Why Security Pros Use Macs

[aryayush]

Why do I insist on using a Mac as my primary work machine? More specifically, why an Intel Core2-based MacBook Pro?

It's probably not the reason that you think.

Security professionals need not hide behind the argument that avoiding Microsoft Products is the end-all solution to a secure computing environment. Security Professionals have much better reasons, and those were amplified when I talked to other folks at CEIC 2007 over the last few days. I was astounded at the number of Mac laptops that were present. It was easily twice the number from last year.

Here are the reasons:

1) In today's current environment of Windows-specific malware, yes hanging your hat in the OS X corner makes sense. You are less of a target. The malware bad boys are writing their code for Windows. Whether this is because OS X is so secure, or because the miscreants want to capitalize on market share to make their bucks, the argument that using OS X as your primary OS is a smart one today. Security Professionals want to practice what they preach, and this is a pretty decent way of doing so.

Read more...


I don't see how any sane and rational human being (and this requirement automatically sieves out certain members of this forum) could possibly have a differing opinion on any point in this article.

[gxsaurav]

Lets disect the post a bit.

Quote:

1) In today's current environment of Windows-specific malware, yes hanging your hat in the OS X corner makes sense. You are less of a target. The malware bad boys are writing their code for Windows. Whether this is because OS X is so secure, or because the miscreants want to capitalize on market share to make their bucks, the argument that using OS X as your primary OS is a smart one today. Security Professionals want to practice what they preach, and this is a pretty decent way of doing so.

Yup, we all know that . Macs are secure just cos they got less number of users & malwares are not targeting this low population. Didn't hackers recently proved that Mac can be hacked.

Quote:

2) No other platform allows you boot OS X legally for security research and testing. OS X has a rising marketshare, and it *is* relevant to anyone doing forensic work. At CEIC there was an entire presentation on OS X forensics, and it was packed. That same presentation was packed last year. Hmmmm.

Yup, the only legal way it to buy a Macintosh cos El Jobso wants you to use it on his company's computer not just any equal performing computer which you can buy out there dirt cheap. Also it depends on what application you use.

Quote:

3) Parallels. ..................

Isn't this available for Windows since.,...umm VMWare

Quote:

4) None of that "Genuine Software Checking Crap". Man, Microsoft really annoyed me with their Genuine Advantage crap. Every time I changed hardware components on my forensic machines, that damn GA would insist that I call MS

Microsoft has no way to find out whether you are using a legit Windows OS or not. Apple has a legit way, it runs only on Apple hardware so to run MacOS X legaly you need to buy a new computer. Why do you guys always forget to mention that ?

Quote:

Virtual unlimited abundance of software. Want to run EnCase or FTK or WebInspect? Power up your Parallels image.

Again, did someone forgot to mention that Windows has been doing this since...umm VMWare

Quote:

My student discount puts a nice dent in the price tag.

Speaks about itself

Quote:

Try it - you might be surprised. When I whip out that Apple remote control and start clicking through my Keynote slides I usually have to remind the folks in the room to watch the slides and NOT my remote control. (true story)

cool, I think this guy didn't see Acer Ferrari, Sony VAIO, Asus Lambhorgini laptops out there

[kumarmohit]

Erm, If this guy is a security 'pro' how come he got a student discount. Mr Jobs I am studying 2 courses in parallel and do some freelancing too. If you can provide a 'student' discount to a security pro, plaese oblige me by sending an Octa-core MacPro with 2 Apple 30 inch cinema displays, A black Mac Book 13 inch (Already have 15 inch laptop, so cut the MacBook Pro) and drop a 80Gig iPod in too. @ mini discount of 100%

[aryayush]

He explains why he is eligible for student discounts. The least you could have done was actually read the article before posting something.

[gxsaurav]

Microsoft, Apple, Adobe, Autodesk all provide student license however it is subcidiced by the college you are in. Like Vancuvar film institute, if you study there you get student license of Photoshop & 3Ds Max, Shake, Final cut at really cheap prices.

[Desi-Tek.com]

mac is secure because it is built on bsd kernel with mod and it will always remain secure and 1 more important point it implement FAP file access permission. So again in case if mac will get infected with virus it will need root permission to create any disaster which i don't think any body will give . FAP is missing in windows and recently introduced in vista but still it has long way to go

[kumarmohit]

Quote:

Originally Posted by aryayush

He explains why he is eligible for student discounts. The least you could have done was actually read the article before posting something.

My mistake, I thought you only gottaa be a student to get the discount!!!

[aryayush]

This post alone makes you a thousand times better than the second poster in this thread. Having the decency to admit that you made a mistake is a great character trait.

[Zeeshan Quireshi]

as GX said , Mac is only secure coz less people use it n hackers target windows . say if Mac share rises to 90% then the situation would be the other way round

Also , an Opearting System is as secure as the usr using it

[aryayush]

Quote:

Originally Posted by Zeeshan Quireshi

as GX said , Mac is only secure coz less people use it n hackers target windows . say if Mac share rises to 90% then the situation would be the other way round

Doesn't change the fact that it is secure, reasons be damned.

Quote:

Originally Posted by Zeeshan Quireshi

Also , an Opearting System is as secure as the usr using it

Correction: Windows "is as secure as the usr using it". You can use Mac OS X as you wish to, visit any website, download any file - you'll always be secure.

[zyberboy]

Quote:

Originally Posted by Zeeshan Quireshi

say if Mac share rises to 90% then the situation would be the other way round

Yeah

[eddie]

Quote:

Originally Posted by aryayush

Correction: Windows "is as secure as the usr using it". You can use Mac OS X as you wish to, visit any website, download any file - you'll always be secure.

[eggman]

Damn!!!Even viruses don't like Macs.....even they hate it.
I had my last hope on viruses........poor mac

[kirangp]

I am using Windows Vista as I wish to, visit any website, download any file - I am always secure and I am sure of that

[gxsaurav]

Quote:

Damn!!!Even viruses don't like Macs.....even they hate it.
I had my last hope on viruses........poor mac

:ROFL:

Quote:

I am using Windows Vista as I wish to, visit any website, download any file - I am always secure and I am sure of that

You are not the only one bro. No AV here, just a firewall & ad muncher.

[Sukhdeep Singh]

Quote:

Lets disect the post a bit.

Quote:

Yup, we all know that . Macs are secure just cos they got less number of users & malwares are not targeting this low population. Didn't hackers recently proved that Mac can be hacked.

Exactly, and same applies to linux

[praka123]

UNIXen are inherently better and secure.
Linux a Virus Target?

In an article on vnunet.com, two executives of anti-virus firms opined that Linux would be the next virus target. Here are excerpts from the article:

"Of course we will see more and more attacks on Windows, but Linux will be a target because its use is becoming more widespread," said Raimond Genes, European president for antivirus at Trend Micro. "It is a stable OS, but it's not a secure OS." Jack Clarke, European product manager at McAfee, said: "In fact it's probably easier to write a virus for Linux because it's open source and the code is available. So we will be seeing more Linux viruses as the OS becomes more common and popular."

I will be charitable and call these statements "myths" or "misperceptions" rather than other nastier but perhaps more accurate terms. Let's examine and debunk the myths.
Myth: Widespread use equals widespread abuse

This myth goes as follows: Product X (Windows, Outlook, whatever) has more security problems because it is far more widely used than Product Y (Linux, Mutt, whatever).
In fact, the Apache Web server is far more widely used than Microsoft's IIS (Source: Netcraft), but has suffered far fewer security problems (Source: defacement archives).
Update: I have had several comments saying that this survey reveals that Windows computers account for about 50% of Web servers, but that Apache runs more web sites. Some people claim that under this metric, therefore, IIS is more widely used than Apache. Even if I accept these figures, the fact is that the defacement archives show Windows defacements outnumbering non-Windows defacements 62 to 38. From this, I still conclude that the number of vulnerabilities in a piece of software does not necessarily correlate with its popularity.
Myth: Linux is not a secure OS

In fact, no commodity OS is "secure". Security is a process, not a product, as dozens of security experts keep reminding us. Linux does, however, have important security enhancements compared to consumer-level Windows operating systems: File permissions and separate user accounts can greatly mitigate the damage caused by malicious software. If all of the security features built-into Linux are properly configured and enabled, Linux is a highly secure system.
For those who need even more security, the U.S. National Security Agency provides a Security Enhanced Linux distribution which contains advanced security features beyond anything found in Microsoft operating systems.
Myth: It is easier to write viruses if you have the OS source code

I would suggest just the opposite: If source code is widely-available, many organizations with an interest in security (such as the NSA, for example) can audit the code, correct security problems, and feed these corrections back to the main code tree.
Why is it that tens of thousands of viruses exist for closed-source systems like Windows (with several of them actively propagating around the Internet as you read this), while only a handful of pathetic "proof-of-concept" viruses have been written for Linux, and none has propagated to any extent?
Why is it that open-source Apache has a far better security record than closed-source IIS?
Why Linux viruses are unlikely

In order for an e-mail virus to propagate, it must be able to:

1. Enter the target machine
2. Execute on the target machine
3. Propagate itself

Linux makes steps 2 and 3 very difficult.
Social Engineering to Enable Execution

Under Windows, a file is marked as "executable" based on its filename extension (.exe, .com, .scr, etc.) Encoding metadata (like file type) into the file name is a very bad idea and has horrendous security consequences. Encoding metadata in this way allows for the simple-minded social-engineering attacks we see on windows: "Click here for a cool screensaver!!!"
Such an attack under Linux would go like this: "Save this file; open up a shell; enable execute permissions on the file by typing 'chmod a+x filename', and then run it by typing './filename'."
Obviously, the Linux permissions system makes such a social-engineering attack very difficult.
Software Flaws to Enable Execution

Another means by which viruses can execute are by exploiting bugs in e-mail client software. Both Outlook and the various Linux mail clients have had their share of bugs, and this is indeed a risk, even on Linux. However, because of the overwhelming uniformity of Windows desktops, a virus which exploits a software bug in Outlook is far more likely to propagate than one which exploits a software bug on a Linux e-mail client. This is simply because of the huge array of Linux e-mail clients in use. At any given time, only a small portion of all Linux users are vulnerable to e-mail client bugs.
Virus Propagation

To propagate itself, an e-mail virus must re-mail itself to others. On Windows/Outlook, this is simple, because there is a uniform, well-known interface for obtaining address lists and sending e-mail. On Linux, this is harder. There is no uniform way for a virus to read your address book, so a Linux virus would have to work harder to propagate itself.
Linux in the Future

There is a trend under Linux to build complex, rich desktop environments which allow rich interaction between programs. These environments could, if not designed correctly, increase the chances for viruses to execute and propagate. So far, however, the designers of these environments seem to be following sensible design and security procedures. No-one, for example, has built a Linux e-mail client which automatically executes an attachment with just one mouse click.
Challenge to Anti-Virus Companies is Over

My anti-virus challenge, which had been running since 5 December 2001, is now (7 May 2002) over. No-one managed to meet the challenge, although one person came close.
The Challengers

There were five entries in the anti-virus challenge:

• Entry 1
• Entry 2
• Entry 3
• Entry 4
• Entry 5 (This one came close)
• But seriously...

Copyright © 2001 David F. Skoll http://www.roaringpenguin.com/about/...anti-virus.php


I'd like all windows fanboys to read below article:
"Remote shell trojan". In order to be infected by it you must run a binary infected by it, as root. Most binary Linux software is typically signed by the vendors that produce it, and a quick check of the signature would reveal if the package were changed or not. In addition this "Remote shell trojan" cannot replicate across networks, it cannot send itself out as an email attachment, or hunt for and infect network shares. On the other hand the Code Red worm will infect any NT or 2000 machine that has a default configuration without sufficient security updates (estimates run from 300,000 machines and up were infected by Code Red). While the number of UNIX, and Linux viruses will of course increase, but I doubt we will see the explosion that the Windows world has been suffering in recent years. The argument that "the increasing popularity of Linux (and UNIX in general) will mean more viruses" is correct but only in a limited way. The general usage habits and layout of the system will defeat the majority of viruses quite effectively.

http://www.seifried.org/security/ind...IX_and_Viruses

[deepak.krishnan]

Quote:

Originally Posted by aryayush

Why do I insist on using a Mac as my primary work machine?

bcoz hackers and virus writers are not at all interested in Macs

[aryayush]

Yeah, and that's great news for me and all Mac users. We couldn't be happier.

[i_am_crack]

@praka123.....Good Presentation..I liked the way you put it.....

eBRo

[blackpearl]

@aryayush:
What's your problem dude? If you like mac, fine. Just use it. Why do you have to keep singing in praise? Nobody likes such people, you know that.

There are only 3-4 mac users here and the rest windows users and they like their OS too. Have you seen any Windows users doing what you are doing?

[praka123]

Quote:

Originally Posted by deepak.krishnan

bcoz hackers and virus writers are not at all interested in Macs

I cant get ur point.pls read:
Why Security Pros Use Macs
^^ the explanation is easy to get isnt it?

MAC OS X is a UNIX(freebsd base).right?.UNIX is secure.infact very much secure than DOS or Windows inherently.now dont hear the false point FUDed by the fanboys `de Windows here.dont make conclusions without actual experiance.
there are people who uses Linux,bsd's,mac's and many other OS who are satisified.Yes,the popularity of UNIX are growing esp Linux.even if popularity of UNIX os's increases Viruses or any other craps cannot procreate themselves in UNIX like architecture.
this is not to offend you.but just to make known the facts rather than the FUD spreaded by win fanboys here.

[iMav]

linux and mac are as vulnerable as windows .... its a globally accepted fact by mac experts also tht if hackers train their eyes on a mac or linux it will also face the same wrath as windows does

[praka123]

^^ ranting or whining eh? ::got his ears closed with araldite::
Digest the facts dude,rather than FUD ing eh?I know u guys the trio pioneering in FUDing MAC and Linux.Pathetic U guys

[gxsaurav]

Quote:

^^ ranting or whining eh? ::got his ears closed with araldite::
Digest the facts dude,rather than FUD ing eh?I know u guys the trio pioneering in FUDing MAC and Linux.Pathetic U guys

In one of the other threads, isn't it you prakka spreading FUD about Microsoft & DRM

[iMav]

not in 1 of the other threads .... every other thread

[praka123]

Yes DRM is infested in MS Vista.god knows what else they got inside closed source os to loot critical datas of poor users signed their fcuking EULA.why ur lieing?I am saying truth only.
arent u the trio who are spreading nonsense in this forum creating troubles for MAC and Linux users?I have gon through ur threads..this is pure FUD u guys are doing.and where is the admin @fatbeing.sir,please go through the threads created and run by imav,gx_saurav especially.

[gxsaurav]

Quote:

Yes DRM is infested in MS Vista.god knows what else they got inside closed source os to loot critical datas of poor users signed their fcuking EULA.why ur lieing?I am saying truth only.

MS looting my super secret recepie. how the hell are they doing it?

[iMav]

preading nonsense in this forum ... hey arya have we said anything wrong ... all that we pointed out was correct even u know that may be the way we said it can be questioned but we arent spreading lies ... and hey praka MS is not providing DRM content ... if u r against DRM curse the content providers and can u tell wht effect has DRM had on u ? im using vista, gx is using, vishal is using, anand is using none of them have said that DRM has caused any problems to them no user on the net has said tht DRM has caused them problems but its u OSS users hijacking MS threads ... fatbeing go thru his FUDs also in all MS threads ...

and arya i think u can help us out here we havent said anything that not there in mac what we have said is what is true as i said the way we said can be questioned ...

security users use mac ... and we have a OSS user talking about DRM and then saying we are doing something wrong

[i_am_crack]

Some guy gives the funda of something and the other pop that here and there are N numbers of guys fight of justice.....

God Save you people...

Long Live users......