
How secure is Apple? - nilsjuenemann
http://www.nilsjuenemann.de/2014/09/how-secure-is-apple.html
======
valarauca1
There was a very good talk at defcon21 (I believe) about Apple Security. It
wasn't super in-depth, it basically covered fire-walling.

Basically by default OSX ships with its firewall completely off. Turning on
your firewall, blocks most ports except the few that are by default for
standard black box mac services. If you turn on enhanced stealth mode
firewall, you block pings. Not the entire IMCP protocol, just pings. And
nothing else. So you can sync PRNG.

Also there is issues in bonjour's UDP handling which let you consume all CPU
resources (pin the processor at 100% remotely, no permissions just UDP spam).
Remotely, also bonjour can't be disabled or blocked by the GUI firewall.

:.:.:

A lot of people look at OSX and say, "Hey its a unix, I'm safe." And they
aren't. No Unix is safe by default, even OpenBSD requires you watch what your
doing.

~~~
artmageddon
I'm a fairly new OSX user, been on Windows for most of my life and on Linux
for a bit. Do you have any suggestions on guides for increasing security?

~~~
Osmium
Advice is fairly standard: don't make your main account an Admin account, give
your password out sparingly to apps that ask for it, try to use only sandboxed
apps (i.e. from the App Store), don't turn on un-needed services (these are
mostly in the Sharing pane in System Preferences). If you don't like Apple's
default firewall rules, I believe OS X has BSD-standard ipfw installed by
default, so you can use that and modify it to your liking.

Mostly, though, I'd say don't panic. Keep OS X updated and you should be fine
(inc. Flash if you use it in Safari, and keep rarely-used web plugins disabled
by default). Zero-days are always a worry, but you'll never see them coming by
definition, so there's not a lot you can do about it...

[Note, I am by no means an expert]

Edit: and, as another poster said, enable FileVault. It's a great, stable and
fast (on modern Macs, any slow-down should be imperceptible to the user)
protection against casual data theft if someone steals your computer.

------
pathikrit
Windows is like living in the ghetto with bolted doors and windows. OSX is
like living in the country side with doors open. Both are not that safe in
somewhat different ways.

~~~
antsar
As it gains popularity, that countryside is rapidly acquiring its fair share
of problems. Certainly enough to consider closing the doors.

------
hell-banned1
APPLE may be good at design, but its technology sukx. Which hacker in his
right mind will prefer APPLE to Google, Facebook or a startup?

------
ksk
I understand OSX is the topic of the article. However, I don't think Linux
fares any better. Should we really be happy that we're able to 'root' our
phones?

~~~
Pleroma
[https://en.wikipedia.org/wiki/Whataboutism](https://en.wikipedia.org/wiki/Whataboutism)

~~~
dfxm12
Yes, two wrongs don't make a right, but given the presumed motivations of this
article, it is important that everyone is aware of the security shortcomings
of the phones, other computers and computer related services we use every day.

