

Ask HN: IT concerns using an apple laptop in a windows environment? - kaisdavisOR

Howdy HN,<p>I'm upgrading my laptop at work and I'm campaigning to have a Mac Book Pro instead of a Dell Laptop. IT has concerns about the security of integrating OSX into what is solely a Windows 7 / Windows XP environment. I was hoping you could help me out:<p>* What resources can you point me to that would help assess the security concerns?<p>* Are there any immediate security concerns that come to mind? (I'm meeting with the IT Manager later this week and I'd like to have an understanding of his possible objections)<p>* Any advice that you'd give?<p>Thanks!
======
david_shaw
The only real security concern that I can see is that if you become infected
with some sort of malware (or you get hacked), there may be no other
noticeable activity on the network. So, you might say "my computer seems a
little slow today," but since the malware wouldn't be infecting the Windows
computers, there'd be no alerts on their IDS.

The preceding scenario is a ridiculously contrived and unlikely event.

The truth is that the BSD kernel underneath OS X has a lot more security
credibility than does Windows. Furthermore, since OS X has a lower market
share than Windows, it is less likely that malware creators will target it.
This does not make you immune from hacking, but since you are directly
comparing your situation with Windows alternatives, I think it's fair.

Additionally, OS X these days is very inter-operable, so I wouldn't really
worry about IT compatibility too much.

The biggest concern I'd have is convincing them that it's worth triple the
cost of its Dell counterpart. That one's a little more tricky.

------
kondro
The biggest problem will be the lack of knowledge of Apple products and
software from the perspective of he IT department. They can't manage and
secure something they don't know how to use.

If you're the only person in the company with a Mac and you have a complex
network of interrelated systems then supporting just one Mac on the network
just may not be worth it and may increase the tech support issues for
everyone, not just you.

In the simplest case, if you are sending a MS Word document to a collegue, the
document may not render in the same way on the Mac and Windows versions of the
platform. The IT department is likely to have to service request calls for an
issue that wouldn't exist in a controlled and consistent environment.

Of course, if your IT systems are fairly open and have very few restrictions
in place regarding installation of apps and personal settings, then there is
very little added risk or overhead in including a Mac in the network. Just
don't expect your IT department to support it.

------
brudgers
The simple fact that the security concerns are less well known is in and of
itself a security concern. In other words, the additional overhead for the IT
department associated with assessing and patching vulnerabilities makes the
enterprise less secure.

On top of that, what's the business case for using a Mac?

------
CyberFonic
You could always install VmWare Fusion + Windows 7 in order to remain
compliant with corporate standards and security measures. Unity lets you run
Windows apps seamlessly.

I would suspect that IT management is worried that once the other workers see
how cool and reliable your Mac is, they'll want one too.

------
motvbi
As far as I know the security concerns wouldn't be any different to connecting
from a Windows box. This should help you
[http://weblog.bignerdranch.com/?p=6&page=3](http://weblog.bignerdranch.com/?p=6&page=3).

~~~
runjake
This blog post is from 2005 and very outdated. A lot has changed in Mac OS X
regarding Active Directory and its configuration.

To join a domain, you open up System Preferences, click Accounts, and then
Login options. "Network Account Server" is what you want.

If you want to use the latest version of Directory Access instead, use
<http://helpdesk.wisc.edu/ams/page.php?id=12248>

Don't bother integrating Workgroup Preferences and all that in AD, it's flakey
as crap. We can't even get Apple engineers to get it running reliably.

