n00bz0r
05-15-2009, 12:15 AM
http://static.arstechnica.com/assets/2009/01/security-thumb-640xauto-230.jpg Apple hires former OLPC security head to harden Mac OS X
May 14, 2009 12:07 PM CT
Despite its assertion that Macs don't suffer from the viruses and malware that Windows does in a number of its "Get a Mac" ads, Apple has been criticized for not taking security seriously enough. This is particularly because Leopard does not implement (or implement fully) the same security measures as Windows Vista. Lest you think Apple is hoping that its relatively small market share will keep it safe forever, though, the company has hired former director of security architecture at One Laptop per Child, Ivan Krstić, to handle core security for its operating systems.
Krstić, who is an unabashed devotee of Linux and Python, created the Bitfrost security platform for the OLPC project. The system works by effectively running each application in its own sandboxed virtual machine. Each VM is equipped only with the hardware and network access approved either by a central authority server (such as in a school) or expressly permitted by the user. The system also includes an anti-theft mechanism that prevents a laptop from working once it has been reported stolen or otherwise can't check in with a central "leasing" server.
"Applications can no longer run rampant," Krstić said about Bitfrost in an interview with Wired. "Spyware [or other malware] becomes very, very hard. It can't spy on the keyboard. You can only spy on how a user uses their program." This system is similar in some respects to the thinking behind Google's Chrome browser, where every webpage loads in its own sandboxed environment—a technique that enabled it to remain the only browser not hacked in the most recent Pwn2Own contest.
How much of the thinking behind Bitfrost will work its way into Mac OS X is unclear, since the system's main drawback is that it severely limits interaction between different applications. Easy interaction among applications has been a hallmark of the Mac OS arguably since the days of MultiFinder, but it also apparent in features like AppleScript or even drag and drop.
While Mac OS X (and iPhone OS, for that matter) is still safe, it's not necessarily the same as being secure. Krstić is a well-respected engineer, and consensus seems to be that his working on core OS security for Apple means nothing but good things for Mac users. So now Mac users can look forward to being safe and secure.
:source: Source: http://arstechnica.com/apple/news/2009/05/apple-hires-former-olpc-security-head-to-harden-mac-os-x.a
May 14, 2009 12:07 PM CT
Despite its assertion that Macs don't suffer from the viruses and malware that Windows does in a number of its "Get a Mac" ads, Apple has been criticized for not taking security seriously enough. This is particularly because Leopard does not implement (or implement fully) the same security measures as Windows Vista. Lest you think Apple is hoping that its relatively small market share will keep it safe forever, though, the company has hired former director of security architecture at One Laptop per Child, Ivan Krstić, to handle core security for its operating systems.
Krstić, who is an unabashed devotee of Linux and Python, created the Bitfrost security platform for the OLPC project. The system works by effectively running each application in its own sandboxed virtual machine. Each VM is equipped only with the hardware and network access approved either by a central authority server (such as in a school) or expressly permitted by the user. The system also includes an anti-theft mechanism that prevents a laptop from working once it has been reported stolen or otherwise can't check in with a central "leasing" server.
"Applications can no longer run rampant," Krstić said about Bitfrost in an interview with Wired. "Spyware [or other malware] becomes very, very hard. It can't spy on the keyboard. You can only spy on how a user uses their program." This system is similar in some respects to the thinking behind Google's Chrome browser, where every webpage loads in its own sandboxed environment—a technique that enabled it to remain the only browser not hacked in the most recent Pwn2Own contest.
How much of the thinking behind Bitfrost will work its way into Mac OS X is unclear, since the system's main drawback is that it severely limits interaction between different applications. Easy interaction among applications has been a hallmark of the Mac OS arguably since the days of MultiFinder, but it also apparent in features like AppleScript or even drag and drop.
While Mac OS X (and iPhone OS, for that matter) is still safe, it's not necessarily the same as being secure. Krstić is a well-respected engineer, and consensus seems to be that his working on core OS security for Apple means nothing but good things for Mac users. So now Mac users can look forward to being safe and secure.
:source: Source: http://arstechnica.com/apple/news/2009/05/apple-hires-former-olpc-security-head-to-harden-mac-os-x.a