November 7th, 2002, 05:32 AM
mac os X
I want to ask any experienced *nix users out there if they have had the chance to try the new mac os X. Since it is unix based I was wondering if it will work as a reliable alternative in the security industry.
Do you think it will have an impact as an option for not just people who work with graphics and video, but also for security experts wanting to run a unix enviroment?
November 7th, 2002, 03:54 PM
I have not tried the new OSX but I have tried to keep myself updated about what happens on that side. Its a few years since I did run OSX server and it has changed a bit since those days .
Q. reliable alternative in the security..
A. Yes I do think it can be a good and reliable alternative.
Q. Do you think it will have an impact as an option..
A. Yes in a few cases but IMO Mac has their faithful users and they will probably continue with Mac as long as they can. I don't think Mac will gain a lots of new users in comparison to other *nix and m$ just because of that their OS have been better. Their hardware is unfortunately more expensive then comperable alternatives and that will probably stop many users from choose Mac as their platform of choice.
November 7th, 2002, 05:00 PM
I use Mac OS X 10.2.2 (Jaguar) as my main OS. This isn't my first machine running a *nix type of machine. I've used both Linux (SuSE, Redhat) and BSD (NetBSD, FreeBSD).
Mac OS X is not designed for the security expert. Not designed, but just by adding a CLI and a BSD subsystem *nix people have had their interest drawn to it. Primarily, OS X is an attempt to take the Mac OS out of the 1980's where it has lived since its inception and give it increased networking, and things that today we all deem as necessities. One of these necessities is security, both of the physical and of the net.
Physically, granted that all boot keys are de-activated, you can set-up the machine so that a user can't fart without your permission, granted I'm not saying that there aren't buffers waiting to be overflowed, or programs with errors that could be used to gain root access. I don't know about that. That is what patches are for.
Net wise, out of the box, I would posit that you are much less vulnerable than someone that takes a RedHat or SuSE install disk and then installs everything. A lot is installed turned off..., including the firewall. But, for some purposes you can just go into the Sharing control panel, click the Start in the Firewall panel, and presto, all incoming connections are blocked, all outgoing are allowed, and all established are allowed as well. Then if you want to turn on the SMB share, you go back to the File sharing section, click its little check mark, and woo, the firewall automagically opens up the correct port.
But, this GUI isn't really useful to the CLI junky, you can't do 1/4 of what you can do by setting up rules for IPFW. The one command I am beginning to understand really well is ipfw.
The windows file sharing is a little sketchy. I have yet to figure out how to change myself out of the Workgroup workgroup, but I[m sure I just haven't poked hard enough.
From the GUI you can only start sshd and not telnetd, this is a change from past OS X's. A darn good change too. It shows lots of promise.
Basically, Mac OS X isn't the holy grail of out of the box security, just like any OS, you are going to have to work for it.
Here is how I look at it though. #1 It isn't Windows. #2 It has a CLI which is incredibly powerful. #3 when I want to get **** done with the minimal amount of effort, it has all, the easy of use associated with a Macintosh. #4 But, when I want to get down and dirty X Windows is available in both a rooted and a rootless form (meaning that it can either run with or without OS X's GUI called Aqua), and that blessed CLI.
Unfortunately, OS X is glitzy, not as atrociously glitzy as XP, X atleast has continuity, flow, and a relatively simple elegance allong with its showy nature.
X is also a great platform for Development. You can get X's dev tools for FREE, this includes gcc and Project Builder, which is sort of a less flashy version of Code Warrior, which is also available just not for free. X's gcc was a little outdated for a while, but they are constantly moving toward merging X with modern day specs.
So, the CLI junky that swears by vi (which out of necessity for visudo and vipw is installed with X) should probably find a friend or invest in an iMac to install X on, just to play with it, but the CLI junky is likely not to make the switch.
The Windows user that wants to play with *nix, probably should just make their system into a Dual boot, and save themself some money.
Any Mac user should anticipate the day when OS 9 and below are just a vague memory in the history of computing.
OS X is a whole new game, but like any new game, all the rules haven't been sorted out yet, but then neither have they all been sorted out on any other OS. So, basically one OS is just as good as any other, it just depends on what to use it for.
Sorry I got lengthy, peace,
November 7th, 2002, 06:07 PM
Dhej, your info was very useful, specially describing about who should switch.