Slashdot Mirror

← Back to Stories (view on slashdot.org)

PC Mag - Mac OS X Insecure

Posted by CmdrTaco on from the no-big-surprise-here dept.

Suki writes "In this recent story a PC Mag writer concludes that "Panther and Jaguar were not better at outrunning vulnerabilities than Windows" and as my personal fav. ends by asking "How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here." The article discusses many previous Windows security holes against a recent Mac OS X security flaw."

18 of 991 comments (clear)

  1. Same DHCP "Flaw" by jimbo3123 · · Score: 3, Informative

    It sounds like this is just the same "Flaw" in OSX's DHCP settup. There was a thread on this earlier. They essentially use a server to assign a number of items as well as IP. If I reacall correctly, this was never that big of a security flaw (at least not moreso than any other standard DHCP setup)

    This is just some guy on a soapbox blabering on about how this "flaw" proves that OSX is just as bad as any Microsoft product. Hopefully others can see past this guy's rhetoric.

    --
    There should be a moderation category "Dumbest Comment EVER"
    1. Re:Same DHCP "Flaw" by jimbo3123 · · Score: 5, Informative

      The earlier slashdot story is here: http://apple.slashdot.org/article.pl?sid=03/11/28/ 2226226&mode=thread&tid=126&tid=172&tid=179&tid=18 5&tid=190

      Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network."

      --
      There should be a moderation category "Dumbest Comment EVER"
  2. it's quiet because you're such a pussy.... by otis+wildflower · · Score: 5, Informative

    ... that you don't put your email in your attribution or anywhere in the article.. Luckily, thanks to Google, your bio reveals your email to be:

    Lance_Ulanoff@ziffdavis.com

    Share and enjoy!

  3. Re:The author is an idiot by psychogentoo · · Score: 5, Informative
    In regards to the Directory Access / malicious DHCP vulnerability, the "use DHCP-supplied LDAP server" option is turned on by default. For this vulnerability to be exploited, either you're using an "untrusted" network or your network got hacked!

    If you don't use a DHCP / LDAP server then its recommended that you turn it off.

    This is from the apple site:
    You don't use a directory service

    1. Click the Finder icon in the Dock.
    2. From the Go menu, choose Applications.
    3. Find the Utilities folder and double-click to open it.
    4. Open the Directory Access utility.
    5. Click the lock button, type your password, and click OK
    6. to authenticate.
    7. Select the LDAP service and click Configure.
    8. Deselect the "Use DCHP-supplied LDAP Server" option. See Figure 1.
    9. Click OK. Your computer is no longer susceptible to this exploit.
  4. Re:Good points... by SvnLyrBrto · · Score: 3, Informative

    lol yes silly ac, but the first rule of computer secutity is that if the "bad guy" has physical access to the machine, the game's over. The "good guys" lose, and the "bad guys" win.

    If I've used my 1337 cat-burgular skills to break into Exodus, and actually have access to the machine itself; I'm not going to waste time useing my 1337 hacking skills or my (presumably) equally-1337 CD of hacking tools. I'll simply crack open the machine, rip out the drive, take it home, and read the data I want at my leisure.

    cya,
    john

    --
    Imagine all the people...
  5. Re:Good points... by danielrm26 · · Score: 4, Informative

    "Actually to be fair, you don't run as the administrator account in XP by default."

    As others have noted, yes, you do. The main user you are asked to create when you setup a machine is an admin, and that is the account that most home users use.

    --
    dmiessler.com -- grep understanding knowledge
  6. iTunes by Mr+Pippin · · Score: 5, Informative
    To quote part of the article:

    Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.

    An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking -- and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.

    Steve Jobs stated when the iTunes music store was announced that the DRM would be hacked. The point was to provide a DRM solution that was not restrictive to honest users. That was delivered.

  7. The author also says: DRM is NOT Evil by GillBates0 · · Score: 4, Informative
    DRM is not Evil

    His email address: Lance_Ulanoff@ziffdavis.com

    His brief bio here

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  8. Re:Good points... by leifm · · Score: 4, Informative

    I could be wrong on this, but I believe home doesn't even ask you to set up a user. It just sets up Administrator as the default account, with no password. I should know for sure, but it's been 6 weeks or so since I did a Home install, but at any rate I think that's how it works.

    --

    "Windows Me offers tremendous reliability and stability improvements..." -- Paul Thurott
  9. Re:Good points... by Jaysyn · · Score: 3, Informative

    No power user account in XP home, either they can do everything (administrator) or nothing (user).

    Jaysyn

    --
    There is a war going on for your mind.
  10. Re:If Mac OS X were REAL unix... by b17bmbr · · Score: 4, Informative

    AFAIK, Joe Blow can write to / on a new 10.2 install. This is madness.

    then, apparently, you don't know jack. you absolutely cannot write to / unless you (and follow this carefully):

    1) open up a terminal
    2) type sudo
    3) then type say: cat /etc/hosts >> /hosts.txt
    4) type password

    you my friend, are full of shit. now, if like me, you create another user, which i always run at, then i have to open the term, su to an admin user, then sudo. osx turns off root by default. to enable it, you have to go into net info, and specifically enable root, THEN, you have to change it's terminal from /dev/null to /bin/bash (or whatever). apparently somebody at apple actually thought about security BEFORE they shipped the product. evn if yo install any application, the best you can do is install it into ~/Applications. if you want to install it into /Applications, then it asks for a admin user AND a password. make shit up in chat rooms. not /.

    --
    My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
  11. Re:Good points... by HoldenCaulfield · · Score: 4, Informative

    Actually, Power Users can do almost everything an Admin can do. They can't create Admin accounts, and they can install most programs. A nice reference table comparing accounts is at http://www.bc.edu/offices/help/meta-elements/doc/a rticles/html/SW-WinXPUserAccounts.shtml

  12. Re:Good points... by Anonymous Coward · · Score: 4, Informative

    Wrong. Windows is easier to write viruses for. You simply have to get someone to open an email message in Outlook, and a virus will automatically spread itself. If you wrote a virus for Mac OS (or linux, or any other OS), it would have to convince every person it was sent to, not only to open the email message but to intentionally run it. There's where the problem with Windows lies, and why no other OS is as virus-prone as Windows.

  13. another funny thing. by sammy+baby · · Score: 4, Informative

    Anyone notice this?

    From Mac Fan(atic) to Windows User

    ...So I am by no means a Windows apologist or Microsoft partisan. I began my computing career as a Mac patriot, in fact. I used a Mac SE/30 with PageMaker version 1.2 and laughed at the lowly IBM PS/2, which could just hobble along on the subpar Windows 3.0... But even back then, I had this gnawing suspicion that 18-month software development cycles could somehow hurt the platform. Before the tide really turned, however, I switched to PCs. I had joined PC Magazine, and the editorial staff used them... ...

    Please, please, tell me that he's not trying to convince us of his "Apple cred" by noting that the last time he used a Mac in a serious capacity was ten years ago?

  14. Rebuttal by The Mac Observer by benst · · Score: 4, Informative

    Bryan Chaffin from The Mac Observer goes into some of the points mentioned in the original article: The Back Page: PC Apologist Asks If We Mac Users Are Now Humble

    One interesting point made is that those who say that Mac OS X suffers fewer security and virus problems than Windows only because there are fewer Mac users just don't have a leg to stand on.

  15. To summarize the article ... by Durandal64 · · Score: 4, Informative

    "HAHAHAHAH!! Mac OS X isn't perfect! Duh, I'm so smart!"

    Is this guy for real? How does a vulnerability which involves an attacker having to break into your home network (much less a corporate one), take over a machine and then set it up as a rogue DHCP server anywhere near equivalent to something like Blaster, which spread automatically, with no machine spoofing required? Honestly, if your network is so utterly open to attack that it's a trivial task to spoof a DHCP server, there are bigger problems than OS X's security flaw there.

    The claim that Mac OS X would have more viruses if it was more popular holds some merit, but it says nothing about the lethality of those viruses. OS X has all sharing network services off by default, unlike Windows, shutting down a large avenue for virus propagation. Mail shows the entire file name of an attachment, preventing attackers from hiding extensions. Mail also does not automatically execute attachments. Furthermore, any application wishing to do anything as administrator has to ask for a password by default, and root is disabled by default. This is not the case in Windows, where tales of administrator accounts with blank passwords abound. While there may be more attempts at writing viruses for OS X if it was more popular, far fewer of them would actually reach the scale of damage that things like Blaster did. Windows is an ideal virus propagation platform not just because it's popular, but more importantly, because it's default setup is insecure as well.

  16. Re:Good points... by sribe · · Score: 3, Informative

    Control panel -> Administrative Tools -> services. easy as pie. That's not to say that the average windows user has a clue what a service is, let alone how to turn it off. The problem is that unnecessary services are on by default. But, hey, it's the age old compromise; out of the box simplicity vs. configurability.

    Sure, unless you happen to turn off the RPC service, in which case the services panel will no longer work! Classic MS incestuous garbage; in order to use the GUI to enable/disable services you must have the (formerly horribly insecure) Remote Procedure Call service running!

  17. Uh by mcc · · Score: 3, Informative

    How does a default setting regarding a specific directory's permissions plus the fact it doesn't use /etc/passwd make it "unfit for production"?

    OS X doesn't use /etc. That's just how it works. It uses the NetInfo database. This is one of the few actually well-documented parts of OS X. /etc is a vestigial limb, it's a dummy file which is involved in startup but it is not actually used for real user info. It's used in single user mode because single user mode is an emergency startup mode used for debugging, and NetInfo doesn't launch in this mode unless you launch it, because part of the single user mode's hypothetical purpose is to debug problems with NetInfo!

    You might as well call Linux unfit for production because you can do some potentially nasty security-related things in some versions of Lilo.

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts