On GameSpot: $299 PS3 Slim and price cut announced!
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 1 of 201:
Next »
How about security?
Update: I have answered my own questions with the precious few details found here: http://www.apple.com/macosx/technology/

Are there any security improvements in Snow Leopard? yes, a few

Will the NX/DEP finally be switched on in Safari and all other internet facing programs?
Presumably it will be switched on for 64bit programs. All bundled apps will be 64 bit, but 3rd party apps may not be

Will ASLR be extended to more than a few system libraries and have increased entropy? no info

Will SL have any form of heap corruption protection, like e.g. heap encryption/checksum or canaries? Any safe exception handling in sight? yes, heap checksumming. No mentioning of exception handling

How about memory allocation techniques to foil attacks, such as variable reordering, string protection etc? No info

Last but certainly not least, will the "sandbox" finally be turned on to protect Safari, mail.app etc? No info. Presumably not because a real sandbox is an architectural change which involves splitting apps up in more processes

I was told a long time ago that Snow Leopard would be the release of OSX which would finally get it right. SL does feature more security for 64bit apps.

OSX is still by far the most vulnerable operating system out there. IBM researchers find that OSX is hit with 3 times the vulnerabilities compared to Vista for the past 3 years. 2009 is no different, according to Secunia. Independant security researchers are all telling it like it is: OSX is the easiest OS to exploit. Once you find a vulnerability (plenty to choose from) nothing prevents you from exploiting it. Unlike Vista and to some degree, Linux.

There are now definite signs that attackers now are beginning to turn their attention to OSX. Must OSX users wait another 2-3 years for Apple to catch up while OSX is a swiss cheese?
Posted by: honeymonster   Posted on: 08/17/09  (Edited: 08/17/2009 @ 07:11) You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

How about security?  honeymonster | 08/17/09
Honey you need to get out more...  914four | 08/17/09
Gee. A service pack... really? And they charge for this?  trance2tec | 08/17/09
Still puzzled by the emphasis placed on startup and shutdown.  ye | 08/17/09
Especially on a Mac....  trance2tec | 08/17/09
Bacause..  Mectron | 08/17/09
Now, Now, Behave Yourself  robertmro | 08/17/09
well it is true....  trance2tec | 08/17/09
Actually what he said is not true....  James Quinn | 08/17/09
Over Paying? I'm not.  wjanoch | 08/18/09
Who shuts down their Macs anyway...  dcristof | 08/17/09
puzzled 2  HyperCog | 08/17/09
Amen to that  DannyO_0x98 | 08/18/09
Exactly  dave@... | 08/17/09
Except they aren't Service Packs.  goff256 | 08/17/09
Can you imagine  oncall | 08/17/09
Vista/Win7 is a more costly SP update  xXSpeedzXx | 08/17/09
not true...  trance2tec | 08/17/09
So why Windows 7 Server just 2008 R2? [nt]  olePigeon | 08/17/09
Never sold as anything but....  trance2tec | 08/17/09
I thought they were the same code base. [nt]  olePigeon | 08/17/09
no, they are not [nt]  trance2tec | 08/18/09
Because  gnesterenko | 08/17/09
You're both wrong  Speednet | 08/24/09
Compared to frequency of Apple "updates"?  JABBER_WOLF | 08/17/09
How quickly they forget...  vulpine@... | 08/17/09
You must be kidding. Nice try though, OSX is 3X the price.  trance2tec | 08/17/09
Well, since you asked nicely.... (right)  vulpine@... | 08/17/09
I don't think so.  trance2tec | 08/17/09
And again I disagree with you, because...  vulpine@... | 08/17/09
Home Premium is Leopard?  goff256 | 08/18/09
This is childish.  DannyO_0x98 | 08/18/09
You can't really add a lot of new features in an update  goff256 | 08/17/09
Some interesting feature updates  goff256 | 08/17/09
Actually there is a smashing feature...  914four | 08/17/09
Snow Leopard is about refinements to Leopard  goff256 | 08/17/09
Okay  Jkirk3279 | 08/17/09
Odd...  zkiwi | 08/17/09
exchange and quicktime  brokenspokes | 08/18/09
Answer - you shouldn't  gnesterenko | 08/17/09
Not Linux  Jkirk3279 | 08/23/09
RE: Why you should care about Apple's Snow Leopard  efreedom | 08/17/09
You don't think I tried that?  honeymonster | 08/17/09
Re:  dvm | 08/17/09
They can't  gnesterenko | 08/17/09
This comment from a guy...  msalzberg | 08/17/09
This sounds like a Service Pack  jpr75_z | 08/17/09
Added security may be worth paying for  honeymonster | 08/17/09
MS offers security updates regularly  trance2tec | 08/17/09
Why?  rag@... | 08/17/09
Great question to ask Apple.  trance2tec | 08/17/09
Got an ETA on that?  oncall | 08/17/09
They do exist...  trance2tec | 08/17/09
Well they may exist  oncall | 08/17/09
I never said to buy them...  trance2tec | 08/17/09
This is an old article  oncall | 08/17/09
Hey, Trance! I love this one from your link:  vulpine@... | 08/17/09
Check again  rag@... | 08/17/09
Funny  gnesterenko | 08/17/09
Certainly, right here -  trance2tec | 08/17/09
re: check again  Badgered | 08/17/09
All Malware for OSX...  arminw | 08/17/09
That is misleading.  trance2tec | 08/18/09
Wrong again, Trance  vulpine@... | 08/18/09
The same reason that they recommend H1N1 shots:  GuidingLight | 08/17/09
29$ no problem  kisap | 08/18/09
To the ignorant, this sounds like a Service Pack  buddhistMonkey | 08/18/09
RE: Why you should care about Apple's Snow Leopard  SimonUK2 | 08/17/09
Why should I care?  Syst3mZero | 08/17/09
Really?  Eleutherios | 08/17/09
RE: Why you should care about Apple's Snow Leopard  mulerobot | 08/17/09
That is just pure marketing.  Bozzer | 08/17/09
Lame  trance2tec | 08/17/09
Not sure what you are trying to say but..  eqpc | 08/17/09
Pinheads  mulerobot | 08/17/09
It's best  oncall | 08/17/09
I didn't know that a Merc or Lexus had  eqpc | 08/17/09
Also  gnesterenko | 08/17/09
hoopty  mulerobot | 08/17/09
I think you replied to the wrong person. {nt}  eqpc | 08/17/09
"I didn't know..."  vulpine@... | 08/17/09
So when will you understand the difference then?  eqpc | 08/17/09
Considering I was quoting your own statement...  vulpine@... | 08/17/09
Could you explain then..  eqpc | 08/17/09
you are kidding yourself, Kia with a bodykit.  trance2tec | 08/17/09
@eqpc  DeusExMachina | 08/17/09
@DeusExMachina  eqpc | 08/17/09
Not really  DeusExMachina | 08/17/09
(Maybe) Only in a Folls Opinion! (n/t)  windozefreak | 08/17/09
That was in 2003...  cy0n | 08/17/09
How is this a service pack?  bananaboy | 08/17/09
Difference  kitko | 08/17/09
Vista has been useable for me.  ye | 08/17/09
I have to agree  matthew_maurice | 08/17/09
Arguable  gnesterenko | 08/17/09
Proof?  vulpine@... | 08/17/09
Explain, please.  msalzberg | 08/17/09
While he's at it  DeusExMachina | 08/17/09
$169 also include iWork and iLife, not just the OS. [nt]  olePigeon | 08/17/09
So they're bundling.  ye | 08/17/09
$80 for iLife....  trance2tec | 08/17/09
I'd prefer they didn't. I already have a copy of MS Office.  ye | 08/17/09
Exactly... iWork and iLife should be free anyways...  trance2tec | 08/17/09
Is Ilife required? if so it should be bundled.  a.barry@... | 08/17/09
The best way to find out is to try it.  vulpine@... | 08/17/09
Huh?  DeusExMachina | 08/17/09
iLife is free with a Mac  Ken_z | 08/17/09
ONE HUNDRED AND SIXTY NINE DOLLARS?!  goff256 | 08/17/09
I have a 2nd generation MacBook running Tiger.  ye | 08/17/09
Then I have an idea for you... seriously, this can save you money  goff256 | 08/17/09
@goff256: Are you serioulsy making this argument?  ye | 08/17/09
If you don't want iLife/iWork  goff256 | 08/17/09
@goff256: You just don't get it.  ye | 08/17/09
I think the argument  goff256 | 08/17/09
Nice for you, ye.  vulpine@... | 08/17/09
@goff256: I disagree.  ye | 08/18/09
@vulpine: It's not a good deal if I don't want it. (nt)  ye | 08/18/09
Then stick with Tiger  goff256 | 08/18/09
@goff256: You're ignoring the point so you can apologize for Apple.  ye | 08/18/09
Not apologizing  goff256 | 08/18/09
So?  DeusExMachina | 08/17/09
Irrelevant.  ye | 08/17/09
Where did you get that idea?  Charles Miller | 08/17/09
It is not irrelevant  DeusExMachina | 08/17/09
@Charles Miller: Right here:  ye | 08/17/09
But Apple makes no claim nor has it attempted to  James Quinn | 08/17/09
Are you really that lazy?!?  DeusExMachina | 08/17/09
@James Quinn: Even worse.  ye | 08/17/09
Ye... it clearly states that you can get Snow for $29  James Quinn | 08/17/09
@James Quinn: Not if you're upgrading from Tiger.  ye | 08/17/09
Ye this article is from a blog I tend to find mystakes  James Quinn | 08/17/09
@James Quinn: I shouldn't have to jump through these hoops just because...  ye | 08/17/09
So since you can purchase Leopard for $129.00.  James Quinn | 08/17/09
@James Quinn: For a limited time only.  ye | 08/17/09
Leopard already is available and has been for a while  James Quinn | 08/17/09
@James Quinn: The problem is Leopard won't always be available.  ye | 08/17/09
Since you keep ignoring my post  DeusExMachina | 08/17/09
Leopard has been around for quite some time now.  James Quinn | 08/17/09
The irrelevancy is in your argument.  vulpine@... | 08/17/09
@James Quinn: You argument is foolish.  ye | 08/18/09
@vulpine: Vista does not require IE to update.  ye | 08/18/09
Ye, is your other name non-zealot?  vulpine@... | 08/18/09
@vulpine: Windws Update in Vista does not require IE.  ye | 08/18/09
Then explain to me, ye, why...  vulpine@... | 08/18/09
@vulpine: Because Windows Update is now an application.  ye | 08/18/09
@ye: We're still talking about Vista, aren't we?  vulpine@... | 08/18/09
Yes  goff256 | 08/18/09
@ye: About Windows Update....  vulpine@... | 08/20/09
BULL  DeusExMachina | 08/17/09
Wrong person.  trance2tec | 08/17/09
No it's not  DeusExMachina | 08/17/09
No, it was never about bundling...  olePigeon | 08/17/09
Uh huh. Sure it wouldn't have been.  ye | 08/18/09
That is opinion, not fact.  vulpine@... | 08/18/09
It's fact. IE has proven that.  ye | 08/18/09
You seem to forget...  vulpine@... | 08/18/09
You are? One wouldn't get that impression from your comments.  ye | 08/18/09
RE: Why you should care about Apple's Snow Leopard  Flybye | 08/17/09
RE: Why you should care about Apple's Snow Leopard  JimiOB | 08/17/09
The Old ZDNet Flame Wars Trick  robertmro | 08/17/09
I'm sure they are but..  eqpc | 08/17/09
You're Right  robertmro | 08/17/09
I agree  pgstocker | 08/17/09
Other features: Grand Central, Open CL, 64 bit, Enhanced Security etc  Davewrite | 08/17/09
A major breakthrough!  eqpc | 08/17/09
breakthrough yes, not broken like.. VISTA... nt  Davewrite | 08/17/09
Broken?  eqpc | 08/17/09
No..  Davewrite | 08/17/09
A logical discussion! LOL  eqpc | 08/17/09
look at your post I was replying to.  Davewrite | 08/17/09
@Davewrite  eqpc | 08/17/09
Le sigh  goff256 | 08/17/09
@eqpc  Davewrite | 08/17/09
@Davewrite and goff256  eqpc | 08/17/09
Well THAT is different  goff256 | 08/17/09
64-bit, OpenCL and GC  DeusExMachina | 08/17/09
The difference between Windows and OS X 64-bit  vulpine@... | 08/18/09
@vulpine: Most 32 bit software runs fine on 64 bit Windows.  ye | 08/18/09
So now you're saying Windows and OS X...  vulpine@... | 08/18/09
@vulpine: Which post would that be?  ye | 08/18/09
@Vulpine: Please check your "facts" before you post ...  de-void | 08/24/09
@de-void: Maybe you should go back a post or three...  vulpine@... | 09/15/09
64 bit? Wow!!!  James T. Kirk | 08/17/09
Why so bitter?  non-sequitur | 08/17/09
OSX has been 64 bit for years.  DeusExMachina | 08/17/09
RE: Why you should care about Apple's Snow Leopard  gypkap@... | 08/17/09
Macs are the only....  arminw | 08/17/09
Are you kidding?  trance2tec | 08/18/09
Which is why...  msalzberg | 08/18/09
Which is Why...  vulpine@... | 09/15/09
Leadership  MarkyGoldstein | 08/17/09
Mac vs. XP/Vista/7  rharder | 08/17/09
RE:Mac vs. XP/Vista/7  richdave | 08/17/09
RE: Why you should care about Apple's Snow Leopard  Grey Ash | 08/17/09
Hey now thats no0t fair to zombies, Christians or fans of whats happening!  Grey Ash | 08/17/09
@They do exist...  windozefreak | 08/17/09
RE: Why you should care about Apple's Snow Leopard  bmonsterman | 08/18/09
Apple, secure, reliable, my ar5e!!  horus9339@... | 08/19/09
Why do you have to do this?  goff256 | 08/19/09
Point for point --  vulpine@... | 09/15/09
I can tell nobody has any recent Mac/Office experience...  jdickey | 08/21/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement
  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More