Mac OS X Leopard Is a Joke Compared to Windows Vista

[Zeus_Hunt]

Apple applauds Mac OS X as the most secure and most advanced operating system in the world. Microsoft in turn has adopted a more modest marketing approach, in spite of the Wow campaign, and is comparing Windows Vista mainly with Windows XP. In terms of security Vista is just the safest Windows version available and nothing more. The same argument is not valid for Apple. With the Cupertino-based company it is all or nothing, which means that it's generally all. Just take the example of Safari 3 Beta browser for Windows. "Apple engineers designed Safari to be secure from day one," stated a message posted on the Apple official website. The reality? Security researchers turn up no less than 18 security vulnerabilities for Safari 3 in the browser's first day on 32-bit and 64-bit Windows Vista and Windows XP.

Charles Miller from Independent Security Evaluators has really made a name for himself after he managed to hack the iPhone. Still, the security researcher from Independent Security Evaluators seems to have an affinity for fresh Apple products. Or at least this is the direction underscored by his presentation at Black Hat 2007 in Las Vegas: "Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X." Miller cites Apple with the following: "Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions."

Security was also Apple's focus with Safari and iPhone and we have been able to see how well that turned up. But the upcoming release of Mac OS X, Leopard, scheduled for October 2007 is in a very poor condition in terms of security according to Miller. It is nothing but a joke compared to Windows Vista. And this is one aspect that emphasizes the differences between the next version of the world's most attacked platform and an operating system with an inexistent threat environment.

Miller's conclusion is worrisome for future Leopard users: "Why Hacking Macs is Easy." According to Miller Macs are just as easy to hack as they are to use. "To help users, there are lots of 50+ suid root programs" revealed the security researcher. Suid Root is designed to help with the silent elevation of privileges in Unix and Unix based operating system such as the Mac OS X. Unix has had, a long time before Vista, access control capabilities, an equivalent to the User Account Control. Still, Suid Root is a design flaw, because allowing for silent and automatic elevation of privileges means inviting kernel level exploits.

In contrast, nothing similar to the Unix setuid/suid or sudo functionality can be found in the design of UAC in Vista. There is only one way that a service, application or process can gain elevation of privileges in Vista and that is only through the user.

Moreover, Apple does not "bother users with burdensome updates." All the open source solutions included in Mac OS X are not kept up to date including OpenSSH, OpenSSL, Apache, Samba, Cups. "The Samba on Mac OS X had an exploitable remote root vulnerability in it...it hadn’t been updated since February 2005," Miller stressed focusing on open source as an attack vector.

But of course there's always the "safe from day one" Safari. Apple's browser, and by the way version 3 is going by default into Leopard, launches the following programs on execution: "Address Book, Finder, iChat, Script Editor, iTunes, Dictionary, Help Viewer, iCal, Keynote, Mail, iPhoto, QuickTime Player, Sherlock, Terminal, BOMArchiveHelper, Preview and DiskImageMounter." Any security vulnerability residing in any of these applications can be exploited via Safari.

In the end Miller exposes Apple security for the joke that it is saying that the company "makes exploitation fun," mainly because creating exploits for Mac OS X is like going back in time to the software of 1999. The reason? "Apple doesn't randomize anything: the location of the stack, the location of the heap, the location of the binary image, the location of dynamic libraries and (to top it all off) heap is executable." By contrast Windows Vista introduces a security mitigation called Address Space Load Randomization (ASLR).

View: Original Post

[Atasas]

Ouch! :frusty:

However I wander how many times such opinios and real hackings happened to Windows? (being sarcastic) and need to have all the "anti's" developed?...

[masterripper]

How is this new? I've always known that the Mac is a joke, thats why i dont have one. If you actually compare windows and mac you'd find that the mac is actually much easier to infect/exploit/hack then windows. The reason that the mac is "so secure" (according to Jobs) is not because the Mac has been put together by a wizard who cast a magic spell on it to keep it prone from viruses, its because barely anyone is using the mac. You see, coding a virus is not an easy thing to do and is time consuming, so when someone sits down to code a virus, they want to have the best chance of actually getting that virus onto someones computer, so they code a virus to target whatever os most ppl are using (which is windows), if everyone was to switch to the mac, then in 1 week you'd see so many viruses, you'd shit your pants (or more accurately, Steve Jobs would). Thats why when someone actually sits down and looks at the mac (or any apple product... like itunes) they find all these exploits and vulnerabilties that Apple didnt know were there (cause they dont know how to properly analyze their own code). So sorry guys but no, i will not ever buy a (Big) Mac, if i want to use a pretty distro of unix (yes thats all the mac is) ill just install Ubuntu+Compiz Fusion. :tease: Plus it is free (unlike the Big Mac) and i can install it on good hardware (unlike apples weakass proprietary hardware).

[roofy85]

Why do people hate Vista so much? i could never figure it out. is it because humans are creatures that are afraid of change? i've heard people say that driver support is horrible on vista but i have had no problems finding my drivers while reformating. Its actually easier on vista for me because all you have to do is run the update agent and it will find the drivers fo you and with the new service pack this will only become better. I challenge any mac user to download a movie off Bittorrent and burn it to a DVD as fast as i can. Mac advertises that its easier to use but doing some of the simplest jobs take longer than on a PC. Macs may have everything that you need built in from the beggining but in a PC you have an endless supply of programs that you can use to do whatever you wish. I was raised on a mac and PREFER Windows because of the customizations that i could do.

Vista will last longer than most people can imagine. Its a new operating system to learn but the Xp users will come to love it

[masterripper]

Exactly roofy, macs suck, and also i agree, why the hell do ppl like to rip on vista, because they're jealous that they cant download it because of their crappy dialup? I switched over to Vista Ultimate a week and a half ago, and havent looked back, now that ive actually used vista (i beta tested every vista beta all the way to last rc but never actually used it) i will never go back to xp, so suck on that vista haters.