Pwn2Own 2009 Winner Charlie Miller Interviewed

crazipper writes "Tom's Hardware interviewed Charlie Miller, winner of this year's Pwn2Own contest and formerly with the NSA. He discusses the effort it took before the contest to be able to take down a MacBook within seconds, sandboxing, and the effectiveness of the NX bit and ASLR. His outlook on end-users protecting themselves against attacks? 'Users are at the mercy of the products they buy.'"

I think the best quote was...

[vux984]

Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there.

That pretty much been my take on the situation as well. Vista SP1 really is one of the most secure OSes I've used.

They glossed over Linux on this question, but I suspect Vista SP1 is probably more secure than linux too 'out of the box'... but again less safe in actual practice. Again simply due to the sheer relative volume of malware and the relative high value of windows exploits to linux ones.

(Although Linux at least does have 'SE Linux', AppArmor, Exec Shield, support for ASLR, etc, etc so its more a case that its just not on by default yet. (Ironically a complaint usually levelled at Windows).

And while improvements are added with each kernel release, too Linux admins refuse to install them because would reset their belowed uptime scores which they feel the need to post to /. on a regular basis...

I kid... I kid...