Forgot your password?
typodupeerror
Microsoft Security Apple IT

Apple's Unlikely Security Mentor: Microsoft 204

Posted by Soulskill
from the now-use-head-for-something-other-than-target dept.
snydeq writes "Apple has much to learn about securing an operating system, and it could learn how from Microsoft, Roger Grimes writes in the wake of further evidence that Macs are more vulnerable to attack than Windows machines. 'It's taken Microsoft 10 years to turn security from a weakness into a strength. Apple can use the lessons learned by Microsoft to manage a quick turnaround. Apple has already hired one of Microsoft's former security leaders, Window Snyder, and it has adopted a modified form of Microsoft's Security Development Lifecycle programming practices. Apple has the benefit of seeing how Microsoft fixed its past mistakes.'"
This discussion has been archived. No new comments can be posted.

Apple's Unlikely Security Mentor: Microsoft

Comments Filter:
  • Meanwhile (Score:5, Informative)

    by CharlyFoxtrot (1607527) on Friday August 12, 2011 @02:27PM (#37071600)

    Meanwhile actual hackers, like the guys who won the Pwn2own contests by beating OSX security, now say OSX Lion is more secure than Windows [macnn.com] (even though they previously freely admitted Snow Leopard was trailing Windows' [macobserver.com] latest offering in that department.)

    "Both Miller and his co-author in the book The Mac Hacker's Handbook, Dino Dai Zovi of Trail of Bits said that from a security perspective, Snow Leopard was little better on Leopard, but that Lion is a "significant improvement." Zovi describes the level of security in Lion as "Windows 7 plus plus." Apple hired the inventor of the BitFrost security system for OLPC, Ivan Krstic, two years ago in an effort to beef up core OS security. Krstic's methods in BitFrost mirror closely what has now been implemented in Lion."

  • Re:Obscurity Lost (Score:3, Informative)

    by gubers33 (1302099) on Friday August 12, 2011 @02:32PM (#37071696)
    Apple is still on safe due to obscurity, the corporate world almost strictly uses MS, while Apple has grown its user base in recent years, they have not touched the corporate market. Anyone will attempt to go after corporate before personal users because the reward is greater. MacOS is still the most vulnerable OS on the market. Yes, you can lock it down changing a lot of settings, but you can do additional configuring on Linux and Windows machines. MacOS doesn't lose Pwn2Own the quickest every year for no reason.
  • by show me altoids (1183399) on Friday August 12, 2011 @02:35PM (#37071748)
    It's a she, and her real name is Mwende.
  • Wow (Score:5, Informative)

    by ArundelCastle (1581543) on Friday August 12, 2011 @04:28PM (#37073382)

    People automatically assume it's a guy? That's chauvinistic.
    Also, she has been head of security at Mozilla. I guess the summary didn't want to throw a third party into the debate.
    http://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm [usatoday.com]

  • Obvious? Not so much (Score:4, Informative)

    by benjymouse (756774) on Friday August 12, 2011 @05:25PM (#37074116)

    ... because they started with a solid proven design, UNIX. Microsoft never had that advantage.

    Yeah, good UNIX proven design

    Like setuid servers (not!) where even simple bugs allow an attacker direct root access

    Like the hopelessly inadequate me-us-world security coarse-grained security which requires proper ACLs to be bolted on top.

    Like you cannot set up proper inheritance of security from parent folder, leading admins to design strange processes to wake up and chmod files.

    Like the almighty root to rule them all. No separation of duties there. (Windows has proper separation of duties based on privileges. Even admin does not own all privileges, for instance the admin *cannot* write to or clear the security log).

    Like the UNIX idea of a "token" which are just UIDs hard-wired to user accounts. (Windows has *real* process tokens which can be manipulated per process, e.g. stripping certain privileges from a process even if it runs under an admin account).

    Windows security design is not perfect, but it is a god deal better designed and more capable than the "UNIX proven design". Why do you think SELinux was developed by the NSA? Because Linux with its "proven design" was woefully inadequate for government work - a task for which Windows is certified but only few Linuxes - those with SELinux).

    We keep hearing about this "superior" Unix security design. But it is always referred to in the abstract with no details. Maybe it is some magical fairy or Apple dust?

    Yes, a good admin can lock down a Linux with apparmor or SELinux pretty tight. Both apparmor and SELinus are solutions which compensates for the initial inadequate design.

New systems generate new problems.

Working...