Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Infamous hacker applauds the security of Microsoft software; less than pleased with Apple and Adobe offerings
Marc Maiffret, despite having a name that sounds uncomfortably French in origin, is one of the founding members of a special and elite club: he's a turncoat hacker. Once an infamous black hat, he's now the chief security architect for leading malware protection system developer FireEye. His list of notable accomplishments is many, but they will all be shadowed by his latest statement: Microsoft software is more secure than Apple's.In a frank and interesting interview over on CNET, Maiffret spends a lot of time discussing how Microsoft has really shaped up in terms of producing secure software. Maiffret says that Apple is only now looking at improving its code review and auditing procedures -- something Microsoft has done well for a long time now.
Maiffret also notes that desktop apps are now the biggest threat to our security -- apps like Adobe's Creative Suite. There isn't a tried-and-test patching process for desktop apps: if a security hole is found in Flash or Photoshop it can be a long time until it's patched.
Meanwhile, it seems Apple's primary defense is still security through obscurity: "We've only seen a scratching of the surface as far as Apple vulnerabilities because nobody cares to find them." Ironically, Apple continues to claim that its OS X is more secure than Windows -- a very dangerous act, according to Maiffret: "... They try to market themselves as more secure than the PC, that you don't have to worry about viruses. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not."
So, good news, Windows users -- you might not be aware that you're using the more secure operating system... but you very much are!
Comments
28
Subscribe to commentstracker1Apr 16th 2010 4:27PM
Virus infection routes are generally through what is found via hacking, so it's very much relevant. As to resource usage, it depends on which AV stack you use. I didn't run a full-time AV on my netbook for about a year, when I installed AV, no problem. It really depends on your habits, if you run the WOT extension for firefox/chrome and adblock against easylist, you are relatively safe. If you don't open strange email attachments, or download rogue software, you should be fine. Probably the best AV softwares in terms of resource overhead are ESET's NOD32, MS's Security Essentials, and Norton 2009+. Most other AV software is particularly bad on resource overhead, or failure rates. Also, there are a number of compromised Linux and OSX systems out there. Some of which is automated, much isn't. Through an unpatched Linux box with an unpatched year old desktop distro (much more recent than the 8yo XP) on the internet (not firewalled), and I'm willing to bet it's likely owned within a few hours. OSX infections are mainly via infected grey applications (pirated apps with malware injected). Beyond this, for the most part any malware that gets user access has all it needs, it doesn't need root to send spam, or gather *your* information.
Adam LichtApr 16th 2010 5:01PM
I work in IS Security and Compliance. Our Security manager had this to say:
"OSX is like an unlocked barn in the middle of nowhere. Windows is like an apartment with a deadbolt and bars on the windows in the worst neighborhood in town. Linux is like a survivalist bunker in the middle of the desert. Ultimately, none of them are great places to live, but if you actually have to get something done, the worst neighborhood in town is a heck of a lot closer to the stuff you need than either other option."
carmodaApr 17th 2010 9:10PM
Adam, your comments are based on emotive parables. It is impossible to base such comments on evidence. I challenge you to do so. I am expecting you to return with unsubstantiated opinion.
carmodaApr 17th 2010 9:04PM
unfounded and difficult statements to uphold. the statements Maiffret has made are not unlike saying "BMW's are easier to crash than Toyotas" Security is not all about proactive hacking. A well maintained PC vs a well maintained Mac, i'd put my money on the Mac anyday. His statements are based on only one factor. If you were argue the case in factual sense, i.e: based on metrics sourced from he last five years of 'actual incidents' his statements are totally weightless. I have never witnessed a security breech on a Mac (bar iphone) in my 17 years as an IT professional. Especially surprising given most Mac users are usually less technically minded.
whiskeyApr 18th 2010 4:36PM
Ahahahahahahaha
Ahahaha ahahah ahahahha ahahahaha
Hahahahha ahahaha hahaha hahaha, ahahhaha ahhahaha.
You really made my day! Thanks Sebastian.
Sebastian AnthonyApr 18th 2010 4:37PM
*tips hat*
JayApr 25th 2010 7:24PM
What's up with that dude's hair?
Sebastian AnthonyApr 25th 2010 7:29PM
I unfairly used a photo from when he was younger... cool hair though :)