Why is it that these people crawl out of the woodwork to make a name for themselves on something that is so easy: attacking the Apple OS? Two guys, one named Kevin Finisteere, and the other so paranoid that he goes only by ‘LMH’, have decided to show just how bad and non-secure the Mac OS-X operating system is, by publishing at least one bug a day on their website concerning OS-X.
What I do not understand is just what they want to prove? Are they trying to say that OS-X is worse than Vista or XP? Or maybe worse than Linux? Lets be real, given the complexity of operating systems today, there is not an operating system in the world that does not have enough bugs of one kind or another to publish one, maybe two bugs a day for the rest of the year, or longer! What is really the point of all this? And who should care?
Well, maybe Apple should care, and perhaps this is a good thing rather than bad. And any free evaluation and bug hunting is better than yet another attack on the Mac OS, but is that the way they present it? They claim that they are doing it for fun and to point out that Apple’s contention that their OS is more secure than Windows or Linux is just outright false. Maybe so, and if they are willing to do this for free, Apple should be thanking them. It will be interesting to see how Apple responds.
But it is the sole attack on Max OS-X that truly bothers me here. How about a bug a day on ALL popular operating systems, including XP & Vista, Red Hat Linux, and Mac OS-X? Lets show that all operating systems are inherently buggy and non-secure. Now that would be worthwhile. But taking cheap shots at Apple is just, well, done too often and not very interesting any more.
I also have a problem with posting these security bugs on a public website for all to see. We already know, given the amounts of virus and spam we see daily, that there are a lot of people out there who are just looking for just such a list of new ways to attack people’s computers. And with Apple’s statements of how secure they are, finding and attacking flaws in Mac OS-X is EXACTLY what some of the whacko people want to do . So why paint a big target on the backs of millions of Mac users for the sole pleasure of saying “We told you so!”? The correct plan here would be to find the bugs, publish a count, and then send them securely (what they ARE supposedly interested in per their own claims) to Apple so they can be fixed. After they are fixed, then they can publish their results and take all the fame and credit. But to post a “How To” list of attacks on Macintosh is just wrong.
But what they are doing does have great value too. If they truly find flaws, and Apple is smart and fixes these bugs, then they do a service to Apple by making it more secure. Now that, I hope, is their true goal. Only time will tell. The coolest part of this is that once this list started being published (starting New Year’s Day), many Mac programmers stepped up and said they would fix them. Score one for the Mac programmers.
All this said, if you have in interest in seeing what these guys have found, have a look at Bug A Day. It makes some interesting reading, even if some of the bugs are obscure, strange, or pose no security threat at all. They did find a major Quicktime security bug however, and Apple has already released a fix for that in their software update. Maybe Apple should just hire these two guys to lead their QA team!
Leave a Reply
You must be logged in to post a comment.