What do you use: OS X, Vista or Linux?
Posted by Chandan Singh on March 30, 2008
For all users using shiny apple Macs, there is a little bit of nasty news. There was a contest organized, named PWN 2 OWN by the organizers of the CanSecWest security conference. It asked the attendees to show off their hacking skills against Vista SP1 (fujitsu laptop), Leopard 10.5.2 (Macbook Air, and Ubuntu 7.10 (VAIO). The first hacker to take down any of the three systems would get a cash prize of $20,000 along with the victimized laptop. Nobody managed to pull down any of the systems on the first day, as for the first day contestants were told to use only network based attacks. The second day, they were allowed to use web and email based attacks. And guess what, the Macbook Air was hacked down in 2 minutes flat. The attacker used a website holding malicious code and targeted Safari as its victim.
Ubuntu 7.10 was the only OS to remain unscathed. This proves a lot of things. First of all, Linux still rules in matter of security. Microsoft has been (shamefully) forced to make its OS secure. And while Apple may taunt about its OS being most secure, it is not the truth. The truth is, Mac OS X has a smaller user base. And so the hackers are not interested in attacking an OS having a smaller user base. And it is to be noted that OS X and Linux have the same roots. Now the question arises: why did Apple fiddle with an already stable base? Not only this, the attack was pulled off using Safari as its target. It’s the same Safari that Apple has been trying to install on our systems using Apple software update.
So, if you are a Mac user, beware. You are at a security risk. Avoid visiting suspicious sites. And windows users – DON’T USE SAFARI. Use Firefox or Opera instead (IE still has numerous security loopholes). Or do the best – switch to Linux. Linux users – rejoice. Time has again proved that you are using nothing but the damn best OS of this planet (I wonder what people on other planets use as their browsers, though).
:: 
:: 
:: 
:: 
:: 
:: 
:: 
:: 
:: 
:: 
:: 
whyamistilltyping said
Erm…. did you do a bit of background reading at all before posting this? The flaw is in a undisclosed issue in Safari, however there is every chance Linux could be affected in a similar way. The reason the hacker went after OSX was because it was the fastest to take down with his exploit. The attack vector of the exploit itself was not disclosed but we do not it was used to allow remote access by (or via) the opening of key ports on the target system which allowed an attacker to quietly slip in.
The whole point of contests like this is to promote responsible disclosures of such vulnerabilities and to reward the person responsible so they don’t go and SELL this information to groups who would develop malware and pose a risk to ordinary users.
Marcin Trybus said
I use Debian GNU/Linux Lenny, Firefox 3 Beta (or Minefield) and Konqueror 3.5.latest (for friendly websites).
Opera (even the brand new 9.50 beta) is nowhere as fast or usable as FF3.
No AdBlock? -> Pages have more ads then text.
No NoScript? -> No secure browsing.
I’ll pass on that.
It’s a classic trade-off. GNU/Linux is secure, MacOS is easy to use, XP is kinda half way there in both categories, Vista is a dud. It’s not that GNU/Linux is any more secure then MacOSX. It can be crippled to be user-friendly, just like MacOSX is (out-of-the-box!).
Apple is the new Microsoft, just more hippie. I read that using Safari on a non-Mac breaks its license anyway.
Extraterrestials have ported Debian and Firefox on their hardware. Some of them are even Debian Developers.
whyamistilltyping said
Hmmm, I strongly disagree with some of your points. Linux (well *nix) has a much better user privaledge system which is also similarly implemented in OSX (Darwin in *nix based.) This is a basis for a good security model. The developers at Redmond made a fatal error with Windows XP, they made the default account the same level as the built in Administrator level which means the system is potentially wide open. I won’t go into the ins and outs of it, but Vista has made some big improvements in that field. Whilst I dislike some of the extra services / functionality Microsoft has added into Windows 6, it definately is a far superior OS to XP (and possibly linux and OSX in some regards.)
XP was a good operating system for it’s time, unfortunately the world has moved on and, if you use Windows applications then Vista is now the OS of choice. To say it is a dud is a very profound statement, one which I would challenge you on.
Of course if the problem is between the chair and the keyboard, no system will be secure for long.
freestuffadventures said
XP ftw