The recent coverage of the PWN 2 OWN contest, in which hackers broke into a MacBook Air and a Vista laptop, has generated a little blog heat—but in a misleading way. The headline of this InfoWorld post is an example: MacBook Air is Insecure. With all due respect to Mr. Hultquist, that’s like saying that water is wet. At this point, the way to look at it is not whether a platform is secure or insecure, but rather how much effort it takes to exploit the platform.
As long as software has flaws, it opens computers up to attacks. The fact that the MacBook was hacked through a Safari vulnerability and the Vista machine through a Flash flaw, and that neither could be hacked directly from the network, says something about the manufacturer’s networking code. But more, it says that this contest is not about whether the Mac is more secure than Vista or Ubuntu, but is about the risks introduced by applications with bugs.
So for software vendors it becomes much more critical to find and fix those flaws, and for users, as Hultquist rightly points out, the right approach is to be aware that these vulnerabilities may exist and to behave accordingly.