Re: Apple: Taking OS X security seriously -- finally

[InfoSec News <isn () c4i org>]

Forwarded from: Richard Forno <rforno () infowarrior org>

Overall, a good article.....Apple OSX is still one of the more secure
out-of-the-box OSes you can find. Few if any services are enabled by
default, and those that are are easily disabled if necessary.

However, the article fails to mention that Apple promptly admits
responsibility when they screw up -- a few months ago Apple released
an update to iTunes, its popular MP3 player - but unknowingly, one of
its developers included in the install script a unix command to erase
a user's data directory!!

Not only did Apple pull the upgrade from its website immediately, but
within 24 hours a revised installer was posted, along with a statement
admitting it was Apple's fault for causing the problem. Further, Apple
told those that lost data as a result that it would reimburse them for
purchasing disk utilities (eg, Norton stuff) and/or the price to have
a professional restore their data. You'll never see this level of
public responsibility from other, larger software monopolies.

It was refreshing to see the article note that Apple doesn't force
people into goofy licensing schemes to receive support and such,
something I discussed recently in an article entitled "Microsoft makes
a deal you can't refuse"
(http://www.infowarrior.org/articles/2002-09.html)

I've been a PC user, but a longer Mac user -- Apple may be a smaller
community, but I trust it - and its users and software - much, much
more than anyone else. As I said, I prefer to be the one in-charge of
the relationship with my computer.

Happy 4th!

Rick
infowarrior.org




> From: InfoSec News <isn () c4i org>
> Reply-To: InfoSec News <isn () c4i org>
> Date: Wed, 3 Jul 2002 06:36:34 -0500 (CDT)
> To: isn () attrition org
> Subject: [ISN] Apple: Taking OS X security seriously -- finally
>
> http://www.zdnet.com/anchordesk/stories/story/0,10738,2873326,00.html
>
> Stephan Somogyi,
> Contributing Columnist,
> AnchorDesk
> Wednesday, July 3, 2002
>
> During the days of Mac OS 9, Apple didn't need to pay much attention
> to security. Attacks on Mac OS boxes were extremely rare, successful
> ones well-nigh unheard-of. But Mac OS 9's excellent security record
> does not automatically transfer to OS X just because both OSes
> originate in Cupertino.
>
> Thanks to Mac OS X's Unix plumbing, any vulnerabilities in Unix
> software instantly become vulnerabilities in OS X. Unix vendors as a
> rule have always been quick to issue both security alerts and fixes
> for discovered holes. Which means that Apple now has a pretty high
> standard to live up to.
>
> If you're a Windows user, you've grown accustomed to the
> never-ending stream of vulnerability announcements, interminable
> waits for fixes, and, most recently, unilateral changes of your
> end-user licensing agreement that grant Redmond remote admin
> privileges on your system. Trustworthy computing, indeed.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.