Linux vs Mac OS X vs Windows: Mac OS X gets hacked first
Apple bandies around the security and safety features of Mac OS X, and often contrasts it to the vulnerabilities of Windows operating systems. Pwn2Own is a hacking contest, where the ace hackers get together to compete by hacking and exploiting either one of Linux, Mac OS X or Windows.
Most people would have expected Windows Vista to be compromised first, but the results were amazing. Tidbits reports that MacBook Air was hacked first. The most amazing part is that it took all of two minutes for security researcher Charlie Miller to hack one of the more secure operating systems around. The winner got $10,000 cash prize and the MacBook Air for keeps.
The rules of the contest are pretty simple: participants are challenged to hack and exploit any of the three OSes. The winner takes home the laptop and a maximum cash prize of $20,000 (which halves each day). An even surprising fact was that by the end of the contest, Vista and Linux were not hacked.
The results throw a severe suspicion at the claims of Apple. I’m a self-confessed Apple fan, but I cannot help but wonder just how secure Mac OS X is. I do not believe that Windows Vista is any better, but Mac OS X may not be as secure as you are led to believe (by Apple). This is not the first time that Mac OS X was hacked first (a contest in the past featured server setups of all three OSes, where Mac lost too).
iPhone, increasing adoption of Mac OS X etc. make hacking Macs commercially viable. Though Mac OS X may not be as vulnerable as Windows, the days of perfection are all but over. The results are there for all to see.
Pedro said on April 4th, 2008
“Though Mac OS X may not be as vulnerable as Windows, the days of perfection are all but over.”
What?! didn’t you read the article you wrote? ^_^
Mac OS X was “perfect” because nobody cared about it. design and artsy types aren’t hardcore geeks, so..
Cranky Scientist said on April 4th, 2008
“Most people?” You’re projecting when you write this.
Welcome to the blog world, where conclusions are reached with a sample size of 1 and an unbounded sigma. It’s like deciding the world series based on one pitch. If one had an ensemble of Charlie Millers and laptops, one could generate some meaningful statistics. Alas, this is unachievable.
BTW, there are real-world stats on computer security. They just don’t get mentioned or linked-to in posts such as this.
Cranky Scientist
jas said on April 6th, 2008
I’m definitely not a Mac apologist, but a single exploit for an internet browser doesn’t really crumble the sand castle of Mac security.
On the other hand, if it were Vista to fall first, I doubt that people like me would be so reasonable about it.
In any way, there are too few details about this. Was the Mac laptop logged in as an administrator? Did Charlie have to click something in order for the exploit to happen?
Post authorSumesh said on April 6th, 2008
@Jas: When the compromised ‘internet browser’ is bundled by default, you know that it is going to be used many. Similar problem happens in Windows - IE is poor in security, and hence one of the easy points for exploits.
Spot on. It always amazes me how people consider Mac in a much more biased way.
The attacks allowed etc. were all progressively favouring the attacker, and the first day was most difficult (and no one succeeded) with only network attacks. On second day, contest organizers would use the system and Charlie directed them to navigate to a site that contained the exploit code. So, it is with Safari (only default apps can be used).
Update: Vista was compromised on the last day, which leaves Ubuntu Linux as the sole survivor.