Editor’s Note: The following article appears in the Today @ PC World blog at PC World.
Two hackers reportedly broke into a MacBook Pro laptop at the CanSecWest conference in Canada by exploiting a previously unknown flaw in the Safari Web browser, according to the Security Fix and Zero Day blogs.
Mac OS X has a strong reputation for security, so on the surface this sounds like a big deal. But while a zero-day flaw in a popular Web browser is nothing to ignore, this particular episode is no surprise. None at all.
That’s because there’s no such thing as a hack-proof operating system. And $10,000 plus a laptop—the rewards for the hackers for the successful break-in—provide more than enough incentive to find the inevitable hole.
After all, it’s old news that most all the exploits and malware you see out there today are put out for money. And there are holes to be found in Mac OS X and every other OS, like the batch of flaws that Apple just patched.
But while Apple may not be perfectly secure, Windows XP will keep its dubious crown as favorite hacker target for two reasons.
First, of course, a ton of people use it. So an online attack that exploits a Windows flaw has a better chance of infecting many more computers. But even if Apple’s Mac v. PC commercials take fire in the popular imagination and lead everyone to switch from XP to Mac OS X, there’s still the issue of better security design.
XP has some boneheaded fundamental design flaws that make it easy for hackers to take over a machine once they do break in. The most important being that everyone (myself included) runs XP as an admin user, because it’s far too annoying to do otherwise. But doing so means that a successful Web attack can do anything it wants on your computer. (I wrote previously about some ways to mitigate this problem.)
Microsoft tried to fix this gaping security hole with Vista’s User Account Control, and there are other changes which may make things at least a little more of a challenge for online thugs targeting Vista. We’ll see how much the security measures help.
In the meantime, don’t get your hopes up for a break from XP attacks, Apple bug or no Apple bug.