SCF Advanced Search

  • Total Posts: 37563
  • Total Topics: 12288
  • Online Today: 1136
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Hacker: Snow Leopard less secure than Windows (ASLR or DEP)  (Read 3232 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7512
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Hacker: Snow Leopard less secure than Windows (ASLR or DEP)
« on: 17. September 2009., 19:27:36 »

As reported by Techworld, Snow Leopard, Apple's highly anticipated new operating system, lacks basic security features that are found in Windows XP, Windows Vista and Windows 7 says Charlie Miller, a noted security researcher.

Address Space Layout Randomization, commonly referred to as ASLR, randomly assigns data to the memory to make it more difficult for hackers to locate the of critical operating system functions.

Charlie Miller of Baltimore-based Independent Security Evaluators who many people may remember from when he successfully hacked a fully patched Macbook in seconds, was disappointed upon hearing that Apple did little to improve ASLR from Leopard to Snow Leopard.

"Apple didn't change anything. It's the exact same ASLR as in Leopard, which means it's not very good. I hoped Snow Leopard would do full ASLR, but it doesn't. I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard. Apple did make various moves to improve Mac OS X 10.6's security including a revamp of QuickTime and additions to Data Execution Prevention (DEP), a security feature built in to Windows Vista."

"Having both ASLR and DEP in an operating system makes it much more difficult for attackers to create working code," Miller argued. "If you don't have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it's much, much harder. Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."

In the end, Miller agreed that hackers' disinterest in Mac OS X comes down to numbers rather than the security measures that Apple adds to the operating system. "It's harder to write exploits for Windows than the Mac," Miller said, "but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."

"I still think you're pretty safe [on a Mac]," Miller said. "I wouldn't recommend antivirus on the Mac."


Samker's Computer Forum -

Hacker: Snow Leopard less secure than Windows (ASLR or DEP)
« on: 17. September 2009., 19:27:36 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising