Eric Schmidt -- Want to be secure? Chrome + Mac

Discussion in 'other software & services' started by Hungry Man, Jun 1, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  2. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Me as well. Macs are for newbies.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Newbies? Hardly. At least not exclusively.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    They are made to be simple to use.

    Ironic that Eric Schmidt didn't recommend something from his own company, Google Chrome OS (which is based on Linux). Heck it's completely a Chrome browser.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    The article cited by the OP is from cultofmac.com
    cult
    http://www.prevx.com/blog/109/The-goal-of-antimalware-products.html
    December 16th, 2008
    Drive-By Attacks vs. Social Engineering
    June 3, 2009
    http://blogs.pcmag.com/securitywatch/2009/06/drive-by_attacks_vs_social_eng.php
    http://nakedsecurity.sophos.com/201...al-engineering-more-common-than-exploitation/
    May 19, 2011
    Indeed, even 3-1/2 years ago:

    DNS changer Trojan for Mac (!) in the wild
    Published: 2007-11-01
    http://isc.sans.org/diary.html?storyid=3595

    The idea that an OS/browser combination is the answer to malware threats is misguided at best.

    For the non-technically knowledgeable person, it is a false sense of security, since that person is susceptible to being tricked, no matter the OS/browser.

    The technically knowledgeable person won't be tricked anyway, no matter the OS/browser.

    Note that the initial stage of the current MACDefender exploit is triggered in the same way as those against Windows users:

    More on MAC OSX Malware - MACDefender Fake Antivirus
    http://isc.sans.edu/diary.html?storyid=10813
    No matter the OS and browser combination, if the user is tricked, she/he grants permission to install the ____________ (fill in the blank) and that is that!

    It will be interesting to see how remote code exploits against the Mac OS and 3rd party applications develop. There have not been many, but they do show the potential for code exploitation, such as:

    Skype 0day vulnerabilitiy discovered by Pure Hacking
    http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking
    Sound familiar? If we remove "skype" we can substitute any number of products:

    And so, as malware for Mac users evolves, those users will be in the same position as Windows users, where they will need to

    • pay attention to keeping the OS, 3rd party applications, and plugins updated;

    • employ security products to protect against the execution of 0-day unauthorized code;

    • develop safe and secure computing habits.

    Those who follow the malware scene pay no attention to the musings of the cultists.

    regards,

    -rich
     
    Last edited: Jun 2, 2011
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    I have a better title: Want to be secure? Anything + anything. Boring.
    Mrk
     
    Last edited: Jun 2, 2011
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    agreed. its the person using the operating system thats the issue.

    or the better title: to be secure unplug your router

    no matter what OS is used if someone allows malicious software the root password they get owned.

    I would like more separation in all operating systems. It would be nice for operating systems to have separate containers like qubes. I dont like how any programs I run can access my user data if they wanted to. third party solutions such as sandboxie create issues. programs werent designed to run inside sandboxie. I would like to see native sandboxing. my media player only needs access to F:\Music and my disc drive so it would be nice if i could create a container and only allow those locations.
     
    Last edited: Jun 2, 2011
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Can you give an example to illustrate what you mean?

    Thanks,

    -rich
     
  10. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello Rmus,

    Well im not an expert in user permissions but surely any program i run as user has the same permissions as i do? which means it can access my user directory? if the program can then im wondering what i can do about it? I Currently use windows 7 with a standard user account.
     
    Last edited: Jun 4, 2011
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Nothing to do about it. Google does this so that if you have multiple Windows accounts it isn't globally installed/ can be used or unused more easily.
     
  12. Martijn2

    Martijn2 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    321
    Location:
    The Netherlands
  13. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152

    Attached Files:

    • os.png
      os.png
      File size:
      2.9 KB
      Views:
      237
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I'm not sure what scenarios you are concerned about.

    For example, an updater (such as adobe or java or browser) can peruse your computer to check for versions.

    If not these, give some examples of what you think might happen...

    regards,

    -rich
     
  15. 1820301060

    1820301060 Lurker

    Joined:
    Jun 6, 2011
    Posts:
    3
    Chrome is a good option, MAC should be not. I still stick to Win7.
     
Loading...
Thread Status:
Not open for further replies.