Re: Macintosh OS X Vulnerabilities (anyone out there?)

[Jason Muskat <Jason () TechDude Ca>]

Hello,

One major difference between Mac and say Windows is that on a Mac users do
not login as root (Administrator) or as such. This makes it very difficult
for a virus or whatnot to infect a Mac, or any Unix-like OS for that matter.

In Windows it is difficult to run as just a User. Until more recently if one
wanted to run Office they had to first be an Administrator or the programs
wouldn't setup for the user correctly.

Also, there isn't anything like ActiveX on a Mac. Many of Windows-IE
security issues are related to misbehaved ActiveX controls that expose
unsafe methods to sites that are not trusted. Since Microsoft's general
direction is to make everything a COM (or ActiveX) this opens a can full of
worms. 

Other companies like Adobe and Macromedia have had serious security issues
related to exposing unsafe methods to sites that are not trusted. Flash, I
think it was, at one time allowed any website to execute any command as the
user running the control. If you were running as an Admin, well, you got
owned. This seems like a crazy thing to do, but they didn't mean to expose
this method. As a Programmer I know that the template for an ActiveX has
"sample' methods (feature) automatically added and that I must remove ones I
don't wish for by hand. I guess somebody at Macromedia forgot to do so. I
forget how many months that issues was around before publicly reported.

All in all, Mac isn't any more or less secure then any other general purpose
OS; however, it is (more easily) used more securely then common Window is.


Regards,

-- 
Jason Muskat  | GCUX - de VE3TSJ
____________________________
TechDude
e. Jason () TechDude Ca
m. 416 .414 .9934

http://TechDude.Ca/


> From: Simon <simon.xhz () gmail com>
> Date: Mon, 8 May 2006 20:06:46 -0400
> To: <security-basics () securityfocus com>
> Subject: Macintosh OS X Vulnerabilities (anyone out there?)
>
> Hi there,
>   first I have to apologize for this "request" I'm sending out to this
> list.  At least, I believe security-basics Is the place to ask this.
>
>   I'm a linux user, know more about PCs, linux and windows, and much
> less about Macintoshes.  However, I have a friend here that is a
> Mac-sold-soul, like I hope Mac is the good side or this guy would be
> the devil's acolyte!
>
>   By experience, I would say that Macs are safer than linux or windows
> (and OF COURSE, I'm talking about a civilian, the kind that doesn't
> really take responsibilty in his PC, that wishes that his OS is good
> and will not run into trouble... you know the guy!).
>
>   MY QUESTION to the security aware community is this one:
> There must exist vulnerabilities, known, unknown, fixed, discussed or
> researched.  Possibly there is a place where all of these are
> clustered, a learning place where we can start and see that MacOS X is
> just another OS pretending to be better, and... succeeding for these
> days (and hopefully, that will succeed for still long).
>
> Thanks in advance,
>   Simon and Francois