this post was submitted on 03 Nov 2023
1205 points (97.6% liked)

Programmer Humor

32571 readers
171 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 

Context: this is a legit screenshot I took on my workplace around 1.5 years ago. Hopefully it's been patched by now? Completely ridiculous behavior

you are viewing a single comment's thread
view the rest of the comments
[–] baseless_discourse@mander.xyz 2 points 1 year ago* (last edited 1 year ago) (2 children)

I think you can just lockdown the bios with a super strong password to get the similar security as macbook, no? Since I think the only one major security feature avaliable on mac, but not on PC, is a locked down bois, so attacker cannot install a malicious OS.

Assuming your bios is reasonably secure and you are using a reasonable OS with reasonable security feature enabled (like linux with LUKS and TPM auto-unlock, or windows with bitlocker), PC should be reasonably secure compare to a mac.

I would love to know what other security features mac provides that is not avaliable on a PC.

[–] Tau@sopuli.xyz 2 points 1 year ago (1 children)

I guess MacBooks are easier to deploy

[–] baseless_discourse@mander.xyz 2 points 1 year ago (1 children)

Could be, I imagine there would be less work if everyone has the same OS.

I dont work in IT, but I remember there are excellent tools by Microsoft to do mass IT management (but who want to use windows anyway /jk)

would be interesting to see a comparison of IT tools avaliable macOS, Windows, and Linux distros. And how much advantage does immutable OSes like silverblue, macOS, and chrome OS provides against mutable OSes.

[–] Tau@sopuli.xyz 1 points 1 year ago

I was talking specifically about MacOS X vs. everything else because, for example, you don't have to setup the bios. Just hand out a macbook for everyone and (mostly) deployment compñete, i guess

[–] ricecake@sh.itjust.works 2 points 1 year ago

Unix based systems tend to be able to be hardened to a higher level than windows devices. Apple provides a lot of apis for preventing unsigned code from running, which can go a long way beyond a locked down bootloader.

It's less that they're intrinsically more secure, it's just that it's a bit easier for a determined admin to lock it way further down while also not irritating the user.

I seem to recall Chromebooks are even better, but you sacrifice a lot more.