As reported by Techworld, Snow Leopard, Apples highly anticipated new operating system, lacks basic security features that are found in Windows XP, Windows Vista and Windows 7 says Charlie Miller, a noted security researcher.
Address Space Layout Randomization, commonly referred to as ASLR, randomly assigns data to the memory to make it more difficult for hackers to locate the critical operating system functions.
Charlie Miller of Baltimore-based Independent Security Evaluators who many people may remember from when he successfully hacked a fully patched Macbook in seconds, was disappointed upon hearing that Apple did little to improve ASLR from Leopard to Snow Leopard.
"Apple didnt change anything. Its the exact same ASLR as in Leopard, which means its not very good. I hoped Snow Leopard would do full ASLR, but it doesnt. I dont understand why they didnt. But Apple missed an opportunity with Snow Leopard. Apple did make various moves to improve Mac OS X 10.6s security including a revamp of QuickTime and additions to Data Execution Prevention (DEP), a security feature built in to Windows Vista."
"Having both ASLR and DEP in an operating system makes it much more difficult for attackers to create working code," Miller argued. "If you dont have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, its much, much harder. Snow Leopards more secure than Leopard, but its not as secure as Vista or Windows 7," he said. "When Apple has both [in place], thats when Ill stop complaining about Apples security."
In the end, Miller agreed that hackers" disinterest in Mac OS X comes down to numbers rather than the security measures that Apple adds to the operating system. "Its harder to write exploits for Windows than the Mac," Miller said, "but all you see are Windows exploits. Thats because if [the hacker] can hit 90% of the machines out there, thats all hes gonna do. Its not worth him nearly doubling his work just to get that last 10%."
"I still think youre pretty safe [on a Mac]," Miller said. "I wouldnt recommend antivirus on the Mac."