Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Most Secure Laptop.

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Posts
    109

    Post Most Secure Laptop.

    I recently purchased a 12in Powerbook G4. Being an AO member and a security nut, the first thing I did was lock down the firmware and the factory install of OSX. Unfortunately there wasn't much more I could do to lock it down. I was realy dissapointed. The fact is, the PB is the most secure laptop I have ever, ever seen, or heard. Here are some of the highlights->

    --Firmware retains state un-powered, so you cant just pull the battery to reset it like you can do in a PC.
    --Command security mode asks for password on firmware commands and target disc mode.
    --Don't even think about single-user mode.
    --Unix file permissions.
    -- BSD
    --OSX is really secure by default.
    --OSX's IP firewall is impeccable.
    --Disk Copy can create AES encrypted dmg's
    --Root is disabled by default

    In the end you have probably the most user-friendly and secure end-user OS in the world running on top of hardened firmware. Wow, that baby is rock solid.
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Posts
    105
    Mac also has an advantage being that its not as widely used as Windows, and as well with any other OS not MSoft owned, is that it has a less chance of being hacked. Yes still hackable of course but youre a lot safer since most skiddies are using tools against windows.

    and thanks for the info, ive been wanting a mac to do graphics on for a long time.

  3. #3
    Junior Member Raelz's Avatar
    Join Date
    Feb 2003
    Posts
    22
    Yeah, I'd have to agree. OSX is a very nice OS, and it appeals to security nuts, especially because of it's mac/unix hybrid nature. Fun computer to own and use, if only I could afford one .

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    251
    umm, single user mode is still there... command+s

    on the whole i have to agree with you, I have a PowerBook G3 running Jaguar, and I am impressed with the way that apple has managed to keep most of the services off and yet still cater to the Mac audience that hates having to do things the hard way. I live in the command line, sometimes breaking into X-Windows to run some clever security tool..., I'm about due for a reinstall though as my 6 gig HD is getting bogged down by excess crap that I'm too lazy to weed out, but hopefully a 30-40 gig Travelstar is in my near future.

    Unfortunately I think that I am at the last generation of X that I can put on my computer..., my 400mhz G3 is getting pretty ancient and I saw it as the minimum requirement for some mundane bit of software..., I guess I'll have to save up for a new comp before I get to play with Panther...

    Crap, loud thunder, awefully close, as much as I dislike this Windows box I am on, I think I will shut down and save it from frying...

    later,
    Dhej
    The owl of Minerva spreads its wings only with the falling of dusk. -Hegel

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Posts
    109
    yeah, unfortunately, command+s will get you in single user mode, unless you have Open Firmware's command security mode enabled. Then you can't do nothin unless you have 5 million years and steel hands.
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  6. #6
    Junior Member
    Join Date
    Jul 2003
    Posts
    16
    Originally posted here by Dhej
    Unfortunately I think that I am at the last generation of X that I can put on my computer..., my 400mhz G3 is getting pretty ancient and I saw it as the minimum requirement for some mundane bit of software..., I guess I'll have to save up for a new comp before I get to play with Panther...
    Actually according to Mac Os rumors as well as a couple of developers with Panther dev previews, 10.3 is supposedly going to be significantly faster than 10.2.X across the boards from a low-end Imac G3 on up to the G5.

    You could also just upgrade your chip for $300-$400. Not as nice as new machine but it sure beats paying $1200+ in Apple tax.

    Great source for rock solid G3/G4 upgrades:
    www.powerlogix.com
    When in danger or in doubt run in circles scream and shout.

  7. #7
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Also, just so you know, Unix file permissions are perhaps the worst of any discretionary access system. Multi-actioned commands, transitive rights, impossible to predicting rights propigations, poor granularity on both objects and rights are just a few of its problems.

    In conjunction with various other system aspects, according to ISO and the DOD these laptops are recommended only for the lowest security environments.

    OSX isn't really FBSD either... prolly as much FBSD as NT is. But the very core architecture of NT and OSX are that of a microkernel while FBSD is a modular kernel.

    On the other hand they are very fast and pretty and do a wonderful job with video editing. (though oddly, all 5 people I know that own one, have had dreams about it breaking in half... odd odd)

    catch

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    111
    Since OS X seems to be big on stability and security...what kinds of things does Jaguar do to the OS that makes it more effective? I haven't gotten a chance to use it yet and I was curious as to any of your experiences with it...
    Carrie: Someone\'s definition of what constitutes cheating is in direct proportion to how much they themselves want to cheat.
    Miranda: That\'s moral relativism!
    Carrie: I prefer to think of it as quantum cheating.

  9. #9
    Senior Member
    Join Date
    Feb 2003
    Posts
    109
    On Unix file permissions... I will agree with you that POSIX DACL's are much more effective when implemented properly. However, it is sometimes very difficult to make a POSIX ACL secure, but for unix, you know a file with "rwxr-x--- root root" perms is locked down and one with "rwxrwxrwx" isnt. Another thing is that unix forbids file or directory deletion/creation except by the owner of the parent directory. That is much more discretionary than POSIX where anyone with modify privs on the directory can add/delete and any admin can take ownership of any FSO. In Unix, only root has that right.
    $person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
    SecureVision

  10. #10
    Banned
    Join Date
    May 2003
    Posts
    1,004
    The simple fact that UN*X's DAC uses multi-actioned commands means that rights propigation is impossible to predict as rights become transitive, this makes it impossible to calculate the security of most objects. Even NT answers this issue while still using a single level system, but utilizing more finely grained commands and the deny ability.
    Not only this but nearly all of the UN*X systems that have been retrofit as multi-level systems are still considered too weak to actually be used in a multi-level secure production environment.
    UN*X's huge mistake was not switching to ideally the harrison-ruzzo-ullman security model or at the very least the graham-denning model. Their failure to do this has resulted in their systems from being shunned for all medium to high security environments, which is a shame because in many regards UN*X is very useable.

    Though, don't even get me started on the superuser account... ick ick ick.

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •