« Zeroshell and My Interop Security Hangover | Main | An Interview With AOL's Chief Privacy Officer »

May 7, 2008

Reprise: Leopard vs. Vista on Security

Kenneth Van Wyk revisits the question of how relatively secure he feels on each platform and comes up with the same, if qualified, answer. I identify with a lot of what he’s saying because I’m also a Mac user by way of Unix/Linux. But there are a few points one might consider open to debate:

On software management he writes:

“Previously, I wrote, ‘Here’s where OS X really shines. Apple has improved on UNIX in this area. Although the standard UNIX utilities are still in /bin, /usr/bin, and such, Apple apps and most third party apps install in /Applications.

“This hasn’t changed much with Leopard and Vista. I still don’t feel I can remove a major application from a Windows system without leaving behind significant residue, be it directly in the file system in the form of remnant DLLs or in a registry hive somewhere that the uninstaller didn’t clean up.”

Not being a Windows person, anything to do with the registry makes me break out in hives, and its mere existence creates a sense of unease for me. I like everything kept down in simple, plain-text files I can read and modify, and where there’s less chance of breaking everything by breaking just one thing.

If I were more familiar with Windows, I might not feel that paranoid about the registry, and I know Windows people who fear and despise plain text configuration files — especially if the people who designed the file format for a given app decided to model it after the syntax of some obscure pet programming language instead of using simple “foo = bar” declaratives.

But if there’s an overall difference between Macs and Windows machines in this area, it stops at the registry vs. file question. App bundles on the Mac make it easy to keep an application from sprawling all over the place, and I’ve written tools for myself (and others, I guess … if we count voodoo2palmthat rely on AppleScript’s (path to me). It’s a handy way to keep everything tucked down in the bundle.

But nobody says it has to be that way. Developers are free to do what they will. I recently, for instance, had a copy of Adobe CS3 (the entire suite, not one app from it) decide it wasn’t registered or licensed. To make a long story short, even Adobe’s own cleaner script (a Python wrapper around “rm -rf”) didn’t get rid of everything it needed to get rid of to allow me to run the software again. That involved finding files Adobe’s tech support don’t even seem to know about (or are instructed not to tell customers about) and removing them, too.

Other apps spread junk around, as well. Cisco’s VPN client sticks bits of itself all over the place, for instance. Apple’s even been accused of violating its own guidelines for where to put files on a system now and then.

And once you drag that tidy app bundle into the trash, all that happens is that the app bundle is now in the trash. Nothing comes along and makes all the configuration files left behind (~/Library/Preferences, ~/Library/Application Support, to name two places to look) go away. That’s why people buy stuff like AppZapper.

You can also find threads on assorted Mac fora where people are told that files with no apparent connection to a problematic app are corrupt and need to be fixed. I got bit by this one about a month ago.

And it’s not like I’m all misty for Unix on this score, either:

caladan: mph$ make uninstall
make: *** No rule to make target `uninstall'.  Stop.

‘nuff said.

Well, not quite ‘nuff said. Don’t let my tangent keep you from reading the rest of what he has to say:

(Link)

Note: I’m off for the rest of the week. Blogging will resume on Monday. See you then!

Posted by mhall at 3:15 PM | Add Comment