After reading an interview of one of the winners, Charlie Miller, of this year’s PWN2OWN hackfest, I realized how vulnerable Apple’s OS X is. Sure it is *NIX-based, and inherently secure, but it doesn’t mean it IS secure out-of-the-box. Firewalls and Antivirus programs are simply not enough to protect one’s OS. If a bug is found and exploited in one of the applications, the whole OS is screwed. An operating system is only as secure as the applications running on it.

In the hackfest, contestants try to hack different browsers by finding bugs and exploiting them as proof of the bug’s existence. As the Internet becomes more ubiquitous and applications are moving to the cloud, browsers are becoming a more critical application, and it is only logical for hackers to try and hack into the system by exploiting a browser’s vulnerabilities.

In the interview, Charlie Miller stated that Safari on a Mac is the easiest to exploit, and Firefox on a Windows PC is the second hardest. The hardest application to exploit was Google’s Chrome, partly because of Windows and partly because of the Sandbox framework(?) Google used in developing Chrome. Safari on a Mac was easiest because of Mac OS X. I’m not faulting Apple for releasing an unsecured OS. OS X is secure, don’t get me wrong. However, part of the OS is the browser, in which Apple “forgot” to secure Safari, which makes OS X vulnerable to attacks as well. And with all the money in the world, Apple could have secured the OS a whole lot better. Even if almost all viruses are targeted at Windows-based machines, there’s still the off-chance that one of them will be targeting OS X, or other operating systems for that matter. And as I’ve mentioned before, more and more applications are moving to the cloud. Viruses or other malware don’t have to run on the system itself. There are websites that embed scripts that try to download and execute malicious code without the visitor even knowing about it.

Having a secure operating system, however, is not enough in preventing attacks. No matter how secure the operating system, and the developers can only do so much as to warn everyone of every single virus there is out there, if the user is stupid enough to download and execute a virus, there’s just no way of preventing a virus from infecting a system. It’s time for people to start wisening up and prevent user-initiated errors. This, in my humble opinion, is the most dreaded type of calls, and is abhorred by tech support.

Charlie Miller also mentioned in the interview that Google’s Chrome and the way they developed the browser was the next evolutionary step in developing future browsers. Although Chrome was based in an open-source software dubbed Chromium, Google made it sure that Chrome is future-ready. I recently tried a pre-alpha version of Chromium, not Chrome, on my Linux install, and although it looked almost the same as Chrome, I doubt it is as secure. Preliminary tests regarding speed (in executing javascripts) were amazing. There were a number of critical things that don’t work, like setting options, navigating opened tabs (tabs were invisible), and saving bookmarks (it was non-existent). And there was no support for Flash, yet. It was like Lynx with a graphical user interface. But it did pique my curiosity, and I am eagerly awaiting Google’s release of Chrome’s Linux version.

As for me buying a Mac in the future, it will only happen when I have extra, and I mean EXTRA, cash laying around. And that would be in about N years. Maybe by that time, a Mac netbook has been released.