Slashdot Mirror
Mac OS X Security Criticisms Countered
Paradox writes "In response to the recent PC Magazine story criticizing Mac OS X security, technologist/author Richard Forno has written a rebuttal criticizing the author and raising some good points about the fundamental differences between Windows and Mac OS X. Considering Lance Ulanoff's tone during his article, a rebuttal from the Mac OS X community was inevitable." Forno's conclusion: "Trustworthy computing must be more than a catchy marketing phrase. Ironically, despite a few hiccups along the way, it's becoming clear that Mac OS, not Windows, epitomizes Microsoft's new mantra of 'secure by design, default, and deployment'."
Execute the following in a terminal on your OSX system, and you will see:
At least on 10.2, the root directory is writable by the admin group.
Furthermore, when the OSX installer creates the first user on the system, this user is automatically added to said admin group. This means that a Joe Blow (l)user can write to the root directory (bearing the sticky bit limitations in mind).
Apple has circumvented the traditional UNIX security mechanisms, and added this "admin" functionality that really doesn't fit within the BSD environment. UNIX has already been vulnerable to an avalanche of buffer overflow vulnerabilities over the years; weakening a security model that has already had significant difficulties is a questionable practice.
Apple's policies on OS upgrades and patches are also not entirely to my liking.
Personally, I would avoid OSX on a critical system. Sun would be roasted alive if they tried something like a writable root directory in Solaris.
And after that article, I'm thinking that my next computer purchase might be a Mac.
Egads.
http://use.perl.org
"This is a fundamental point of epistomology."
Actually, it's a fundamental point of
"epistemology" - for those of us who are
illiterate and need correct spelling to
look up and determine the meaning of
such highbrow wordings.