I don't see this posted here yet, so I thought I'd provide this link about hackers penetrating Mac's OS X:

http://news.yahoo.com/s/nf/20060306/tc_nf/41948

I know what a favorite topic this is periodically here. Enjoy.

The guy set up SSH and a bunch of other stuff to allow users to create remote shell accounts.


Basically he gave them more access than any other server out there. Inherent OS security won't protect you from stupidity.


http://arstechnica.com/news.ars/post/20060306-6321.html

That outlines the real setup a little bit more clearly.

OSX is not invulnerable. it's more secure than windows for sure, but no OS is perfectly secure unless you disconnect it from the internet.

OSX is safer than windows for 2 reasons:
1. they got to design it from the ground up, a decision that forced a lot of incompatibility problems on users who wanted the upgrade.
2. user/hacker base. why hack an operating system that only has about 10% of all potential targets when you can hit 90%?

microsoft opted not to do #1 with windows, since it would really piss of their (what, 80-90% of the world?) marketshare. i seriously wonder what would happen to mac security if, say, it was split 50/50 MacOS/Windows. apple would be facing backwards-compatibility issues as well as a larger hacker base that would find it worth their while to search for vulnerabilities.

Hacking of Macs is really more Proof of Concept than anything. People like to prove it can be done, but you won't find hatred for Macs like you do for Windows. Hackers just really enjoy ruining Microsoft's day.

I'm not saying it is impossible to hack a system running OS X 10.4.5, but there are some key reasons OS X is harder to hack.

1. Stuff doesn't install without some user interaction.
2. It's based off of Unix, when a flaw is found in any other Unix variant it can be tested and patched if needed on OS X.

Probably 95% of the vulnerabilities in OS X that have been patched are third party parts like Apache.

I'm not saying it is impossible to hack a system running OS X 10.4.5, but there are some key reasons OS X is harder to hack.

1. Stuff doesn't install without some user interaction.
2. It's based off of Unix, when a flaw is found in any other Unix variant it can be tested and patched if needed on OS X.

Probably 95% of the vulnerabilities in OS X that have been patched are third party parts like Apache.

OSX is not invulnerable. it's more secure than windows for sure, but no OS is perfectly secure unless you disconnect it from the internet.

OSX is safer than windows for 2 reasons:
1. they got to design it from the ground up, a decision that forced a lot of incompatibility problems on users who wanted the upgrade.
2. user/hacker base. why hack an operating system that only has about 10% of all potential targets when you can hit 90%?

microsoft opted not to do #1 with windows, since it would really piss of their (what, 80-90% of the world?) marketshare. i seriously wonder what would happen to mac security if, say, it was split 50/50 MacOS/Windows. apple would be facing backwards-compatibility issues as well as a larger hacker base that would find it worth their while to search for vulnerabilities.

Being a little more specific, OS X wasn't a "ground up" design; it was a riff off of one of the historic Unix flavors (BSD, or Berkeley Standard Derivative). It is a truly fine OS, with consciousness of design and quality as well as bulletproofing. This is why Windoze fanbois constantly try to claim that Mac users are stupid - they never have to deal with crashes and rarely deal with incompatibilities.

The "infinite number of hackers" argument is false, pure and simple; such things are known as FUD (Fear, Uncertainty, and Doubt) - a marketing ploy coined by IBM but perfected by Micro$oft. If the argument were true, both Unix and the Apache Web Server product would be as badly arse-raped as Windoze is on a regular basis. Both products are open source, are in massively widespread use, and are used in high-value cracking targets.

The long & short of this issue is that while no OS is truly secure, Sir Billy designed his product as a toy for home users, with no conception of security or even of networking. And Micro$oft's missing the bus on the Internet is the stuff of legend. Apple, to their credit, decided to do what M$FT should have done years ago - dump the code base, start fresh, and build backward compatibility only as far as it doesn't violate proper design principles.

The same basic principles used to protect and harden Mac OS products can be also applied to M$ stuff as well:

- Users to not use an account with Administrator rights. Do everything with a crippled user account, and if you need to install anything, to use the "Run As" command to install it.
- Run only the services you need. Disable all else that you don't(why run the Print Spooler service if you never print?)
- Hardened file permissions. This goes hand-in-hand with not using an Administrator account for regular PC usage.

The same basic principles used to protect and harden Mac OS products can be also applied to M$ stuff as well:

- Users to not use an account with Administrator rights. Do everything with a crippled user account, and if you need to install anything, to use the "Run As" command to install it.
- Run only the services you need. Disable all else that you don't(why run the Print Spooler service if you never print?)
- Hardened file permissions. This goes hand-in-hand with not using an Administrator account for regular PC usage.