Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple's Unlikely Security Mentor: Microsoft

Posted by Soulskill on from the now-use-head-for-something-other-than-target dept.

snydeq writes "Apple has much to learn about securing an operating system, and it could learn how from Microsoft, Roger Grimes writes in the wake of further evidence that Macs are more vulnerable to attack than Windows machines. 'It's taken Microsoft 10 years to turn security from a weakness into a strength. Apple can use the lessons learned by Microsoft to manage a quick turnaround. Apple has already hired one of Microsoft's former security leaders, Window Snyder, and it has adopted a modified form of Microsoft's Security Development Lifecycle programming practices. Apple has the benefit of seeing how Microsoft fixed its past mistakes.'"

7 of 204 comments (clear)

  1. Meanwhile by CharlyFoxtrot · · Score: 4, Informative

    Meanwhile actual hackers, like the guys who won the Pwn2own contests by beating OSX security, now say OSX Lion is more secure than Windows (even though they previously freely admitted Snow Leopard was trailing Windows' latest offering in that department.)

    "Both Miller and his co-author in the book The Mac Hacker's Handbook, Dino Dai Zovi of Trail of Bits said that from a security perspective, Snow Leopard was little better on Leopard, but that Lion is a "significant improvement." Zovi describes the level of security in Lion as "Windows 7 plus plus." Apple hired the inventor of the BitFrost security system for OLPC, Ivan Krstic, two years ago in an effort to beef up core OS security. Krstic's methods in BitFrost mirror closely what has now been implemented in Lion."

    --
    If all else fails, immortality can always be assured by spectacular error.
    1. Re:Meanwhile by jimicus · · Score: 4, Interesting

      IMV, Apple products/features over the course of the last 5-8 years follow a fairly straightforward model which can be broken down into a few steps.

      1. Release Not-Terribly-Shiny Version 1.0. It may not be the most sophisticated in the world, it may have a whole heap of issues. But it will be released. The rest of the world says "ho-hum". It probably won't sell spectacularly, but it won't be an abject failure. (See also: First generation iPod. First generation iPhone. OS X when first released.)
      2. Release Shiny Version n+1. It fixes most of the issues of the previous version. Technologically it's unusual for it to do anything new, anything that the competition doesn't already do. But what it does it executes with so much style, so much polish that the rest of the industry is left looking rather pathetic and scrabbling to catch up. It sells spectacularly. (See also iPhone 3G)
      3. Apple will rest on its laurels. There will be updates to their products, but by and large they'll be relatively minor increments rather than ground-breaking "my God that's amazing" ideas. These will be released as Shiny Version 3.0 and 4.0. (See also iPhone 3GS, OS X versions 10.3-10.4).
      4. The rest of the industry will catch up. Products will appear that compete with Apple's equivalent on features, price and polish. Then, just as people are starting to seriously question Apple and wonder what they're doing...
      5. Repeat steps 2-4.

      If I'm right, the iPhone 5 won't be a huge breakthrough over the iPhone 4. It may have a few tweaks here and there, but it won't be "Steve, take me now!" fantastic. The iPhone 6, however, will probably be leaps and bounds ahead of the 5.

  2. Re:Is that former MS Employee truly named "Window" by show+me+altoids · · Score: 3, Informative

    It's a she, and her real name is Mwende.

    --
    I feel sorry for people that don't drink, because when they get up in the morning, that's as good as they're gonna feel
  3. Security is a *strength* for MS? Really!? Who knew by GSloop · · Score: 4, Interesting

    'It's taken Microsoft 10 years to turn security from a weakness into a strength"

    Really? A strength? Seriously?

    Is that why we got the ping of death back in Vista/Win7/2008 because of a forked TCP stack?....
    Because Security is a "Strength" for Microsoft?

    Honestly, while security *may* be better [and I'm not sure that's true] at MS, it certainly IS NOT a strength of theirs.

    If that's the view of the moron who wrote this - I'll trust everything else written with the same level of massive skepticism. [i.e. It's clear a moron wrote this - so I'll trust everything else in here just as much as I'd trust any other moron.]

  4. sounds like doublespeak by v1 · · Score: 4, Insightful

    It's taken Microsoft 10 years to turn security from a weakness into a strength

    The only thing "strong" about windows security is the botnets that grow to 100,000 computers strong

    Until MS expunges the litany of windows-running botnets from my inbox I'm not buying that BS. If they can take down the botnets, I'll acknowledge they've taken security seriously from a consumer protection standpoint. They can trot around the ring all day long yelling "We're tough on security now!" and I'll sit back with an "I'll believe it when I see some results" attitude. Put up or shut up. Ya I know, fat chance, but that's my opinion on it.

    --
    I work for the Department of Redundancy Department.
  5. Wow by ArundelCastle · · Score: 5, Informative

    People automatically assume it's a guy? That's chauvinistic.
    Also, she has been head of security at Mozilla. I guess the summary didn't want to throw a third party into the debate.
    http://www.usatoday.com/tech/news/computersecurity/2008-06-17-mozilla-window-snyder_N.htm

  6. Obvious? Not so much by benjymouse · · Score: 3, Informative

    ... because they started with a solid proven design, UNIX. Microsoft never had that advantage.

    Yeah, good UNIX proven design

    Like setuid servers (not!) where even simple bugs allow an attacker direct root access

    Like the hopelessly inadequate me-us-world security coarse-grained security which requires proper ACLs to be bolted on top.

    Like you cannot set up proper inheritance of security from parent folder, leading admins to design strange processes to wake up and chmod files.

    Like the almighty root to rule them all. No separation of duties there. (Windows has proper separation of duties based on privileges. Even admin does not own all privileges, for instance the admin *cannot* write to or clear the security log).

    Like the UNIX idea of a "token" which are just UIDs hard-wired to user accounts. (Windows has *real* process tokens which can be manipulated per process, e.g. stripping certain privileges from a process even if it runs under an admin account).

    Windows security design is not perfect, but it is a god deal better designed and more capable than the "UNIX proven design". Why do you think SELinux was developed by the NSA? Because Linux with its "proven design" was woefully inadequate for government work - a task for which Windows is certified but only few Linuxes - those with SELinux).

    We keep hearing about this "superior" Unix security design. But it is always referred to in the abstract with no details. Maybe it is some magical fairy or Apple dust?

    Yes, a good admin can lock down a Linux with apparmor or SELinux pretty tight. Both apparmor and SELinus are solutions which compensates for the initial inadequate design.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*