Re: This guy cracks me up.

[Bob Mahoney <bob () zanshinsecurity com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


For whatever it might be worth, a slightly dated perspective from a  
possibly interesting network:

I worked at MIT for a little over 10 years, leaving three years ago  
to start my own consulting firm.  In that time I worked in the  
network operations group, and later founded their Network Security  
team, which I headed up until I left.

The exact numbers are hard to pin down, given the environment, but we  
had ~50k machines on the network (about ~35k "active" at any given  
time).  Population guess, c. 2003:

Windows (all sorts) 60%
MacOS (both sorts) 20%
UNIX (all sorts) 20%

I would guess that the MacOS number is about the same today, but that  
pre-X machines are now a tiny fraction.

No firewall during this time, and just a small number of actively  
naughty ports blocked by the routers. A very wide range of sysadmin  
skills in play, and a strong attitude of freedom in both systems and  
network use.

The team was a cross-organization group led by central IS, but with  
members from the big independent labs like LCS, Media Lab, AI Lab.   
We were pretty active, tried hard to do all the right things, ate our  
Wheaties, etc.  We had pretty good network intelligence, and probably  
didn't miss a whole lot in the way of suspicious activity, so end- 
user security clue was not a big factor in compromise detection.

We saw thousands (low 10s?) of Windows systems compromised in my time  
there, but I do not have personal knowledge of any MacOS X  
compromises at the Institute in my time there, or since.  And I don't  
know anyone personally who does.

MIT gets lots of "let's attack the smart kids" and "Check out my m@d  
skillz" attention, and has no shortage of gifted locals...   Lots of  
people poke at this network.  "Target-rich environment", and all  
that.  University networks can be pretty much guaranteed to see  
whatever attacks are taking place against Apple machines.  (Maybe  
Apple should seed some sensor machines into these networks, so we can  
see how long the canary lasts?)

I'm sure there are compromised MacOS X systems out there, and I'm  
sure there will be others in the future.   But in a very wild, very  
active, and very open network, over a significant period of time, I  
never had to deal with a compromised Mac.

Apple's security isn't perfect, and won't ever be.  But whether they  
have done something better, or just something different, their real- 
world track record to date is not that bad.

Even if previous good luck is merely an artifact of being a minority  
platform, Apple clearly recognizes the value of the positive security  
perception, and it would be reasonable to assume that they'll try  
hard to make whatever clever engineering choices might maintain and  
strengthen that perception.

Experience to date has left a good impression.  That impression can  
move consumer dollars around, and Apple will protect the impression  
to attract the dollars.  They'll probably do some things right along  
the way.

- -Bob

- --
Bob Mahoney
Zanshin Security, LLC
http://zanshinsecurity.com
PGP: 69F9 FC06 0D53 84D5 6981  B12E 7AF1 C5E2 39C5 EC09



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFE/FtdevHF4jnF7AkRAlJGAKD8XT5Baehlqgm5FqkpqY4tD/KG2wCfdXYl
62Fk2adLpBXX+zZ3r7RITZA=
=621G
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave