48 Chapter 2 ■ System Fundamentals
■ A primary concern among Mac users, and a benefit to the hacking community, is the
Mac owner mind-set that Macs aren’t susceptible to viruses or attack. It is an interest-
ing stance considering that the thing they are claiming to be naturally impervious from
attack is, well, a computer! Even in my own painful years as a system administrator,
the culture is similar even at the enterprise level. I remember calling our national office
for guidance on group policies for our newly acquired Apple desktops. Answer: “Um,
well, we don’t have any policies to apply or a method of applying them.”
■ Feature-rich out-of-the-box performance for many Apples creates quite a juicy attack
surface for those looking to break in. Features such as 802.11 wireless and Bluetooth
connectivity are all standard in an out-of-the-box installation, and such features are all
on the table for a potential doorway in.
■ Apple devices simply don’t play well on a Windows domain. Yep, I said it. I’m sure
some would fervently disagree, but Apple on a Windows domain is like spreading but-
ter on toast outside in December in Grand Forks, North Dakota. Some features will
play nicely, but the majority of those integral features will be a bit hokey. The point
here is when stuff begins to get too hokey, administrators and users alike will begin to
circumvent the normal processes (for example, appropriate login procedures).Linux
Enter our open source favorite, Linux, which is not a completely foolproof operating sys-
tem but one with a reputation for being a much more secure player in the OS category than
Windows or Apple. As we saw with firewalls, the equipment—or in this case the operating
system—is only as secure as the administrator configuring it. With Linux, this is particu-
larly true because the OS does expect users to know what they are doing.
The OS has done a good job of separating administrative tasks from user accounts.
Linux users aren’t usually running under the administrative account as superuser or root.
This substantially reduces system risk by segregating these functions.
Open source is a double-edged sword. The open source community works hard to fer-
ret out even the smallest issue in different iterations of Linux, but open source also means
it’s open. Anybody and everybody are privy to the source code. Because it is open source,
Linux is almost always in a beta format to one degree or another. With constant work
being done on each release, the beta testers of these releases end up being you and me.Windows has tackled the issue of user account versus Administrative
account functionality for quite some time. Most users used to log in as
local administrator 90 percent of the time simply because user account
actions were so limited. User Account Control (UAC), which was intro-
duced in Windows Vista, is Microsoft’s answer to this issue.