Comments on: More security professionalism, please. http://www.macalope.com/2007/02/04/more-security-professionalism-please/ Apple news and analysis from everyone's favorite mythical Mac user Thu, 20 Nov 2008 21:03:20 +0000 http://wordpress.org/?v=2.6.2 By: The Macalope » Blog Archive » Good thing he didn’t double-dog dare http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-6155 The Macalope » Blog Archive » Good thing he didn’t double-dog dare Mon, 12 Feb 2007 19:08:19 +0000 http://www.macalope.com/?p=163#comment-6155 [...] The Macalope, his antlers dripping with sarcasm, is sure that won’t happen to Vista (trolls can read a more detailed version of the Macalope’s opinion on Vista security here). [...] [...] The Macalope, his antlers dripping with sarcasm, is sure that won’t happen to Vista (trolls can read a more detailed version of the Macalope’s opinion on Vista security here). [...]

]]> By: Glenn Fleishman http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5754 Glenn Fleishman Thu, 08 Feb 2007 18:51:31 +0000 http://www.macalope.com/?p=163#comment-5754 I think what's been lost (and the Macalope has found) in a lot of this Vista v. OS X security debate is that Vista has some kickass security and obscurity features that Apple should absolutely adopt (patent issues may prevent some of that). For instance, address space layout randomization. It's not a guaranteed exploit solver, but my understanding is that it makes Vista immediately dramatically more resistant to a host of the common major attacks against XP. It's just done. Yes, hackers will probably figure out ways to game ASLR, but it raises the bar. Apple doesn't do ASLR. They probably should. They probably will. There's a long list of neat security measures that Vista is built with and that it offers, and given that it's inevitable that Mac OS X is cracked in a comprehensive way--that's separate from how easy it is to vector the attack, something that Maynor doesn't directly address--Apple is, I hope, stealing ideas from Vista. Interestingly, I think Allchin was emphasizing the positive in the security area, while Gates the negative. I think what’s been lost (and the Macalope has found) in a lot of this Vista v. OS X security debate is that Vista has some kickass security and obscurity features that Apple should absolutely adopt (patent issues may prevent some of that). For instance, address space layout randomization. It’s not a guaranteed exploit solver, but my understanding is that it makes Vista immediately dramatically more resistant to a host of the common major attacks against XP. It’s just done. Yes, hackers will probably figure out ways to game ASLR, but it raises the bar. Apple doesn’t do ASLR. They probably should. They probably will.

There’s a long list of neat security measures that Vista is built with and that it offers, and given that it’s inevitable that Mac OS X is cracked in a comprehensive way–that’s separate from how easy it is to vector the attack, something that Maynor doesn’t directly address–Apple is, I hope, stealing ideas from Vista.

Interestingly, I think Allchin was emphasizing the positive in the security area, while Gates the negative.

]]> By: Ken http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5528 Ken Tue, 06 Feb 2007 21:08:40 +0000 http://www.macalope.com/?p=163#comment-5528 One thing that has struck me about this discussion is the simple assertion (and acceptance) of the idea that Vista has no known security flaws. Is this true? People must have been working on this. If it's true, I need to upgrade every machine in my organization post-haste... One thing that has struck me about this discussion is the simple assertion (and acceptance) of the idea that Vista has no known security flaws. Is this true? People must have been working on this. If it’s true, I need to upgrade every machine in my organization post-haste…

]]> By: Se7en http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5510 Se7en Tue, 06 Feb 2007 16:47:13 +0000 http://www.macalope.com/?p=163#comment-5510 The first thing that came to my mind is that Apple was doing exactly what Bill Gates did: challenge the hacker community to prove them wrong. So will Maynor now take Gates' challenge? Because Gates definitely threw one out there. The first thing that came to my mind is that Apple was doing exactly what Bill Gates did: challenge the hacker community to prove them wrong.

So will Maynor now take Gates’ challenge? Because Gates definitely threw one out there.

]]> By: GeoK http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5508 GeoK Tue, 06 Feb 2007 16:10:39 +0000 http://www.macalope.com/?p=163#comment-5508 I would like to offer some food-for-thought that hasn't been touched upon with this good debate. Who has the most to lose? My bet is on all the third-party security software companies and developers. There seems to be an ecosystem that is firmly in place with XP and not so much with OS X. This seems like a whole other can 'o worms. I would like to offer some food-for-thought that hasn’t been touched upon with this good debate.

Who has the most to lose?

My bet is on all the third-party security software companies and developers. There seems to be an ecosystem that is firmly in place with XP and not so much with OS X.

This seems like a whole other can ‘o worms.

]]> By: CmdNotCtrl » Blog Archive » More on Gatesgate http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5471 CmdNotCtrl » Blog Archive » More on Gatesgate Tue, 06 Feb 2007 07:22:05 +0000 http://www.macalope.com/?p=163#comment-5471 [...] John Gruber and The Macalope rebut Maynor’s claims in posts on their respective blogs. [...] [...] John Gruber and The Macalope rebut Maynor’s claims in posts on their respective blogs. [...]

]]> By: The Macalope http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5463 The Macalope Tue, 06 Feb 2007 06:11:05 +0000 http://www.macalope.com/?p=163#comment-5463 Well, the Macalope is pretty sure they added that ad today. It's not in Wikipedia's list of ads and Wikipedia does have the other most recent set. It's also not on the Unofficial Apple Weblog's list of the most recent ads. Their list of the most recent is "Surgery, "Sabotage" and "Tech Support". Apple's page has "Security", "Surgery" and "Tech Support". While the Macalope finds it probably one of the funniest of the whole collection, it's not exactly what he had in mind when he asked Apple to get serious about security. Well, the Macalope is pretty sure they added that ad today. It’s not in Wikipedia’s list of ads and Wikipedia does have the other most recent set. It’s also not on the Unofficial Apple Weblog’s list of the most recent ads. Their list of the most recent is “Surgery, “Sabotage” and “Tech Support”. Apple’s page has “Security”, “Surgery” and “Tech Support”.

While the Macalope finds it probably one of the funniest of the whole collection, it’s not exactly what he had in mind when he asked Apple to get serious about security.

]]> By: Don http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5461 Don Tue, 06 Feb 2007 05:33:37 +0000 http://www.macalope.com/?p=163#comment-5461 El Macalopo: >One. >So, it’s not “commercials”. It’s “commercial”. Au contraire, oh mythical one. There are TWO getamac ads about security. The recent one titled "Security" mentions Vista by name: http://movies.apple.com/movies/us/apple/getamac/apple-getamac-security_480x376.mov The older one titled "Viruses" mentions 114,000 viruses, but it looks dubbed in: http://movies.apple.com/movies/us/apple/getamac_ads1/viruses_480x376.mov El Macalopo:
>One.
>So, it’s not “commercials”. It’s “commercial”.

Au contraire, oh mythical one. There are TWO getamac ads about security.

The recent one titled “Security” mentions Vista by name:

http://movies.apple.com/movies/us/apple/getamac/apple-getamac-security_480×376.mov

The older one titled “Viruses” mentions 114,000 viruses, but it looks dubbed in:

http://movies.apple.com/movies/us/apple/getamac_ads1/viruses_480×376.mov

]]> By: Rip Ragged http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5460 Rip Ragged Tue, 06 Feb 2007 05:24:20 +0000 http://www.macalope.com/?p=163#comment-5460 No. Sometimes it's fun to just kick a can down the street. The can doesn't really matter, as long as there's something to kick. No. Sometimes it’s fun to just kick a can down the street. The can doesn’t really matter, as long as there’s something to kick.

]]> By: Ned Harwick http://www.macalope.com/2007/02/04/more-security-professionalism-please/#comment-5459 Ned Harwick Tue, 06 Feb 2007 05:17:17 +0000 http://www.macalope.com/?p=163#comment-5459 Right, uh, I know I’m totally out of fashion here, but... <b><i>Does David Maynor matter? At all? About anything? Ever?</i></b> <i>Okay, cool... I was just checking...</I> Right, uh, I know I’m totally out of fashion here, but…

Does David Maynor matter? At all? About anything? Ever?

Okay, cool… I was just checking…

]]>