http://disqus.com/by/getwired/enWed, 06 May 2009 22:48:00 -0000http://threatpost.com/blogs/prediction-apple-will-recommend-security-software#comment-9080863<p>Completely agree. But the malware authors and botnet entrepreneurs aren't in it for the ease of exploit - it's all about the endgame. And the endgame of creating a successful exploit for the Mac just isn't as much. Windows systems have become a commodity to be used for malware.</p><p>Don't get me wrong. Apple should be ashamed of the fact that their default browser can be owned so easily, with an exploit that Charlie had held under his hat for a year. They DO need a Trustworthy Computing initiative. Honestly, they need a good Code Red, Nimda, Melissa, or Sasser - something to embarrass them to the point of action, as happened to Microsoft - several times. But until the Mac becomes a market competitive platform, it simply won't become a haven for the organized crime that makes malware tick today - regardless of the ease of POC exploits.</p>getwiredWed, 06 May 2009 22:48:00 -0000http://threatpost.com/blogs/prediction-apple-will-recommend-security-software#comment-9067929<p>I agree with some of the practical aspects, I disagree on the vectors/justification. Memory-based exploits are the future - but memory-based exploits on Windows go a LOT further than on the Mac (Acrobat and Flash being two chronic examples).</p><p>That is to say - a little bit of exploit has a lot more potential on Windows. Finding devs who can write good Objective-C code on the Mac isn't easy. Finding devs who can write shellcode optimized for the Mac? Even harder. It may still be security through market obscurity, but for now, it's a much narrower hole - even if Safari itself is more porous on the Mac than IE is on Windows (and doesn't have Protected Mode to secure the filesystem as Vista + IE7+ attempt to).</p>getwiredWed, 06 May 2009 15:48:24 -0000