Sunday, March 22, 2009

I used to think OS X had some decent security advantages...

Someone with credibility says not at all ...
Questions for Pwn2Own hacker Charlie Miller | Zero Day |

... It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it...
If true, then the only security advantage of OS X is that fewer hackers are interested in exploiting it.

Reading onwards he's comparing OS X to Vista, not to XP. That does make sense, I'd not thought of OS X as being secure compared to Vista.

In his opinion Chrome on Vista is a very tough target, but nothing on Vista is trivially easy. By comparison everything on OS X is trivial. A good bit of the difference appears to be address randomization, a Vista feature that, think, was supposed to have been a part of 10.5 but didn't make the cut.

No comments: