Intel doesn't make Mac more vulnerable

They will be proved wrong in the long run as more people will have access to Intel Macs - or a hacked Mac OS X to run on any generic PC. There are exponentially more people familiar with x86 assembly than there are with PowerPC.

The more exotic a platform is and the less familiar people are with its innards, the less vulnerable it is. We won't be suddenly seeing the appearance of regular viruses, trojans, or emailing worms of course, as those really don't have anything to do with the CPU architecture. What is likely to appear are exploits for vulnerabilities in standard Unix software, same as is the case with exploits for Linux running on x86. Not a big liability, but less secure than a PowerPC-based Mac nevertheless.

OSs are vulnerable, and mostly to relatively high-level attacks (a la the infamous "skript kidz") - in 30 years, I've *never* even HEARD of a machine-code hack attack.

methinks you watch too many bad movies....

I have a PowerPC based Mac running the Unix based MacOS X. Since any exploits that would effect OS X on an Intel Mac would also effect OS X on a PowerPC Mac, that would seem to suggest that the article is right. Security exploits are the domain of software, not the processor.

Or perhaps you are referring to Classic. In which case all I have to say is that I, together with millions of Mac users around the world, invite you into the 21st Century.

Market share has nothing to do with whether you're susceptible to viruses or not. It has to do with whether your operating system sucks (Windows) or not (OS X).

Actually, this article is completely wrong. While the vulnerabilities might not be CPU-specific, the actual exploit code they use once through the vulnerability is CPU-specific, and written in binary code. What this means is that once a vulnerability is discovered in OS X for x86, there's a huge library of nasty exploit code ready to run. This wasn't the case on PPC MacOS X, which did a great deal to limit the damage when vulnerabilities were discovered. I think we'll definitely see the first working OS X exploit now that we're using x86 CPUs.

(1) " They will be proved wrong in the long run as more people will have access to Intel Macs - or a hacked Mac OS X to run on any generic PC."

The main approach to initial infection on Windows is through Internet Explorer and other applications that use the Microsoft HTML control, and through Windows Networking. Mac OS X has no component similar to the HTML control (Webkit serves the same purpose in many areas, but without installation of components BY THE CALLING APPLICATION it has no equivalent to Microsoft's wide open "Active Content".

(2) "What this means is that once a vulnerability is discovered in OS X for x86, there's a huge library of nasty exploit code ready to run."

A huge library of nasty exploit code that calls Windows DLLs and system calls. Just because it's CPU-specific doesn't mean it's not OS-specific as well.

Almost all vulnerabilities, cpu specific or not, rely on knowledge of the running operating system to work. All of those "x86 exploits" you speak of are really Windows exploits. Without Windows running underneath, the code is worthless. The code may run, but it will more than likely crash itself than do anything useful, useless, or exploitable.

It is true that the most common exploit code is mostly OS-specific, but you forget that there are exploits targeted at linux x86, which implements mostly the same API as the BSD layer in OS X. I suspect it would take very little effort to add support for OS X86 with these. My main point, though, is that the techniques used to exploit buffer overruns on x86 are all of a sudden very applicable for writing OS X exploits, and with the lack of "No Execute" support (that I know of) in the Core Duo processor, this really leaves MacOS X quite vulnerable to (future) exploits.

Mac OS X has several features which make it more secure than most other operating systems:

1. Root is disabled by default. 2. All network ports are closed or in stealth mode by default. 3. If an Open firmware password is set, you need physical access to the machine to crack it. 4. If File Vault is set, no matter how hard you try, that which is encrypted by File Vault can only be accessed by the person who knows the password. A good password would make File Vault practically impenetrable.

These strengths exist on Intel Macs as much as PowerPC Macs. Hence as long as it is Mac OS X, you are no more vulnerable now that Intel is out. It has been 5 years of Mac OS X, and 12 years of NeXT, and still not a single exploit in the wild. The only thing you have to worry about is social engineering taking us over. Not security risks.

There is some truth to the fact that Macs may be less secure from a chip level.

You see, the common way to get a Win box to run code is a buffer overflow.....

The PPC architecture is such that when a Buffer Overflow happens, it's hard, if not impossible to run code (IIRC it clears the stack on a buffer overflow).

On x86, it's very easy to move a few pointers and watch code run. IIRC, the stack is not cleared on a buffer overflow.

AMD was the first to introduce some limited protection for this in the x86 instructions. I think Intel has something similar now. However, the OS has to enable it. I hope OSX does or it could mean Macs will be less secure.

If nothing else, they could get a B.O. to run some native x86 binary code that, at a low level will target the platform. After all, now that Apple is on reference Intel hardware with Intel chipsets and such, crafting low level stuff would be pretty easy...