Kompressor

Windows 7 Bests Snow Leopard Says Mac Hacker

A notorious Mac white hacker has put the latest iterations of client operating systems from both Apple and Microsoft in the balance and, after weighing, found the most recent cat from Cupertino inferior in terms of security compared to the rival from Redmond. Charlie Miller, of Baltimore-based Independent Security Evaluators, who managed to hack Mac OS X Leopard in record time in the past, indicated that the security Apple built into Snow Leopard is inferior not only to Windows 7, but also to Windows Vista, a three-year old operating system released at the end of January 2007. Miller’s statement contradicts the general perception that Mac OS X is superior in terms of security compared to Windows, and the security researcher should know, since he hacked Apple’s operating systems on more than one occasion.

Charlie Miller is best known for its Mac OS X hacks in the past two years, which have generated headlines around the world. Back in March 2008, the team of Miller, Jake Honoroff, and Mark Daniel from Independent Security Evaluators successfully "pwned and owned" an Apple MacBook Air, in a hacking contest sponsored by TippingPoint's Zero Day Initiative. At that time, Mac OS X was the first to fall, ahead of Vista SP1 Ultimate and Ubuntu in the Pwn2Own contest from CamSecWest. But Miller wasn’t done. In mid-March 2009, he hacked Mac OS X in just 10 seconds in the same Pwn2Own CamSecWest hacking competition.

The difference Miller argues, according to TechWorld, is made by Address Space Layout Randomization (ASLR), a feature underdeveloped in Snow Leopard. “ASLR moves images into random locations when a system boots and thus makes it harder for shell code to operate successfully. For a component to support ASLR, all components that it loads must also support ASLR. For example, if A.EXE consumes B.DLL and C.DLL, all three must support ASLR. By default, Windows Vista will randomize system DLLs and EXEs, but DLLs and EXEs created by ISVs must opt in to support ASLR,” Microsoft reveals, and the same is valid not just for Vista, but also for Windows.

The security researcher indicated that Apple failed to introduce a fully fledged and fully functional, for that matter, ASLR in Snow Leopard. The largest problem related to ASLR according to Miller was the fact that Apple did nothing to improve the technology from Leopard to Snow Leopard. The latest versions of Mac OS X feature an ASLR that continues to ignore key components of the platform when it comes to randomization. Miller pointed out that the Snow Leopard ASLR fails to randomize the heap, the stack and the dynamic linker, delivering a wider attack surface than the ASLR in Windows Vista or in Windows 7.

"I hoped Snow Leopard would do full ASLR, but it doesn't," Miller stated. "I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard. The security researcher revealed that while there are security enhancements in Snow Leopard, related to QuickTime and Data Execution Prevention, ASLR is the key factor that still makes Vista and Windows 7 more secure.

“Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7. When Apple has both [in place], that's when I'll stop complaining about Apple's security," Miller added. “It's harder to write exploits for Windows than the Mac, but all you see are Windows exploits. That's because if [attackers] can hit 90% of the machines out there, that's all [they’ll] do. It's not worth [them] nearly doubling [their] work just to get that last 10%."

Still, Snow Leopard continues to benefit from the perception of Mac OS X being more secure than Windows. Primarily, this is related to the security-through-obscurity model, which implies that Apple’s small share of the OS market makes its platform less attractive to attackers. "I still think you're pretty safe [on a Mac]," Miller noted. "I wouldn't recommend antivirus on the Mac. ASLR and DEP are very important. I just don't understand why they didn't do ASLR right."

__________________
Think like a man of action, act like a man of thought. -H. Bergson

wellfleation

Yeah, I believe everything he says. Windows 7 has not even been released yet and you will have to shell out over $200 for it. Keep giving them your money and enjoying there bloated, crappy OS. Has MS ever made ANYTHING better than Apple? They just do poor rip-offs from Apple, among other Co.

Even those that say iTunes sucks and is bloated Check out the latest version of Microsoft's Zune software.

465 MB download! Wtf! Probably preloaded with spyware, as usual. iTunes 9 is great, at least on OS X.

MS is just a shitty copy cat company, admit it.

__________________
FIGHTPOWER

Grieves

You forgot to use those mac forum emoticons...

__________________

ionlylooklazy

macs dont get viruses because historically their install base is tiny compared to windows.

its like when the ps3 was first released, who wanted to waste their time, money, and effort developing for the ps3 when theyll have a greater return investing on the x360.

CBCOOLEST

Update 3: A Windows 7 Survival Guide
Windows 7 Survival Guide: From 32- To 64-Bit -- Windows 7 -- InformationWeek
Windows 7 Deal: Students Win

__________________

CBCOOLEST

Update 4: Why I chose Windows 7 over Snow Leopard (and you should, too) | Betanews

__________________

CBCOOLEST

Update 5:
Windows 7 - Not a Question of If, But When | IT Leadership | TechRepublic.com

__________________

CBCOOLEST

Update 6:
Windows 7 Will Change Everything, Analysts Say - PC World

__________________

Flamingnun

And like it is now...

__________________