MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/11584
INTERVIEW CM > These are really two different questions. As for vulnerabilities, these are mistakes in the code written by the developers of the various vendors. These mistakes are always going to be in products in one form or another because human beings aren’t perfect and cannot create perfect code. However, with proper developer training and security reviews it should be possible to produce code that is very secure and has very few flaws. Examples of code like this include the flight control systems on airplanes. However, software vendors don’t put the same effort into eliminating software bugs that a company that makes life critical software does, for cost reasons. Until users demand secure software and companies are held liable when computers are compromised by these vulnerabilities, I don’t see significant changes coming. As for viruses, or more generally malware, these are typically programs that are executed on the computer by the user. While vulnerabilities are the fault of vendors, malware is less so. Operating systems are designed to run the programs users want them to. So when a user downloads a piece of malware (possibly disguised as something else) and tries to run it, the operating system might throw up a warning, but ultimately, the user can make it run. Again, it is just as easy to write this type of malware for Macs as PCs, its just software, but bad guys haven’t really taken the time yet. MA >What is the most secure technological system today and do you think you could hack it? MA > Safari is obviously a pretty easy target. Why isn’t it being exploited more in the wild? CM > Same as above. It’s a little easier to hack because it is so full functional. Out of the box, Safari will run any Quicktime file, Flash, Java, etc. By contrast, Internet Explorer won’t parse any of those files. The reason it isn’t being exploited is simply that with only slightly more effort, bad guys can write IE exploits and can break into way more computers with it. MA > Because the Mac OS is built from a lot of open source components (from Apache to Unix), does that make it an easier target? CM > Yes and no. I’m of the opinion that most well-known open source software is comparable in security to closed source, proprietary software. However, it does present a problem for Apple in keeping all of these open source components up to date. For example, in the past, there have been vulnerabilities that were known to the CM > Ha ha, great question. I’d have to say it would have to be something like top secret government and military networks. These networks are highly segregated from the Internet and are closely monitored and protected. I think I could break into just about any network, including these, given enough time and resources. Perhaps a year full time devoted to it would do it. I don’t say this to brag, this statement says way more about failures in network security in general than my particular abilities. There are always ways to get into networks, no defense is perfect and eventually an attacker can find these imperfections. open source project but had not yet been patched in the version that was current on Mac OS X. MA >What can Mac users do to protect themselves while surfing the Web? CM > Same as everyone else. Try to only visit sites you trust. Don’t follow links from e-mails unless you trust the sender, etc. MA > I am curious about your personal computer set-up. Do you have it set up in any specific way to avoid hackers hacking you? CM > Nope, but then again I don’t even 142 MacDirectory