Knowing Operating Systems 47
■ Attempts at consumer friendliness have been a tough road for Microsoft. What this
means is most installations deploy default configurations and are not hardened. For
example, ports that a user may never use are left sitting open just in case a program
requires them in the future.■ Administrator accounts still remain a tempting target. Admittedly, Microsoft has taken
some effective steps in protecting users from unwanted or suspicious code execution,
but quite a few systems exist that are consistently running admin accounts without any
kind of execution filtering or user account control.■ Passwords also remain a weak point and a tempting target in the Windows world.
Weak admin account passwords are common on Windows computers and networks;
although these passwords are controlled by Group Policy in an enterprise environment,
there are ways to circumvent these requirements, and many system admins do just that.■ Disabling Windows Firewall and virus protection software is an ongoing issue for Win-
dows OSs. The Notification Center does notify the user of the lack of virus protection
or a disabled firewall, but that’s as far as it goes. Granted, it’s not something that can
be mandated easily, so proper virus protection remains a vulnerability in the Windows
categor y.More a scanning consideration, but also a potential vulnerability, Win-
dows’ default behavior is to respond to scans of open ports—as opposed
to Linux, which defaults to no response at all. This will be addressed fur-
ther when we explore scanning and enumeration.Mac OS
Apple and its proprietary OS are making a larger and larger market presence, boosted by
a strong advertising campaign and easy-to-use products. Just a few years ago Apple made
an official statement regarding its company status as not a computer manufacturer but an
electronics company. Regardless of how Apple classifies itself, the fact remains that more
and more Apple products are making their way not just to the local Starbucks but into
enterprise settings. In one company I worked for recently, it started with the iPhone. Then
all of sudden we started seeing iPads walking down the halls. Then iMac desktops suddenly
started appearing on users’ desks. Can they be classified as toys? Perhaps, but of greatest
importance to both system admins and pen testers is that these things are attached to the
network.
One interesting site that can be used for general comparison of system vulnerabilities is
http://www.cvedetails.com. A quick perusal of the site for Max OS vulnerabilities brings up quite
a list, such as the following. We intend no Apple bashing, but it’s a definite growing con-
cern for enterprise administrators and a growing target for hackers like us.