How secure is Apple? (opens in new tab)

(nilsjuenemann.de)

22 pointsnilsjuenemann11y ago15 comments

15 comments

13 comments · 4 top-level

valarauca111y ago· 4 in thread

There was a very good talk at defcon21 (I believe) about Apple Security. It wasn't super in-depth, it basically covered fire-walling.

Basically by default OSX ships with its firewall completely off. Turning on your firewall, blocks most ports except the few that are by default for standard black box mac services. If you turn on enhanced stealth mode firewall, you block pings. Not the entire IMCP protocol, just pings. And nothing else. So you can sync PRNG.

Also there is issues in bonjour's UDP handling which let you consume all CPU resources (pin the processor at 100% remotely, no permissions just UDP spam). Remotely, also bonjour can't be disabled or blocked by the GUI firewall.

:.:.:

A lot of people look at OSX and say, "Hey its a unix, I'm safe." And they aren't. No Unix is safe by default, even OpenBSD requires you watch what your doing.

ianstallings11y ago

People should also look into the full disk encryption feature provided, FileVault, because it's turned off by default. It's a little beyond your average security measures but it helps me sleep a little better.

artmageddon11y ago

I'm a fairly new OSX user, been on Windows for most of my life and on Linux for a bit. Do you have any suggestions on guides for increasing security?

Osmium11y ago

Advice is fairly standard: don't make your main account an Admin account, give your password out sparingly to apps that ask for it, try to use only sandboxed apps (i.e. from the App Store), don't turn on un-needed services (these are mostly in the Sharing pane in System Preferences). If you don't like Apple's default firewall rules, I believe OS X has BSD-standard ipfw installed by default, so you can use that and modify it to your liking.

Mostly, though, I'd say don't panic. Keep OS X updated and you should be fine (inc. Flash if you use it in Safari, and keep rarely-used web plugins disabled by default). Zero-days are always a worry, but you'll never see them coming by definition, so there's not a lot you can do about it...

[Note, I am by no means an expert]

Edit: and, as another poster said, enable FileVault. It's a great, stable and fast (on modern Macs, any slow-down should be imperceptible to the user) protection against casual data theft if someone steals your computer.

valarauca111y ago

I can't offer exactly domain advice. I don't use OSX myself. But I can offer board advice. Learn the options, learn what they do, learn why they do that, and what you gain.

Basically never trust a computer to keep you safe on its own, if it promises to its likely lying (or OpenBSD).

ksk11y ago· 4 in thread

I understand OSX is the topic of the article. However, I don't think Linux fares any better. Should we really be happy that we're able to 'root' our phones?

Pleroma11y ago

https://en.wikipedia.org/wiki/Whataboutism

dfxm1211y ago

Yes, two wrongs don't make a right, but given the presumed motivations of this article, it is important that everyone is aware of the security shortcomings of the phones, other computers and computer related services we use every day.

ZenoArrow11y ago

Rooting is left in as a feature for those who want more access to the OS, it's equivalent to complaining about sudo. There are certainly vulnerabilities when it comes to Linux (for example, programs running through X.org are relatively easy to snoop on), the advantage with a Linux OS is that you can choose to make it more secure because of its modularity.

Apple has a different task ahead of it because it's responsible for the whole OS stack. A successful model to follow is Microsoft's, they take security patches seriously.

ksk11y ago

I was obviously referring to the practice of exploiting kernel vulnerabilities to gain root access to locked down phones.

1 more reply

pathikrit11y ago· 1 in thread

Windows is like living in the ghetto with bolted doors and windows. OSX is like living in the country side with doors open. Both are not that safe in somewhat different ways.

antsar11y ago

As it gains popularity, that countryside is rapidly acquiring its fair share of problems. Certainly enough to consider closing the doors.

hell-banned111y ago

APPLE may be good at design, but its technology sukx. Which hacker in his right mind will prefer APPLE to Google, Facebook or a startup?

j / k navigate · click thread line to collapse