Apple should do more regarding security, even though people believe its operating system (OS) is not vulnerable to security threats and more secure than Microsoft's Windows.
This is according to Haroon Meer, technical director of SensePost, who addressed the ITWeb Security Summit, in Midrand, this week.
Meer believes vulnerability counts cannot be used to establish which operating system - for Mac or PC - is more vulnerable. It depends on what bugs are counted into the vulnerability counts, and the companies are not comparing the same bugs in their counts at the moment, he explained.
Using the “I love you” worm, which killed many a mail server, as an example, Meer showed Mac was just as vulnerable as the Windows PC OS.
Using non-executable stack solutions, both Vista and OS X have protection, and looking at attacks against the heap, specifically heap spraying attacks where hackers are filling the heap with nonsensical code, Microsoft is protected, while Mac is not, he pointed out.
In another case, related to generic memory corruption and ASLR, Meer notes Microsoft is protected and Mac's OS 10 is only halfway there. “With regard to generic memory corruption, Windows still wins over Mac,” he noted.
“I don't believe market share has anything to do with Mac not being exploited that much, but rather because Microsoft has made it so easy for any third-party developer to develop for the Microsoft platform. That increases the opportunities for many bad developers, whereas Apple does not have these numbers of developers.”
Meer added that the more third-party applications are installed, the more open they are to vulnerabilities.
Although he openly admitted to being a Mac fan, he said: “Mac currently lags behind Windows. Windows worked hard at securing itself. Apple is starting to work harder at it, but is still vulnerable and, if not changed soon, Mac fans might find themselves red-faced and hiding at security conferences like this in the future.”
Share