Skip to main content

SC Magazine Interview

I was contacted today by a writer for SC Magazine named Dan Kaplan.   He wanted me to shed some light on what I thought about the OSX update that just came out and specifically, if I thought that OSX would become increasingly a target for future vulnerabilities as Apple's Market Share continued to go up.

The article is live and you can get to it here.  Thanks Dan for putting in a few of my comments.  However, I wrote, practically a whole blog entry for him (overkill I guess ;), and thought that I should post what I wrote to him on the blog here.

Feel free to comment.

"The patches really strike me as Apple listening to it's users and really taking it's competition in the OS space to heart. Apple has always prided itself on being different yet being able to implement functionality in a coherent product. They have realized that it's not about the features of the OS, or trying to make it "pretty", it's about how the user approaches the product. How can they make it easier and make it an easy product to use and figure out.

Along the lines of listening to it's users -- a lot of people didn't like Stacks, (the fan), they liked the list format that was popular in Tiger. So Apple put that back in. Some people didn't like the translucent menu bar, so Apple gave you a way to turn it off. There was no obvious way to tell when a Time Machine backup last occurred without opening System Preferences and looking it up. Or there was no way to tell when a backup was taking place. So Apple put an icon in the menu bar to tell you. Taking it a step further, even allowing you to click on "Back Up Now", forcing the backup. Figuring out better interoperability with 3rd party routers with Back to My Mac and iChat. Figuring out how to make a consistent user experience. All of this to me shows that Apple is listening to their users, making features that users really like present in the product.

Apple furthermore having the Leopard Graphics Update come out really shows where Apple shines. Having the hardware and software coupled together allows Apple to maintain a better user experience for their customers. The ability to upgrade drivers through a patch, pushed down from the vendor, without the user having to go to 30 different sites to update their BIOS, their graphics drivers, their OS patches, etc... This really makes for a consistent user experience. The ability for Apple users to get ALL of their updates in the SAME place, just by going to Software Update. It's priceless in my opinion. I'd like to see more convergence in this space as well. The ability for a user to click on Software Update, and not only get patches for OSX, but also for third party applications, such as Firefox or Thunderbird even the Cisco VPN client. Having all these updates come from a single location would be ideal.

As for the security updates, of course, as OSX gains market share, it will become increasingly a target. That is inevitable. However, Apple has made the decision in the past to kill legacy hardware and software. They killed off an entire OS! (OS 9 -- Classic) Sometimes at the detriment of their users. However, they don't have to deal with driver issues and hardware/software issues that Windows has been plagued with for years. Windows has had to drag all this old code along in each of their OS updates, and while Microsoft has made a lot of progress in recent years with the security of it's platform, the same old Spyware, Malware, Trojans, Worms, and Viruses are still a problem. I believe that OSX increasingly will be in the crosshairs of the malware/spyware/trojans/worm/virus/exploit writers, and there is recent evidence of this when it comes to the Safari browser and Quicktime. Apple has been dealing a lot better with the community and those that find vulnerabilities in OSX, communicating better between researchers and the Product Security Department.

Apple also integrates alot of Open Source code into their Operating System, take a patch for Samba that just came out with the 10.5.2 (Security Update 2008-0001). Samba is a piece of Open Source code that allows for interoperability with Windows networks. While the vulnerability isn't one of Apple's, but that of Samba's. Apple integrates Samba's code, so Apple is also responsible for patching OSX as well. "

 Subscribe in a reader


Popular posts from this blog

Offset, Depth, Distance, and Within

Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people sometimes misunderstand.  They aren't difficult, and hopefully after this explanation and a few examples, I can clear some of the air around these five modifiers.

The five modifiers that I am talking about are
OffsetDepthDistanceWithinnocaseThese five modifiers are not keywords of themselves, but rather they apply as modifiers to another keyword.  That keyword is "content". The content keyword is one of the easiest pieces of the Snort rules language as all it does is look for a particular string.  So for instance if I wanted to look for the word "joel" within a packet.  A simple:
content:"joel";Would allow me to do that.  The interesting part comes into play when you want to specify where inside of a particular packet you want the string "joel" to be looked for.  If you are running just a plain content ma…

Writing Snort Rules Correctly

Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical.  I don't want to discourage this person from writing articles about Snort rules.  It's great when people in the Snort community step up and explain some simple things out there.  There are mistakes, it comes with the territory.  If you choose to be one of the people that tries to write Snort rules, you also choose to be someone who wants to learn how to do it better.  That's why I write this blog post, not to bash the writer, but to teach.

I noticed this post today over at the "Tao of Signature Writing" blog, and to be honest I glanced over most of it figuring it was a rehash of things I've already read or things that have already been written from countless people about "Here's how you write Snort rules!".  I scrolled down quickly skimming, not reading at all really, and noticed this part:
Now, let us look at the second questio…

Safari 5.1.4 now available

Safari 5.1.4 now available, fixes issues and improves performance | TUAW - The Unofficial Apple Weblog:

Improve JavaScript performanceImprove responsiveness when typing into the search field after changing network configurations or with an intermittent network connectionAddress an issue that could cause webpages to flash white when switching between Safari windowsAddress issues that prevented printing U.S. Postal Service shipping labels and embedded PDFsPreserve links in PDFs saved from webpagesFix an issue that could make Flash content appear incomplete after using gesture zoomingFix an issue that could cause the screen to dim while watching HTML5 videoImprove stability, compatibility and startup time when using extensionsAllow cookies set during regular browsing to be available after using Private BrowsingFix an issue that could cause some data to be left behind after pressing the "Remove All Website Data" button