Slashdot Mirror

"That is why Windows and OS X aren't as useful to us -- and never will be."

Thankfully not all are so shortsighted.

I happen to agree that there are valid scenarios for Trusted Computing but disempowering the user is not among them. This is an imposition of Vista and not a consequence of buying a DVD.

haha 5 million, wow slow down there you might get 7% market share next year!

please dont quote numbers in the millions when you fail to put that in perspective. mac's market share is about 6% which means the odds of even finding a mac are very slim. you quote prices as incentives yet you fail to realize that botnet owners are going for the easiest source of income. if you rent a botnet you are probably going to want to run your own attack tools. those are going to be written primarily for windows which means mac bots would be basically WORTHLESS.

please stop lying to yourself and saying that the mac is already a target. it's not, many experts have said as much. cut the bullshit, mac hasn't even begun to be tested and it's already been shown to have this many bugs. it's not looking good. :(

Us Linux users can now watch Zdnet's interview with Torvald about Linux kernel 2.7:)

Good God, are you that clueless? Linux gets hacked all the time. http://www.zdnet.com.au/news/software/soa/Linux_ha cked_more_often_than_Windows/0,130061733,139116229 ,00.htm

...when you consider that Linux is compromised more often than any Windows based OS. http://www.zdnet.com.au/news/software/soa/Linux_ha cked_more_often_than_Windows/0,130061733,139116229 ,00.htm

Well, if you read it, it must be true then.

My first thought upon reading this is that we're going to the this type of thing on a wider scale. I wouldn't doubt it for a second. Corporations in this age have a tendency to blindly target anyone for anything relating to copyright or trademark.

I guess we just have to wait and see. Maybe these companies' collective IQ has suddenly jumped twenty points or so.

No, I don't, because nothing was "being exploited for months," and you can't cite a single incident to back up that claim. You just made it up on the spot.

"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .

None of the patches were zero-day exploits, and most were patches of UNIX utilities, not Apple software.

Have fun screening all your email from all your contacts in Outlook.

I bet nothing for 2 days, but ~5 within the next week.

I wouldn't take the other side of that bet. It looks like any of those early adopter companies that are running Lotus Notes (or any other third party mail client) are screwed from day 1. It seems that Microsoft put a big lock on the front door, but left the sliding glass door to the back yard wide open.
-JMP

I stated twice, and you missed it twice: the importance of a bug must consider the impact.

Mea culpa. Third times a charm though, and I agree with you.

I'm saying that, over time, bugs are found. But a large majority of the serious flaws are usually found within a year or two after release.

By your own measure then, Apple is 3 years past this. So I still take issue with you that OS X will have more serious bugs more often.

Also, it looks to me that they cannot leverage their previous OS knowledge to any serious degree. Nextstep, which was based on Mach, cannot apply - it was both based on a microkernel, and on completely different hardware.

Actually, in the end NextStep ran on Intel hardware. While hardware architectures require different code to run, to say that all software design and development principles don't apply from one platform to the next is simply not true. To say that the Next experience brought into Apple doesn't apply is again a disservice to the people doing the work. The same C code that generates "Hello World" on the PPC will generate "Hello World" on Intel. If everything were still written at the machine level I would concede your point, but modern OS' have long since departed from machine level coding. You may think of NextStep as old and irrelevent, but the fact remains that it was a well designed OS. If something is irrelevent simply because of it's age then you must necessarily get rid of Linux, Windows and every other OS in production today.

However, IIRC, there have been a couple recent challenges to break into a default, fully-patched apple system, and all have been cracked within a day or two.

And if I remember correctly, all were cracked from the inside. Meaning local user exploits. I believe this is what you are refering to. You should also see this in which OS X was not breached in the time the server was available for attempts. Granted I did not do an exhaustive search, but I will still stand by my supposition that OS X is more secure out-of-the-box than Windows.

Will Vista change that? We'll see.

Really? Have hackers been exploiting Mac vulnerabilities for months? Have any of these gone beyond proof-of-concept, if that?

A script kiddie can completely take over a critical windows server.

THAT is the biggest reason. Unixes run far more of the internet than windows does, making it a prime target for someone who wants to cause trouble or steal information.

• "You can't go by numbers of critical vulnerabilities alone, maybe MS patches loads they don't tell us about",
• "Mac OS X runs the internet, hackers are much more interested in breaking OS X than Windows, which no-one runs",
• "So what if OS X has had critical, unpatched vulnerabilities which hackers have been exploiting for months? At least OS X doesn't have spyware and viruses!"

I don't know if she is top ten, but she's a girl and a geek.

And, as long as they are including Lisa Simpson, why not Dana Scully?

You seem to miss the point. Feel free to post a story about a Mac virus when they start doing something like this:

• http://www.zdnet.com.au/news/security/soa/Computer _worm_slows_global_Net_traffic/0,130061744,1202715 29,00.htm
• http://www.cnn.com/2005/TECH/internet/08/16/comput er.worm/index.html
• http://archives.cnn.com/2001/TECH/internet/07/20/c ode.red.worm/index.html

Or even if one spreads beyone a few computers...

Interesting point, and I appreciate the work you put into it, but I disagree. All those physical layers don't matter much with digital information, because changing formats is so easy - as easy as burning a DVD. The achilles' heel of the library of Alexandria was that there was only one copy.

as of a week ago. Care to tell me how he's running x86 only binary modules from ATi and Nvidia one one of those ? I don't think quoting somebody's statements are a game. You might want to claim it is because I've shown evidence that your statements are incorrect, but that's just a diversionary tactic. Where are your quotes by the way with matching URLs ?

http://www.zdnet.com.au/news/software/soa/Dell_sho uld_make_Apple_hardware_Gartner/0,130061733,339271 751,00.htm

So, a Dell with Windows on it, but an Apple logo? What a revolutionary way to market your product!

Dell sells in two weeks what Apple sells in a year.

If i was you, I would consider scaping Norton too. AVG, ZoneAlarm and several other comeptitors are doing way better jobs at the same thing Norton tries to do.

When In say way better, I'm considering that ZoneAlarm or AVG doesn't make a 4 gig pentium seem like a 1.2 gig celeron after you install it. They all do about the same job of protecting you except nortans had that bug were it was possible to exploit thier firewall or antivirus itself and gain root access to the system it was attempting to protect. I'm sure thats fixed by now, but they denied it for a while before actualy fixing it (if i remeber corectly)

Correctional facilities are generally extremely anal about providing computers to prisoners. Remand centres, however, are often legally obliged to provide computing facilities so that the prisoners (who are not yet proven guilty) can study and prepare for their defence. Check this out; http://www.zdnet.com.au/news/software/soa/_Locked_ down_Linux_dispenses_Justice/0,130061733,139261329 ,00.htm Disclaimer; I work for Cybersource and project managed that deployment.

Then how about preloaded content... on the mobile?

In Japan I reckon you could make a bit of a killing by preloading the mobiles with "schoolgirl" content! Some text messages, photos, a bit of video, voice mail, and some music... pretend it was an actual schoolgirls mobile that hasn't been deleted and is being resold - executives are doing it already with sensitive corporate data their smartphones and laptops http://www.zdnet.com.au/news/security/soa/_Undelet ed_smartphones_reveal_corporate_secrets/0,13006174 4,139268276,00.htm!

Yes, they should. But they didn't, as it would have required them to remove the deep connections between the browser and the OS. That tight coupling has been the major problem, since square one. Not only in the browser, but throughout Microsoft's product line. Protected mode still requires Microsoft staffers to envision what bad guys will do. That's Allow by Default. The same reason that AV engines aren't catching the majority of malware these days.
http://www.zdnet.com.au/blogs/securifythis/soa/Why _popular_antivirus_apps_do_not_work_/0,139033343,1 39264249,00.htm

The far more secure Deny by Default is mandated by many organizations in firewall rules (for obvious reasons), but they then abandon the principal on virus scan hosts, PCs, etc.

Maybe I'm completely out to lunch on the protected mode issue. We'll all know the truth well before the end of Q1 '07, barring any further release delays. Maybe I'll be eating crow. I actually hope so. It's way past time Windows users got a break on the security front, and better Windows security helps non-Windows organizations as well. But I'm not really expecting this to be much of a fix. You don't ignore basic security principles without paying a price.

I read a few months ago that they were finally thinking about doing that (article here) but I don't know if they finally decided to or not. I was flabbergasted when I found out that wasn't the case already--I don't know any other major company that runs Windows which allows such broad access to the desktop. But it sure explained a lot in retrospect about Windows security and application access requirements.

Such a thing is (or at least was) commonly done in Australia. Many ISPs hold membership to their regional internet association, which provides low cost traffic for local transit (through exchanges such as WAIX, PIPE and the academic AARNET). Traditionally ISPs have passed on unmetered access to these networks (not contributing to the established quotas) however this has become uncommon with many ISPs pocketing the savings and counting all the traffic.

Indeed many local pirates were using the networks for file trading under an assumption of protection from prosecution (saving the ISPs from the usual traffic bills) until crack downs shut down the more popular sites.

Interesting link, but it's missing MS' use of "charitable contributions", epsecially in the developing world.

• Democrats attack Gates' "charity"
• Gates gives $100m to fight HIV, $421m to fight Linux
• Virtual Philanthropy
• E-México favors windows over linux

There's more published, especially in local papers, but as you see in the Salon article, it's part of an combination investment/PR campaign and both MS reps and shills come down on any thing other than "Yay Bill!" So questions and/or critique stay low profile and is hard to find.

Also, the mention of tax breaks is a bit of an under statement. MS pays almost nothing: IT giants who don't pay tax part 2: how Microsoft does it. There's a bit of a stink about MS in Europe using foreign tax havens. And, by the way, MS seems to make more money buying and selling its own stock that in does even from sales of MS Windows. Bill hopped off as CEO the same year MS ran an $18,000,000,000 USD loss. Now he's stepped down completely. That could be interpreted to suggest that this summer's massive stock buyback could be an indication of real bad situation in Redmond.

Given that they're also reporting that 80% of viruses defeat Norton and the other big AV programs, I'd say yes, it is a joke.

That surprises me a bit. When I used DOS in the old days, software produced by Norton was always of high quality, maybe flagships in the DOS world. Norton Commander was very popular, it could be considered as the file manager, and Norton Utilities was a musthave, with lots of system administration tools and useful programs.

It seems as when they started to produce MS Windows tools, they lost their leading position in the market. Norton Commander for Windows didn't catch on, AFAIK, but that's maybe because Windows already had its own file manager. Norton Commander became superfluous. So, when they started producing anti-virus software I believe they were rated as some of the best, at least in the beginning.

It is quite interesting to see how a big software company with great products and good reputation can be degraded into second-class software in just a few years.

I'm not sure the false positives could do anything but further amplify that anti-virus is more of a false sense of security than real threat protection.

80% miss rate

Of course if you're still surfing with Windows you're at risk anyway.

Microsoft is quite capable of this all by themselves.

sigh...

Given that they're also reporting that 80% of viruses defeat Norton and the other big AV programs, I'd say yes, it is a joke.

Sorry, malware writers run thier code against AV software to make sure it gets through first before releasing it in the wild. It's figured around 8 out of ten malware attempts gets through.

Only one brand of AV software catches 90% of malware and it only holds .07% of the market.

http://www.zdnet.com.au/blogs/securifythis/soa/Why _popular_antivirus_apps_do_not_work_/0,39033341,39 264249,00.htm/

http://www.zdnet.com.au/news/security/soa/Eighty_p ercent_of_new_malware_defeats_antivirus/0,20000617 44,39263949,00.htm/

Sorry, malware writers run thier code against AV software to make sure it gets through first before releasing it in the wild. It's figured around 8 out of ten malware attempts gets through.

Only one brand of AV software catches 90% of malware and it only holds .07% of the market.

http://www.zdnet.com.au/blogs/securifythis/soa/Why _popular_antivirus_apps_do_not_work_/0,39033341,39 264249,00.htm/

http://www.zdnet.com.au/news/security/soa/Eighty_p ercent_of_new_malware_defeats_antivirus/0,20000617 44,39263949,00.htm/

I'd be appalled if other countries follow suit...

Like Australia, you mean?

It is also perfectly possible to have an OS that is easy to administer and reasonably secure. I have friends who no absolutely nothing about computers who have no problems with Macs

The problem is that there are people that have trouble using an operating system that is "easy to administer". Unless the OS administers itself, we will always have a problem with people and securty. It is the weakest link in the chain.

I don't think any OS is secure (windows,OSX, or linux). Take a look at this recent article about macs (The article is from March of this year):

http://www.zdnet.com.au/news/security/soa/Mac_OS_X _hacked_under_30_minutes/0,2000061744,39241748,00. htm

There are also similar claims with various distros of linux and windows.

First off it's not real charity.
Much of it is simply targeted to block F/OSS. Even the actual charity parts deal with dumping millions on ineffective, corrective treatments involving expensive medications and getting some level of matching funding from the local governments. And those expensive medications come from big pharmas which, surprise, Gates is heavily invested in.

There is also a strong element of PR in the Foundation: since 1995 MS has had various plans on how to direct corporate giving in ways that guarantee the greatest returns to the company. We've also been seeing loads and loads of vanity puff-pieces appearing across a wide variety of news publications. The NYT even publishes ones written by (or ghost written for) Chairman Gates himself.

The point here is that in this case it appears that charity is simply being used as tool to affect the market in ways that lobbying and plain old sales can't. It allows individual institutions or regions to be targeted quickly with a level of speed that defending governments and businesses have trouble reacting to.

It's seems that with this infusion of funding from Buffet, MS, through the Gates Foundation, crosses the line from being a lobbying entity to being fully a political/ideological movement.

Welcome to the next level.

• June 2005: Ballmer says "we'll catch up with Google in six months";
• December 2005: Ballmer says "we'll catch up with Google in six months";
• June 2006: your bet.

> Since when did Windows endanger someone's life?

I wouldnt say the printing machines and vending machine are a threat... But the elevator control system getting a worm? Now that just plain scary...

http://www.zdnet.com.au/news/security/soa/Vending_ machines_and_printers_open_network_threat/0,200006 1744,39257198,00.htm

Good lord, this first picture just screams "would you like fries with that". I would think that someone qualified to work there would be least likely of all of us to say that.

http://www.zdnet.com.au/news/hardware/soa/Photo_ga llery_Googleplex_in_Sydney/0,2000061702,39256655,0 0.htm

I'm posting this even though I moderated, just because the story really really is in need of help. (translation, you get two fp trolls)

The "story" is just a bunch of screenshots, and a link to a blog on techrepublic.com.com that you need to register to see. Once I got into the blog, it wasn't even on the page, because this was posted there April 20th with the following "content":

I just finished my installation of Fedora Core 5. It was a painless installation. I will be concentrating next on getting XenSource installed using Fedora Core 5. The IT grapevine says it is easier to install Xen on FC5 than FC4.

Has anyone out there installed Xen on FC5 yet? If so, I would like to be able to pick your brain if I stumble and trust me I will stumble. Xen seems really difficult to install from the initial reading I have done. I have a sneaking suspicion it is going to be painful. We shall see.

Click the link to view my FC5 Installation Gallery.

• Installation Face Off: Windows vs. Linux
• Installation Face Off: Windows vs. Linux Part II

Note: Here is my installation gallery for Linspire Five-O

That was it, just a "have you done it?" and photos, on flickr no less. It was done by Steven S. Warren though, who was the contributer to zdnet, so it wasn't out and out theft, just quite dumb. As someone previous said, looks like they just posted it to display all the ads on each page. But if you want to see that, there is allways the Printable Version with only 1 ad.

Linus switches to a Mac?

I can't believe Bill Gates' comments regarding the sub $100 laptop. It just proves that all his donations to charity from his huge coffers don't really come from his geniune desire to help people in need, but rather to glorify himself.

Or, just maybe, he thinks fightng AIDS among Africa's orphaned kids fills a tad more urgent need than MITS phantom $100 laptop.

The reality is more likely that he's not about charity at all and just using it for political leverage and public relations image.

It probably burns him up to have spent hundreds of millions on PR and have Negroponte steal his limelight with virtually no budget (relatively speaking). Furthermore, it's not just that the open source and open standards on $100 laptop helps break people out of Microsoft's grip, it's also that the publicity breaks the general public out of the mindset of "One Microsoft Way" Simply put, he's probably quite afraid that the public will remember or learn that there are other software and data formats than those provided exclusively by Redmond.

If there's an issue over whether Vista will put the big antivirus companies out of business, I don't see it as consequential. IMO, the software companies themselves will be responsible for their own demise, regardless of whether Microsoft enters the market. Programs like Norton Utilities used to be valuable, but now these once-critical utilities have morphed into bloaded virus-like software incarnations that are best not installed in the first place.

Furthermore, both McAffee and Symantec products have been hosts to numerous flaws, security holes and vulnerabilities themselves.

If Microsoft wanted to do it right, they could merely have Vista identify both programs as "malware" right off the bat, remove them from the system, and most users would be better off.

The question is are you paranoid enough?

http://www.techworld.com/security/news/index.cfm?N ewsID=5466
http://slashdot.org/article.pl?sid=05/10/27/142223 0
http://www.zdnet.com.au/insight/toolkit/security/e mail/0,39027176,39168559,00.htm
http://www.gridtoday.com/03/0526/030526.html
http://distributedcomputing.info/news.html

This thing has a lot of people's names on it. If it flops someone has to take the blame.

"I don't particularly care for reporting issues to Apple. Additionally, this box sounds like a honeypot ... not worth losing any exploit code to a bunch of .edu people," gwerdna told ZDNet Australia

-No keyboard at a time with mobile computing is moving to keyboards: check

-It's basically a big PDA at a time when the PDA market is on it's death bead: check

-It's not a phone at a time when the smartphone market is growing rapidly: check

Either Microsoft knows something nobody else does, they're just playing a niche for incrimental revenue, or, well, I don't know. I don't get it.

TW

zdnet reported it last year in April.

From the article: The NSW Minister for Commerce, John Della Bosca, on Monday announced -- after a six-month tender evaluation process -- 11 companies would be offered positions on the panel. Companies which made the cut included CSC, Dell, Fujitsu, Hewlett-Packard, IBM, Novell, Red Hat, Sol1, Starcom, Sun Microsystems and System Integration Services.

The agreement was subject to "final negotiations", but was not just an agreement to supply one agency, as one comment stated, it makes them an 'approved supplier' for all NSW government agencies, ie: no tender process required to purchase.

This is (fortunately for the rest of us) only in France. And he only lost the case because he published some code. So it was a copyright violation. France must have the weirdest copyright laws in the world, because even in the United States the small amount that he published would be protected under fair use.

Luckily for him, people have been donating to help him pay for his fine.

Before the Mac-o-philes here start getting all bent out of shape, perhaps reading the article in question would be a good start...

Here's a salient quote:

"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users... There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.

"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.

Bad anagram for a name or not, the guy sounds like he knows what he is talking about. There is a link to another article as well that talks about Apple's lack of diligence on security issues. Here's a link:
http://zdnet.com.au/news/security/soa/Ancient_flaw s_leave_OS_X_vulnerable_/0,2000061744,39234678,00. htm

The point is that Security is everybody's business, and no company can afford to slack. Not even the lily-white Apple is immune.

I recently switched from windows to mac...

Wow. Your situation and mine are so similar it's frightening.

Windows developer: check
switched to Mac: check
because of OS X: check
and because "it works": check
never going back: check

The only thing I'd add is that I stayed away from Apple for so long because I prefer having a command-line interface and really don't like mouse-centric GUIs. My impression of early Macs was that they were all GUI all the time. They had all the bells and whistles, but you couldn't get rid of them if you wanted to, and I prefer simple, clean, square lines. So, in the past, Windows suited me better.

Ironically, this seems to be shifting. Mac now has OS X (it's got bash!), while Windows is becoming "swoopier" (a la the EMP). I hate the way WinXP looks and always choose the "Classic" options. But the reports of the interface changes in Office 12 was the kicker. No thank you.

So now I use a PowerBook for my personal computing, turned off/down as many of the animation and sound effects as I could and am a happy clam.