product without an objective statement of assurance. Without such a statement, and without clear, observable, and reliable signals communicated to consumers about that statement, software manufacturers are free to sprinkle fairy dust on our dreaming brows.

No comments:

Post a Comment