
Former Hacker: Microsoft More Secure Than Apple, Adobe - rpledge
http://www.pcworld.com/article/194686/hacker_says_microsoft_secure.html
======
tptacek
Marc's not saying anything that 80+% of people working in software security
haven't been saying for years. Nothing against Marc, just, this isn't
controversial. Of course they are.

~~~
codexon
Many mac owners I know repeatedly tell me that they are impervious to viruses.
This belief is quite widespread.

~~~
yardie
In my office we have email virus scanners, network virus scanners, and virus
scanners on all the PCs and servers. You know what they are all looking for?
Windows viruses. I'm probably more advanced than most Mac users, I don't enter
my password at the request of every prompt and I read the file manifest for
each installer. Mac owners are know they are not impervious. Most wouldn't
know what to do if their Mac was infected with a virus. But they know there
are far juicier targets than OSX.

A virus hasn't been built yet to take a Mac down. What you have is a bunch of
hypothetical lab scenarios of how it could be done, and 0 real world data.

Companies are paying crackers with $2000 Macbook Pros while real money is
being made ($millions) writing PC viruses. OSX doesn't need to be more secure
than Windows 7 (it should be the goal though). It just needs to be more secure
than 90% of the PCs out there running XP.

------
city41
For what it's worth, the cover of "Writing Secure Code 2" has a quote from
Bill Gates "Required reading at Microsoft." On my very first day at MS I was
handed a copy and told to read it (and I did). Our code also went under strict
security reviews and just about any refactoring, bug fix, anything that
potentially affected security had to be reviewed too.

------
argv_empty
_The only reason Apple gets little increase in security is because they're
running on top of a Unix-based operating system and they can take advantage of
some of the things that have been done for them._

Am I misreading this, or is he saying these advantages Apple has don't count
because they're playing on easy mode with their OS design?

~~~
fauigerzigerk
No, he's saying Apple got a basic level of security for free but if they don't
fix their broken security auditing the issue will creep up on them (and their
users) as they gain market share.

I use Unix as well, on the server and on the desktop. But that doesn't
automatically make all my code secure. What made Unix more secure than the
original Windows was a particular attitude. An attitude that Apple doesn't
have (or maybe didn't have until very recently).

------
aero142
Yes, but Apple has a smaller install base so they are targeted less often. In
practice, I think you are more secure on OSX at the moment. If their install
base grows, I expect that will change.

------
mattparcher
PCs are more secure, while Macs are safer.

~~~
sev
Can you explain how security does not lead to safety in this case?

~~~
statictype
I think what was meant was:

Even though Macs may be less secure than Windows, there is significantly less
malware targeted at Macs, so a Mac is relatively 'safe' for an average user.

On the other hand, if you're running the server for a bank - where you expect
to get constantly hit by crackers looking for an exploit - Windows would
probably stand up better than a Mac.

~~~
olefoo
But if you're running security for a bank and you are depending on host-based
security, you are in trouble.

------
c00p3r
Oh, RLY? Tell this to all those botnets.. Ah, it is pcworld..

<http://www.milw0rm.com/platforms/windows>

~~~
thmz
So because banks are robbed more than my home, they are less secure? Don't
think so...

~~~
c00p3r
I'm not sure this is a correct analogy. Lot of MS technology is
defective/insecure by design.

------
jrw89
"Marc Maiffret...now works trying to find security flaws in Microsoft's
software...". I wonder who pays him? No surprises as to why he finds Microsoft
more secure than Apple and Adobe.

~~~
Frazzydee
FireEye (<http://www.fireeye.com/company/management.html>)

I took a quick look at the company's products, and I don't really see how he
stands to benefit by convincing people Microsoft is more secure than its
competitors.

Fill me in if you see something I missed.

