Context: this is a legit screenshot I took on my workplace around 1.5 years ago. Hopefully it’s been patched by now? Completely ridiculous behavior

  • baseless_discourse@mander.xyz
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I think you can just lockdown the bios with a super strong password to get the similar security as macbook, no? Since I think the only one major security feature avaliable on mac, but not on PC, is a locked down bois, so attacker cannot install a malicious OS.

    Assuming your bios is reasonably secure and you are using a reasonable OS with reasonable security feature enabled (like linux with LUKS and TPM auto-unlock, or windows with bitlocker), PC should be reasonably secure compare to a mac.

    I would love to know what other security features mac provides that is not avaliable on a PC.

      • baseless_discourse@mander.xyz
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Could be, I imagine there would be less work if everyone has the same OS.

        I dont work in IT, but I remember there are excellent tools by Microsoft to do mass IT management (but who want to use windows anyway /jk)

        would be interesting to see a comparison of IT tools avaliable macOS, Windows, and Linux distros. And how much advantage does immutable OSes like silverblue, macOS, and chrome OS provides against mutable OSes.

        • Tau@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I was talking specifically about MacOS X vs. everything else because, for example, you don’t have to setup the bios. Just hand out a macbook for everyone and (mostly) deployment compñete, i guess

    • ricecake@sh.itjust.works
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      1 year ago

      Unix based systems tend to be able to be hardened to a higher level than windows devices. Apple provides a lot of apis for preventing unsigned code from running, which can go a long way beyond a locked down bootloader.

      It’s less that they’re intrinsically more secure, it’s just that it’s a bit easier for a determined admin to lock it way further down while also not irritating the user.

      I seem to recall Chromebooks are even better, but you sacrifice a lot more.