Thursday, December 3, 2009

Windows 7 Has Better Security Than Apple's Mac Snow Leopard

Windows 7 Bests Snow Leopard Says Mac Hacker

An infamous white hat hacker after his penetration testing found that the Microsoft Windows 7 operating system has better security than Apple's Mac in overall operating system security.


The improved Windows 7 security advantage has to do with a security approach called:

Address Space Layout Randomization (ASLR)

According to Wikipedia
ASLR has the following effect and benefits on security:


Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to executereturn-to-libc attacks must locate the code to be executed; while other attackers trying to execute shellcode injected on the stack have to first find the stack. In both cases, the related memory addresses are obscured from the attackers; these values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.


Address space layout randomization relies on the low chance of an attacker guessing where randomly-placed areas are located; security is increased by increasing the search space. Thus, address space randomization is more effective when more entropy is present in the random offsets. Entropy is increased by either raising the amount of virtual memory area space the randomization occurs over, or reducing the period the randomization occurs over; the period is typically implemented as small as possible, so most systems must increase VMA space randomization.

This methodology is known as Entropy, which basically means the multiple way that you can rearrange something. Its a good security measure to employ because memory space is constantly rearranged. Malicious code and hackers often take advantage of certain flaws in software which must reside in the same static memory space.

This is sure to shake many Mac owners up who confuse better Mac Performance with better Mac Security as well. It's Apples and Oranges; performance does not mean security!



No comments:

Post a Comment

Get Expert Advice!