Apple's Unlikely Security Mentor: Microsoft 204
snydeq writes "Apple has much to learn about securing an operating system, and it could learn how from Microsoft, Roger Grimes writes in the wake of further evidence that Macs are more vulnerable to attack than Windows machines. 'It's taken Microsoft 10 years to turn security from a weakness into a strength. Apple can use the lessons learned by Microsoft to manage a quick turnaround. Apple has already hired one of Microsoft's former security leaders, Window Snyder, and it has adopted a modified form of Microsoft's Security Development Lifecycle programming practices. Apple has the benefit of seeing how Microsoft fixed its past mistakes.'"
Meanwhile (Score:5, Informative)
Meanwhile actual hackers, like the guys who won the Pwn2own contests by beating OSX security, now say OSX Lion is more secure than Windows [macnn.com] (even though they previously freely admitted Snow Leopard was trailing Windows' [macobserver.com] latest offering in that department.)
"Both Miller and his co-author in the book The Mac Hacker's Handbook, Dino Dai Zovi of Trail of Bits said that from a security perspective, Snow Leopard was little better on Leopard, but that Lion is a "significant improvement." Zovi describes the level of security in Lion as "Windows 7 plus plus." Apple hired the inventor of the BitFrost security system for OLPC, Ivan Krstic, two years ago in an effort to beef up core OS security. Krstic's methods in BitFrost mirror closely what has now been implemented in Lion."
Re:Obscurity Lost (Score:3, Informative)
Re:Is that former MS Employee truly named "Window" (Score:3, Informative)
Wow (Score:5, Informative)
People automatically assume it's a guy? That's chauvinistic.
Also, she has been head of security at Mozilla. I guess the summary didn't want to throw a third party into the debate.
http://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm [usatoday.com]
Obvious? Not so much (Score:4, Informative)
Yeah, good UNIX proven design
Like setuid servers (not!) where even simple bugs allow an attacker direct root access
Like the hopelessly inadequate me-us-world security coarse-grained security which requires proper ACLs to be bolted on top.
Like you cannot set up proper inheritance of security from parent folder, leading admins to design strange processes to wake up and chmod files.
Like the almighty root to rule them all. No separation of duties there. (Windows has proper separation of duties based on privileges. Even admin does not own all privileges, for instance the admin *cannot* write to or clear the security log).
Like the UNIX idea of a "token" which are just UIDs hard-wired to user accounts. (Windows has *real* process tokens which can be manipulated per process, e.g. stripping certain privileges from a process even if it runs under an admin account).
Windows security design is not perfect, but it is a god deal better designed and more capable than the "UNIX proven design". Why do you think SELinux was developed by the NSA? Because Linux with its "proven design" was woefully inadequate for government work - a task for which Windows is certified but only few Linuxes - those with SELinux).
We keep hearing about this "superior" Unix security design. But it is always referred to in the abstract with no details. Maybe it is some magical fairy or Apple dust?
Yes, a good admin can lock down a Linux with apparmor or SELinux pretty tight. Both apparmor and SELinus are solutions which compensates for the initial inadequate design.