Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said.
“Apple didn’t change anything,” said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker’s Handbook, and winner of two consecutive “Pwn2own” hacker contests. “It’s the exact same ASLR as in Leopard, which means it’s not very good.”
Because Snow Leopard lacks fully-functional address space layout randomisation, Macs are still easier to compromise than Windows Vista systems, Miller said. “Snow Leopard’s more secure than Leopard, but it’s not as secure as Vista or Windows 7,” he said. “When Apple has both [in place], that’s when I’ll stop complaining about Apple’s security.”
Address Space Layout Randomization (ASLR) is another technology, new in Windows 7 & Vista, that defend against the buffer overrun exploits. Each time you boot Windows, the system code is loaded into different locations of the memory. This seemingly simple change thwarts a class of well-known attacks in which the exploit code attempts to call a system function from a known location.
In the end, though, hacker disinterest in Mac OS X has more to do with numbers, as in market share, than in what protective measure Apple adds to the OS.
“It’s harder to write exploits for Windows than the Mac,” Miller said, “but all you see are Windows exploits. That’s because if [the hacker] can hit 90% of the machines out there, that’s all he’s gonna do. It’s not worth him nearly doubling his work just to get that last 10%.”
Forum thread Apple fixes 33 holes may also interest you.
