The Register: A Visit from the FBI
I stumbled on to this great article in The Register today through Dave Faber's IP List. In the article, author Scott Granneman talks about a recent visit he had with an FBI agent. In this case the agent gave a presentation to a class Scott teaches. The article is well worth the read, but I found the following paragraph particularly interesting:
Dave had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. In the field, however, they don't have as much money to spend, so they have to stretch their dollars by buying WinTel-based hardware.
This is exactly why I switched to OS X earlier this year. It was a win all around because I got an OS with a native Perl interpreter (that came installed), I was able to keep my shell, run MySql, and compile just about anything I wanted. Although, I could do much of this in the Windows world, it was just so much easier on the Mac.
The last big selling point for me was the out of the box security. I like the Mac philosophy where the computer comes very secure, and you have to open up pieces of it. So, you have to turn on the web server and file sharing. You have to enable ssh access. This makes me feel much better about using my computer at local WiFi hotspots, and in situations where I need to connect to the net unflitered by a firewall.
The article says in the next paragraph:
Dave also had a great quotation for us: "If you're a bad guy and you want to frustrate law enforcement, use a Mac." Basically, police and government agencies know what to do with seized Windows machines. They can recover whatever information they want, with tools that they've used countless times. The same holds true, but to a lesser degree, for Unix-based machines. But Macs evidently stymie most law enforcement personnel. They just don't know how to recover data on them. So what do they do? By and large, law enforcement personnel in American end up sending impounded Macs needing data recovery to the acknowledged North American Mac experts: the Royal Canadian Mounted Police. Evidently the Mounties have built up a knowledge and technique for Mac forensics that is second to none.
Of course the Mac does have a lot of security features. I make routine use of the encrypted home directory feature, and encrypted disk images for removable storage. I use passwords to get into the box, and to decrypt all of the other stuff. It's great, and I can see how this could stymie law enforcement.
The good side of this is that it will also stymie someone who steals my laptop. This person will have an equally hard time getting any sensitive data off the machine, and that gives me a good feeling.
