Full Disclosure mailing list archives
Re: Question about Mac OS X 10.4 Security
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 28 Feb 2006 12:48:35 -0600
--On Tuesday, February 28, 2006 11:03:12 -0600 Stef <stefmit () gmail com> wrote:
Let's see. I use Windows XP, Mac OS 10.3.9 and FreeBSD 5.4 SECURITY daily. Therefore all three platforms obviously have a much higher awareness of security issues, right?If you look at the [very, very] specific paragraph I was referring to, from Paul's email, then I hope you will agree with me that what I was trying to convey was the need to avoid generalizing categorization of users ... having said that, the implications are that a much higher awareness, and - in turn - possibility of addressing and/preventing issues related to vulnerabilities exists in the Mac community, vs. the Windows one, for example.
At least that *seems* to be your logic.The fact is, as a community, Mac users have the belief that their system is "secure" - that they have nothing to worry about. *Of course* there are Mac users that are astute and fully understand the risks. Just as there are Windows users who are the same way.
Just because the geeks have taken to the Mac OS doesn't mean its community has raised its level of awareness more than a nanometer or two. In fact, when I sent a campus-wide announcement about the recent shell vulnerability, the *majority* of comments that I got from users *within* IT was, "You're spreadying FUD. Mac's are not anywhere near as risky as using Windows." Professors and others emailed me asking, "What do I need to do to be safe?"
If you think the Mac you're using is secure, I encourage you to go try to run the poc that Secureiteam posted. Just be sure to bring a clean pair of drawers with you.
I've used Windows since it first came out. I've never had a single virus infection, never had a single machine hacked, never had an incident of any kind. Does that mean Windows is "secure"? Of course not! The idea that, because you are using a Mac, you have less to worry about, is just as silly as the idea that, because you're using Unix, you have less to worry about.
Guess which platform get's hacked the most here? (Hint - it ain't Windows.)In *general*, the hosts that are the most risk are the ones that are the most poorly maintained (if they're maintained at all), and the OS they are running is irrelevant. There's only one OS that I know of, on this campus, that has never been hacked, and it has nothing to do with the OS and everything to do with how it's maintained and how it's protected (and no, I ain't telling you what it is.)
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Question about Mac OS X 10.4 Security, (continued)
- Re: Question about Mac OS X 10.4 Security Stephen Johnson (Feb 28)
- Re: Question about Mac OS X 10.4 Security Paul Schmehl (Feb 28)
- Re: Question about Mac OS X 10.4 Security KF (lists) (Feb 28)
- Re: Question about Mac OS X 10.4 Security Stef (Feb 28)
- Re: Question about Mac OS X 10.4 Security Mike Owen (Feb 28)
- Re: Question about Mac OS X 10.4 Security Paul Schmehl (Feb 28)
- Re: Question about Mac OS X 10.4 Security Stephen Johnson (Feb 28)
- Re: Question about Mac OS X 10.4 Security Michael Holstein (Feb 28)
- Re: Question about Mac OS X 10.4 Security KF (lists) (Feb 28)
- Re: Question about Mac OS X 10.4 Security Steven Rakick (Feb 28)
- Re: Question about Mac OS X 10.4 Security Steven Rakick (Feb 28)
- Re: Question about Mac OS X 10.4 Security Stef (Feb 28)
- Re: Question about Mac OS X 10.4 Security Paul Schmehl (Feb 28)
- Re: Question about Mac OS X 10.4 Security Stef (Feb 28)