Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intego's "Year In Mac Security" Report

Posted by kdawson on from the almost-popular-enough dept.

david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."

5 of 132 comments (clear)

  1. So, avoid pirated Mac software... by Chris+Tucker · · Score: 4, Informative

    ...and let Software Update do it's thing with Security Updates.

    Don't go online as Root, and really try not to open email attachments that claim to be "Nude Photos of (insert female athlete name here)"

    Really, how hard is that?

    --
    Guaranteed! This comment 100% Anthrax free!
    1. Re:So, avoid pirated Mac software... by lseltzer · · Score: 3, Informative

      The public exploits only affect IE6 users on XP.

      Private exploits could affect IE7 users on Vista or even IE8 users on XP, but not if they activate DEP. If you activate DEP even XP users are protected. IE8 users on Vista and Win7 are effectively protected by DEP/ASLR.

      So, in effect, if you update even just to year-old technology you're protected.

  2. Re:Apple's DRM seems to be the main problem by RMH101 · · Score: 3, Informative

    THis is missing the point. The reason jailbreaking is allegedly unsafe is because once jailbroken, you can install SSH, and if you're dumb enough to not change the default root password, you can get owned. You get warned about this specifically when you install SSH anyway. If the phone were sold "open" and you installed SSH, you'd have the same issue. The point is that if someone goes out of their way to install SSH on their phone (which is a pretty hardcore geek activity anyway) and doesn't change the root password, then they're kind of asking for trouble.

  3. Talking through their hat since 2004 by argent · · Score: 3, Informative

    Back in 2004 Intego's big complaint about the Mac was that because it's based on UNIX, if you could get it to execute a shell script you could do anything on the computer, and that Applescript wasn't sandboxed. They never noticed that the same was true of CMD.EXE and VBscript on Windows, DCL on VMS, and every other native scripting environment on every OS, ever, anywhere.

    Intego's business model appears to be FUD.

  4. Re:'Pretty well' isn't good enough by mario_grgic · · Score: 3, Informative

    The article you like to is talking apples and oranges literally. If the implication is that BSD bug is also a bug in OS X, then it's false. The bug is not present in OS X.

    iPhone on the other hand is a completely different beast and yes it is locked down platform mostly for the benefit of the users, so we don't have to worry if an application is safe to install and use.

    Yes, there may be security issues in iPhone apps, but even the security updates of applications go through the same review process, which may catch an omission in the review of the previous version (which is what happened in the case of the software discussed in the article).

    The review process is not perfect nor ideal, but I for one am thankful that someone else is testing the applications for me and I don't have to waste the time and money on tools to check what each app does and it it is safe to use on my phone.

    --
    As the island of our knowledge grows, so does the shore of our ignorance.