Re: Mac X-Server Security Questions...

[Florian Rommel <frommel () gmail com>]

Is it just me of is the original article slightly FUDish? Maybe a Troll, 
but ok, I'll bite....

I have worked with Macs for quite a while and have very strong Security, 
Unix , Windows Background. I yet have to find a consumer OS (I am aware 
of OpenBSD et all but those are hardly consumer OSs) that is as locked 
down as OS X. Plus the users are much LESS gullable then the normal 
Windows user.
If ,as mentioned, the OS X boxes got compromised (how do you define 
"almost completely") then a number of things HAD to happen before:
1.: The user had to have enabled filesharing, which in its own is not 
bad and shouldnt really compromise the machine. However would you care 
to explain why there is file sharing open and , i suppose you are in a 
work LAN, NO Firewall in front?
2.:The user had to have allowed system wide access to something, meaning 
he/she had to type in her password for a program to access system files. 
Or...
3: the user had to have the root user enabled which in itself is already 
nearly ALWAYS unnecessary.

because out of the box, which is what MOST users use on their Mac 
(including my wife and she is a Comp Sci student), OS X has 3 very 
important things NOT enabled:
1. no root user is enabled, the user is an "admin" which is nothinglike 
the Windows Admin, he/she can install programs System wide BUT he/she 
has to authenticate if system files are acccessed, otherwise NO GO.
2: no Services ar enabled by default, granted the firewall isnt on 
either but how to you connect to an "unprotected" machine if it isnt 
listening to anything?
3: Automatic updates checking enabled. This prompts you as soon as an 
update is available.

Now, something had to be wrong in those 3 for your users to get 
compromised. And that means its the user, not the OS..
However I still find it hard to believe that these boxes got "almost 
totally" compromised AFTER all patches wer installed and no specific 
file sharing got enabled....

I think it is sad that people have to thru these great lengths to spread 
FUD and try to make another OS look good. How then do you define "noone 
in their right mind" that leaves file sharing on on windows? Ever seen a 
default installation of Windows? ever seen a user that just bought his 
PC at the local shop and connected it to the internet? If  noone is in 
their right mind, how do you explain the millions of zombies out there?....

Move along, nothing to see...

//Florian Rommel, CISSP
http://www.2blocksaway.com

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------