Cnet conducted a great interview recently with recently acclaimed professional hacker Marc Maiffret. For years Maiffret was a constant pain for Microsoft and software companies alike, hacking into their programs and software causing havoc. A runaway and high school dropout, he had just returned home and landed his first professional job using his computer skills for the good of companies instead of for mischief.
He is now paid to pretty much see how he can hack into software and reveal vulnerabilities. He’s the chief security architect for leading malware protection system developer FireEye. It seems that he is very impressed by the security measures Microsoft have put in place, more so than what can be said about Macs anyway.
Maiffret spends a lot of time discussing how Microsoft has really shaped up in terms of producing secure software. Apple and Adobe on the other hand have only recently started to take security seriously.
They’ve really only begun in the last six months or so taking security seriously and understanding that it impacts their business in a serious way.
Long ago Microsoft weren’t concerned about security and didn’t even have a dedicated security team and reckoned if they could just keep the hackers quiet they would be ok.
At that time they didn’t even have a dedicated security team. One guy acted as a liaison between marketing and engineering and they treated it very much as a marketing problem, not as a technical problem and not one they needed to focus on addressing. Their attitude was, “if we can keep evil research guys quiet no one will talk about it and we won’t have to be distracted trying fix these things.
However long since then Microsoft have established a security team and really work hard to make their products as secure as possible. The likes of Apple on the other hand have been doing what Microsoft were doing long ago, trying to keep it quiet. But now they realise how important security is and have begun hiring security experts left, right and center. Yet they are still way behind with their security compared to Microsoft
Anytime there’s been a hacking contest, within a few hours someone’s found a new Apple vulnerability. If they were taking it seriously, they wouldn’t claim to be more secure than Microsoft because they are very much not.
Apple’s primary defense is still security through obscurity:
We’ve only seen a scratching of the surface as far as Apple vulnerabilities because nobody cares to find them
He’s impressed by what Microsoft have done and sees them as one of the leaders when it comes to working on security
Now when you look at Microsoft today they do more to secure their software than anyone. They’re the model for how to do it. They’re not perfect; there’s room for improvement. But they are definitely doing more than anybody else in the industry, I would say.
Maiffret now says that the biggest security threat lies with desktop applications. Apps like Adobe’s Creative Suite. There isn’t a tried-and-test patching process for desktop apps: if a security hole is found in Flash or Photoshop it can be a long time until it’s patched.
So it seems that all us Windows users are actually using the more secure operating system, but it’s because it’s so popular that it appears more vulnerable. When hackers start to look at exploiting Macs more I can see a lot of people using Macs ending up with some nasty viruses. Why? Because virtually none of them have any antivirus software installed because they are under the false illusion that there Macs are virus proof. Well guess what, they’re not.
Maiffret also leaves us with a very true statement;
[Computer security is] one of the only industries in the world where you’re pretty much set up for constant failure and a race that never ends. You never really have a victory because as soon as you do the bad guys have moved on to something else.
Leave A Comment: 2 Comments
Need Windows 7 Help? Click Here
Prev Post: SilverLight 4.0 Released »»