Tuesday, December 11, 2007

Tech Pulse 20071108: Does Mac Security Suck?

Listen to this episode! Subscribe to the MP3 feed via iTunes

Josh and Big-O discuss Google's Android phone platform announcement and the new Mac OS X Trojan spreading through porn sites, and talk at length about the pros and cons of Mac OS X vs. Windows security.

Notes and links related to this episode:

Opening Thoughts
  • The iBride and iGroom have posted details about how they met and how they planned crashing the Apple Store
Tech News
  • Google's mobile phone platform announcement: the Open Handset Alliance and "Android"
    • Google is not (yet) building its own cell phone hardware
    • Microsoft CEO Steve Ballmer pooh-poohed Google's efforts, calling the Open Handset Alliance "just some words on paper right now" and boasting that Microsoft has "many, many millions of customers" who use Windows Mobile on their phones
    • The open, Linux-based nature of Android contrasts sharply with the closed software platform of the iPhone (at least until February when Apple plans to release an iPhone SDK)
    • If Google chooses to make it an ad-supported platform, how invasive will it be to the user's privacy?
  • New Mac Trojan horse (eloquently dubbed "OSX.RSPlug.A") is in the wild and being distributed through porn sites
    • Trojan horses do not self-propagate or spread themselves automatically over a network
Special Feature: Does Mac Security Suck?
  • Similarities between Leopard and Vista security:
  • Cons of Mac Security:
    • the Leopard firewall is off by default vs. Windows XP SP2 and Vista's firewalls being on by default
      • being off by default makes Macs running any kind of networking services much more vulnerable to remote attacks and exploits
      • plus, the Leopard firewall has been criticized as allegedly not working as well as it should
    • lack of anti-phishing in Safari and Apple Mail vs. anti-phishing built into IE7 and Windows Mail
    • the Status Bar is still turned off by default in Safari 3 in Leopard; this leaves users completely unaware of where any link will take them, which can make it easier for people to fall into traps such as phishing scams
  • Pros of Mac Security:
    • Leopard uses a proven BSD-based networking stack vs. Vista's virgin stack
    • real-world numbers of viruses and spyware for Mac compared to Windows: Sophos reports that by the end of 2006 there were over 207,000 known malware threats (PDF link), and so far there have been fewer than 5 known Mac OS X Trojans in the wild; Windows is still by far the biggest target
    • Mac OS X comes with a Web filter (as part of its Parental Controls, for non-admin accounts only) vs. Vista includes no Web filter
    • Mac OS X knows when to (and more importantly, when NOT to) prompt the user for administrator approval, "without bugging the crap out of you" and "going overboard" like Vista does; Vista users can get so desensitized to these prompts that they simply dismiss them out of habit without paying attention to what's going on
Log Out