All of these comparisons are great, if 90% of the users, regardless of platform, didn't install a bunch of things, make a set of favorite configurations, and then run off to a variety of sites.
Default config is great if is good and if they leave it that way. They don't. It makes for a great academic discussion which is bears little similarity to the real world. http://www.computerworld.com/s/article/9129978/Researcher_cracks_Mac_in_10_seconds_at_PWN2OWN_wins_5k <http://www.computerworld.com/s/article/9129978/Researcher_cracks_Mac_in_10_seconds_at_PWN2OWN_wins_5k>OS X can be attacked successfully. So can Windows, and so can Linux.[1] The *people* using those platforms can also be attacked. I'd argue that the system of the average person running Linux is harder to crack than that of the average person running OSX or Windows, but as more people buy into *product = security*, and as more users of Linux or OS X start building or providing systems for their less technical family members using their OS of choice, we'll see more successful attacks on those platforms as well. Because changing platforms doesn't remove ALL bad habits. And the careless will be the ones more easily hacked via social networks and smartphones, regardless of what OS someone has installed for them on their desktop. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * *[1] *OpenBSD can make legitimate statements about the security of its default config, but your mainstream user would not find it as useful to them application-wise, or would make changes that undermine its security. * * On Tue, Sep 7, 2010 at 5:27 PM, Matthew W. Ross <[email protected]>wrote: > If you eliminate the non-os applications, what's the security situation > look like on each platform? > > Until Vista, the default setup for any user was to make them an > Administrator. Mac and Linux people could not understand this behavior. > Thank goodness Microsoft fixed that. > > Windows doesn't come with a PDF reader, and Mac OS X has Preview. Apple is > somewhat good about releasing fixes for it's OS vulnerabilities, but it has > also been known to be slow on responding on some items. > > Mac OS X has Java built in, which Windows does not. Another vector for > attack. > > Browser vulnerabilities abound on both sides. I would argue that anything > that uses ActiveX is inherently less secure than something that doesn't. But > then again, I hate a standards platform (The Web) using any platform > specific implementation (such as ActiveX). > > Does Windows have any kind of Remote Administration (ala psexec.exe) turned > on by default? Mac OS X has SSH disabled by default. > > Then, between the two... which one is more secure? I don't know. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: John Aldrich > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Tue, 07 Sep 2010 > 12:15:16 -0700 > Subject: RE: Mac and Windows mix > > > > Not to start a flame war or anything, but I was under the impression that > > Mac OS/X was significantly *more* secure than a comparable Windows > machine, > > due to the *nix security model? Asking for information here, trying to > > learn, not trying to start a Mac Vs. Windows thread (there are enough of > > those, that I don't need to start one! <G>) > > > > > > > > John-AldrichPerception_2 > > > > > > > > From: Holstrom, Don [mailto:[email protected]] > > Sent: Tuesday, September 07, 2010 2:57 PM > > To: NT System Admin Issues > > Subject: RE: Mac and Windows mix > > > > > > > > We have about a dozen Macs here at the Museum. I give them each dual > monitor > > set-ups, with Parallels and Windows with Microsoft Office so they can > > Outlook to their e-mail. So far, Mac doesn't really have a good > > Rendezvous/Outlook set-up, although OWA is very good and getting better. > As > > I stroll by, I see that each Mac user keeps Office up on one monitor, so > > that Outlook is always open. Each of the Macs can already connect to our > PC > > servers where they keep all their files. I give Remote Desktop access to > > those who either PC or Mac from the outside. > > > > > > > > Way too many security openings for Macs, this would not be good with a > very > > secure network. > > > > > > > > From: Jeff Steward [mailto:[email protected]] > > Sent: Tuesday, September 07, 2010 2:34 PM > > To: NT System Admin Issues > > Subject: Re: Mac and Windows mix > > > > > > > > Don't knock yourself out here Matt, I'm just curious how one manages > these > > issues in a mixed environment. I have one Mac user who works part time > so > > we set him up with a Remote Desktop client and he works in a Terminal > Server > > session. > > > > > > > > Regards, > > > > > > > > Jeff Steward > > > > On Tue, Sep 7, 2010 at 2:26 PM, Matthew W. Ross < > [email protected]> > > wrote: > > > > Apple Remote Desktop is more akin to the Windows Management MMC, MS > Remote > > Desktop and the SysInternals Power Tools rolled into one package. Open > > Directory is more akin to Group Policy. > > > > > > > > I will see what I can find out about those regulations. > > > > > > > > --Matt Ross > > > > Ephrata School District > > > > > > On Sep 7, 2010, at 11:21 AM, "Jeff Steward" <[email protected]> wrote: > > > > HIPAA > > > > SOX > > > > MA 201 CMR 17.00 > > > > > > > > To varying degrees they all boil down to: > > > > > > > > We define a security policy that meets the regulatory requirements and > base > > configurations to meet that policy and then report regularly on > performance > > to standards. I see from one of your follow-up posts that Apple Remote > > Desktop is akin to Group Policy. > > > > > > > > -Jeff Steward > > > > On Tue, Sep 7, 2010 at 1:31 PM, Matthew W. Ross < > [email protected]> > > wrote: > > > > Can you be more specific? What standards are you needing to be compliant > to? > > An example regulation would help me answer your question. > > > > > > > > --Matt Ross > > > > Ephrata School District > > > > > > On Sep 7, 2010, at 10:26 AM, "Jeff Steward" <[email protected]> wrote: > > > > A school environment is not the same as a public company environment. > > Compliance to <insert your favorite standard here> and reporting on said > > compliance or non-trivial issues for public companies or private > companies > > subject to other regulations. There are a wealth of tools for managing > > these issues in a Windows environment, can the same be said of the Mac > > environment? > > > > > > > > -Jeff Steward > > > > On Tue, Sep 7, 2010 at 12:53 PM, Matthew W. Ross < > [email protected]> > > wrote: > > > > Macs are not the burden you make them sound to be. > > > > Integrating a Mac into a windows network is never going to be painless; > the > > two systems are inherently different. If what you want is a Windows > > experience from your Mac, install Windows. > > > > Now not everybody likes MacOS X, but the same can be said for Windows. > > Insert the problem of subjective preference here. > > > > Personally, I love working on my iMac, and managing the other Macs in our > > district is very easy if you use the provided Apple tools: Mac OS X > server, > > Open Directory, and Apple Remote Desktop. > > > > Then again, I hate how a Mac _can_ cost 2x as much as a comparable PC. I > do > > like that software upgrades are cheaper for Mac, but I don't like how > apple > > drops support for anything that is not the current generation or the > > previous one. If you're 2 generations back, you're out of luck. > > > > What can a Mac do that a PC Can't? Nothing. But I would argue that > > competition is one of the pillars of innovation. Without Mac OS X > competing > > against Windows, what would Windows look like today? > > > > > > --Matt Ross > > Ephrata School District > > > > > > > > ----- Original Message ----- > > From: James Hill > > [mailto:[email protected]] > > To: NT System Admin Issues > > > > [mailto:[email protected]] > > Sent: Sun, 05 Sep 2010 > > 19:28:49 -0700 > > Subject: RE: Mac and Windows mix > > > > > > > We have pretty much eliminated all of the Mac's here. > > > > > > We didn't have 3rd party products to manage them so they always > required > > so > > > much manual interaction. Any global change we made we could easily > > automate > > > with PC's thanks to group policy etc but it was always a manual change > for > > > the Mac's. > > > > > > They really aren't a corporate product imo. You only have to look to > > Apple > > > for a corporate grade management solution to realise that it doesn't > > exist. > > > > > > They do indeed need patching (http://support.apple.com/kb/HT1222) and > > there > > > is AV products for them. Symantec has one for example. Personally I > > think > > > the day is coming when someone will write a decent bit of malware/virus > > for > > > them and 99% plus will get caught out by it. There is a very misguided > > > opinion amongst the Apple community that they are safe. Apple's false > > > advertising only strengthens this. The facts are that Mac's are more > > > vulnerable than the PC world http://www.crn.com/security/226200083 > > > > > > More importantly, what is the need for the Mac's in the first place? > For > > us > > > they were only sued for Adobe CS, which runs just fine on PC's. In > fact > > > these days Adobe is more behind the PC world than the Mac. For > example, > > > 64bit Photoshop was first on PC, had to wait for CS5 for Mac to get it. > > > > > That's without going into the Flash debate :) > > > > > > > > > > > > > > > > > > > > From: David Lum [mailto:[email protected]] > > > Sent: Saturday, 4 September 2010 6:07 AM > > > To: NT System Admin Issues > > > Subject: Mac and Windows mix > > > > > > I would like to hear from those of you who have a mixed Windows/Mac > > > environments: How do you handle management of the diverse environment? > > > Presumably with Mac's there is no patching or AV. Can you use GPO's on > > them > > > in any fashion (wondering if there's some add-in to allow equivalency). > > > David Lum // SYSTEMS ENGINEER > > > NORTHWEST EVALUATION ASSOCIATION > > > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
