Windows More Secure, Macs Safer

[Killuminati]

You’ve probably seen the headlines: “Pwn2Own 2008: MacBook Air hacked in 2 minutes” or “Pwn2Own 2009: Safari/MacBook falls in seconds.” But there’s a story behind every headline and who better to get the story from than Charlie Miller, the man behind the headlines? We had the opportunity to chat with Charlie after his back-to-back successes in demonstrating zero-day exploits affecting the Mac.

http://www.tomshardware.com/reviews/...hack,2254.html

This is an interview with the guy who hacks the shit out of macs and windows and says that Macs are less secure but safer because of a lack of malaware designed for macs and windows are more secure but less safe because of the amount of malaware out there attacking windows.

highlights

Alan: So, if you had to make a recommendation, Mac, PC, or Linux? Or do you find them to be equally (in)secure?

Charlie: I'll leave Linux out of the equation since I know my grandma couldn't run it. Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.

http://blogs.zdnet.com/security/?p=2941

Why Safari? Why didn’t you go after IE or Safari?

It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.

With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have.

It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.

"There’s almost no hurdle to jump through on Mac OS X." the key phrase

On a scale of 1-10, how impressive was the Nils’ sweep of exploiting all three main browsers?

I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows.

Really? What’s the difference between what you can do on IE but can’t do on Firefox?

The technique he used works against IE but not Firefox. It allows you to place code in a specific spot in memory. Mark Dowd and Alex Sotirov talked about this at last year’s Black Hat. You can use a technique to make .net not opt into the mitigations and jump over hurdled easily. With Firefox, you can’t do that.

For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There’s nothing in the Mac operating system that will stop you.