Security Basics mailing list archives
Re: Macintosh OS X Vulnerabilities (anyone out there?)
From: Jason Muskat <Jason () TechDude Ca>
Date: Tue, 09 May 2006 22:59:10 -0400
Hello, One major difference between Mac and say Windows is that on a Mac users do not login as root (Administrator) or as such. This makes it very difficult for a virus or whatnot to infect a Mac, or any Unix-like OS for that matter. In Windows it is difficult to run as just a User. Until more recently if one wanted to run Office they had to first be an Administrator or the programs wouldn't setup for the user correctly. Also, there isn't anything like ActiveX on a Mac. Many of Windows-IE security issues are related to misbehaved ActiveX controls that expose unsafe methods to sites that are not trusted. Since Microsoft's general direction is to make everything a COM (or ActiveX) this opens a can full of worms. Other companies like Adobe and Macromedia have had serious security issues related to exposing unsafe methods to sites that are not trusted. Flash, I think it was, at one time allowed any website to execute any command as the user running the control. If you were running as an Admin, well, you got owned. This seems like a crazy thing to do, but they didn't mean to expose this method. As a Programmer I know that the template for an ActiveX has "sample' methods (feature) automatically added and that I must remove ones I don't wish for by hand. I guess somebody at Macromedia forgot to do so. I forget how many months that issues was around before publicly reported. All in all, Mac isn't any more or less secure then any other general purpose OS; however, it is (more easily) used more securely then common Window is. Regards, -- Jason Muskat | GCUX - de VE3TSJ ____________________________ TechDude e. Jason () TechDude Ca m. 416 .414 .9934 http://TechDude.Ca/
From: Simon <simon.xhz () gmail com> Date: Mon, 8 May 2006 20:06:46 -0400 To: <security-basics () securityfocus com> Subject: Macintosh OS X Vulnerabilities (anyone out there?) Hi there, first I have to apologize for this "request" I'm sending out to this list. At least, I believe security-basics Is the place to ask this. I'm a linux user, know more about PCs, linux and windows, and much less about Macintoshes. However, I have a friend here that is a Mac-sold-soul, like I hope Mac is the good side or this guy would be the devil's acolyte! By experience, I would say that Macs are safer than linux or windows (and OF COURSE, I'm talking about a civilian, the kind that doesn't really take responsibilty in his PC, that wishes that his OS is good and will not run into trouble... you know the guy!). MY QUESTION to the security aware community is this one: There must exist vulnerabilities, known, unknown, fixed, discussed or researched. Possibly there is a place where all of these are clustered, a learning place where we can start and see that MacOS X is just another OS pretending to be better, and... succeeding for these days (and hopefully, that will succeed for still long). Thanks in advance, Simon and Francois
Current thread:
- Macintosh OS X Vulnerabilities (anyone out there?) Simon (May 09)
- Re: Macintosh OS X Vulnerabilities (anyone out there?) Harrison Holland (May 09)
- Re: Macintosh OS X Vulnerabilities (anyone out there?) Javier Blanque (May 10)
- Re: Macintosh OS X Vulnerabilities (anyone out there?) Kenton Smith (May 10)
- Re: Macintosh OS X Vulnerabilities (anyone out there?) Micheal Espinola Jr (May 10)
- Re: Macintosh OS X Vulnerabilities (anyone out there?) Jason Muskat (May 10)
- Re: Macintosh OS X Vulnerabilities (anyone out there?) Simon (May 10)
- <Possible follow-ups>
- RE: Macintosh OS X Vulnerabilities (anyone out there?) Roger A. Grimes (May 10)