Yahoo! News - Apple Mythology and Desktop Security
Apple Mythology and Desktop Security
Thu Apr 21, 2:03 PM ET
Paul Murphy, cio-today.com
Two weeks ago theregister.co.uk summarized an analysis (done by Quocirca) of reader response to questions on Linux desktop migration.
To no one's surprise, the study found that business people cite the opportunity to sidestep the insecurity of the Microsoft (Nasdaq: MSFT - news) PC, not cost savings, as the primary reason for considering desktop Linux. Most respondents agreed, furthermore, that the high cost of matching Windows applications, particularly Microsoft Office and custom applications, is the greatest barrier to change.
What's most interesting about this is what it reveals about the respondents: specifically that they're so focused on fighting Microsoft's alligators that they don't see the hardware side of their security problems and are blind to the BSD-based Mac OS X option for running Microsoft Office without Microsoft Windows.
Software and Hardware Vulnerabilities
At present, attacks on Microsoft's Windows products are generally drawn from a different population of possible attacks than those on Unix variants such as BSD, Linux and Solaris. From a practical perspective, the key difference is that attacks on Wintel tend to have two parts: A software vulnerability is exploited to give a remote attacker access to the x86 hardware and that access is then used to gain control of the machine.
In contrast, attacks on Unix generally require some form of initial legal access to the machine and focus on finding software ways to upgrade priveleges illegally.
Consider, for example, CAN-2004-1134 in the NIST vulnerabilities database:
Summary: Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
Published Before: 1/10/2005
Severity: High
The vulnerability exists in Microsoft's code, but the exploit depends on the rigid stack-order execution and limited page protection inherent in the x86 architecture. If Windows ran on Risc, that vulnerability would still exist, but it would be a non-issue because the exploit opportunity would be more theoretical than practical.
Linux and open-source applications are thought to have far fewer software vulnerabilities than Microsoft's products, but Linux on Intel (Nasdaq: INTC - news) is susceptible to the same kind of attacks as those now predominantly affecting Wintel users. For real long-term security improvements, therefore, the right answer is to look at Linux, or any other Unix, on non x86 hardware.
One such option is provided by Apple's (Nasdaq: AAPL - news) BSD-based products on the PowerPC-derived G4 and G5 CPUs. Linus Torvalds, for example, apparently now runs Linux on a Mac G5 and there are several Linux distributions for this hardware -- all of which are immune to the typical x86-oriented exploit.
Power of Attraction
In addition, Apple's Mac OS X has several compelling attractions of its own. First, it's the most advanced and user-friendly graphical user environment in commercial use. It offers thousands of commercial applications, including Microsoft Office. And it runs nearly all open-source applications.
Also, Macs are less expensive. That's not what you see in the PC press, but it's reality. The explanation for that, besides dishonesty on the part of PC reviewers going as far back as 1984, is primarily that Apple's product cycles resemble those of other consumer electronics manufacturers, not those of the PC industry.
Thus, Apple's products have generally been considerably less expensive and faster than PCs at the beginning of the Apple product cycle, and comparably slower and more expensive than PCs at the end. That probably ended, however, in the late 1990s when the combination of decreasing hardware prices with increasing Microsoft licensing cost reduced the pricing advantage enjoyed by PCs introduced at the end of an Apple product cycle.
Notice that in assessing relative price and performance, both aging and software confuse the issue. Macs run more functional software and have a much longer useful life. As a result, the Macs that PC users see most often -- in schools or at grandma's house -- tend to be significantly older and slower than the PCs people compare them to because Wintel product churn means that a three-year-old PC is a museum piece, while a six-year-old iMac running OS 9 is likely still to be in use.
Apples to Apples?
It's possible, however, to take both aging and software out of the comparison by looking at situations in which both groups use the same software on the latest hardware they can afford. Check out supercomputer performance data, for example, where everybody runs the same applications under Unix, and you'll see that a dual G5 Xserve at 2.3 GHz makes about twice the cluster contribution offered by dual Xeons at 3.2 GHz.
Although Apple is expected to announce further speed bumps (and video upgrades to the 128-MB Radeon 9600) several weeks after you read this, prices are currently well below comparably configured Dell (Nasdaq: DELL - news) gear, but the difference is narrowing as PC manufacturers close out the 3.X-GHz era and pre-announce their second new generation since Apple's first G5 desktop was introduced in June of 2003.
For example, using pricing and configuration data from the Dell and Apple Web sites on April 10, 2005, Dell's 810 laptop is now about $300 more than Apple's midrange; Dell's Optiplex GX280 is about $77 more than Apple's midrange iMac (but the 670 Precision workstation remains more than $1,200 more expensive than the dual-G5, 2-GB PowerMac); and Dell's 2850 dual Xeon server is about $1,700 more than the midrange on Apple's dual G5, Xserve/RAID combination.
Faster and More Capable
Although the Apple products are generally a bit faster and more multimedia capable than their PC counterparts, the most important differences aren't in things like memory and processor speed, but in design, software and licensing.
The iMac is the first genuinely ultrathin desktop, the laptop a second-generation Titanium and the server combination highly optimized for rendering, multimedia and Web serving. All combine BSD Unix with the Mac OS X supershell, and not only do Apple's licensing policies on the server not restrict you to 25 clients, but the use of BSD Unix means that you don't have to buy separate machines for each major application or suite.
In other words, if security concerns are your most important driver for desktop change, and Microsoft Office compatibility is your most significant barrier, then switching to Macs actually offers you the best of all possible worlds. Microsoft Office on Unix/Risc with a better GUI, longer product life, some cash savings and a performance bonus thrown in.
Paul Murphy, a CIO Today columnist, wrote and published The Unix Guide to Defenestration. Murphy is a 20-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues. He maintains a discussion forum for his column on Winface.com.
No comments:
Post a Comment