Tuesday 24 April 2007

Mac Security - MacBook Pro & OS X - OWND

With the recent Windows ANI vulnerability and the patch fiasco we had to go through, a lot of attention has been on Windows security.

However, the CanSecWest conference in Vancouver Canada has made it clear that Macs are not in the clear either.

They placed two MacBook Pros out for the conference attendees to try and own.

As per this post on the CanSecWest site: First_Mac_Hacked_Cancel_Or_Allow - heh, well named I might add ;) - that MacBooks indeed have at least one vulnerability, 0day, that could be executed via the Safari browser visiting a Web site that worked through QuickTime and its interaction with Java.

So, another myth blown away! And, the following paragraph demonstrates that even Symantec admits that Microsoft has taken the lead in OS security!

Via David Overton's blog: Symantec "Microsoft Listed as Most Secure OS". Quoting from the original article:
During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It's an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.

Then there's Mac OS X. Despite the latest TV ads ridiculing the security in Vista with a Matrix-like Agent playing the UAC in Vista, Apple has nothing to brag about. Symantec found 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes.
Via: Information Security Sell Out: Vulnerabilities Are Not Marketing Fodder.

And: SecurityFocus: A Mac gets whacked, a second survives.

As much as I see Microsoft maligned for different things, I even let them have it when I believe it is warranted, I do believe that they are paying attention and learning from their mistakes.

That in turn gives me greater confidence in their products and the solutions we provide on them.

Philip Elder
Microsoft Small Business Specialists

No comments: