Mac y los profesionales de la seguridad

Leo en ITToolBox un interesante artículo acerca del “curioso” aumento en el número de profesionales de la seguridad que se han pasado a Mac. Entre las razones:

1) In today’s current environment of Windows-specific malware, yes hanging your hat in the OS X corner makes sense. You are less of a target. The malware bad boys are writing their code for Windows. Whether this is because OS X is so secure, or because the miscreants want to capitalize on market share to make their bucks, the argument that using OS X as your primary OS is a smart one today. Security Professionals want to practice what they preach, and this is a pretty decent way of doing so.

2) No other platform allows you boot OS X legally for security research and testing. OS X has a rising marketshare, and it *is* relevant to anyone doing forensic work. At CEIC there was an entire presentation on OS X forensics, and it was packed. That same presentation was packed last year. Hmmmm.

3) Parallels. With this software you can install other operating systems like Windows (even Vista), X86 Solaris, Linux, BSD, etc. Depending on your hardware (RAM especially, disk space, free CPU cycles) you can have numerous virtual instances of these operating systems up and running on their own little virtual LAN. I use this feature for penetration testing, wargames, malware simulations, security research, etc. You can make copies of the OSs and store them on an external drive as your ‘virgin’ copies and then copy them to your local drive to play with. You install the OS *once*! This is especially great for testing different patch levels of OSs.

4) None of that “Genuine Software Checking Crap”. Man, Microsoft really annoyed me with their Genuine Advantage crap. Every time I changed hardware components on my forensic machines, that damn GA would insist that I call MS. I don’t pirate software. I buy legal copies of everything I own for obvious reasons (what a great way to get your evidence thrown out by using pirated software!). Well, OS X and parallels solved this issue for me. First of all, Apple doesn’t play the “GA” game, so you can swap hardware in and out all you want and OS X won’t even blink. It gets better! You can change almost all the hardware in your Mac, and MS OSs running under parallels doesn’t seem to notice at all. I’m no expert on the underpinnings of Parallels, but I’m guessing this has to do with the fact that Parallels always presents Windows with “one” hardware profile complete with customized drivers written by Parallels. I’ve swapped out hard drives, video cards, and optical drives in a Mac Pro that was loaned to me – Windows never noticed. How cool is that?

5) Virtual unlimited abundance of software. Want to run EnCase or FTK or WebInspect? Power up your Parallels image. Want to run your linux tools? Most can be compiled and work natively in OS X thanks to things like Fink. This is one of the first things that I install on any new Mac. Let’s not forget the cornucopia of Mac software available today. Third party developers are going NUTS over Intel Macs and OS X. Just cruise through Version Tracker for a sneak peak. I just counted almost twenty shareware applications that I’ve registered – I think I registered five as a Windows user. Microsoft Office, Firefox, iStumbler, Citrix Metaframe, Cisco VPN client… you name it, there’s probably a native OS X version of it.

6) Thriving forensics community for OS X. I particularly like Black Bag Technologies and MacQuisition. Version 2 supports Intel Macs, and let me tell you – that application KICKS ASS. These guys were at CEIC and know their stuff.

7) If you can live without that ancient PCMCIA card slot, the MBP has you covered for firewire, USB, DVI out, ethernet, digital audio, and even an ExpressCard/34 slot. I’m frequently plugging in external USB 2.0 and firewire drive stacks for drive imaging. It’s very fast.

8) 802.11n support via Airport, and Bluetooth to boot. The range of the new airport cards is fantastic, and work nicely with iStumbler, KisMac and Wireshark.

9) You may love or hate the built-in iSight camera fixed at the top of your display. I love it for quick and easy photo snaps of things in 640×480 resolution, or taking quick movies of things. However, I have run into facilities that won’t allow the MBP in because of the camera. Then again, they won’t let me take my Treo in either.

10) The new Core2 MacBooks run a LOT cooler than the CoreDuos. I know, I used to own one – and that was the one thing that pushed me over the edge (along with my need for more screen real estate) to move from a 15″ CoreDuo to my 17″ Core2Duo. I can work with this baby on my lap while wearing shorts and I have no discomfort at all. I cannot do the same with a certain PC vendor’s laptop which I also own. When that fan kicks on, it actually burns my leg! Needless to say that laptop is now a “tabletop”.

11) Pricing is real comparable nowadays to Windows-running laptops. When you factor in the specs, pre-installed software suite and warranty, it’s pretty close – especially if you’re a “lifelong” learner like myself and have a student ID card to the local University. My student discount puts a nice dent in the price tag.

12) I saved this for last because it’ll really make you think. Imagine that you’re bidding for an assessment job and your client has had several monkeys in his office hawking their services. They all bring in Dell and Compaq laptops for their presentations. You walk in with a MacBook Pro. Imagine what is going through the client’s head. Some think you’re nuts, others want to know “Why?”. There have been several times where after I’ve explained my choice to the client they’ve become a lot more interesting in hearing my presentation. Try it – you might be surprised. When I whip out that Apple remote control and start clicking through my Keynote slides I usually have to remind the folks in the room to watch the slides and NOT my remote control. (true story)