Mac OS X security and the media
Ok, the recent flurry of media about security holes in OS X is driving me nuts. I will agree to two things:
- there are security issues in OS X, just like there are in every operating system, but the workarounds are quite easy and quite sane;
- shame on Apple for leaving some boneheaded settings as default - you’re pulling a Microsoft on us.
First, the whole “virus” issue. There still haven’t been any true self-propagating viruses for the Mac in several years. The current crop still require user authentication and permission to install, which means that at best, they are trojans using “social engineering” to propagate. That means that Evil Person X sends you a misnamed file, which you, if you aren’t thinking clearly, open and allow to install, typing in your admin password when it prompts. Shame on you.Second, there’s been a lot of furor about a supposed hacking contest where the winner took 30 minutes to deface a web page hosted on an owner’s Mac. Here’s the deal: everyone who participated was given a local user account on the Mac. It’s like giving someone the keys to your flat, and telling them not to go into the kitchen, then getting upset when they do. More details here.So, I still stand by regarding OS X as the most secure desktop OS available. Just turn off Safari’s automatic opening of downloads - it’s a preference, folks - and know the source of files you open.Off soapbox.edit: here’s a Slashdot thread about the University of Wisconsin’s response to the whole “hack-a-Mac” challenge.edit #2: Here’s the results of the UW’s challenge. Long story short: the test Mac was hammered, complete with traffic spikes of 30Mbps and two DoS attacks, but no successful access, and the box stayed up the entire time. Click the link for more details.