Slashdot Mirror
Apple Cites Open Source Core Security
ChilyMack writes "In a CNet article, Apple senior vice president Bertrand Serlet says, 'A lot of security problems derive from the core ... [With open source code,] thousands of people look at the critical portions of source code and ... check those portions are right. It's a major advantage to have open-source code.'"
Especially considering how just a few days ago Steve Jobs was saying in an interview here. [alwayson-network.com] how they were trying to not be blatant about trumpeting this advantage to avoid becoming a target for viruses and other security breaches.
Although, if Steve Jobs points that out in an interview, then how low-profile can it really be?
Or it could be that the institutions with money (i.e. something to hack for) are running IIS or other commercial web servers as opposed to the home websites running freeware like Apache. And others are probably spoofing Apache to throw hackers off the scent, so Netcraft numbers.
.... like setting ownership/permissions on tty devices with Apple X11's xterm.
Nice as this sounds and all, I have to point out that there's an awful lot of OS X code out there that is closed source.
Though most of the directly network-exposed stuff seems to be generally open source (well, dunno about Rendevous).
May we never see th
- tristan
By that logic Apache should have more exploits than Microsoft's web server
It possibly does.
361 Apache Advisories on Buqtraq VS 141 IIS advisories
A rough and cheap example, but never the less a belief that Apache is somehow super secure is a nonsense.
The many eyes argument is a tired one - how many people actually check the code, how many of those people are experienced enough to find vulnerabilities?
Look at the DARPA funded Linux Security effort. It died because noone was contributing.
Open source is great because you can read the code, but a belief that someone else must be auditing that code leads to security through delusionment - unless YOU are auditing the code, and unless YOU are trained to know how to audit it well, don't assume anyone else is.
It has become appallingly obvious that our technology has exceeded our humanity. --Albert Einstein
Personally, I don't really think Macs are "obscure" at all.
Macs have been around for what, 20 years? I don't know a single graphic designer who hasn't at least spent a fair amount ( if not all) of their time on them.
Obviously, Macs aren't number 1, but as regards *personal* computing they're definitely number 2. Macs have a huge mindshare. Macs are everywhere from schools to businesses to government and even science.
Saying the Mac is obscure is like saying Zenith is obscure because Sony has #1 marketshare. (Note how I avoided a car analogy.)
lorem ipsum, dolor sit amet
OS X is not "secure" because it uses Open Source, it's less targeted because it has far less market share
These things are not mutually exclusive. OS X may, in fact, be more secure because it uses open source, and also has fallen to fewer (zero?) exploits in part because it has smaller market share.
I'll also remind everyone that it has had it's share of URI handler problems, but of course people will claim they only had those problems because they used a closed-source browser.
True, but that was a problem with one application, and technically not the "operating system." I know Microsoft wants us all to believe that a web browser is an essential, inseperable component of an OS, but on OS X it's just another app. The URI handler exploit does point up a problem in that, IIRC, it could be used to gain root and do whatever. But it's misguided to think of it as some inherent security flaw in the kernel.
I got Apple laptops for the family (which you can have when you pry them from my cold, dead fingers)
No thanks, I'm really not interested in "having" your family in any sense of the word.
People have an irrational hate for Microsoft
Some people do. Some people have a rational dislike of Microsoft.
and even when presented with easier opportunities elsewhere, will often prefer to write exploits for Microsoft products.
I think you're speculating here. I doubt very much that hatred of Microsoft, rational or otherwise, is a primary motivation for most of the people out there writing viruses. Indeed, most of the people I know who really dislike MS avoid using its products, and therefore use either Linux or MacOS. (Though I guess you could make a pretty good argument that if you use Windows long enough, you'll build a pretty solid dislike of MS.)
My point is, the people who write Windows viruses and worms and such are probably NOT Mac and Linux users. They're Windows users who want to show off their programming skillz and build some kind of hacker cred. They're not mainly driven by ideology, but by their own egos. And when it comes to "easier opportunities," well, it doesn't seem like there are any that are easier than Windows.
That's not going to change any time soon, and given Apple's rabid fan base and rapidly swelling Open Source cheerleading squad, it's only likely to go the other way.
Dude, you've been reading too much Microsoft PR. When was the last time you met a "rabid" (meaning "infected with rabies" or implying foaming at the mouth, wild-eyed, unable to think clearly) Mac user? We're mostly a pretty mellow bunch, and we just want to get our work done without the OS getting in the way. We like that it looks nice, works well, and has some cool features. And Apple makes pretty darn nice hardware. What's irrational about that? What's so wrong with thinking Microsoft products are crappy?
Apple will be glad to know it's got a rapidly expanding open source cheerleading squad, but only if it leads to rapidly expanding sales.
You're at least partially right, though there is room for disagreement (the way Windows puts all the metadata about executability in the file extension is a fundamental flaw, I'd say).
In the end, it doesn't matter why Mac OS X has fewer security problems - it only matters that it does have fewer problems.
Right now, if you're using file formats and applications that are standards-based and/or cross-platform, you have a choice as to which platform to use.
If you're using Windows, you're sitting right in the bullseye.
If you're using anything else, you're sitting out at the edge of the target.
I prefer to get work done with my computer, without worrying about incoming darts - that's why I use Anything But Microsoft. I'll reconsider my stance when the situation in the real world changes - either exploits for other platforms go up, or exploits for Windows taper off to the annoyance level. Call me when that happens, OK?
To a Lisp hacker, XML is S-expressions in drag.
In the end, it doesn't matter why Mac OS X has fewer security problems - it only matters that it does have fewer problems.
Yes and no.
Yes, in that of course, for you and I in there here and now, this is most important in practical terms. We can both get on with our work with fewer hassles.
No, in that the why is important for several reasons. I think it's important to look at the obscurity angle, and break it down into two areas. 1) is that obviously because there are fewer Macs as compared to Windows machines, there are less opportunities for exploitation, even if the level of security were the same. More importantly, 2) is that OS X is incredibly unlikely to become a vector for viral infection. This has important implications for computing as a whole and in arguing for heterogenous computing environments. A business that uses a mix of OSes is far less vulnerable than an all Windows shop, and it could very well be that having a mixed environment is far cheaper in the long run. An internet not totally dominated by Windows PCs will be less vulnerable to epidemics, and those epidemics will burn themselves out more quickly. Thus it is good public policy to encourage the adoption of alternative OSes in business and especially in government.
It's not offtopic, dumbass. It's orthogonal.