Despite Apple’s well-publicised claims that Macs are safer than their PC-based rivals, security expert Charlie Miller, author of The Mac Hacker’s Handbook, says that “Snow Leopard’s more secure than [previous release] Leopard, but it’s not as secure as Vista or Windows 7.”
Mr Miller says that Apple missed an opportunity to make Snow Leopard more secure when it ignored the security developments Microsoft had made three years ago in building Windows Vista.
He points to a system called address space layout randomization (ASLR), which “randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.”
Snow leopard OS for the Apple mac
Mr Miller says that Leopard’s ASLR was substandard, and Apple have failed to address the issues. He said: “Apple didn’t change anything. It’s the exact same ASLR as in Leopard, which means it’s not very good.”
He had made the same criticisms when Leopard was originally released. He concedes, however, that Apple have plugged some security holes, notably in QuickTime.
At the moment, says Mr Miller, Mac users are far less likely to get hacked than PC users. However, that is simply due to numbers: there aren’t enough Macs to make it worthwhile for hackers.
- Similar posts
- Apple patches Mac OS X (64.5%)
- Apple updates the iMac (16.9%)
- New Apple Mac mini revealed (11.9%)
- iPhone 4 unveiled (11.7%)
- Apples Steve Jobs returns (11%)
- Microsoft April patchday notes. (9.9%)
- Largest ever Windows update patch tomorro (9.4%)
3 Responses to “Macs snow leopard OS less secure than windows”
Leave a Reply
You must be logged in to post a comment.
October 12th, 2009 at 5:51 am
Reports have been cropping up on the Apple Support forums that users have been losing all their data due to a nasty bug in Snow Leopard, Apple’s latest Operating System. Many users are reporting that all settings are being reset and most data is gone, according to iTWire.
The problem, can easily be reproduced when a user logs into the ‘guest’ account, either on purpose or by accident, and when they log back out of the account and back into their normal one, they find that their account has been fully reset with all data wiped and lost – the account is like a brand new one. The home directory still exists under “/Users/username” but is completely empty.
Users are reporting that the data is unrecoverable and cannot be found anywhere on the hard drive, and the only way to restore it is if the user has been performing backups on a separate hard-drive. Apparently the problem has been present since a few days after launch, as the forum post dates back to 12th September, but as of yet, Apple has been silent.
It seems the only work around at this stage is to disable the Guest account, or at least disable it and then re-enabling it so that it’s a native Snow Leopard account. Another suggestion is to create a new account and enforce parental controls, if you really need a temporary account.
It’s not clear how many users are affected, but it seems like any user who had Leopard before the upgrade, and had the guest account enabled are affected and are at risk.
April 29th, 2010 at 7:36 am
Apple on Wednesday issued a broad beta distribution of Mac OS X 10.6.4, the fourth planned maintenance and security update for its Snow Leopard operating system that has been under development internally for several weeks.
The pre-release software, labeled Mac OS X 10.6.4 build 10F37, made its way to Apple Developer Connection (ADC) members just one day after a more elite set of testers belonging to Apple’s Apple Seed program got first licks at the beta.
According to people familiar with Wednesday distribution, Apple has asked developers to test four key areas of the system, including graphics drivers, Windows file sharing, USB devices and Voice Over.
Although the build released to ADC members on Wednesday is identical to the one issued to Apple Seed members on Tuesday, an emphasis on evaluating Time Machine backups noted in the Apple Seed distribution was not extended to the ADC version.
It’s unclear what specific issues Mac OS X 10.6.4 will target upon its release, as Apple reportedly stopped short of including a list of enhancements with either of the aforementioned distributions.
That said, the updated could arrive sooner than later given that the Mac maker went through 36 builds internally before tapping its developer community to put its weight on the software.
Apple listed only one known issue in documentation accompanying Wednesday’s build: that iChat will require a password each time it’s launched.
June 1st, 2010 at 2:04 pm
A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, security researchers said Tuesday.
Dubbed OSX/OpinionSpy, the spyware is distributed through software available on sites including Softpedia, MacUpdate, and VersionTracker, according to Intego, a provider of anti-virus software for Macs. The app isn’t contained in the downloads themselves, but rather gets downloaded during the installation process, Intego said. A Windows version of the program has existed since at least 2008.
Once installed, OpinionSpy scans files and folders on all attached hard drives and regularly sends data in encrypted form to several servers, according to Intego. It also injects code into the Safari, Firefox, and iChat applications and mines them for email addresses, message headers, and other data. The program remains active even if the screensaver or other application that was originally downloaded is uninstalled.
“The fact that this application collects data in this manner, and that it opens a backdoor, makes it a very serious security threat,” Intego researchers wrote. “In addition, the risk of it collecting sensitive data such as user names, passwords and credit card numbers, makes this a very high-risk spyware.”
http://www.theregister.co.uk/2010/06/01/mac_spyware/