BBC: Mac users still 'lax' on security
updated 03:00 pm EST, Tue February 20, 2007
Mac users lax on security
Mac OS X users are still slacking on security measures but Apple itself is warming up to improving its stance on security, according to independent researcher Kevin Finisterre -- one of two researchers to produce the Month of Apple Bugs (MoAB) website. Finisterre and another, anonymous researcher released one bug in Apple's operating system or its bundled applications each day for an entire month, which spurred security updates from Apple in Cupertino as the company worked to repair the flaws. Finisterre says Apple's own attitude toward security was one of the primary reasons he and the anonymous security pro began the Month of Apple Bugs project. "Try calling any Apple store and ask any sales rep what you would do with regard to security, ask if there is anything you should have to worry about?" Finisterre said. "They will happily reinforce the feeling of 'Security on a Mac? What? Me worry?'."
The researcher added that the Month of Apple Bugs project succeeded in its original aim of raising the level of awareness around Mac security.
"I would really hope that people got the point that there are most definitely some things under the OS X hood that need a closer look," Finisterre noted.
Mac experts note that while the exploits discovered by the researchers were never known to have successfully compromised an Apple system, hundreds of thousands of Microsoft Windows systems were hijacked and used as part of "bot nets," or networks of compromised computers that together deliver millions of spam email messages across the globe, according to BBC News.
Finisterre said Apple has become more open to discussing security issues, but that the company was uninterested in dialog regarding security matters in the past.
"They have certainly given some extra efforts on the backend to open up lines of communication, at least with me," he said. "I chat quite regularly with some of the security engineers."
Finisterre said there are no current plans for the MoAB website to continue its efforts, citing real life and the cost of living alongside the fact that the entire project was done for free.
"If someone wanted to invest some of their own resources I would be more than willing to continue."
Junior Member
Joined: Oct 2000
Dear Mr. Finesterre
While your questionable method of exposing weaknesses did appear to identify a couple actual potential problems, and one actually crashed a browser, I still feel that spending hundreds of dollars a year on software, a lot of time overprotecting my machine and limiting my protocol freedoms to be a waste of time or money. I backup often and am behind a NAT firewall, and don't leave extraneous services on, however, when ANYONE ACTUALLY COMPROMISES a Mac I will become less lax, and perhaps Apple employees will then mention doing any of the above, because today THEY DON'T HAVE TO, even after your 30 days of shame and horror! PS I'm being real, NOT smug, and BTW I won't blame you if I lose data on my own so just what is it that pisses you off so much?