Re: [ISN] Apple: Taking OS X security seriously -- finally

From: InfoSec News (isnat_private)
Date: Mon Jul 08 2002 - 04:18:51 PDT

  • Next message: InfoSec News: "[ISN] Bankrupt WorldCom called a security risk"

    Forwarded from: Richard Forno <rfornoat_private>
    
    Overall, a good article.....Apple OSX is still one of the more secure
    out-of-the-box OSes you can find. Few if any services are enabled by
    default, and those that are are easily disabled if necessary.
    
    However, the article fails to mention that Apple promptly admits
    responsibility when they screw up -- a few months ago Apple released
    an update to iTunes, its popular MP3 player - but unknowingly, one of
    its developers included in the install script a unix command to erase
    a user's data directory!!
    
    Not only did Apple pull the upgrade from its website immediately, but
    within 24 hours a revised installer was posted, along with a statement
    admitting it was Apple's fault for causing the problem. Further, Apple
    told those that lost data as a result that it would reimburse them for
    purchasing disk utilities (eg, Norton stuff) and/or the price to have
    a professional restore their data. You'll never see this level of
    public responsibility from other, larger software monopolies.
    
    It was refreshing to see the article note that Apple doesn't force
    people into goofy licensing schemes to receive support and such,
    something I discussed recently in an article entitled "Microsoft makes
    a deal you can't refuse"
    (http://www.infowarrior.org/articles/2002-09.html)
    
    I've been a PC user, but a longer Mac user -- Apple may be a smaller
    community, but I trust it - and its users and software - much, much
    more than anyone else. As I said, I prefer to be the one in-charge of
    the relationship with my computer.
    
    Happy 4th!
    
    Rick
    infowarrior.org
    
    
    
    
    > From: InfoSec News <isnat_private>
    > Reply-To: InfoSec News <isnat_private>
    > Date: Wed, 3 Jul 2002 06:36:34 -0500 (CDT)
    > To: isnat_private
    > Subject: [ISN] Apple: Taking OS X security seriously -- finally
    > 
    > http://www.zdnet.com/anchordesk/stories/story/0,10738,2873326,00.html
    > 
    > Stephan Somogyi,
    > Contributing Columnist,
    > AnchorDesk
    > Wednesday, July 3, 2002
    > 
    > During the days of Mac OS 9, Apple didn't need to pay much attention
    > to security. Attacks on Mac OS boxes were extremely rare, successful
    > ones well-nigh unheard-of. But Mac OS 9's excellent security record
    > does not automatically transfer to OS X just because both OSes
    > originate in Cupertino.
    > 
    > Thanks to Mac OS X's Unix plumbing, any vulnerabilities in Unix
    > software instantly become vulnerabilities in OS X. Unix vendors as a
    > rule have always been quick to issue both security alerts and fixes
    > for discovered holes. Which means that Apple now has a pretty high
    > standard to live up to.
    > 
    > If you're a Windows user, you've grown accustomed to the
    > never-ending stream of vulnerability announcements, interminable
    > waits for fixes, and, most recently, unilateral changes of your
    > end-user licensing agreement that grant Redmond remote admin
    > privileges on your system. Trustworthy computing, indeed.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 06:48:14 PDT