兩年前黑客大會上 Charlie Miller 10秒讓OSX躺下 現在推薦 Windows 7 + IE 8 or Chrome

Charlie Miller: Windows 7 + IE 8 or Chrome provides safest computing experience

If you weren't already aware, Charlie Miller is a rather prominent white hat hacker and security expert, who regularly makes headlines as what he has to say is generally pretty important. He often participates in (and has won twice) the Pwn2Own competition, where groups of hackers compete against each other for rewards, in order to uncover security flaws in major operating systems or browsers.

As the Pwn2Own 2010 competition is a couple of weeks away, interviews with the competitors are beginning to be released, with the aforementioned Charlie Miller giving his thoughts on the currently world of technology security. Miller was asked which of the two operating systems out of Windows 7 and Snow Leopard would be harder to hack, with the answer being the former; Windows 7 has what is known as full ASLR (address space layout randomization), in addition to being harder to attack as Java and Flash aren't installed by default. Upon being asked about the safest operating system plus browser combination, Miller responded with Windows 7 in addition to Internet Explorer 8 or Google's Chrome browser – though, he also stated that not having Flash installed is a big factor. He stated, "There probably isn't enough difference between the browsers to get worked up about. The main thing is not to install Flash!"

On the subject of mobile security, the question was raised over which platform is most secure, out of the iPhone OS and Android. Miller believes that the iPhone OS is easier to exploit, though that is because it has been around for longer, so security researchers have had a longer time to find vulnerabilities. Windows Phone 7 is a potential target for next years Pwn2Own, which is nothing but a good thing as it'll help out the consumers who use it regularly.

It's interesting to hear what an experienced security expert has to say on the matter which has been discussed. Be sure to stay attentive during the end of March when this year's Pwn2Own is held, as it affects almost everybody.

Windows 7 or Snow Leopard, which of these two commercial OS will be harder to hack and why?

Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows.

http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/

Market share: Windows 7 up, OS X down, Chrome up and IE down

The statistics, which compare January 2010 to February 2010, have not been reviewed by Netmarketshares.com Quality Assurance but, in recent past, have proven to be generally reliable.

Microsoft’s Windows platform gained from 92% to 92.12% percent while OS X fell from 5.16% to 5.02%.  Windows 7 made a gain from the previous month growing from 7.57% to 8.92%, XP dropped from 66.15% to 65.49%, while Vista also dropped from 17.47% to 16.51%.

The modest gains for Microsoft show consumers are adopting Windows 7 and have not turned away from the platform like many did with Vista; OS X also saw a small drop in market share which may be attributed to Windows 7 being accepted by many consumers.

On the Internet browser front, IE was down from 62.12% to 61.58%, Firefox dropped from 24.43% to 24.23, Chrome gained from 5.22% to 5.61% , Safari dropped from 4.53% to 4.45% and Opera dropped from 2.38% to 2.35%.

随着苹果日益兴盛，我觉得黑客们会开始打他们的主意了。

毕竟别人就是不怎么设防的，虽然后台里还是偷偷设防。

Winvista以后都有UAC，一般恶意软件感染已经较难，再装个sandboxie，把浏览器放到沙漏里运行，直接运行病毒都没事。windows不敢说已非常安全，但对于会善用的人一般用途已经足够安全。

那还不如用ubuntu哪

正常使用，都很安全
想要网上乱点，还是mac吧，毕竟针对它的病毒比较少。不过谁没事老乱点啊？日常上的网站不就那么几个

技术是双刃剑，水能载舟亦能覆舟。只要是人创造的，就有人能破坏它。关键不在于能不能做到，而是这么做的收益。

我用mac从7200开始，8500，9600，g3，g4，每一代都有染毒杀毒的经历。虽然最终的事实是mac染毒机率小，但我认为原因绝对不是mac或apple os本身免疫力更强，而是写病毒的公司根本不屑这个市占率不到10%的平台。树大一定招风，谁有刀一定先用来砍树而不是去挖树底下不起眼的蘑菇，你要杀猪来吃会挑只最肥的吧。

陶渊明笔下的桃花源能偏安一隅几百年，是因为它封闭、孤立以及渺小，虽然不可否认桃源洞天足够舒适惬意，但它绝不是因为富强而可以平安。兵家必争之地历来都是繁荣富庶的重镇。我们可以做个神话般的假设，上帝之手在一夜之间把全世界的电脑都变成mac。好，你就看吧，第二天全世界的制毒者都来琢磨怎么整mac了。

话说回来，我们作为最终用户，使用电脑等信息工具不是用来作信息技术剖析，而是用于我们自身的生产和个人消费活动的，基于这个目标我们大可不必对技术层面的原因考虑过多，明白用mac或linux这些小众工具可以相对踏实一点就够了。

顺便说一下：我对apple软硬件系统平台优秀的用户界面和交互体验非常非常赞赏，它使得用户能轻松地专注地做该做的事，我认为对于一个普通用户，这点比安全性更有价值。

+1

你是一个邪恶的站长，现在分别有能感染IE的病毒，和能感染safari的病毒，可惜的是两者存在冲突，你只能挂一个，你会挂哪一个？

在实际使用中，大家一起上黄。网，垃圾网站，看谁笑到最后就是谁强。

如果MAC OS的市场占有率跟WIN平分秋色，你会发现水果的问题一样不少...病毒制造者也是懂市场经济的...

本来就是啊，所谓杀毒软件，对一般用户来说，就是防木马、蠕虫、钓鱼、流氓、恶意……

记得在某黑客大会上MACOS 是第一个趴下的

你说的那个跟杀毒软件完全不是一个概念。UNIX世界主要防的蠕虫和木马。作为普通用户，根本不需要处心积虑地考虑什么杀毒软件。

这年头“专家”的话我都听怕了

有毒，还有人倒下了 。

苹果做什么都是偷偷摸摸的，以前有个新闻“苹果建议用户安装杀毒软件”，没过几天苹果马上出来辟谣：我们苹果是没问题的，大大的安全。
最可笑的是Windows 7和Leopard 10.6一样都默认安装了公司自己开发的防御间谍恶意软件，Windows Defender大家都知道，苹果还不愿意公开拿来宣传。

虽然网上不少人都说TP的东西好，SONY的东西漂亮。

反正目前用MacOS 的不用担心病毒，W7还得安装各种杀毒软件，杀毒软件还导致这个那个的兼容性问题。自己看着办。

总结一下： 基本上，安全专家认为，从安全角度看，w7 技术上更先进，苹果稍微落后。
市场份额来说，苹果也许受到更少攻击。
两种OS 都已经相对成熟。

http://www.tomshardware.com/news/pc-windows-apple-mac-osx,9557.html

    Paul Kocher, president and chief scientist at Cryptography Research: "The fair answer is that with the latest versions of each operating system there isn't a compelling security reason to pick one or the other. It used to be that Apple was doing a better job, but with Windows 7 Microsoft has caught up. There are some differences; Windows has a better security ecosystem. On the other hand, Apple tends to have more expensive hardware and has a smaller market share, so it attracts fewer malware writers. Both have security bugs. Both need patches. Both can be broken if someone finds a zero-day exploit."

    Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: "Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it's easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn't much risk of being exploited or installing malware.

    "This safeness is purely a function of market share. Since Macs are only around 10 percent of computers out there, and it takes just as much effort for bad guys to write malware or exploits, they tend to spend all of their time targeting PCs. In other words, despite the fact that Macs are less secure than PCs, if you give one teenager a Mac and another a PC and come back in a month, the odds are the Mac will have no problems and the PC will be infected with malware. At some point the market share of Macs will reach a threshold to interest attackers, and then things will quickly turn bad for Mac users."

    Rich Mogull, CEO at Securosis: "It depends on which version of Windows we're talking about. Clearly there are major differences between Windows XP and Windows 7. Second is, are we talking about safety versus security? Microsoft has done more in terms of its inherent security features than Apple has in the operating system. All of that said, Microsoft gets attacked a lot more than Apple does. Right now your odds of being infected as a Mac user by malicious software are quite a bit lower than a Windows user, unless you do stupid things, such as download free versions of commercial software. And some of the pornography sites on the Internet, the dark corners of the Internet have stuff that will hurt a Mac.

    "But I want to give Microsoft credit because the more advanced features they put into their operating system are superior to what Apple has done. It's really a balance because there's little motivation for Apple to do more at this time. The Mac OS has got some holes in there that Microsoft has closed down. But since it's attacked less there is less motivation for Apple to close the gap."

    Tyler Reguly, senior security research engineer at nCircle: "If you believe the hype and the flashy commercials the answer would be Mac. But if you take a look at the two platforms, and the mindsets of the companies behind them then the PC wins hands down. If you compare Windows 7 to Snow Leopard, then the simple winner is Windows 7. Microsoft brought in teams of security professionals to look at their code and find problems leading to a more secure product while Apple is often criticized for ignoring issues.

    "The idea of the consumer being protected due to lack of market share is fairly obtuse, as more people buy into the product and market share grows, targeted attacks will grow as well. You also have to consider that Microsoft has a patch program in place that provides patches and updates on a more regular basis than Apple, this is something that the consumer should care about, as should they care about the plethora of PC security products that exist.

    "The big risk is client side attacks and most of that could be prevented by using adequate software on the desktop, along with common sense while surfing. Until consumers can learn to do this on a regular basis it won't matter if they are running a Mac or a PC...they'll be at risk."