Thursday

Apple, don't be evil



After months of deliberating, I have decided to buy my own laptop. Not just any laptop, but a Macbook Pro.
I never wanted to own a laptop because I'm a poweruser. I need the best performance for the buck and laptops performance wise were always behind compared to desktops. This has changed somewhat in the last years and prices have really dropped. Now that I go to security conferences, I felt the need to get my own laptop. The one from work, although fully encrypted, sometimes contains confidential information. But we have seen that harddisk encryption is not all that. Also, the possibility to deactivate the virusscanner on my company laptop was revoked and this has become a major pain in the b*tt.
Why would I want to to that? Even temporarily. For example, McAfee classified the security tool 'winlockpwn' , a python script, as a virus (which is really stupid). They should have marked it as unwanted programs like most hacker tools. During my last demo, I found this out the hard way. The script was deleted when I inserted my USB stick. So, with my own laptop, I have some more control over it's usage and can install all the tools I want.

There are more reasons like my newfound passion for presentation making , the itch to try out Keynote from Apple and the nice design of the Macbook (hello backlight keyboard). Also watching all those keynote presentatons of Steve Jobs got me a little brainwashed. But....

*sigh* *double sigh*

Why, oh why did they to the following? First, they forced safari as an upgrade (even when not installed) through the Apple Software update service (which everyone with Quicktime or iTunes has).
Then we saw two new vulnerabilities, that Safari windows had including the possibility to inject malicious code. And finally, it seems it's completely unstable and crashed in Windows XP.

All this for software most people didn't want to have? No wonder the Mozilla CEO called it a misuse of trust. It's hard enough for users to keep up to date with patches without misusing update services.

I'm really disappointed in Apple. I almost cancelled my order. Let's hope this was a one time mistake.

UPDATE: It even seems that the Apple EULA doesn't even allow Safari to be installed in windows.

Posted by Security4all at 27.3.08

Labels: ,

2 comments:

komdotjahoe@yahoo.com said...

interesting topic, just a general question: is it easy to protect a macbook pro? i mean sectorlevel encryption (as with utimaco or safeboot products), and more on a general level tools that enhance the intrinsic security of their OS, although being more and more under attack by (microsoft-sponsored) hackers that write specific viruses and malware. as a security pro i think you thought about this too...

March 28, 2008 8:18 AM
Karim Vaes said...

Be hacker friendly? ;-)

http://apple.slashdot.org/apple/08/03/28/0126221.shtml

March 28, 2008 8:29 AM

Post a Comment

Subscribe to: Post Comments (Atom)