[Infowarrior] - OSX Security: Lance Ulanoff's back!

Richard Forno rforno at infowarrior.org
Thu Feb 7 16:36:34 UTC 2008 

Heeeeee's Baaaaack!

In 2003 I took Lance Ulanoff of PC Magazine to task over his column slamming
Macs and security:

Muckraking, the PC Way
http://infowarrior.org/articles/2003-08.html

After a few years, I guess ol' Lance got bored and needed to puff up his
chest and slam the Mac OS again with another daffy piece proclaiming how
insecure and vulnerable Mac computers are:

Macs Need Security Software, Too
http://www.pcmag.com/print_article2/0,1217,a=224225,00.asp

The gist of ol' Lance's latest column?  Because the SANS Institute (yeah,
yeah) says the most successful computer attacks these days are not Trojans
or viruses but rather phishing and social engineering, he concludes that
Macs are just as insecure and vulnerable as Windows.

Excuse me? 

It's not until the end of the article that he briefly acknowledges that
humans are prone to error, and can be tricked.  That's true. However, that's
not a problem with nor testament to the security of their chosen computing
platform, it's a question of human nature.  You can build the world's most
'secure' operating system or the world's most 'secure' building or the
world's most 'secure' database, and you'll still find folks able to be duped
into bending the rules and circumventing the security controls to
unwittingly help themselves or the bad guys.

I know of no Mac user, Mac-toting IT security geek, or competent IT security
professional who professes the total infallability of Mac OSX let alone its
inability to provide ironclad defense against social engineering attacks
against its only-human owners and operators, for such a beast does not and
can not exist.  Further, deploying extra security software (as his article
title suggests) won't fix this problem since the problem isn't in the
computer hardware or software, it's with the human wetware....and where
there's a new control that requires human intervention, there's a chance for
that human somehow to circumvent it, knowingly or not.  Will more security
software tools help reduce this vulnerability? Perhaps, but such is not a
silver bullet "fire-and-forget' solution, and to think otherwise is a fools'
errand.

Regarding social engineering, Lance is correct in that all operating systems
are vulnerable and that end-user common sense is the best countermeasure.
However, his attempt to link the dangers of successful social engineering
attacks as a characteristic of running insecure software is technopundit
pablum at best and pretty much comparing apples to oranges, if you'll pardon
the pun. Further, the overall tone of his article and comment that "the
average Mac user is no smarter than the average Windows PC user" clearly
suggests the continued presence of an ulterior if not unspoken motive behind
his daffy and biased musings bashing MacOSX over the years.

Of course, there's a (remote) chance that he might be correct -- but either
way, If he truly believes what he is writing, I know of at least one Windows
PC user we're all smarter than.

-Rick
Infowarrior.org

More information about the Infowarrior mailing list