MIT Technology Review Subscribe

Style vs. Security for Macs

A Mac hacker (and self-confessed fanboy) says that Apple lags behind in security.
By Erica Naone

“I’m a total Apple fanboy,” said security consultant Dino Dai Zovi during his talk yesterday afternoon at the SOURCE Boston computer-security conference. “If Apple made clothes, I’d probably dress in them.”

But part of being an Apple fanboy for Dai Zovi means hacking Macs, and he says that OS X is often easier to hack than Vista or Linux.

Advertisement

Apple enthusiasts often extol the security of the Mac operating system, and they rarely run antivirus software. Dai Zovi agrees that Macs generally face less attack from malware authors, but he said that’s not due to the impenetrability of OS X. The Mac may be safer, but it’s not necessarily secure, he said, comparing the situation to leaving your front door unlocked because there aren’t many thieves in the neighborhood.

This story is only available to subscribers.

Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.

Subscribe now Already a subscriber? Sign in
You’ve read all your free stories.

MIT Technology Review provides an intelligent and independent filter for the flood of information about technology.

Subscribe now Already a subscriber? Sign in

Today, about 10 percent of browsers run on OS X, so it’s just not profitable for malware authors to go after Macs, Dai Zovi said. However, the situation could change if Apple continues to gain market share.

In his talk, Dai Zovi demonstrated an OS X attack that allowed him to take control of the built-in camera on a MacBook. He also outlined several ways that attackers could exploit flaws in OS X. For example, he said that many exploits require attackers to locate data stored in a computer’s memory. Vista and Linux use randomization to make this hard to do, and, while OS X does randomize some data, other things are relatively easy for an attacker to find.

Dai Zovi said that Apple has a chance to improve security with its forthcoming Snow Leopard update to OS X. Without improved security, he worries that people may start worming in to Apple’s computers. “Writing exploits for Vista is hard work,” he said. “But writing exploits for Mac is fun.”

This is your last free story.
Sign in Subscribe now

Your daily newsletter about what’s up in emerging technology from MIT Technology Review.

Please, enter a valid email.
Privacy Policy
Submitting...
There was an error submitting the request.
Thanks for signing up!

Our most popular stories

Advertisement