https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Best Practices


Windows: More Secure Than Mac OS X?

  • Written by Dave Courbanou 1
  • March 22, 2010

Canada’s security conference, CanSecWest, starts this week. Word on ‘net from security expert Charlie Miller is that he’ll be exposing serious Apple Mac OS X security flaws at the conference . Should Mac fans be nervous? Well, maybe. Here’s the scoop…

Charlie Miller — if you’re wondering what makes him so smart — is the first guy to find a critical bug in the MacBook Air and was able to exploit it in merely 2 minutes. He also won $5,000 for hacking Safari in with a less-than 10 second exploit. What’s more, he unearthed  a bug in the way the iPhone handles SMS messaging, which could be exploited for full control of the iPhone (including branching onto it for DDoS attacks.) Oh yeah, and he has a Ph.D. in mathematics from the University of Notre Dame.

At CanSecWest, he plans on exposing 20 zero-day exploits in Mac OS X. That means nobody knows about it, not even Apple. H-Online.com is reporting that he plans on being a nice guy, and only showing how he found the exploits, but not all the details of the vulnerability. But H-Online also has quoted Miller speaking about why these exploits exist:

“OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise…”

So does Microsoft’s dig about open-source software being a security issue ring true here? Well, not exactly.

The way Miller uncovered these issues is by “fuzzing.” Fuzzing is a form of hacking which basically tries to ‘break’ the program by shoving the program’s “input channels” with malformed data. The objective is to finally get the program to crash from the volume of unusable data. But even when you get a program to crash, that doesn’t mean you’ve found a hole it; it means that you can now comb through the wreckage to see what may or may not be exploitable.

But Miller maintains and has noted that Apple systems are typically cracked first at competitions, but conceded that Apple users are “safer, but less secure.” Part of that is the old song-and-dance that virus writers don’t bother with the small chunk of Apple users, but Miller also offered an interesting analogy:

“Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town….[Apple’s position on security is relaxed] They sell lots of computers and nobody doesn’t buy Apple computers because of a perceived lack of security. So in their minds, [Apple doesn’t] have a security problem until it affects their bottom line, which hasn’t been the case, yet”

Sounds kind of harsh, but is that really Apple’s position on security? Just to lay back and be relaxed ’till the bottom line says otherwise? It’s only fair to note that you can get anti-virus software for the Mac if you’re feeling super-worried, but it should also be noted that any company in any position with zero-day exploits about to be revealed can’t do anything about them, because of the simple point that they’re unknown yet. But a smart company will pay attention and fix them.

Then again, ignorance shouldn’t be an excuse for a big company like Apple. And for a company that touts their software as the end-all be-all perfect solution for all your needs, there certainly shouldn’t’ be so many  bugs…

But maybe that’s something Apple should flaunt a bit more — their security team. We know they release security updates, but we don’t really hear much about Apple in terms of how they secure their OS. With Mac OS X 10.6.3 on the horizon, it’ll be interesting to see what patches come out of Cupertino this week, if any at all.

Sign up for The VAR Guy’s Newsletter; Webcasts and Resource Center; and via RSS; Facebook; Identi.ca; Twitter and VARtweet.


Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Best Practices

Related


  • Vendors: How Do You Measure a Partner Relationship?
    Vendors still struggle to gain a genuine insight into their partners’ needs. So what can they do?
  • New challenges and opportunities_many path options
    The Top IT Challenges Executives Will Face in 2021
    Obstacles include bridging the IT skills gap, managing remote workers and managing migration to the cloud.
  • Disaster Recovery
    Disaster Recovery Planning Includes Ensuring That Data Can Be Recovered
    Here’s how to ensure that your disaster recovery solution will work when it matters.
  • Technical Know-How
    Companies Seek IT Security Resellers with Technical Know-How
    Providers can offer managed services to fill customers' cyber-defense needs.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Partners Share Their 2021 Goals—and Plans for Achieving Them
  • Industry Experts Laud Biden Proposal for Increased Federal Cybersecurity Spending
  • Why Partners Should Prioritize AI in 2021
  • SolarWinds Hackers Hit Malwarebytes, But Impact Limited to Internal Email

Galleries

View all

Channel Partners Virtual 2021 Is the Hottest Ticket in Town

February 26, 2021

Industry Perspectives

View all

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@Netrality launches expanded partner program. #datacenters dlvr.it/RtrKXt https://t.co/2qHhnqrF7g

March 3, 2021
ChannelFutures

With day one of #CPVirtual in the books, we offer a recap of highlights and look ahead to day two. @Channel_Expo… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

Why Fortinet for my MSSP? @EXN_Networks dlvr.it/Rtr1JS https://t.co/VV1dfuEK3r

March 2, 2021
ChannelFutures

Small and Mid-Size Business Security: 4 Steps to Success @EXN_Networks dlvr.it/Rtr1J9 https://t.co/ENfDHBfajN

March 2, 2021
ChannelFutures

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul @EXN_Networks dlvr.it/Rtr1Hq https://t.co/3aAZL31Y2e

March 2, 2021
ChannelFutures

Mapping the Ransomware Landscape @EXN_Networks dlvr.it/Rtr1F6 https://t.co/oTSoIJKlA5

March 2, 2021
ChannelFutures

Top 5 Considerations when Selecting an EDR Solution @EXN_Networks dlvr.it/Rtqt8V https://t.co/g9VLXbj2Rx

March 2, 2021
ChannelFutures

[email protected] launches new #partnerprogram. #zerotrust dlvr.it/RtqhZB https://t.co/yIUhvYkYUs

March 2, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X