Byon January 8, 2008 8:53 PM
Not quite, but the Army’s recent decision to replace a large number of servers with Apple Mac OS X-based hardware is certainly interesting. More interesting, is that the Army has been working on this since 2005.
I don’t blame the Army for wanting to move away from Windows. Microsoft has had an embarrassing array of security vulnerabilities over the years. Including the fact that the Master Boot Record is still writable from user-space after all these years. The additional security that the Unix-based Mac OS X offers could be very interesting to the army, who is easily one of the highest profile targets of intrusion attempts in the world.
What’s interesting about this announcement is what it means for the future of Mac OS X security. Mac OS X is a reasonably secure OS. It’s based on BSD Unix, which provides better process and memory management, which in many ways leads to better security. There is a lot of Open Source software in Mac OS X (the Darwin kernel, WebKit, etc), which Apple has leveraged to keep a lot of eyes on their code.
However, Mac OS X has only rarely been the target of any attacks. By throwing their support toward the Apple camp, it’s inevitable that we’re going to see a sharp rise in the number of attacks targeting Mac OS X. While Mac OS X is a more secure kernel than Windows, it will be interesting to see how it holds up against a more powerful onslaught.
In the end, I’m surprised that the Army chose to go with Macintoshes. The cost of Apple hardware has always been high, and the Forbes article suggest that the Mac program in the Army is proving to be more secure because it’s “not Windows” more than anything in particular that the army is doing to secure the boxes.
Our military needs more secure systems, and the migration away from Microsoft is a great step in that direction, but the reasoning presented in this article is cumbersome at best. The readers at Bruce Schneier’s Blog are want to agree.
While Mac OS X is fairly secure, it is still designed first and foremost to be an easy to use and administer commercial platform. For similar reasons, I’m unlikely to choose Ubuntu as my server linux of choice, it wasn’t designed to fill that role. In addition, you can’t run Mac OS X on hardware that isn’t Apple made, you can’t even virtualize it for testing purposes.
The Army’s money probably would have been better spent on Linux boxes. The hardware would have been cheaper, support contracts are available through a variety of houses, and the NSA sponsors SELinux, a security enhanced version of the Linux kernel which gives a user far more control over the fine-grained security concerns than anything I’ve seen on Mac OS X.
Finer grained security with far less financial outlay. I can’t call the Army cash-strapped by any means, but I firmly believe the Army could have met it’s Information Assurance needs more efficiently, and more effectively. I fear that Apple made allowances within Mac OS X which will make it less suitable for such operations, but no matter what, this is going to be a huge financial boon to Apple, for their sakes, let’s hope they can weather the coming storm.