• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Buy mac solely for security?

Recommended Posts

nekrosoft13    722
19 hours ago, Brandon H said:

as much as I love the OSX working environment it's just not worth it for how much it costs to get into (darn you Apple locking OSX to their hardware lol); especially if you're just switching for security reasons.

not really worth the arm/leg IMO

then don't use apple hardware... hackintosh works fine.

 

 

Share this post


Link to post
Share on other sites
nekrosoft13    722

i got the best solution...

 

if you want to be 100% secure, turn of the PC/Mac/Linux/Phone etc.. unplug it, smash it with a biggest hammer you can find, drill some holes though it, and burn the rest in backyard, bury the remains.

Share this post


Link to post
Share on other sites
Brandon H    3,049
10 minutes ago, nekrosoft13 said:

then don't use apple hardware... hackintosh works fine.

 

 

except that's not officially supported and is a pain to setup most the time (from personal experience and I consider myself fairly knowledgeable)

  • Like 1

Share this post


Link to post
Share on other sites
+fusi0n    2,056
Just now, Brandon H said:

except that's not officially supported and is a pain to setup most the time (from personal experience and I consider myself fairly knowledgeable)

And doesn't feature the added security of Apple's UFI and T2 chips. 

  • Like 1

Share this post


Link to post
Share on other sites
dipsylalapo    1,776
14 minutes ago, nekrosoft13 said:

i got the best solution...

 

if you want to be 100% secure, turn of the PC/Mac/Linux/Phone etc.. unplug it, smash it with a biggest hammer you can find, drill some holes though it, and burn the rest in backyard, bury the remains.

Or just not connect it to the internet, that would work too. Machine wouldn't be as functional but there you go.

Share this post


Link to post
Share on other sites
nekrosoft13    722
10 minutes ago, dipsylalapo said:

Or just not connect it to the internet, that would work too. Machine wouldn't be as functional but there you go.

that still not secure, someone can break in and steal it.

  • Haha 1

Share this post


Link to post
Share on other sites
dipsylalapo    1,776
1 minute ago, nekrosoft13 said:

that still not secure, someone can break in and steal it.

Fair point. 😂

Share this post


Link to post
Share on other sites
nekrosoft13    722
17 minutes ago, Brandon H said:

except that's not officially supported and is a pain to setup most the time (from personal experience and I consider myself fairly knowledgeable)

first time I did it was 5 years ago or so, used it for a while, didn't like it, and didn't bothered with it since.

I just did it again 2 weeks ago, was bored, 5-10 minutes on google, found two tutorials, and bam clover and it works..... still don't like the mac gui, running mavericks. everything seems assbackwards even more screwed up then Linux.

Share this post


Link to post
Share on other sites
Brandon H    3,049
5 minutes ago, nekrosoft13 said:

first time I did it was 5 years ago or so, used it for a while, didn't like it, and didn't bothered with it since.

I just did it again 2 weeks ago, was bored, 5-10 minutes on google, found two tutorials, and bam clover and it works..... still don't like the mac gui, running mavericks. everything seems assbackwards even more screwed up then Linux.

yeah I think part of my issues is it didn't like the hardware I had but that's a discussion for a different thread; been like 6 or so years since i've attempted as well myself so things could have changed

Share this post


Link to post
Share on other sites
n_K    2,433
Posted (edited)
4 hours ago, fusi0n said:

Let's clarify some misinformation in this thread. 

 

1. Using MacOS or Linux isn't "Security by Obscurity". 

  • MacOS is more secure by design. The architecture it uses is a security first approach (thanks BSD). 

 

What utter bollocks. https://support.apple.com/en-gb/HT209139

"Impact: A sandboxed process may be able to circumvent sandbox restrictions"

"Impact: A malicious application may be able to elevate privileges"

"Impact: An application may be able to read restricted memory"

"Impact: A malicious application may be able to access local users AppleIDs"

"Impact: An application may be able to execute arbitrary code with system privileges"

"Impact: A malicious application may be able to elevate privileges"

"Impact: An application may be able to gain elevated privileges"

"Impact: Processing a maliciously crafted text file may lead to arbitrary code execution"

"Impact: An application may be able to read restricted memory"

"Impact: An application may be able to execute arbitrary code with system privileges"

"Impact: An application may be able to execute arbitrary code with system privileges"

"Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information"

"Impact: An application may be able to read restricted memory"

"Impact: An application may be able to read restricted memory"

"Impact: An application may be able to execute arbitrary code with system privileges"

"Impact: An application may be able to execute arbitrary code with system privileges"

"Impact: An application may be able to execute arbitrary code with kernel privileges"

"Impact: A malicious application may be able to execute arbitrary code with kernel privileges"

"Impact: A malicious application may be able to break out of its sandbox"

"Impact: An application may be able to execute arbitrary code with kernel privileges"

"Impact: An application may be able to execute arbitrary code with kernel privileges"

"Impact: A malicious application may be able to leak sensitive user information"

"Impact: An attacker in a privileged network position may be able to execute arbitrary code"

"Impact: An application may be able to execute arbitrary code with kernel privileges"

"Impact: An application may be able to execute arbitrary code with kernel privileges"

"Impact: A sandboxed process may be able to circumvent sandbox restrictions"

"Impact: An application may be able to execute arbitrary code with system privileges"

"Impact: An application may be able to read restricted memory"

 

Now you show me any other OS with so many god damn gaping holes in only a 4 month period since it was released. OSX isn't secure and you are absolutely fibbing yourself if you believe in whatever crap you posted.

 

Share this post


Link to post
Share on other sites
+fusi0n    2,056
22 minutes ago, nekrosoft13 said:

first time I did it was 5 years ago or so, used it for a while, didn't like it, and didn't bothered with it since.

I just did it again 2 weeks ago, was bored, 5-10 minutes on google, found two tutorials, and bam clover and it works..... still don't like the mac gui, running mavericks. everything seems assbackwards even more screwed up then Linux.

I could see this, but if you really give it ago to learn the functions of the OS, it can be quite powerful. I use Spotlight for most of my apps and it gets me there quicker than trying to find the icon. Just hit Apple+Space and type a few letters and hit enter. All done under 2 seconds. One of my favorite features of Mac OS is the focus mode. If i'm working on a doc or whatever, just turn on focus and bam. No notifications, 100% full screen and I get stuff done. There is quite a learning curve, but if you've used Windows for 20+ years (like myself) and try to use MacOS like Windows, you're going to have a bad time. 

Share this post


Link to post
Share on other sites
+fusi0n    2,056
15 minutes ago, n_K said:

What utter bollocks. https://support.apple.com/en-gb/HT209139

snipped

 

Now you show me any other OS with so many god damn gaping holes in only a 4 month period since it was released. OSX isn't secure and you are absolutely fibbing yourself if you believe in whatever crap you posted.

 

 

You seem quite frustrated. A lot of those fixes have "may be able". Do you know which one of those vulns was mass exploited? 

Also, here you go,

https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-32238/Microsoft-Windows-10.html

 

I never said MacOS was 100% secure. A lot of those patches were proactive. 

 

You should always use caution with any OS. 

 

Also, here is the framework\architecure for the Mach kernel,

https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KernelProgramming/Architecture/Architecture.html

 

Share this post


Link to post
Share on other sites
n_K    2,433
Posted (edited)
3 hours ago, fusi0n said:

You seem quite frustrated. A lot of those fixes have "may be able". Do you know which one of those vulns was mass exploited? 

Also, here you go,

https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-32238/Microsoft-Windows-10.html

 

I never said MacOS was 100% secure. A lot of those patches were proactive. 

 

You should always use caution with any OS. 

 

Also, here is the framework\architecure for the Mach kernel,

https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KernelProgramming/Architecture/Architecture.html

 

"may be able" is code for "guaranteed to be exploitable unless you purposely do not use the vulnerable commands" and no it was not proactive, those exploits were found by third parties not apple and if the OS wasn't vulnerable they wouldn't have been reported in the first place. It doesn't matter if an exploit is widely used or not, an exploit is an exploit regardless. Would you only care about a vulnerability in a medical device if it was mass exploited if it had the potential to kill you without you knowing? No. Same concent applies here. Yes, all OS's have vulnerabilities and your comment about mac being the most secure was laughable bad.

And a lot of OSX bugs are the same thing with null pointer referencing: https://www.exploit-db.com/exploits/39922 https://www.usenix.org/system/files/conference/woot17/woot17-paper-xu.pdf https://tools.cisco.com/security/center/viewAlert.x?alertId=37112 Always the same thing...

Share this post


Link to post
Share on other sites
+fusi0n    2,056
7 minutes ago, n_K said:

"may be able" is code for "guaranteed to be exploitable unless you purposely do not use the vulnerable commands" and no it was not proactive, those exploits were found by third parties not apple and if the OS wasn't vulnerable they wouldn't have been reported in the first place. It doesn't matter if an exploit is widely used or not, an exploit is an exploit regardless. Would you only care about a vulnerability in a medical device if it was mass exploited if it had the potential to kill you without you knowing? No. Same concent applies here. Yes, all OS's have vulnerabilities and your comment about mac being the most secure was laughable bad.

And a lot of OSX bugs are the same thing with null pointer referencing: https://www.exploit-db.com/exploits/39922 https://www.usenix.org/system/files/conference/woot17/woot17-paper-xu.pdf https://tools.cisco.com/security/center/viewAlert.x?alertId=37112 Always the same thing...

You're reading to much of what I'm saying and taking my points very much out of context. Windows also has exploits, please feel free to view the link I sent you. There has been a good bit reported in the last four months.  You made MacOS sound like it is one of the most vuln OSes out there, and that is simply not true. You can continue to laugh at my comments all you want, it doesn't change the fact that MacOS is just as secure if not more than Linux or Windows. 

 

I'm not turning this into a pointless argument of "MY OS IS THE BEST OS".  I use all three daily.  For everyday web browsing and such, you are safer on MacOS than Windows. If there is an APT, then it doesn't really matter, as they will find a way in any OS. 

Share this post


Link to post
Share on other sites
Active.    1,697
Posted (edited)
On 1/3/2019 at 10:09 PM, Gotenks98 said:

Just as the others have said, its not that it is more secure its just isn't worth the effort. Think of it this way. If you leave your door to your home unlocked but you live in the ghetto or you leave your door unlocked and you live in the boonies who is going to get robbed first? Statistically its just less likely the happen in the boonies because its harder to find the target.

Interesting analogy. Makes you wonder why anyone would choose to live in the ghetto... 🤔

Share this post


Link to post
Share on other sites
Whistlesix    287

If REAL security is your goal then you need to design your own OS from the ground up TBH. Microsoft, Apple, Google and others all have exploits and bugs. Saying you want to use one more than the other because it's more secure is like saying an inebriated 18 year old girl is safer with Bill Cosby than she is with Harvey Weinstein. They're both terrible and both have a chance of doing something horrible, at the end of the day the safest thing to do is to not go to the party. BUT if you want to access websites and internet services with as little chance of infection possible, you need to install Firefox or another browser that lets you whitelist specific domains (via settings or addon) and block all by default. You may have to click "allow" or "temporarily allow" up to a dozen times or more for each website you visit, depending on the domain, but it's literally the only option you have to go where you want and do what you want while simultaneously maintaining as much security as possible. You could get a Chromebook, as someone else suggested... But why would you do that? Printer and driver support on Chromebooks is atrocious and it's pretty much only good for running Google apps

Share this post


Link to post
Share on other sites
+fusi0n    2,056
3 hours ago, Whistlesix said:

If REAL security is your goal then you need to design your own OS from the ground up TBH. Microsoft, Apple, Google and others all have exploits and bugs. Saying you want to use one more than the other because it's more secure is like saying an inebriated 18 year old girl is safer with Bill Cosby than she is with Harvey Weinstein. They're both terrible and both have a chance of doing something horrible, at the end of the day the safest thing to do is to not go to the party. BUT if you want to access websites and internet services with as little chance of infection possible, you need to install Firefox or another browser that lets you whitelist specific domains (via settings or addon) and block all by default. You may have to click "allow" or "temporarily allow" up to a dozen times or more for each website you visit, depending on the domain, but it's literally the only option you have to go where you want and do what you want while simultaneously maintaining as much security as possible. You could get a Chromebook, as someone else suggested... But why would you do that? Printer and driver support on Chromebooks is atrocious and it's pretty much only good for running Google apps

2

Building software\operating systems from scratch for security reasons is the last thing you want to do. 

  • You want something that has been proven and tested
  • Open Source allows more eyes on the code
  • Research HBGary - They are a security firm that got nuked from Orbit with their customized CMS. 

"Microsoft, Apple, Google and others all have exploits and bugs."

  • True, but if you code something yourself, you're also going to have bugs\exploits. No such thing as perfect code. If you're building something, than you are most likely using a framwork of sorts, then you are subject to the security posture of that framework. 
  • Exploits and bugs are part of life. It's how well companies mitigate the risk. I would say all three big players do a great job with that.

"you need to install Firefox or another browser that lets you whitelist specific domains"

  • Someone can change your DNS/hostfile to reroute your domain to a bad actor. 

 

"Saying you want to use one more than the other because it's more secure is like saying an inebriated 18 year old girl is safer with Bill Cosby than she is with Harvey Weinstein."

  • You are comparing a drunk person to an operating system. If an operating system is drunk (infected with malware) and going to a party (websites)  then best practices were more than likely not being used. 
  • You shouldn't talk like that. It's highly inappropriate. 

 

" You could get a Chromebook, as someone else suggested... But why would you do that? Printer and driver support on Chromebooks is atrocious and it's pretty much only good for running Google apps"

  • Chromebooks have great driver support as they use Google Cloud Print
  • If you are not worried about privacy, the Google Apps work great. 

 

If someone wants to browse the internet as safely as possible without going through intense measures you can install Firefox\Chrome in Sandboxie. After that, install an Ad-Blocker, and/or no script if you're using firefox. Disable Java Script and flash. Have your OS Patched and AV up-to-date. This would be a reasonable setup and wouldn't give you much trouble. 

Share this post


Link to post
Share on other sites
Whistlesix    287
On 1/4/2019 at 5:41 PM, fusi0n said:

Building software\operating systems from scratch for security reasons is the last thing you want to do. 

  • You want something that has been proven and tested
  • Open Source allows more eyes on the code
  • Research HBGary - They are a security firm that got nuked from Orbit with their customized CMS. 

"Microsoft, Apple, Google and others all have exploits and bugs."

  • True, but if you code something yourself, you're also going to have bugs\exploits. No such thing as perfect code. If you're building something, than you are most likely using a framwork of sorts, then you are subject to the security posture of that framework. 
  • Exploits and bugs are part of life. It's how well companies mitigate the risk. I would say all three big players do a great job with that.

"you need to install Firefox or another browser that lets you whitelist specific domains"

  • Someone can change your DNS/hostfile to reroute your domain to a bad actor. 

 

"Saying you want to use one more than the other because it's more secure is like saying an inebriated 18 year old girl is safer with Bill Cosby than she is with Harvey Weinstein."

  • You are comparing a drunk person to an operating system. If an operating system is drunk (infected with malware) and going to a party (websites)  then best practices were more than likely not being used. 
  • You shouldn't talk like that. It's highly inappropriate. 

 

" You could get a Chromebook, as someone else suggested... But why would you do that? Printer and driver support on Chromebooks is atrocious and it's pretty much only good for running Google apps"

  • Chromebooks have great driver support as they use Google Cloud Print
  • If you are not worried about privacy, the Google Apps work great. 

 

If someone wants to browse the internet as safely as possible without going through intense measures you can install Firefox\Chrome in Sandboxie. After that, install an Ad-Blocker, and/or no script if you're using firefox. Disable Java Script and flash. Have your OS Patched and AV up-to-date. This would be a reasonable setup and wouldn't give you much trouble. 

HBGary went and tangoed with Anon, let's be real here, that's why they are no more. IF one were to write code from the ground up (not using open source material) you could maintain your own security standards in your own OS, assuming you had the time and knowledge necessary to do so. DNS can be rerouted regardless of your particular OS or security measure, and there are exploits that can cross the sandbox/VM barrier and access system memory as well. As for your attempted guarding of Chromebook... Let's be honest, if you have a spreadsheet you want to make and you don't care about privacy or working offline or customization then sure, you could settle for it. Then you finish your post with the same suggestion I finished mine with, with the addition of using a sandbox/VM (and other more obvious choices like AV up to date and OS patches). As for the "You shouldn't talk like that. It's highly inappropriate." quote, I think you missed the analogy. The party is the internet and the drunk girl is the end user, it's a dangerous place out there and almost every domain (Cosby and Weinstein) out there wants a piece of their end users in some form or fashion. To end this post, I will talk however I like and abide by the ToS of the forums I participate in, and you shouldn't try to be the verbal police.

Share this post


Link to post
Share on other sites
adrynalyne    12,168
Posted (edited)
10 minutes ago, Whistlesix said:

HBGary went and tangoed with Anon, let's be real here, that's why they are no more. IF one were to write code from the ground up (not using open source material) you could maintain your own security standards in your own OS, assuming you had the time and knowledge necessary to do so. DNS can be rerouted regardless of your particular OS or security measure, and there are exploits that can cross the sandbox/VM barrier and access system memory as well. As for your attempted guarding of Chromebook... Let's be honest, if you have a spreadsheet you want to make and you don't care about privacy or working offline or customization then sure, you could settle for it. Then you finish your post with the same suggestion I finished mine with, with the addition of using a sandbox/VM (and other more obvious choices like AV up to date and OS patches). As for the "You shouldn't talk like that. It's highly inappropriate." quote, I think you missed the analogy. The party is the internet and the drunk girl is the end user, it's a dangerous place out there and almost every domain (Cosby and Weinstein) out there wants a piece of their end users in some form or fashion. To end this post, I will talk however I like and abide by the ToS of the forums I participate in, and you shouldn't try to be the verbal police.

Stopped reading at “maintain your own security standards”. 

 

They arent standards at that point. 

  • Like 1

Share this post


Link to post
Share on other sites
Whistlesix    287
3 minutes ago, adrynalyne said:

Stopped reading at “maintain your own security standards”. 

 

They arent standards at that point. 

So are you saying you don't hold yourself to your own personal standards? What?! A 'standard' is a baseline, it's standard for YOU if they are YOUR standards. I wasn't referring to "industry accepted standards" as it appears you assumed I was.

Share this post


Link to post
Share on other sites
+fusi0n    2,056
1 hour ago, Whistlesix said:

HBGary went and tangoed with Anon, let's be real here, that's why they are no more. IF one were to write code from the ground up (not using open source material) you could maintain your own security standards in your own OS, assuming you had the time and knowledge necessary to do so. DNS can be rerouted regardless of your particular OS or security measure, and there are exploits that can cross the sandbox/VM barrier and access system memory as well. As for your attempted guarding of Chromebook... Let's be honest, if you have a spreadsheet you want to make and you don't care about privacy or working offline or customization then sure, you could settle for it. Then you finish your post with the same suggestion I finished mine with, with the addition of using a sandbox/VM (and other more obvious choices like AV up to date and OS patches). As for the "You shouldn't talk like that. It's highly inappropriate." quote, I think you missed the analogy. The party is the internet and the drunk girl is the end user, it's a dangerous place out there and almost every domain (Cosby and Weinstein) out there wants a piece of their end users in some form or fashion. To end this post, I will talk however I like and abide by the ToS of the forums I participate in, and you shouldn't try to be the verbal police.

 

"HBGary went and tangoed with Anon, let's be real here, that's why they are no more."

  • They were using a custom CMS. This was the attack vector anon used to gain access to production systems.

" IF one were to write code from the ground up (not using open source material) you could maintain your own security standards in your own OS, assuming you had the time and knowledge necessary to do so"

  • You're Going to Miss Things
  • You're going to run into similar issues as other Operating Systems
  • New software is always prone to more bugs\exploits that are more severe than software that has been teste through out the years,

"maintain your own security standards"

  • Having your "own security standards" is pointless. 
  • This is why you have organizations such as NIST and Gartner. 
  • You can make up your own security policies and methodologies if you want.. it doesn't make it safe

 

"DNS can be rerouted regardless of your particular"

  • I never said otherwise. However, if you are sandboxed or in a VM, the attack will be limited to sandbox or VM, assuming you've set up everything by best practices. 

 

"Then you finish your post with the same suggestion I finished mine with, with the"

  • What's the point? I'm somewhat agreed with this statement. This isn't a race or a competition? We are here to help others. Calm Down.

"As for the "You shouldn't talk like that. It's highly inappropriate."

  • I understood your "analogy" perfectly. However, it's highly inappropriate and not funny in the least.   

 

"I like and abide by the ToS of the forums I participate in, and you shouldn't try to be the verbal police."

  • I'm just telling you that in general. You shouldn't talk like that, public forum or not. Just because you can, doesn't mean you should. 

 

  • Like 1

Share this post


Link to post
Share on other sites
Whistlesix    287
2 hours ago, fusi0n said:

"HBGary went and tangoed with Anon, let's be real here, that's why they are no more."

  • They were using a custom CMS. This was the attack vector anon used to gain access to production systems.

" IF one were to write code from the ground up (not using open source material) you could maintain your own security standards in your own OS, assuming you had the time and knowledge necessary to do so"

  • You're Going to Miss Things
  • You're going to run into similar issues as other Operating Systems
  • New software is always prone to more bugs\exploits that are more severe than software that has been teste through out the years,

"maintain your own security standards"

  • Having your "own security standards" is pointless. 
  • This is why you have organizations such as NIST and Gartner. 
  • You can make up your own security policies and methodologies if you want.. it doesn't make it safe

 

"DNS can be rerouted regardless of your particular"

  • I never said otherwise. However, if you are sandboxed or in a VM, the attack will be limited to sandbox or VM, assuming you've set up everything by best practices. 

 

"Then you finish your post with the same suggestion I finished mine with, with the"

  • What's the point? I'm somewhat agreed with this statement. This isn't a race or a competition? We are here to help others. Calm Down.

"As for the "You shouldn't talk like that. It's highly inappropriate."

  • I understood your "analogy" perfectly. However, it's highly inappropriate and not funny in the least.   

 

"I like and abide by the ToS of the forums I participate in, and you shouldn't try to be the verbal police."

  • I'm just telling you that in general. You shouldn't talk like that, public forum or not. Just because you can, doesn't mean you should. 

 

I certainly hope I didn't offend anyone with my analogy, apologies if anyone was offended. We can agree to disagree about the security benefits of designing your own software because it's only as strong as you make it, it's definitely possible to miss something that industry standards don't, but it's equally as possible to think of an attack vector that industry standards HAVEN'T (properly) protected - Just my opinion on the topic, humans are fallible.
To the point of custom software being innately insecure and your example of HBGary, HBGary publicly threatened Anon and was running an active campaign to expose the identity of Anon members - I'm sorry, but it doesn't matter what software you are using, Anon will find an attack vector to get the job done, that's too many people on too many fronts working against you at that point. As I'm sure you've heard in the security industry "It's not a matter of if, but when"  But I think we've both digressed from the OP, I merely responded because each of the points you made seemed to be contradictions for the sake of contradiction, which was odd because you finished with a point that very much agreed with mine. I hope the OP can find what they are looking for and settle for something that will fit the best of both worlds, security and ease of use.

Share this post


Link to post
Share on other sites
+Eternal Tempest    799
Posted (edited)

With each version of macOS & newer models, they are locking things down more with new security feature's.

 

  • T2 Security Chip
  • APFS File System
  • More Isolating / Protecting Core OS Files
  • Previous file hacking / tricks  now have to done use Profiles
  • Some settings can only be done (like remotely set / enable remote management) if device is in Apple's Device Enrollment Program, connected to an MDM such as jamf.

 

With 10.14 Mojave, they even added phone like app permissions - ex. X software wants permission to access the camera | Allow / Don't Allow.

 

As other people pointed out, it's a lower target due to it's % of machines in use compared to windows.

 

If your considering AV, the best free AV seems to be Avast, however if your paying money, Sophos comes up a lot.

https://www.macworld.com/article/3263722/software/best-antivirus-for-mac.html

Share this post


Link to post
Share on other sites
+fusi0n    2,056
6 minutes ago, Whistlesix said:

I certainly hope I didn't offend anyone with my analogy, apologies if anyone was offended. We can agree to disagree about the security benefits of designing your own software because it's only as strong as you make it, it's definitely possible to miss something that industry standards don't, but it's equally as possible to think of an attack vector that industry standards HAVEN'T (properly) protected - Just my opinion on the topic, humans are fallible.
To the point of custom software being innately insecure and your example of HBGary, HBGary publicly threatened Anon and was running an active campaign to expose the identity of Anon members - I'm sorry, but it doesn't matter what software you are using, Anon will find an attack vector to get the job done, that's too many people on too many fronts working against you at that point. As I'm sure you've heard in the security industry "It's not a matter of if, but when"  But I think we've both digressed from the OP, I merely responded because each of the points you made seemed to be contradictions for the sake of contradiction, which was odd because you finished with a point that very much agreed with mine. I hope the OP can find what they are looking for and settle for something that will fit the best of both worlds, security and ease of use.

1

HBGary did threated Anon (well, kinda). As I've mentioned in my other post, if you have an APT coming for you, there isn't much you can do. Anon would be the APT in HBGary's case. You're right, we will have to agree to disagree, and there isn't anything wrong with that. I come to these forums to help others and to learn. Having good debates is a great tool for learning. 

 

I wasn't purposely contradicting, and if I came off that way, that wasn't my intent. Yes, I did agree with one of your points. I'm not sure what the big deal is.. We are having a discussion :) 

Share this post


Link to post
Share on other sites
sc302    1,736

a mac hacker made this analogy a while ago in a pwn2own convention when comparing mac security to windows security (I am paraphrasing a bit being that I don't remember the exact quote):

 

Apple security is like having a house in a open field.  The house has no windows, no doors, and can be entered by anyone who knows where the house is.  

 

Windows security is like having a house in the worst part of town. The house has barred bullet proof windows and doors are made of steel and have 15 locks.  It is very hard to enter but all the criminals know where it is.

 

 

Essentially, the hacker was able to exploit Macs and get his prize money every year.  Every time he looked for something, he was able to find something.

 

You want to see how secure Macs really are, read through the last few years of Pwn2Own results.  It may be very eye opening.  Compare the results to the windows results and see how many times hackers have been able to get in and see how deep (if you have an understanding of deep) they got into the operating system core os/root access being essentially the deepest allowing the hacker full control over the system (biggest security vulnerability possible).  

 

https://www.macrumors.com/2018/03/15/macos-safari-exploits-pwn2own-2018/

https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc

https://www.bizjournals.com/sanjose/news/2017/03/16/hacking-competition-uncovers-previously-unknown.html

 

 

Root access is not a good thing to have...essentially they can control the os with root access.  This is a common theme among the MACOS year after year (there isn't a big prize amount to get root access, it is an expectation).  This is not a common thing with the Windows OS, they do get small pieces, but they don't get to the core.

 

 

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.