Joined: 17 Aug 2009
|Posted: Wed Nov 04, 2009 9:43 pm Post subject: Malware: Windows vs OS/X
|Here is an interesting article on virus and malware on Windows versus SL and Macs. It makes the case that antivirus software on the Mac really doesn't buy you anything and may open new holes to be expoited. It also discusses some disturbing facts about Windows and why it is so ridden with security holes.
Retired: Altair 8800, PET, TI 99/4A, Apple II
Mac Plus, Mac II, Mac SE/30, Quadra,
20th Anniversary Mac, iMac Purple, G4 Blue & White, iBook Clamshell
Active: Mac Mini (OCT 09) 4 GB RAM, 2.66 GHz, 500 GB HDD
Joined: 19 Sep 2007
|Posted: Thu Nov 05, 2009 6:15 pm Post subject:
|The CanSecWest Pwn2Win contest is a joke.
Talk about throwing money away.
Yes, the Mac got cracked in under 5 minutes, but as the guy who won it admitted later in an interview, both he and two of his compnay friends spent over a week+ each trying to break Safari to the point they could take over the machine. That's 120 to 150 hours all up trying to find a loophole big enough to take the machine.
To make sure they had a winner in the allotted time, CanSecWest, provided the so called "Hackers" with every possible detail about what was on the Mac Airbook.
This included, telling them what version of OS was loaded, what patches & updates were on board & even if the firewall was on or not....
They even told them what the specific static IP address was for each machine... duh.....
last but not least, the guys who took the Mac down, exploited a technical loophole in the rules, by previously setting up their own "Malware Injection site" to download to the Airbook they were hoping to Pwn..
No wonder they took it down so easily.
As the guy who won it said, no hacker would have bothered, if they weren't sure they could use such slack rules to their advantage.
Lord, with that sort of free information, even blind Freddie could have taken down the machine.
I wrote to CanSecWest and suggested they change the rules so that the computers in question should be locked behind a door with the hackers being given no other information about the make of the machines or any detail about the OS that was installed.
All I would give them would be a router / server address.
In real life a hacker doesn't know before hand what brand of machine, or OS they're up against.
So in a real contest, they would have to ping that sort of information out of the machine and know enough about over a dozen Major Operating systems to even get near to cracking the machine in question.
Then the only way they could get to the money, would be to hack the computer for a electronic password, that would then allow them access into the locked room.
Last, I would expect the winner to hand over their computer / disks etc in order to verify that the work was done there and then on the spot; rather than downloading an exploit that took them the equivalent of three weeks of work to put into action.
Finally, I noted on another forum I visit, that the Windows & Linux guys were bragging that Linux took so long to break etc...
We'll given the fact that all the cash (actually it was $10,000 plus a mouth watering Mac Airbook ) had been snapped up in the first day, meant that much of the incentive had been taken out of the competition. Like a deflated air balloon, the company was left trying to keep the competition alive by pumping up the value of the two crappy PC laptops that were still up for grabs.
In the end, only the nerds stuck around the extra two days, not because Linux & Windows were harder to Pwn, but because...well they're nerds...
(Like Star-Trek fans who stick around collecting disgarded seat tickets, long after the auditorium has emptied of famous cast and almost all the other Trekkies)...
Of the four X systems in the world.
Which would you choose?
OS X : LinuX : UniX or MS-BolloX.