Slashdot Mirror
PC Mag - Mac OS X Insecure
Suki writes "In this recent story a PC Mag writer concludes that "Panther and Jaguar were not better at outrunning vulnerabilities than Windows" and as my personal fav. ends by asking "How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here." The article discusses many previous Windows security holes against a recent Mac OS X security flaw."
He raises good points (I actually read the article), but one thing that OSX will always have over current versions of Windows, however, is the fact that in OSX you don't run as root/admin by default when you start off or create new users.
Until this is fixed, the same attacks will be much more effective against Windows users just because of the rights the current user has on the box.
dmiessler.com -- grep understanding knowledge
...it's got FAR less viruses and haxx0r attempts because it's less popular. So that's a plus.
WINDOWS!? We don't need no steenkin' Windows!
ok, lets see, MY mac can not be turned into a mindless DDOS machine or a virus forwarder, so if some one really feels the need to hackinto my machine to see my files, what ever, I update my vulnrabilities so I am not afraid of that.
I am the Alpha and the Omega-3
and a known patch is on the way. it's a very easy vulnerability to avoid. there's no virus yet...
was it worth the rant, or has he just been waiting a long time to make it?
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
Windows is by far more buggy than MacOS X. Seeing as I use both of them daily, I think I am qualified to say so.
I can feel a big commentary fight coming on this post :)
Pro-MACs on my left, pro-PCs on my right.
Ready ?
FIGHT
He's basically saying that since there was one widely-reported Mac security hole, Macs are as insecure as Windows? Odd comparison.
Mind you, I'm not too overwhelmed with his research; if he'd been paying attention, he'd have caught the SSH vulnerability the other month. It's not like Macs have been immune, and nobody with any clue claims they are.
What you can claim accurately is that Apple fixes holes promptly and fairly quickly, and that the MacOS X architecture does not have flaws which result in two or three active IE holes in the wild right now.
Apple isn't perfect, they're just pretty good. Microsoft isn't evil, they're just not as good as they should be. It's perfectly reasonable to use those two facts in making one's security decisions.
Can someone tell him that HIS WEBSITE IS NOT A BLOG, OTHERWISE HE WOULD BE INUNDATED WITH REPLIES!!!!
Thank you. ;-)
I'm a leaf on the wind. Watch how I soar.
It's pretty sad when Windows-users feel they have to start defending themselves by pointing out that other operating systems are vulnerable too. The last paragraph pretty much says all in that regard...
But the mindlessly superior retort is always the same, "No, it's because the Apple OS does not have the same holes as Windows. OS X is just a better operating system."
Whatever. All OSes have their inherent problems, but next month, when Microsoft racks up another suit of deathly insecure vulnerabilities, OS X will probably be fixed and free from defects for another couple of months.
I'm not a Mac fanatic, but it's because OS X is based on Unix, and Unix is more elegant in its design that gives OS X its better security.
Ruby on Rails Screencast
Aren't you insecure anyway?
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
so I guess I am safe.
Mac OS X gets one flaw and it's suddenly on par with the truckload of Windows security problems? What a funny little man...
.. This article was nothing more than +1 Flamebait. The author sounds like a little boy who finally gets to say "I told you so! I told you so!" when there really isn't anything to be told. All OSs have undiscovered holes and problems. The key is how fast the vendor deals with the problem.
Trolling is a art,
The only reason its quiet around here is the author forgot his brain, and no one really cares about what he's writing!
At least macs don't forward millions of email viruses every time that someone writes a new one. And I don't see macs listed as one of the computers that was discovered to have leaked personal information for millions of people to see... Mac's arent being afflicted with pop up windows curtesy of a never used Messenger service...
I also don't see macs trying to integrate the bios into the operating system! Or being taken over and hosting porn sites!...
~~ Please keep your arms, legs, and outright stupidity inside the ride at all times. Thank You ~~
Oh well, all is not lost. I feel quite confidant in knowing that not one virus has ever been devoloped for the HAL architecture.
The hole he's referring to requires some particular circumstances before it's even viable.
The attacker must:
Be on your local network
Already have control of your DHCP server
If both of the above are true, you already have much more serious problems.
While I agree that remote root/admin is bad juju, in this case it's hardly equivalent to the Windows remote admin exploits to which he's comparing it.
First, let's get the obvious stuff out of the way. THIS VULNERABILITY IS NOT ON BY DEFAULT ON OSX! You have to go into an obscure app (Directory Access) that most users don't know about, and turn on an option that most users don't need, in order to be vulnerable. Also, this vulnerability was never exploited.
How can this idiot compare that to the hundreds of millions of computers ACTUALLY INFECTED by Windows vulnerabilities like Nimda, Code Red, Melissa, Klez, Sobig.f, and thousands of others? Using Windows is like buying random illegal drugs on the street to treat a headache.
The MacOS is not without its flaws, but Windows is the swiss cheese of the secure computing world. It's very telling that the author didn't allow for any feedback or provide his email address.
- Vincit qui patitur.
This Ulanoff doesn't even bother to research his subject. I assume he wrote this in one pass with Spell-Check TM on and posted it.
The article is crap and I assume his chops are too.
This
WTF? The article was based on one security flaw found in the OS? And one that requires a pretty sophisticated attack pattern (geting ontot the smae network, as opposed to say, oh EMAIL or TELNET). Seems to me this is a case of someone trying to draw a line with a single point as a reference.
If at first you don't succeed, redefine 'success'
sigh. this argument gets old. unix is designed to be more secure than windows. not only that, but it IS more secure than windows. no amount of screensaver errors, cocoa text field overflows, or netinfo exploits will change this. the day windows is more secure than mac os x is the day i can get by without ever needing the root (Administrator) account with access to everything. yes. everything. install apps, install libraries, use current apps, develop apps (with the exception of kernel code but this needs root no matter what OS).
- tristan
Typical Windows User: Stupid virus, now I've got to use my restore disks. Stupid popups, I only want to look at the porn I ask for. Stupid spyware, I can't believe adaware only found 26 new spyware programs today.
Typical Mac User: Stupid virus, my computer is fine, but my ISP is down. Stupid popups, oops forgot to check the option in Safari, okay better now. Stupid spyware, it made me hit cancel when it tried to install itself.
Now understand I'm talking about the standard consumer, of course there are many of us that can keep the windows problems at bay.
I do the majority of my computing work on my TI-92. Havn't had a virus yet!
paintball
> a recent OS X security flaw
That's the significant word, I think. A single one
They will never know the simple pleasure of a monkey knife fight
It sounds like this is just the same "Flaw" in OSX's DHCP settup. There was a thread on this earlier. They essentially use a server to assign a number of items as well as IP. If I reacall correctly, this was never that big of a security flaw (at least not moreso than any other standard DHCP setup)
This is just some guy on a soapbox blabering on about how this "flaw" proves that OSX is just as bad as any Microsoft product. Hopefully others can see past this guy's rhetoric.
There should be a moderation category "Dumbest Comment EVER"
I have been trying to say this exact statement forever to the Linux community.
-----
I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts.
I generally counter with what is apparently a secret carefully hidden from Mac zealots: "That's because only a fraction of the world uses Macs. What's the point of attacking a niche market? No one will notice!"
----
I think we have to remember as he is only talking about OSX, everything he is saying also applies towards Linux... It is about time we recongnized this, and start making changes in the Kernel to secure the OS, instead of adding value add features that only a small part of the population will ever use.
I'm a Linux/MS user and I can even see where this article goes wrong. He might as well write an article explaining how all the Linux/BSD security zealots are wrong. We all know, and we don't care. Some products achieve a cult-like following, and that's the way it will be.
Cthulhu Saves.
I mean... really... next thing you know, there'll be an article in MacAddict that says something mean about PCs...
cya,
john
Imagine all the people...
We do not want to encourage behavior like this, do we? Reading the article, sheesh, what's next, checking for duplicates before posting?
Sigs for Nerds. Sigs that Matter.
Cute, but my Mac wasn't turned into a mindless DDOS drone but a few months ago.
My Mac never has never told anyone ILOVEYOU.
My Mac has never been Hacked by Chinese!
ok - let's see if there's really any commparison here.
count the holes;
count the time it took to plug the holes;
factor these in a meaningful way;
compare.
even a guesstimate here puts osx on top.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
IMO, Mac and Linux are good since most viruses are made for Windows. However, if Windows is as good as PC Mag says it is, why does Micro$oft need to release patch after patch to fix problems that should have been beta tested and repaired? I use Linux and it works fine without patches. I had one attack and that is all. WinXP had attacks on it left and right. IMO, Windows will always be attacked even if it's not the most popuar OS because of it's bad security and bad PR Micro$oft has in general.
Not a single OSX machine has ever ONCE been compromised to where it remotely granted complete system-level access or turned against a host to be used in a DDoS attack. The vulnerabilities found on the Windows platform are more frequent, more fatal, and much more easily exploited.
but how many of them were exploited?
Geez, I write like that sometimes here, but only to blow off steam in a forum where it's not unacceptable, and even then I feel bad about it. Perhaps the local trolls should apply for a job writing for ABC News? I'd love to see the Greased Yoda Doll guy become a colleague of Peter Jennings.
Also, for the bazillionth time -- Jon Johansen did not crack DeCSS. He hung out with guys who did, and as a minor was the front man for distributing it. It's one of those myths that is too fun to allow truth to get in the way.
What I'm listening to now on Pandora...
Unless you are using wireless which limits your range to 250 feet once you are on someones network you might as well walk over to their computer and smash it with a hammer.
Seriously, this is way different from RPC vulnerabilities.
When you have that kind of access to a network you can just setup a webserver, setup DHCP to setup your computer as the gateway, put an IMG file on an SMB share and grab the windows password as the computer sends it to your computer.
Once you have a DHCP server on the local network alot of comprimises are possible against Windows too.
It would be hard to see virus writers taking advantage of this, as there are just too many different network configurations to consider.
... that you don't put your email in your attribution or anywhere in the article.. Luckily, thanks to Google, your bio reveals your email to be:
Lance_Ulanoff@ziffdavis.com
Share and enjoy!
"How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here." Did not know that Slashdot was in the habbit of planting OBVIOUS FLAME BAIT story's
...the article is by PC Magazine. Nobody there will give anything that doesnt have an x86 proc 5 stars. Same thing with Mac magazines. To get a REAL review and not a rant and rave, you need someone that uses something thats not Windows or Mac OS or *NIX and they have to use a non-x86 arch. Thats a review. My two cents.
Honestly, how much of Apple's user base cares about security issues? Apple does cater to a couple small industry niches, but the lion's share of their buisness comes from the crowd that wants a slick-looking conversation piece that matches the color of their iPod. While the minority of mac-fanatics who read sites like slashdot will probably get razzed a bit over this, it's not going to impact Mac's sales much, if at all. Hopefully they'll act responsibly and get a fix out soon, but honestly, they probably don't really *need* to.
P.S. Don't get me wrong... I'm not a mac-hater. In fact, if they'd just increase the battery performance of their notebooks a tad I'd be all over them. You have to make a lot of compromises when trying to run Linux on a laptop that you don't have to make with an apple laptop.
If he posted that "article" on /., he'd be modded down as a troll. Why is it we feel a need to respond just because his trolling is posted somewhere else?
-- I still got it.
Well, this is one very good reason why the operating system monoculture is bad.
Security also isn't just a matter of the OS. My office-mate got her AOL account owned by someone who apparently did a dictionary attack on her password (which was her dog's name). If people open executable attachments in Outlook, it's the fault of the application, not the OS.
Find free books.
If you use Microsoft apps on a MAC it becomes insecure.
QED
comment directly in my journal
So an attacker who can gain access to your network -- over a wired connection or wirelessly -- can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.
So, a guy has to get on my network, set up another machine as a trusted server, wait for me to reboot, and then...? Is this a fair comparison to email viruses, etc...?
My cube's been up for 90 days. I plan to take it down and upgrade it eventually. Does this mean I'm going to be vulnerable?
Whatever.
-- The world is watching America, and America is watching TV.
As a member of the Mac "fringe", ( i would rather the author use the term, "tassels" or "pasties" ) i am feeling quite like the cock of the walk. Thank you Lance "fucking cunt" Ulanoff, for opening my eyes to the fact the no computer is inherently secure. I would not have known, if not for your vast amount of knowledge. I am amazed at how much i have learned from you, o cunting whore. How can i repay you for such kindness. We, the mac fringe, are not worthy. We bow before a humbling display of cuntingness and cuntitude.
this guy writes like a goading Republican.
It's about time Apple did something about the POS security in OS X!
Obliteracy: Words with explosions
From the episode where Marge develops a gambling addiction.
HOMER: You have a gambling problem! Remember when I got caught stealing all those watches from Sears? Well that's nothing, because you have a gambling problem! And remember when I let that escaped lunatic in the house because he was dressed up like Santa Claus? Well you have a gambling problem!
...why there are those who will defend to the death giant monopolies who exist to abuse them. It's the same mindset as Christian Conservatives and Republicans. They'll defend anything that supports their view that the world should be some kind of giant hierarchical feudal nightmare.
After all, if there aren't losers, then how can they be winners?
The parallels in writing styles are striking.
On a serious note, someone should point out to the author that if an attacker can gain access to your network (wireless or physical), you have much bigger problems than default settings on your OS X boxen.
Anyway, the guy makes some valid points, but it would be nice if he didn't sound like an 8 year old when doing so. But I guess this is what "journalism" has to offer these days...
If you want to read a well thought out and constructive rebuttle to this article, click here.
Everyone talks about us Mac zealots, and yet no one ever talks about the Anti-Mac zealots, and let me tell you there are a lot of them.
Lance_Ulanoff@ziffdavis.com
. as p
http://www.pcmag.com/author_bio/0,3055,a=204,00
regardless of platform the most popular one will always seem the most insecure because why would a hacker use an exploit on a 2% market when they can exploit the 98% market?
correct me if i'm wrong, but wouldn't it be easier for hackers to find exploits in OSS considering they can see all the code? obviously OSS can fix bugs very very fast, and the lack of attacks is probably because most hackers are in favour of OSS compared to MS...but if all the hackers attacked linux instead of MS, IMO i think linux will be just as 'insecure' as xp.
plus, to use linux effectively i think the average user needs to know more about computing than joe user. if you assumed that kind of knowledge was required to use xp, i don't think all these viruses would be do much cuz everyone wouldn't be opening stupid email attachments from MS saying it's a security update.
He starts off by listing that NetInfo/DHCP thing that was not exactly a trivial exploit... and that most dial-up cable/dsl users weren't vulnerable to then...
:)
mentions a few global headline news Worms and Viruses that had Windows users on the run, and sort of throws in a known history of dozens of severe security problems that have consistantly been popping up for years on end.
Oh! And iTunes was hacked. Riiiight... that was never a problem in the first place.
So you see now! Mac are just as insecure as Windows machines are!
Not quite.
Cwm, fjord-bank glyphs vext quiz
Look at what it means to a typical user, doing things the way such users typically do. Do some real risk analysis. That is what folks are truly interested in-the difference in risk to them when they plunk down their money for a PC vs. a Mac.
This article isn't worth discussing... there's no meat there, just a guy gloating over his one chance to respond to Mac zealots (hey fella, I sympathize, they're obnoxious).
Not worth having a real discussion over though.
Read my keyboard review.
Perhaps Apple should follow suit to make Mac OS X behave similar to Windows? Or better still: a year without security patches. We can do better than Microsoft!
Why is this one security hole talked about again and again when the impact is limited to a fairly small number of machines in the Mac universe and Apple has already addressed the issue? The opinion article is purely anecdotal and cites no research so why is this OS X vs. Windows security debate even going on.
"The truth is that the Mac OS is just as vulnerable as Microsoft Windows."
Does this guy have any idea what he's talking about???? He doesn't even mention A: the particular exploit and other OS's affected and B: how Apple promptly fixed it.
This Guy is an ID10T for posting this crap and scaring the media.
Not only is he arguing that OS X is as insecure as Windows because of only ONE (that's 1) flaw, but he's comparing apples and oranges (ah, so to speak): the OS X flaw he (poorly) describes affects only a tiny fraction of OS X users, depending on their network context, and those who ARE affected can easily change some settings to fix it. (Why do you think Apple didn't release an immediate fix, Z-D media clone? Hmm, seems pretty quiet around here now.) Many of the reported Windows flaws, otoh, have widely affected average Windows users who perform such mundane tasks as, say, opening a web browser.
This guy's either another FUDbot or he's technically clueless. Either way - next, please!
I've never used a Mac in my life, but his article seems to show a complete lack of OS knowledge or even basic logic.
Anonymous Cowards suck.
Hey, I don't use a mac because it is more secure than windows necessarily. I use a mac because I enjoy the UNIX-like abilities of it, it's nice GUI and the quality of the hardware (and support for that hardware).
Does the author claim superiority after arguing one, miniscule point, in the large scheme of things?
Vulnerabilities happen in any system. No software is perfect. The question would be which OS has more significant security vulnerabilities. A factual comparison of the numbers here is far preferred to a fanatical appeal to emotion. I found the article to be slanted somewhat.
Gimme a break....currently XP is a virus/trojan/spam host and I get patches from Microsoft every few days (even when they announce that there will be no patches) and it takes 3 hours to load all the patches on a clean build...if that happens to Os X then I may think he has a point. Until then, sorry dude, even Linux has more holes! Its like saying the New York Yankees are a bad team when they lose 1 game out of 100...
That's the sound of no one caring what you think, Lance.
A series of what ifs, followed by the reaction of imaginary mac fields that exist only in Lance's head.
And the whole "Macs don't suffer viruses because there's so few" myth was dead and buried long ago. Sheesh. Who cares? If Lance is happy with his bloated, cheerless, abominable bugfest of an OS, more power to him.
And now, Obligatory Car Analogy: it's like Lance is sitting by the side of the road with his Chevy Vega that just flew to pieces for the fifth time that week, and he's pointing at the Lexus that just sped by because it had a defective radio knob that just fell off.
--- Ban humanity.
It's not in the ABC article but it is in it's PC Magazine twin... http://www.pcmag.com/article2/0,4149,1408924,00.as p
I think he's asking for so opinions so why not talk to him rather than bitch about it here?
Anyone who thinks that their mac cannot be turned into a mindless DDOS machine is just being naive. Any operating system is vulnerable. Even if you take the necessary steps to protect and update it. I think the point of the article was to dispell the myth that windows is this security nightmare compared to other operating systems. Is windows the worse than MAC OSX security-wise? Yes, but to say that it's a complete nightmare while mac OS X is completely safe is just absurd. I think the hackers love to stick it to Bill (which certainly does have it's merit as a reason). If Mac were number one all the hackers would love to stick it to Steve.
> If people open executable attachments in Outlook, it's the fault of the application, not the OS.
Hardly. It's the fault of the person opening the executable attachment. Sure, it's _more_ the fault of the app than the OS, but you've gotta be smarter than your application.
Excellent comments. Please post them in our forum:
s p,
http://discuss.pcmag.com/pcmag/start/?msg=32413
-----Original Message-----
From: ***
Sent: Thursday, December 11, 2003 10:24 AM
To: Ulanoff, Lance
Subject: Eureka
Hello.
in your piece at http://www.pcmag.com/article2/0,4149,1408953,00.a
you have this to say in conclusion:
Ultimately, those on the Mac fringe have to face facts: Panther and Jaguar were not better at outrunning vulnerabilities than Windows. I expect other gaps will emerge, and while the Mac OS may still draw far fewer attacks, this discovery might suck a little wind (or is it Windows?) out of Mac radicals' sails. They can scarcely claim this was a minor hole. OS root access is serious stuff. How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here.
So, that's all it takes for you? One potentially serious loophole in an
OS to declare it "no better at outrunning vulnerabilities than
windows"?
Have you recently counted the number of Cert advisory reports that have
come out for XP? Last I checked, more than a month ago, it was in the
40-some range. For XP alone. This year only. For the past few weeks,
those reports have come in bundles of 3-to-5 at a time. Nearly every
other week.
While gaining root access is serious on a Unix machine, you also need
to point out the fact that to be able to gain access to this loophole,
you absolutely need to be on the same subnet as the compromised
computer. Therefore shielding 60%-some percent of home Mac installation
(as those connect to the interner through some phone connection like
PPP) and a great deal (don't have numbers) of the remaining 40% still
not at risk, provided their Cable or ISDN, [A]DSL ISPs have done their
work properly.
It's not like one could attack the entire machine simply by sending an
email containing some VBL script. Right?
Of course I'm a Mac head. And I'm still as cocky as I've been since
roughly 1988. Because every time I see those IT folks around here
struggling to keep the company running when the next wave of Win
trouble appears, I'll be smiling at my desk, uninterrupted, and
occasionally offering to help (okay... I'm just pointing them to some
Linux site or Apple.com... but hey... I seriously believe that would
help
them).
Keep us entertained.
Have a good day.
Not quite true. Of course it is technically, but to develop applications which typically live in kernel space in most operating systems, say device drivers, you don't necessarily need root. On a GNU system (with its native kernel, the Hurd, not Linux) you don't need root for this. Only to change the microkernel you would need root, but the idea of using a microkernel is that it hardly ever needs to be changed.
Was he asked any tech questions? Cause it seems like the person who hired him, hire some of my co-workers. :)
"Thanks to the remote control I have the attention span of a gerbil."
It's the same thing in politics. Everything is busted and broken, but any plan proposed is savaged out of existence because it's not sparkling and perfect and infallable. Since nothing can be perfect, nothing gets fixed.
--- Ban humanity.
Remember, this is PC Magazine, so naturally they will be very PC-centric, for lack of a better term. And most PC users will show anything from mere ennui to full blown fear and loathing about anything that is fruit-flavored.
This sig no verb.
Prevent email address forgery. Publish SPF records for y
This argument has been used so often in so many different scenarios that it's getting old. Not only that, it doesn't always hold water. While there may be more Windows boxes out there, that means NOTHING more than "there are more Windows boxes out there." What the author SHOULD have done was a percentage comparison. Using shear numbers is always misleading.
For example, if in experiment A a sample size of 1 million there are 1,000 cases of "blah" (whatever that means) versus in a separate experiment B with sample size of 1,000 and 100 cases "blah", no one in their right mind would conclude that the group in experiment A is more susceptible to "blah" since 1,000 > 100. But in reality, it is quite the opposite when considering percentages (.1% in A vs 10% in B).
- Number of Macs reported/suspected to be cracked by recent vulnerabilities: ZERO
- Number of Windows PCs known to be cracked by recent vulnerabilities: MILLIONS
So... I'm feeling pretty damn cocky, thanks for asking.This guy has no facts.. He points out no holes in the macs. In short he's just bitter..
Maybe he should of Written an article about how these petty fights between: Windows vs Mac should stop.
Maybe he should of Written more facts:
Like windows explorer process isn't just a file explorer but also the start bar.. And thus when it freezes Bye bye start bar, Where as the mac has the Dock.app seperate from the Finder.app.
Now It doesn't have those facts. Its more of a disappointing article about some disgrungled pc user.
ONE security whole was found in OS X and suddenly its crap? There will be security problems in ANY OS, especially a consumer grade one like OS X. The securiy of macs should be judged by who quickly an efficiently apple moves to plug its holes. Security vulnerabilities are found in linux all the time! what makes linux a relatively secure OS is that the community moves quickly to plug these holes.
Look, OS X is insecure. This isn't the OS you're looking for, stay with Windows, all will be well...... These people just don't get stats, Windows has more viruses and so on not because it has 10x the market share of anything else but because it is much more vulnerable. Even when Windows systems are in the minority (eg web servers) they still suffer far greater security problems than any other platform. Sheesh!
"I have the attention span of a strobe lit goldfish, please get to the point quickly!"
> My Mac never has never told anyone ILOVEYOU.
Poor thing. Perhaps you could get it another Mac to play with?
...that this guy has his own commentary. He must love to hear himself speak.
:).
How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here.
I don't know but the fix should be up anytime. (This can be applied to most holes). I guess misery loves company eh Windows Users.
I think the nice thing about Open Source, is that most developers are probably ego maniacs. (Hear me out) When you build something and it's yours and someone tells you it has a flaw... Well you are going to fix it / patch it throw it out and scream. Version x.x.x is out, check the changes to find out what flaw! In addition to that if the original developer doesn't fix it, chances are someone that needs it fixed, will fix it and throw up there version. Thus speeding up the process of the patching. That's why there is a patch every other week for Mac OS X. People are getting stuff done.
Of course you guys already knew that. Also quick work around for this bug until there is a patch. Don't let unauthenticated access to your wireless network, unless you want me piggy backing of your internet connection
"It takes many nails to build a crib, but one screw to fill it."
An attacker who has already managed to either insert a malicious host into your local network (granted, if you have an unsecured wireless network, that could be fairly easy), or compromise one of the hosts on your network, can then wait for users to reboot their computers (assuming the original compromise hasn't been noticed yet), and then get them to trust the compromised host.
So, steps are
Now, if you've got one host (that doesn't get shut down at night) in a lab where everyone else turns off their computers at night, you could take over the whole lab in a day or two. But then, in that situation, you've probably just taken over the domain controller (or Apple equivalent) anyway, so who needs a DHCP vulnerability?
Definitely a big problem, but it's hardly MSBlaster, is it?
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
I generally counter with what is apparently a secret carefully hidden from Mac zealots: "That's because only a fraction of the world uses Macs. What's the point of attacking a niche market? No one will notice!"
Yeah...? And...? You have no point here. What the Mac user said was that they don't get attacked. You gave the generally accepted reason, but that doesn't counter what the Mac user said. They are still happily using an OS that doesn't have all the security problems.
Lance's theoretical "if the tables were turned" theory is pointless. It's not reality. Reality is that the dominant OS in the world is a complete security clusterfuck. Why doesn't Lance address that? If Macs are so marginal, why rant about it. Just ignore them.
--- Ban humanity.
First: There are no OS X viruses.
:p
:p
Macs have a util called Open Firmware Password that locks your hardware pretty damn good. What if someone takes your drive out? FileVault, which encrypts your home directory.
Apple responds to security problems, even little ones, immediately. And the plumbing of OS X is open source, problems are identified and fixed faster. The media seems to hype the smallest Apple security problems these days, it's not fair. We all know how good M$ is about patches. Seems the only time they releases them punctually is when they have decided they won't release ANY patches this month.
Windows has lots of ports and services open by default, OS X doesn't. OS X has a built in firewall. OS X has a trove of open source security utilities. OS X DOESN'T HAVE KAZAA and GATOR!!
Obviously there's no end all solution to Pointy Haired Bosses with laptops but OS X is a good first strike.
Where did this guy come from?
One major vulnerability in a 3 year old OS (MAC) makes it equally bad as thousands of major vulnerabilites in a 10 year old OS (Windows)?
This guy is clueless and really, really anxious to say "I told you so! I told you so!"
I've been a Mac user for four years now, but I still regularly use Windows and occasionally Linux. To me, Mr. Ulanoff seems to embody the worst type of Mac user - the cynical ex-user. All the Mac users I've talked to aren't snobby or "elite" but almost every single ex-mac user is. It's almost like they were upset that they had to leave MacOS and now all they do is spit insults at anyone who thinks that Macs are cool.
I feel bad for anyone who feels the need to put a group of users down simply due to their choice in tools. That goes for the "Mac elite" that Mr. Ulanoff has to deal with as well.
You can find a better article about the OS X vs. Windows with respect to viruses here.
I have never been able to shake my perception of PC Magazine/ZD as just a shill for their biggest advertisers. Just ask yourself: Who butters their bread?
I understand that a lot of you here on Slashdot are new to the Mac (since OS X) but those of us who have been on Macs for longer recognize this type of junk tech writing for exactly what it is: an attempt to stir the shit and increase readership. It's probably easier to sell advertising on your site or magazine if you can create just the right anti-Mac tempest in a teapot and sell a few more copies or increase your web site hits. This tactic used to run under the headline "Apple going out of business" or "Apple to close up." Now that's mutated into a "critique" of security or speed claims or whatever. Sadly, there is a fraction of Mac users out there who are still willing to take this bait and play into the game. I'm not even looking at the article. Been there, done that. I recommend that you stare out the window and observe the slow but steady growth of the grass outside--that would be far more productive that playing into this kind of shameless, professional trolling masquerading as tech reporting.
--Rick "If it isn't broken, take it apart and find out why."
Wrong. There is something to be said for how security is considered in the design of an OS. For Windows, it wasn't much of a consideration, which contributed heavily to why there have been so many systemic vulnerabilities.
The system was designed to be user-friendly, not secure. They got their market-share because of that fact. I think it is much easier to make a secure system user-friendly than to make a user-friendly system secure. Microsoft is finding that out as well. You reap what you sow.
My beliefs do not require that you agree with them.
"Security is only as good as how often the users patch."
Actually, good security happens only if users patch as often as necessary. The necessary frequency is a (very) relevant factor in evaluating the comparitive security of systems.
As is the speed with which patches handle known vjulnerabilities.
Add in an evaluation of the frequency at which patches kill other apps (or previous patches!), and I think the Mac stands up very (VERY!) well to Win.
Heebie JEEBUS, If this guy isnt someone that is desperately looking to validate his existence I don't know anyone who is. To go about comparing one, frankly obscure, dhcp exploit compared to the neverending cavalcade of windows holes. I wonder if mr self satisfaction actually has a timeline of windows exploits and issued patches. I doubt his wall would be long enough to hang such a thing.
You name, its got haxored. Linux, Binux, Debian, Slackware, Lindows, Windows, Macdows, LinOS X, WinBSD, Macian, Debware, Freeux. Yes, I am making up names here, but if they existed they would be hacked.
No matter what operating system you use, you need a firewall, common sence and the latest patches. I have seen plenty of Sad Macs, BSODS, kernel panics caused by hacking and stupidities.
But you Mac Zealots have got to learn that your system just because it runs on Propeitry hardware and is based on a BSD kernel dosen't mean its secure, the Linux community has been targeted recently because of its gaining popularity, and you will be targeted too. Hint, Mandrake 9.2 disables the command line by default, increasing security.
I am a Linux user, I have came for the stabillity and the security, but I still bring my common scense. At my work the Dell Optiplexes running Windows 2000 havent been hacked because of common scence. IMac's pretend to be secure because they place the power button at the *BACK* of the machine, LOL!
...you wouldn't mind sharing your IP address?
-Looking for a job as a materials chemist or multivariat
Wow, this writer for PC Magazine obviously has some issues when it comes to attitudes. This article is written mostly as an "IN YOUR FACE" to the Mac community. I also find humorous the huge, honkin' HP advertisement right in the middle of the article.
Anyway, while it may be true that there have been some insecurities with OS X (as you'll have with _any_ operating system), most of them have been what I'd classify as low-risk. Go read all the advisories for them, they all require either physical access to the local box/network or are vulnerabilities with the open source components of OS X (like OpenSSL) that affect everybody in our (Geek) community.
So quite frankly, I see this as overreacting on the writer's part and worse, it's not terribly objective and horribly whiney.
(btw, as you read my sig, you'll say I'm just as bias and you're right. But I'm not whining am I?)
I just wasted your mod points! HA!
"Mac elite"
"Mac radicals'"
Seriously, people need to get some prospective here. It's an Operating System for gods sake. I can understand why people might have strong options. But this is more like political divisiveness. It's absurd. I run three different OSs in our house, windows, mac OS X, and linux. I mean, i have complements and complaints about each, but calling people radical or elite for using one or the other? Sure, there are people who take it all a bit too seriously, but this I think, is a prime example of the pot calling the kettle black.
" So an attacker who can gain access to your network -- over a wired connection or tirelessly " And goes on to say what a huge and major hole this is. Uh... if a hacker has access to your network, there are a lot of things, OS dependent or not, that a hacker could do if he's gotten far enough to be on your network. TCP dump? Ethetral? Thats not even "script kiddy" legal. But the point is not so much that this article has an obvious slant, but that it's such slant for something as basically trivial in the end as exactly what OS your computer is running, it's ridiculous. If this were an open-source vs closed-source discussion, sure I can see why some politics might be involved, but seriously, Mac vs Windows? Get some prospective.
Notes From Under *nix: blas.phemo.us
granted i prefer my mac, so the argument is biased, but i have a win32/pc i use every day as well..
what bothers me about this article, is the author assumes that by "more secure" the mac elite has meant to saying their OS is perfect. obviously, this isn't the case.
i've had my newest mac for over a year now, and have only seen 2 vulnerabilities made public (openssh, and this trusted host thing). during this same period, i've seen more windows vulnerabilities than i can recall, and i've had encounters with at least 4 widespread microsoft worms [found in my inbox], and watched them bring many networks to their knees.
i haven't seen a virus for mac since the days of System 7 on M68K chips.
bottom line is -- yes, OS X has vulnerabilities... but there will have to be a lot more discovered, and a lot more damage on its behalf (worms, etc.) before anyone can call it even.
-m
This guy could just as easily written this article about Linux, FreeBSD or any other OS for that matter. (They all have their elitists, they've all had their problems.) I think the truth is that with a complex OS, it's impossible to be 100% hack proof. The fact that he chose Mac OS X as a target is obviously just a bias against it, even though he painstakingly tries to say otherwise. Let us forgive the /fact/ that Windows is simply a poorly written operating system. Oh wait, there's my elitist attitude again. Better put that away.
Rick
To be fair, I didn't read all the comments, so this might have been said already.
Of those comments I did read, it seemed to me that the authors who wrote pro-Mac comments missed the point of the article entirely.
The author is saying that because Windows is nearly ubiquitous (mean everywhere), it's bound to attract more attention than Mac OS, or Linux, or OS/2, or Unix. With more attention devoted to it, obivously more bugs are going to be found. Let's face the facts: If Mac OS (any version) had 70-90% market share, people would more than likely be finding bugs left, right and centre, while Windows falls by the wayside. The same would be true of Linux, or OS/2, or Unix.
Before you go deriding someone for making a point, try standing in their shoes and see if their opinion makes sense.
"How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here."
That's pretty childish. Even if his point is a good one, that kind of gradeschool attitude isn't what I'd call very good journalism; well-made arguments stand on their own without the "neener neener" element.
www.macgamer.com
Is being secure the same as security? Let us take a look and see. Starting out let us compare raw numbers.
Building A has one broken window, that is kind of small and can only be breached if you can get passed the outer gate (with its own security), and have the right (specialized) equipment.
Building B has many broken windows, and windows breaks as fast as they fix them. Many of the broken windows can be breached from down the street. The latest broken window could allow anyone to imitate building C, and only when you have entered the building do you realize that you have been duped into entering Goat's house of cx.
Which building is more secure?
The issue is that security is offered in LEVELS. No place is 100% secure, however some places offer much higher levels of security, providing a safer place to be.
So which building is more secure?
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
This is a really bad analysis, but he does stumble on the right conclusion (not apparently intentionally).
The simple fact that no one wants to admit to is that any UNIX based system has inherent vulnerabilities that have to be actively addressed by a competant admin level user to clean up. Most Mac users by admission are "creative people" not "ubergeeks" (and they're proud of it). Anyone that does system security audits with any level of competance will agree with this, if they don't it's either ignorance, ego, or incompetance.
Remember, the only worm to ever "crash" the internet was a sendmail exploit. All the zombified wintel boxes in the world combined have not caused the service interruptions of that baby.
No matter WHAT you call it a *nix box is the same as a wintel box, it requires more competance than the average user has to properly secure it. The only reason this may be moreso in the Mac arena than the Linux arena has nothing to do with the underlying system, it has everything to do with the average competance of the enduser those OSs are marketed to.
By the way, I DO like MAC OSX, works great on my churches graphics system.
It doesn't matter what you wrap your emotions around, Reality is a brick wall specifically designed to scramble eggs
How cocky are you feeling now, Mac elite
nobody ever refers to a "PC elite" or a "Wintel elite".
How cocky are you feeling now, Mac elite?
Seems to me that someone who would want to have themselves regarded as a professional journalist (good portfolios and a good reputation usually leads to a promotion) you'd think that he wouldn't use his editorial as a way to thumb his nose at people. What happened to the "editorial" portion of the article? Seems more like a flame.
Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.
An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking -- and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.Steve Jobs stated when the iTunes music store was announced that the DRM would be hacked. The point was to provide a DRM solution that was not restrictive to honest users. That was delivered.
His email address: Lance_Ulanoff@ziffdavis.com
His brief bio here
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
There is one problem. How many OS X flaws would there have to be to equal the mass of users' flaws that are running Windows? Tons. OS X just isn't installed on that many computers. What's more, Mac doesn't ignore problems or issue quick fixes -- they actually try to fix it. This has been my experience, having used Mac OS's since they came out. They crash less in my experience, but if you are connected to the internet and just download random stuff, you're still gonna be in some trouble.
stuff |
I think that its becoming a fairly standard tactic to try and boost the raffic to a site by posting a Mac-baiting article.
(Qualifier...I didn't read the article nor will I as I don't want to legitimise this type of writing)
But when you see this
'How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here."
as a quote from an article you have to wonder how much of this is realy journalism and how much of it is simply the author trying to drive traffic by POing Mac users?
I really wish people would just stop paying attention to this sort of thing.
The exploit in question is not a major issue, is likely to affect just about no-one and has only really been big news because most people don't read the details. Apple released a statement clearing this up months ago, and it is pretty clear the author of the article has no idea what he's talkking about.
Holy crap! You mean that if some ass-taco gets physical access to my network and can set up a rogue DHCP server he'll be able to get root access to my Mac (unless of course I took the 5 minutes to read the technote article and disable all my unused directory services)?
Dammit! I'm gonna' go back to my OpenVMS box!
If what this guy really wants is absolute security right out of the box, I guess he'll have to do the same.
You are attempting to read sigs. Cancel or Allow?
Me, I'm a die-hard XP user. It's nice. I've been a die-hard Windows user for year (hey, it's cheaper!) All that being said, the flamebait/article was written by an absolute fucktard. All OSes have problems, is this news? I know goddamm well OSX is more secure than XP! Frankly, it's a better OS, period. I just can't afford the pricey hardware :(
Boycott everything - they're all trying to fuck you one way or another
So we know there is a vulerability... How many people do we know of that got infected or hacked via this exploit. Lets pretent that Apple has 5% of the marketshare. I know 40 people that got hit with Blaster and many of them were also hit with the I Love you Virus and a few others along the way. So with the Windows machines taking up 95 percent of the market... going by the numbers there is 1 mac user for every 19 PC users... So I should definatly know 2 people that were r00ted by a L33T H4X0R with this recent attack?
However I know of Zero that were affected by it.
Take a second... figure my point out.
I had a flame... but she had a fire.
In the last two months, I recall seeing numerous patches from my Auto Updater telling me they need to patch for "a remote attack which grants full control of your system". I should start making a log of them all. I know within the last month I've seen 2 alone. Sometimes I have to patch for 3 at a time. They require little more then me visiting a website or opening my email with a Microsoft product.
Yet how much extra does this particular OS X vauln require? A whole lot more then a push of a button.
Comment removed based on user account deletion
Sincerely,
Your local MCSEs
His bio:4 ,00.as p3 ,00.asp
http://www.pcmag.com/author_bio/0,3055,a=20
His email:
Lance_Ulanoff@ziffdavis.com
Other Works by Lance:
http://www.pcmag.com/category2/0,4148,636
Lance Ulanoff is senior executive producer for PCMag.com. At PCMag.com, he oversees all strategic, editorial, and production activities related to the magazine's Web site. Ulanoff spent the last 12 years in online and print publishing of computer technology. After stints as a beat reporter in New York, he entered the world of technology, first traveling the country to cover product distribution and data processing issues for a national trade publication, and then joining the world's number one computing publication, PC Magazine, in 1991 - for the first time. In his five-year turn, Ulanoff wrote and managed feature stories and reviews for the publication, covering a wide range including books and diverse technologies such as graphics hardware and software, office applications, operating systems and, tech news. He left as a senior associate editor in 1996 to enter the online arena as online editor at HomePC magazine, a popular consumer computing publication. While there, Ulanoff launched AskDrPC.com, and KidRaves.com and wrote about Web sites and Web-site building. In 1998 he joined Windows Magazine as the senior editor for online, spearheading the popular magazine's Web site, which drew some 6 million page views per month. He also wrote numerous product reviews and features covering all aspects of the computing world. During his tenure, Winmag.com won the Computer Press Association's prestigious runner-up prize for Best Overall Website. In August 1999, Ulanoff joined Deja.com as producer for the Computing and Consumer Electronics channels and then served as the site's senior director for content. He returned to PC Magazine in November 2000.
The headline of this article is: "Macs Are Not Invulnerable; Windows Isn't the Only System With Serious Flaws." And this counts as news? Every OS- even OpenBSD, although not as many or as often- have series flaws. Big deal. Mac OS X and Linux certainly aren't as prone to as many exploits and viruses.
Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
This article is so ridiculous it hurts - I don't even use Macs, only Linux and Windows, but the sellout is so blatant it made me sick. It got me wondering how much money Redmond pays monthly for Mr. Ulanoff "consulting services". At least most of the MCJs have the decency to pretend neutrality.
I know there's no need to resort to ad hominem attacks as the article in itself is flimsy enough, but it does point to the pedigree of the author.
In another of his articles The Fog of XP dated 6th Aug 2003 he talks about his desktop XP machine and the fact that at this date he'd not even installed SP1, despite it being available for nearly 12 months !!!
He's either not very clued up or uses "journalistic license", either way he loses respect
Parent post proves the authors point about Mac users being fanatical.
So someone doesn't share your worldview, stop being a baby and get over it.
This is not to say that I agree with the articles premise either, but it seems far more constructive to discuss the merits here (which I am sure he will read) rather than sending out a bunch of angry emails.
I have a Mac and Linux network at home. At work I use FreeBSD and Mac. We have Windows too but I don't deal with them.
I don't believe for a second that one platform is more secure than the other, theoretically. Think of it this way: Maybe Windows has 400 flaws, and Linux has 10. In either case, you've got greater than zero vulnerabilities, and it only takes one to get hacked.
But practically, I've never had my Mac or my Unix machines hacked. They've never been infected by a virus.
I have never owned or installed anti-virus software of any kind. That blows my Windows friends away. I never deal with this stuff. I take my time applying patches to the Mac and nothing bad happens. Am I just being "cocky"? Is the big Mac worm gonna hit one day and then I'll feel stupid? Maybe. But that's just a hypothetical. Right now, today, my Mac is making my life easier. In fact I wish I could replace a couple BSD machines with Macs.
Oh well. I gave up on Mac evangelism a long time ago. I just use them and enjoy my little "secret". It's probably better that Macs aren't more popular anyway.
Also, don't think that Apple is smug about this. They've never pitched "immunity from viruses" or "hacker-proof" in any of their ads.
Overheard whispers: "He's not going do it" "Yes, he is - you didn't see last months rant against one button mice?" "I dare you" "I bet his ethernet cables not plugged in" "It's been a pleasure working with you" "I knew he was an idiot, but nobody's that dumb" "Didn't his last article get taken out by the Melissa virus?"
How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here.
I think you can add Lance Ulanoff to the list of things that are "insecure".
Quick, send him an Outlook virus!
I think I already did.
The ______ Agenda
That the Mac Zealots on this site are screaming "TROLL, LIAR, WIN ZEALOT" and other such nonsence, while when ever there is a Windows Vulnerabillity there is a 1000 5 funny comments from Mac Zealots and several flamewars.
Meanwhile, companies and organisations are slowly and quietly switching to Linux, where they too will be targets, and zealots, but I know from experience that Mac Zealots are a LOT more annoying. We need more anti macs, but since Apple computers are so expensive where I live (around 5 times more expensive than average PC), I know nobody who uses them, but I know at least 10 people who use Linux.
When all the M$ groupies start spreading this type of crap around it must mean they feel a little jealous and threatened by OS X.
Keep it up Apple!
Sounds like exaggerationist shock reporting to me. One vulnerability (as some have pointed out, disabled by default) is nothing compared to a history of worms. Anything can be cracked, given time, but Unixoid systems seem more secure than Windows-based ones, especially in terms of worms and whatnot. If a Linux worm (as an example) were as easily possible as a Windows one, we'd have Linux worms going around knocking out servers left and right. And as for OS X, like I said, one vulnerability does not render the system "insecure." It is moreover a downright lie to say that Windows is more secure; perhaps Windows XP Pro comes close, but it is overpriced relative to XP Home and, yes, OS X. I bought a $2000 or so computer last time, with LCD but not including the rebate, and sure didn't spring the extra $80 for XP Pro and its evident security enhancements. It didn't seem worth it. Besides, it's not really very easy to do almost anything under Windows with internal security features turned on; it doesn't just prompt you for a root/admin password. As I recall, you have to log out and switch accounts.
I don't know who is crazier, the guy who wrote it, or everyone who has bothered to point out hsi flawed logic. I think he was just being a troll. And there is nothing more trolls like than getting a reaction. Way to go Slashdot! Now offering 20lbs bags of Troll food availiable at ThinkGeek.
Well.. maybe. Or Maybe not. But Definitely not sort of.
AFAIK, Joe Blow can write to / on a new 10.2 install. This is madness.
/etc/hosts >> /hosts.txt
/dev/null to /bin/bash (or whatever). apparently somebody at apple actually thought about security BEFORE they shipped the product. evn if yo install any application, the best you can do is install it into ~/Applications. if you want to install it into /Applications, then it asks for a admin user AND a password. make shit up in chat rooms. not /.
then, apparently, you don't know jack. you absolutely cannot write to / unless you (and follow this carefully):
1) open up a terminal
2) type sudo
3) then type say: cat
4) type password
you my friend, are full of shit. now, if like me, you create another user, which i always run at, then i have to open the term, su to an admin user, then sudo. osx turns off root by default. to enable it, you have to go into net info, and specifically enable root, THEN, you have to change it's terminal from
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
Often times Linux / osX users (of which I am one), suggest that windows is uniquely vulnerable to security exploits. To some extend this is true, as windows has such a large install base it makes sense to seek to exploit windows as you can create the biggest effect with a windows exploit.
However it is Linux and osX users do themselves a disservice by assuming that they are completely immune from security holes, as this is not the case and a false sense of superiority and lax security policy can / will eventually be disastrous for the Linux / OSX user.
actually I am happy to see you, however that is in fact a banana in my pocket.
While I agree with many of your points, the comment about bloated struck me as out-of-place. For personal experience I would offer the following: my iMac used to be a tired old dawg. Now it's a Yellow Dog and it works like a new computer. :)
Sure Windows is bloated, and so is the MacOS. But Apple DOES make great hardware.
His mental health suffered too much proximity with Windows PC ...
This post is displayed with recycled electrons
Then you can go here to discuss what a steaming load this "commentary" is. Oh, my gosh. Someone who already has access to your network can put a malicious machine on it that will lead to your Mac being owned when it reboots. That's so freakin' simple. Not like those astonishingly difficult Windows attacks of sending emails, setting up websites and/or having users download spyware. The sky is obviously falling. AAAAAHHHHHHH!
However, if you look at who is actually discovering these holes, it seems to be a handful of security researchers.
The larger Windows user base means that a flaw might do more damage than an equivalent OS X (or Linux) flaw, and that there are way more script kiddies waiting to jump on it.
Spyware
Trojans
Worms
etc
Have fun Windows users!
...to prove to management that folks do read his articles...thanks /. for keeping him off unemployment and doing your part to keep America running...
I understand that it's an opinion piece but what's the point. Really? I can't say that I've been inundated with "Mac OSX is more secure" noise from a lot of Mac fan boys.
In fact other than a few free/libre software idealists I can't say that I really associate with any sort of fan boys, not OSX vs. Windows, not PS2 vs. XBox, none of that shit. We grew up, got jobs and when we're not geeking or working we're talking about our wives and kids or doing something not computer related..
Mac OSX has a bad set of settings. Yep, that happens. That is a bug. Likewise, there were other bugs on OSX that were actually just as bad if not worse (they use a lot of OSS and they will have the same faults as the OSS world does).
The real problem is that Mac OSX (and most other systems) have a fundementally sound architecture, while none of the the current Windows do. I suspect that Longhorn is taking a long time to get around these huge design holes, but the current ones have them and there is nothing that can really stop these. In fact, MS has confirmed it numerous times in gov. and court hearings.
So yes, the *nix based system will continue to have holes (in fact what system does not), but they have a much more sound design from the ground up. Hopefully, Longhorn will as well.
I prefer the "u" in honour as it seems to be missing these days.
It's pretty sad when Windows-users feel they have to start defending themselves by pointing out that other operating systems are vulnerable
Why? Mac users have been doing it for years.
I think I think, therefore I think I am.
It's an old tactic used pa PC columnists. Write a quick bash at Apple or the Mac, and watch the hit counter soar. And since hits = clicks = banner money....
This is not meant as a flame, but it's pretty obvious that Mac users are easy to enrage, even with bullshit claims like this one.
Take that you damned dirty hippy!
Oh that's for Stallmann
ohh Yea
Take that you Godamn Mac Zealot
Sorry I could resist
If you also have wireless access and either don't encrypt it, or your attacker takes the time to crack your WEP key (not, I gather, all that hard for a determined attacker), then he could potentially inject a laptop into your network from the parking lot. The wireless delay would be enough that nearly all hosts would still get the legit DHCP server's responses first, but (a) he could still compromise all the laptops that use DHCP - probably not uncommon if you're switching between access points a lot, and (b) only one wired host would need to trust the wrong response, and he could compromise it, turn it into the owned DHCP server, and he's set. That could include a laptop that was compromised by wireless, and later plugged in to the wired network.
On one hand, it's you say - if the attacker has got himself onto your local net, you're already dealing with some big problems. On the other hand, by the principle of defense in depth, you should both prevent the attacker getting on your network, and also have an internal network set up so an attacker would have a hard time doing damage from the inside. This vulnerability means that one of the layers of your supposed 'defence in depth' is weak.
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
Personally I would not have made that choice, but at least there was check box to turn off the default DNS trust. If only windows came with checkboxes to remove its bugs. And I dont mean like checkboxes that say "turn off scripting and cripple my browser please".
In fact mac has not even fixed the so-called hole because its not neccessarily a mistake.
In any case the SSH vulnerability, and the screen-locker vulnerability were in fact true holes created by mistakes. These are what should be scrutinized. But these did not lead to widesperead network worms at least. they did not arrise out of a insecure by desing attitude that pervades all the Active-X philosopy, the power-user-by-default philosophy, the standards crushing embrace-and-extend, the optional log-in password philosophy, or the add features rather than fix bugs philosophy that rightfully inspires all the anti-windows zealotry.
Some drink at the fountain of knowledge. Others just gargle.
Yeah, it's a silly article, but I bet the site is getting a lot of hits, and a lot of adverts seen! Isn't that what pointy haired bosses need to see?
These are some of the things molecules do...... given 4 billion years -Carl Sagan
Every OS has flaws, but at least just about all of MacOS's security holes are plugged -before- they are exploited.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Actually, BSD has a faint fishy smell, but the amount of sulfur is far worse.
I prefer the "u" in honour as it seems to be missing these days.
If the reason why there are less Mac viruses than Windows viruses is that less people use Macs, then I encourage _everybody_ to upgrade to Windows Server 2003.
I said nearly the same thing about Linux last time somebody spouted junk about Linux not really being any more secure:
When OS X has a vulnerability, it shows up in a few specialty news sites, a few people tsk, and maybe a few people even get hacked.
When Windows has a vulnerability, it shows up as a worm that takes over millions of machines in a matter of hours and cripples the entire internet.
The OS X vulnerability in the article isn't even a remote vulnerability. You need access to the machine's local network to pull at off, and you need to do it when the machine boots.
Major Windows vulnerabilities, on the other hand, let anybody who can ping the machine take it over completely and at will. You don't even need to be that smart; a small computer program can do it automatically.
Which one is more secure?
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Nahh the Mac elete are too busy with Porn
iMacs Bring Down SCO. Exclusively from KTPX, Candy colored iMacs, those innocent looking computers sitting on the desks of millions, were taken over today by mad hackers. The hackers wrote a virus that turned these lickable computers into denial of service attacking machines, whose sole purpose is to make the lives of saintly companies like SCO a living hell. More after the break.
There is an account named "Administrator" in XP Pro that has additional privileges.
I'm not sure how many other people can possibly say this to you, so I might as well - There is no difference between having an account named "Administrator" and being in the default administrator group. There just isn't. It's just the name of the account.
no point in generating revenue for them to produce more pap like this character's "analysis".
If English was good enough for Jesus, it's good enough for everyone else.
ALL operating system are insecure. No exceptions. It is the responsibility of the OS vendor to find, fix and release patches for vulnerabilities. It is the responsibility of the user to apply those patches and secure his box. The issue here is not that OS X has a vulnerability. The issue is that Windows has a larger installed based and thus being a more lucrative target has MORE of its vulnerabilities exploited. MS is consistently late releasing fixed and then once the fixes are released, the sheer installed base of windows works against it. Around 80-87% of US internet users are on dial up. Most likely 90% of dial up users use Windows. A clean WinXP install requires over 128MB of downloaded patches. Exactly how many dialup users will ever patch their systems? MS owes its users at a minimum a monthly CD of patches in the mail at NO charge if it wants to be a responsible internet neighbor. That alone would remove the most common reason why MS systems are so vulnerable.
How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here.
I switched to the Mac after almost twenty years of working with PC's when I started my own business. I took (and still take) an awful lot of grief from former colleagues who have the exact attitude of the writer of that column. It's a knee-jerk thing; it spouts (or spews) out of their mouths in a sort of unthinking reflex that never quite has a firm basis in fact.
I'm not a member of anybody's elite; my experiences are:
1) I design graphics, I design for the Web, and I design jewelry. I often need to process large numbers of images and photographs quickly and efficiently.
2) As an artist, my subjective impression has been that the Mac renders for me a better color impression of the actual world. When I was a "Sunday painter," it didn't matter. Now it does.
3) I think I followed good practice in selecting the applications I needed, then selecting the best platform on which to run them. Actually, I think more people ought to do this.
4) I don't mind being in a niche. I still run virus updates, I still watch for alerts. If I'm too insignificant for the invaders to exploit, it's a side bonus, not something worthy of bragging rights.
5) The only major inconvenience I've experienced is that I'm on the East Coast, my accountant is in Denver. I'd like to be able to use QuickBooks Online, but it'll never be developed for the Mac. It's not a catastrophe. Oh, and I was forced to finally replace my elderly Palm III.
I've pretty much learned to filter out articles like the one mentioned. People who say "Here's what I have, here's what I use, and here's why..." are almost always worth listening to. People who spout party lines without quite knowing why are almost always safe to ignore.
DUCT TAPE: The Election Supervisors' Secret Weapon
This ain't "news for nerds," it's just bait.
"Fundamentalism" isn't about divine morality. It's about human authority.
Despite the fact that Windows is releasing patches on a monthly basis and that its operating system has been riddled with viruses for the second half of the year, Apple's first major flaw in an operating system is enough of a problem to go over all of them.
Now, I would like to point out that I am not an expert in Windows, but the situation hasn't exactly been rosy. Blaster and SoBig being two examples of note, there are still problems that pop up on almost a weekly basis. Its gotten so bad that Microsoft has been dishing out patches like candy on Halloween and Easter all in one, and now its to the point where for people's conveinence they're plugging the holes in their product once a month.
Meanwhile, there have been minor security flaws in OS X, like a screensaver problem, but nothing too major. There have been, I think, 2 security patches since Panther's release. However, Panther is brand new, all of two months old. Let us take the shrink wrap off before you try and tear our operating system to pieces.
In retrospect, just 9 articles below this one on /., there was an article on an IE exploit. Or should I say, another one.
SO, let's give credit where credit is due. Mac OS X isn't a brick wall, and I (myself) have never argued that it was. However, it isn't a slice of swiss cheese like Windows XP seems to be.
Oh, and while we're at it, OS X is more elegant, user-friendly, aesthetic, stable, and fun to use than Windows XP. :P
NO system is invulnerable. I will agree that most UNIX systems are not as vulnerable as a windows machine, but to be so arrogant as to say the OS/X exploit he states in the article is insignificant is full of baloney. ANY vulnerability no matter how insignificant is bad. Every OS has vulnerabilites. Get over it.
Gorkman
Did you catch anything while trolling?
http://www.pcmag.com/author_bio/0,3055,a=204,00.as p
(love tha dot asp link....hmmmm...)
from his bio; he's the "senior executive producer" of pc mag, which sounds pretty damn important.
folks, he's a 'technology reporter', which means he doesn't know how to attach an ethernet cable. or even what an ethernet cable actually is.
If English was good enough for Jesus, it's good enough for everyone else.
what a tool! of course something as complex as an operating system is going to have some flaws - DUH!
to try and rub the collective nose of mac users in this flaw is just a show of pettiness but it's probably all he has time for between running windows patches and trying to figure out why windows patches are running themselves.
wouldn't it be utterly amusing if for once, all of us looked at an article like this, got our own little chuckle, and didn't even post at all to show what a crock of shit it is :)
...if you don't have anything to say.
Why? Because it sells.
The guy is doing just that. Selling. Not to Macintosh users, but PC users.
|>>?
That article had more flamebait than a Dvorak article.
Sorry, does that mean you're pro or anti Dvorak?
I always like following Dvorak debates; it brings the Ayn Randists out of the woodwork.
Whence? Hence. Whither? Thither.
192.168.0.10
If you have to change your configuration from the default in order to have a secure system, then you have a security hole. Most of the really big microsoft security hacks are things just like this - the system is configured open by default when it should be configured closed by default.
The rationale for configuring the system this way is that it's easier to administer - you just plug it in and it starts working. This is why Microsoft used to configure the system insecure by default. This is why Apple is still configuring the system insecure by default. But part of what you're plugging in, with no authentication at all, is your authentication system. So if the thing that tells you what authentication system to use lies, you're hosed.
This is less severe than the recent Microsoft bugs because the attack is hard to do from the outside of a firewall. So probably Apple is not going to get the kind of bad publicity for this security hole that Microsoft has gotten for, e.g., the Blaster worm. But this is actually a much worse security hole, in a sense, because there is no Software Update coming down the pike that fixes it - Apple has, so far, taken the position that this is a feature, not a bug.
Because the number of people who run software update automatically is much higher than the number of people who pay attention to security alerts and do what is recommended in them, this particular security hole is going to remain on pretty much every MacOS X install in existence. So I can see why the guy from the PC magazine is acting all smug.
The right thing would be for Apple to fix this, but I don't see them doing it - there's no way to secure the DHCP transaction, and there's no way to secure the LDAP transactions either. I hope there's someone in a back room at Apple working on closing this gap, but they've been silent on the issue so far, other than maintaining that because it's a configuration thing, it's not a problem.
I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts.
Still don't get attacked by viruses weekly. So maybe someone on the same network can exploit a well known (by now) security flaw, which is really just a couple of bad default settings. If someone actually does exploit this flaw, I can just walk over to his desk and tell him to cut it out.
TallGreen CMS hosting
Mac OS X is not a secure OS, neither is windows or linux. A secure OS is one that is competently adminned with all services except the bare essentials disabled, all patches applied and is constantly auditted for holes.
"security is a process, not a product" - Bruce Schneier
So Mac OS X has security problems, so what? so does do linux and windows. Too bad for those two mac os certainly makes up with its superior gui and os design.
I have never seen someone get so seriously bent over such flawed logic.
There are several things to consider:
While complexity may provide an opening for flaws, it does not atutomically mean the code is flawed if it is complex. People who care that there code is used ( Apple Engineers) can surmount the problems that complexity poses.
MacOS X is complex because it DOES MORE. Samba,NFS, CUPS, X11, SSH, shells... and is INFINITELY more configurable.
XP et all is complex because it does marketing and because it attempts to deliberately obscure configurability and portability of code. These are essentially arbitrary complexities that are in direct conflict with good code practices.
Just do what you do best
Arnold "Red" Auerbach.
No one brought up the 2.4 kernel exploit that hit Debian either...
.mac accounts using Apple's Mail client, and there's Evolution, but these haven't been the vectors for massive mail pandemics, outlook/ie/windows is (aren't the former part of the OS now?).
Microsoft now wants to move to monthly security patches.
Apple has been running at less than this rate with updates to fix individual problems instead of the patch-of-the-day or monthly-mega-patch.
"Linux" (including every mail delivery agent, window manager, office suite, etc.) is probably somewhere in between.
But someone else had it exactly right - Apple and most Linux systems have services TURNED OFF BY DEFAULT. You can't have an exploit run against something that isn't turned on.
There should be a critical mass of
There's lots of Macs, and Linux systems, but they don't have their database servers exposed to allow something like slapper or slammer. It is actually hard to figure out what to kill on a windows system to shut off something you don't need.
Also note the exploit for Mac was an "inside" job - you had to gain access to an internal network and do a few fancy things, not find an IIS connected directly to the internet.
Yes, you can die in a collision in a tank, but it is less likely than in a huge SUV, which is less likely than in a compact car.
No, Apple isn't perfect. Neither is Linux. But they are an order of magnitude better than Windows and still would be if they were the dominant OS - i.e. maybe we would get one bad worm every 5-10 years instead of quarterly to yearly.
I agree.
Of COURSE you have to be on the same subnet to worry about this. A MAC is a transport-layer feature.
Any sufficiently simple magic can be passed off as mere advanced technology.
The original article appears on PCMag.com and readers are tearing into the author in the forums.
Right now over 300 comments quiet!
You're dead on: it's called Bill O'Reilly / FOX News reporting. Take a self-proclaimed expert and start making a lot of noise. Take a talk show and masquerade it as NEWS. Pretty soon the public won't know the difference. Make sure you label it 'Fair and balanced'. Make sure you intimidate the guests that disagree.
'Mac elite'... Did Ann Coulter help him write this crap? Why not call Steve Jobs a communist while we're at it?
there's no place like ~
WHAT KIND FUCKING GARBAGE WAS THAT.. DOES /. Even check the quality of the articles that get posted... hell anyone who reads PC magazine is a moron.
The article is just a flamebait. The author blows an innocuous "exploit" which really is a feature (trusting local DHCP-provided authentication servers) out of proportion to bash on Macs. He does not even understand the alledged security breach:
"A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings."
So an attacker who can gain access to your network -- over a wired connection or wirelessly -- can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.
The truth is that the Mac OS is just as vulnerable as Microsoft Windows. Overall, maybe OS X is better than Windows, but that's not the point. Panther, for example, is a great OS, but it's also complex, and complexity leaves room for gaps -- some small, some not.
Hmm, nice try, but to gain access you need local access to the network, not remote. Plus the target must have LDAP or Netinfo on with DHCP. And it has to reboot (uptimes for my Macs are $current_date - $date_of_last_security_update). Besides, it is corrected in the 5/12/2003 security update for Panther.
Maybe we deserve this world ?
What a joke. Mac OS X is not insecure, DHCP is. And that, my friends effects every operating system. Now add that the tens and tens of holes in Windows and you get the whole picture.
"How cocky are you feeling now, Mac elite?"....Aha! At least they are now recognising that we are an elite! ;-)
"This is crazy, you realise we could all go to jail for this?" - my manager, somewhere I used to work.
When I went from OS 9 to OS X, I knew that I was giving up a large amount of security to get a *nix base and loads of features never before seen in a Mac "OS". I think that was well worth it.
What else that has definitely made it worth the move is that Apple has been very fast, IMHO, in offering patches for security holes (note: the recent cookie vulnerability).
There are dozens, maybe hundreds of more holes in Windows and we all know that many of them will never be fixed.
At least Apple acknowledges security holes and makes effort to fix them.
-A
1. Notice flagging readership, reduced ad revenue
2. Write audacious, insupportable story that will anger people
3. Submit to Slashdot
4. Profit!
Rogue dhcp servers are a potential vulnerability to all machines on the subnet. (Reminds me of DNS cache poisoning or arp poisoning btw).
Comparing the "insecurity" of Windows to that of Mac OS X is absurd.
Unfortunately this guy dosn't seem to know much about security.
And that's all I claimed, so where is your argument?
--- Ban humanity.
Hallo hallo. I am an RA (we call them Community Advisors) at UW-Oshkosh. Recently a large number of my residents came to me complaining that their AIM accounts had some sort of profile virus. They asked me if I had the same thing and because I run OS X the answer was no. This is the third major outbreak of a virus on campus just this semester, and it hits the cheap Dells and Gateways running Windows hard. And yet I and the other Mac user on my floor remain unnafected. After using Windows for years I came to the conclusion that part of the Windows experience built into the OS is the feeling of complete frustration. There are so many popups, viruses, incompatiblities and security holes in Windows it makes me want to vomit. My old Win98SE machine would drive me nuts every day and I would put up with it. I want a machine that works and ever since I switched to OS X in May I've done TWO painless security updates. With my old machine I was patching and patching and patching. OS X isn't without its flaws. Afterall it was programmed by humans who are far from flawless. (Imagine if Jesus programmed an OS... always stable, always compatible, etc...) Just because there are minor flaws here and there doesn't mean the operating system as a whole is inferior to any other operating system. This whole article comparing NUMEROUS Windows flaws to one OS X security hole... come on now.
.deviatefromtheabsolute.
The article says the following:
/. has already spotted them. Apparently "news for nerds, stuff that matters" is "MS shills being whiny, stuff that /. covered weeks ago" today.
A feature of macs that allows them to be set up quickly can be used to take them over. (This is true) All the attack requires is that the mac trust an attacker's computer as a local LDAP server and have the proper settings turned on and be rebooted (this is true. But is it easy?) Therefore, Windows is as secure as Mac OSX.
He also tosses in the (long debunked) "bigger target" and (totally irrelevant) "mac users are more zealoty" arguments. Just for fun.
I'm not even going to go into the many flaws in his argument. Anyone reading
mbbac
i used to write for PC Magazine, and i say it's secure. so THERE! nyah nyah nyah. :)
Just raise the taxes on crack.
Sorry to nitpick but Mac OSX is not strictly speaking UNIX. It's BSD which departed from the rest of the Unix world a long time ago. It is safe from the SCO nonsense because all the issues were settled with AT&T at that time. It is a real UNIX like OS though. And you are so wrong about Joe Blow being able to write to root. The first reply to your post explains it perfectly.
"This is crazy, you realise we could all go to jail for this?" - my manager, somewhere I used to work.
To install Mozilla on my Mac, I just open the disk image it is shipped in, and copy the application bundle to the /Applications folder. No root required, no password entered, but software is installed. Lots of Mac software gets installed this way too.
I'm still not sure what being root gets you on a Mac, since I haven't found many files that my non-root-but-administrator-account can't open and modify.
Wook
Anyone notice this?
Please, please, tell me that he's not trying to convince us of his "Apple cred" by noting that the last time he used a Mac in a serious capacity was ten years ago?
Even if OS X does develope some serious holes, who really cares it only accounts for about 5% and since Linux and BSD are still around it's probably more like 3%. You could cripple every Mac on the planet and with few exceptions business etc would continue as normal. My point is, yes Mac bigots/fanatics are annoying but they're hardly worth an entire article.
Does Windows have alot of flaws? Yes
Am I going to stop using it? Probably not.
CAn'T CompreHend SARcaSm?
Dear Mr. Ulanoff,
I read your article about how serious security problems exists on the Mac platform just like Windows , and I must say that you are full of shit, to put it mildly. While some real or percieved security issues will always exist in all networked platforms. The share of these problems on the Windows platform is exponentially more than that of the Mac or Linux. I suspect this is primarily because of the fact that networking and hence "security" on windows are an after thought hack job which were added in mid to late nineties, after someone hammered the reality and importance of the internet through Bill Gates' thick skull. And also due the fact that MS drains quality out of good engineers as only MS seems to be able to do, hence the crap products!
Specifically about these issue, here are some points to remember, this "exploit" is only possible on Mac OS X if ALL of these are true:
1) In Directory Access, you check to enable NetInfo in the Services tab (Unchecked by default)
2) In Configure Netinfo you check "Attempt to connect using broadcast protocol" (Unchecked by default)
3) In Configure Netinfo you check "Attempt to connect using DHCP protocol" (Unchecked by default)
4) in Directory Access, LDAPv3 is enabled in the Services tab (Enabled by default)
5) In Directory Access LDAPv3 Configure, "Use DHCP-supplied LDAP Server" is enabled (Enabled by default)
6) A malicious person already is on your network.
7) The malicious person already controls your DHCP server.
ALL of these have to be true for there to be any problem whatsoever! While there may be reasons for some people to allow 1-5 to exists (To enable NoConf administration) but these people (Sys Admins) would know to make sure 6 and 7 are not possible. And if 6 and 7 happen you already have more serious problems unrelated to Mac OS X.
On other hand if you are a user/sysadmin who randomly enables random features and then allows the network and dhcp server to be compromised, you are are freaking idiot and deserve what is coming to you.
The reason it is quite "here" Mr. Ulanoff, is because you are trying to use your brain and there is no one home!
From the folks at CARS
Lance_Ulanoff@ziffdavis.com
/.ed.
there you go, send him an email and tell him what you think about his article. I am sure he will love having his mailbox
Sure, there are security holes in OS X. There are also security holes in Linux, as well as Solaris, AIX, and pretty much everything. There are a number of open source components that run on all of them, and as fixes are found, they're patched and fixed.
What's more important though is how often they ARE exploited. Name anyone you know that uses a Mac that has had a virus, or has been hacked. Now name folks that use Windows that were affected by the old shutdown virus.
Hmmm.
Microsoft's startling accomplishment is that, in addition to fundamentally failing to make its system easy to use, it has also simultaneously managed to leave it insecure.
Microsoft doesn't understand ease of use. Ease of use is making an internally consistent system that minimally technical users can quickly understand and apply to accomplish much more complex tasks. Ease of use is not designing a condescending wizard to walk a person through a bizarre fifteen step process to do whatever it was they were trying to do (and God help someone if they ever need to do something even slightly different than what the "wizard" has be pre-programmed to do).
Likewise, as many others have pointed out, Microsoft has failed to understand security. Security isn't developing a system to automatically download all this month's security patches, nor is it simply patching problems in a timely manner (both of which, ironically, Microsoft has also failed at). Rather, security is the well thought out implementation of an entire top-to-bottom design philosophy to allow a computer to exist in a hostile environment.
So the system was really designed to be neither user friendly nor secure. That leaves other market forces in command of its popularity. For example, ability to run on commodity hardware, relative ease of use in its early monopoly forming stages, later exploitation of its monopoly, broad 3rd party software support, lack of wide appreciation of the security problems (especially in the pre-monopoly and early monopoly stages), and ongoing familiarity to users (among others) as the reasons Microsoft got its market share.
Windows caters to a different audience than Macs. Macs have a lot of atvantages due to the niche nature of their market. They can dictate what hardware is available and control that end. They can drop support for legacy products more easily because less people use them. Part of the worm infested recent history of the Windows machiens have to do with density as much as security. It's simply harder to spread anything viral (worms, viruses or the plague) when the density of potential hosts are low. Apple has doen a great job in making a good interface and good machines, and their target market appriciates them. Microsoft has done a great job selling stuff, and supporting nearly every device out there. Both have merit and usefulness.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
There is no reason, as far as I know, to beleive that micrsoft's developers are less capable than apple's or any others. Microsofts security problems IMHO are purely a reult of its success. This is because of the epidemiology of malicious code. This is by far the biggest threat to MS. Many orgnisations standardised on Windows because of the decrease in administrative load due to the economies of scale achieved through a platform monoculture. This saving is slowly but surely being eroded by infectious code. The effects are two fold. The physical harm done to data and the increasing restrictions on the use of PC's. The cost of keeping PC's clean will eventually out weight the benefits of standardisation. Microsoft cannot do any thing about this it is purely a matter of frequency dependent selection operating. They have benefitted from this is the past. Eventually it will kill them. They have as much chance of escaping this as they do of running away from their shadow. Infectious code will only get worse for them
Comment removed based on user account deletion
I think it's funny that this guy does exactly what he complains about - becomes fanatical, to the extent he has to write a cocky article about it. Why are Windows users so threatened by, as he calls it, a "nich market"? Remember, just because everyone shops a Wal-Mart doesn't make it the best.
viruses attack the OS!
Just because there are less identical copies of an OS out there does not make it more secure.
Just because there are more identical copies of an OS out there does not excuse multiple, unpatched, vulnerabilities!
The Underlying OS is what is secure or not. The Mac OS has a flaw, openBSD has a flaw, the Linux kernel has flaws, Open Source applications have flaws, and the Windows OS series have severe cracks in the foundation of their operating systems.
Why do all the Microsoft apologists point to vulnerabilities in other Operating Systems as a justification for having the worst security track record in the history of computing?
christ this site is nerdy. look at the polls. sad individuals you all are. rubbish rabble. where are the smiley faces? what good is a forum based site eithout smileys?! @n@l
=my ideas be more important than urs=
You know why? It marks the point at which Macs have climbed back into the ire of PC Mag editors everywhere. 3 years ago, a mac article wasn't worth the soy ink and electrons it took to create an anti-mac article.
Wow, it's like it's 1988 all over again. Some Tool nitpicks one or two items to make himself feel better because he's a Windows user for whatever reason.
Next we'll hear how overpriced Macs are.
Actually, the only difference between this and 1988 is that games used to come out first for the Mac (Real business users don't need games! Was the rallying cry).
"oohhh... I didn't know Schopenhauer was a philosopher!"
The guy is right. Everyones' shit stinks; the more shit there is, the bigger the stink. Any other assertion about Mac/Windows x86/PPC is mere conjecture or fabrication. Wouldn't be the first or last time in either camp.
Don't agree? Read the bit about the iPod and learn.
In other news: Will Steve please register his SPEC scores with SPEC so I don't have to go to two sites to see that the g5 is 30% slower than a comparable Opteron config.
And mac users have been under constant berration by the PC community for longer than we've been taking swipes at the nightly security updates.
T Money
World Domination with a plastic spoon since 1984
No, your mistaking that with the crap that's on CNN
Chicken Noodle Network.
mac.
OSX has the out of box simplicity edge while still having all these services off?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
article summary: "your OS is nearly as bad as our OS .. HA HA"
paraphrasing a little, you understand.
(null)
constant berration?
It seems like you've got a persecution complex. I see things more as Mac being ignored by most PC people until a Mac user brings up the subject. Maybe that's worse than constant berration.
Really who's more likely to start-up on the Mac vs. PC topic. Mac users, hands-down. Ya, you love your computer, great. Just don't get so defensive. Nobody's trying to take away your Mac.
I think I think, therefore I think I am.
I have recently audited an xserver running the latest Jaguar. Within the first 20 minutes of looking, I found 3 command-line overflows for suid apps. These are textbook overflows and appear to be trivial to exploit. IMHO the developers have performed very little vulnerability (fuzz) testing against their privileged applications and services. Many many more bugs will be found. I encourage any newbie vulnerability researchers to get their hands on a copy of Jaguar ASAP. As mentioned in a previous post, file permissions are screwed up all over the system, and the amount of suid binaries is astonishing. You *will* find *many* vulnerabilities.
...when someone actually writes a virus for OS X
Nice try Lance Ulanoff, but you were right with your first sentence. Everything else that follows smells of sour grapes, by your own admission you hinted to as much in your first paragraphs.
I would think that malicious hackers would love to write viruses for OS X, if for no other reason than to promote platform genocide, shut up those annoying mac users once and for all.
Fresh install. I am not root. Observe:
Combined with the following brain damage:
Makes OSX into a version of UNIX that no seasoned administrator would EVER let into production.
p.s. I know how to use sudo, you gibbering cretin.
Perhaps actually doing the test would be helpful...
stop thinking like the cattle.
Just to be picky: that sudo command won't work.
/etc/hosts >> /hosts.txt <ENTER>
/bin/sh <ENTER> /etc/hosts >> /hosts.txt <ENTER>
if you meant:
sudo cat
type password
Then this won't work, since the shell redirect is running in the shell of the non-admin user. However, if you meant:
sudo
type password
cat
Then it would work.
"If the Macintosh OS ever became dominant, the tables would turn, and there would be just as many reports of viruses, security holes, and attacks on it as we currently have with Windows."
Apparently the author thinks that it is impossible for the dominant OS, whatever that may be, to be more secure than Windows. He belives that a products percentage of proliferation in the marketplace determines its security. Not the programming.
He's saying that UNIX based operating systems with as much exposure as Windows will be subject to as many vulnerabilities and exploits as Windows is. He thinks it is not possible for an operating system to be made more secure and less vulnerable.
In effect, what he is saying is that Windows is the best the human race can do. This is it. This is the culmination of our species ability to write software. No operating system can ever improve on the constant barrage of patches and updates that must be done to keep Windows safe.
Obviously, while humans can not ever write flawless code, I certainly hope for our sake someone somewhere can do it better than Microsoft. If that someone is Apple, great. If it's a Linux distro, that's fine, too. But I am certainly going to hold on to the belief that there exists the possibility that an OS can be as dominant as Windows without being as insecure. Otherwise, we don't have much to look forward to in the realm of computing, do we?
Bryan Chaffin from The Mac Observer goes into some of the points mentioned in the original article: The Back Page: PC Apologist Asks If We Mac Users Are Now Humble
One interesting point made is that those who say that Mac OS X suffers fewer security and virus problems than Windows only because there are fewer Mac users just don't have a leg to stand on.
like I said,
What on earth were they thinking?
Lance, let me tell you. It's not wrong for you to feel this way .... it's pathetic. Have you felt so diminished as a person this past summer, as wave after wave of virii pummeled your Windows box, that you now revel in the misfortune of others?
Don't worry, it's OK. Since no one had their Mac exploited by the "vulnerability" it's fine if he feels good about it.
Not that we actually care...
Maybe we deserve this world ?
What a lame way to get publicity for some peecee rag.
I think the point he tried to make in this article, and one that most of these posters/flamers have been missing is this:
Nobody wants to write a virus for an OS that 10% of the computing population uses, when they can write a virus for the os that 60% of the computing population uses. Why? Because nobody will notice Mac viruses, but everybody will notice PC viruses.
Personally, I'm under the impression that OSX is a good operating system, but doesn't offer you any choice. Imagine what OSX might be like if they made an OS that would actually *gasp* run on hardware that the user choose. If I don't want to think about hardware, and wanted to pay $2500 for the "World's Fastest Personal Computer" (Thanks Jeff Goldblum) I'd go with a MAC. If I want choice, and the ability to run a variety of software, including the OS of my choice, I'll stick to my PC.
TI-92 does do lower case, and linking is not all that difficult to code on that calculater. A more effective virus would probably be written in ASM though, Disguised as a popular game, and might delete everything (except perhaps, itself) every 30 days (TI-92 has a built in clcok). good assembly code could even attach itself to already existant programs on the users calc, so that anything transferred would be "infected".
I have heard of remote control programs for the TI-92, if just plugging in a link cabl;le to another calc could initaite a transfer, you would have a pretty good virus,
Imagine this "game" getting upladed onto ticalc.org
I would like to point out that the TI-92 pluus is my favorite calkculator of all time (Ive never used the voyage 200, the 83's arn't bad, but the 86's arn't good, at least not from a programming standpoint)
(this is slightly ontopic because the the TI92 uses the motorolla 68k, which some of you might recall was the original macintosh proccessor!)
First of all, any operating system can have a bug in it, just like any other piece of software can have a bug in it. Some are serious, some are not. And anybody who knows anything about internet security can tell you that the next thing to get you will almost always be the thing that nobody thought of. If you're depending entirely open your OS security to keep you safe, you have a problem.
When bugs are found and updates are released, this is a good thing. If the vendor doesn't get an update out in a reasonable amount of time, that's a different issue.
Having said all that, I should say that OS X being Unix underneath certainly does come in handy for security issues that come up. Windows users do not have (and often could not use anyway) that luxury. Yes, I'm an OS X user, although I am a long-time Windows user (since 3.1) who still has a Windows box. Both of them are behind a firewall so I don't spend a whole lot of time sweating every little security hole that comes up in my operating systems.
RP
After reading the article, I bave two things to say:
1. These aren't exactly easily exploitable remote root's like windows has had 50 of. There really is no comparison.
2. Installing XP yesterday, I was r00ted before I could get to Windows Update. This is just. plain. ridiculous.
I don't know about you guys, but there really is no question of what OS to use if you really want it to work right, be stable, and be secure. NO QUESTION. "usability" is close enough in Linux for me. AND ISN'T A VIRUS EVERY FIFTEEN MINUTES SOME SORT OF USABILITY PROBLEM?>??
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
Bear in mind that at least UNIX was designed with multiple users and administrators in mind, whereas Windows most certainly never was.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Exactly. I get this question in our office at least once a month. Some poor fool will walk up and demand he needs the administrator password on his machine to install a piece of software. Sometimes they will even argue with us that local admin isn't the same as admin. It's strange...they are always wrong. :)
First of all let me start by saying that I do not own Man and don't use it neither at home nor at work. Mostly I use Windoze XP and Linux for everything I do.
So what if OS X had 1 root vulnerability in the past 18 month? Windoze has 2 coming out every week!
Then the author compares OS with something like iTunes! WTF? Apple to Oranges anyone?
The flaw the author writes about deals with DHCP. The same attack can be mounted againts Windows machines. The author is comparing one weak flaw to hundreds of Windows OS flaws and making what point exactly? He is also ignoring the hundreds of Virus attacks that take advantage of scripting flaws built into the Windows OS and the MS Office suite of applications. It is a very weak attempt to try and make everyone beleive that Mac OS X users were exposed to mass attack ala the "blaster worm", but they were not attacked because their market share was too small. The reason the attacks did not occur is because it would be difficult to make it happen and the vulnerability is very hard script an exploit. Additionallly the author should check the latest industry sales reports on laptops. Powerbooks running Mac OS X are in second place for market share in the United States.
3.) I have no idea what the difference is among S/MIME, GPG/PGP, and whatever it'll be changed to tomorrow. I don't know which to use. Not an insurmountable problem, but in the face of the other two, it's clearly not worth trying.
2.) Documentation is either obtuse or aimed at newbies just getting started. There's nothing out there that is both understandable and answers questions like "Should my keys expire? If so, when? What do I do if I change my email address? Do only subkeys matter, or what?"
1.) Nobody I communicate with gives a damn. They're not even techies; if this stuff is too hard for me, it's positively hopeless for them. They can't even handle an upgrade from Firebird 0.6.1 to 0.7 by themselves.
Unix is more elegant, but the fact that it grew up together with the Internet as a networked OS. This was not an afterthought. Neither was multiple users and security. When you work with something long enough, it becomes second nature and solid and secure. How did Windows start out? Single user. No Internet. No concept of services/daemons. You machine was its own little island. It was all about the single user GUI in the office to do one task.
And anyway, if XP is so secure, why are they scrapping it for a complete new rewrite - again? It's because it can't be fixed and it has more security leaks than a seive. Microsoft has tried and tried to reshape the Internet into what they want it to be and, thank god, it's failing. And in a way so stupendous that now those that get sacked regularly gotta go off and complain about it. Well boo hoo to them. I've never experienced a virus or worm on OS X or Linux/Unix and I don't suppose I will be anytime soon. There's a reason for that and m$ still doesn't get it.
kernal [sic] panics? we have about 5 people in our department with macs, and none of them had a kernel panic after installing 10.2.8. you could have cited the network issues that came with 10.2.8 prior to the patch, but I guess you're not really posting to be informative are you?
Articles like this caused me to cancel my subscription to PC Mag. This article confirmed I'm not missing anything. I wish he would tell his editor I don't subscribe because of articles like this. I've not had a single problem with OS X. I used to use Windows. A few weeks ago the network at a hospital where I work was brought down because of a virus. Earlier this year I watched as my campus network slowed to a crawl due to a worm that affeted Windows machines. And the article mentions this hypothetical problem with the Mac OS. Whatever. Glad to know I'm not missing anything now that I've cancelled my subscription.
it's not propaganda when I say "windows has many security holes that have been exploited by many viruses that really didn't do all the damage they could have (eg - format c:) but that cause a lot of trouble to windows users. Trouble linux users and Mac users just don't see."
That's not propaganda. Because propaganda is something that ISN'T TRUE. And what I said, is.
you see, being a linux zealot is fun. being a mac zealot, well you get to pay more, but you might jsut get more. being a windows zealot...um..you pay more, and...you...get less! yeah!
propaganda, 2 : the spreading of ideas, information, or rumor for the purpose of helping or injuring an institution, a cause, or a person
- m-w.com
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
A bug in Windows 3.1 and forward allows a malicious attacker with access to the local network to hijack your machine and run any program he wants on the users machine.
The attack goes like this:
He sets up a DHCP server
Feeeds computers booting with fake IPs for DNS and WINS servers.
Redirects the NETLOGON server shares to a share under his control. Makes sure the login script runs his software.
It is thus recommended that all Windows users, especially coorporate users, disables DHCP in the TCP/IP settings, until Microsoft starts shippign support for DHCPS - which is DHCP over SSL/TLS.
It is important to do this, since if only some users does it, it might be difficult for thew machines to connect to each other.
Heh. I wrote a program that does something of the opposite. It prevents the user from clearing the RAM using the standard command, thus enabling me to play games during tests.
The program runs a similar 200 Hz interrupt handler, which tests for the "Yes" item of the memory-clear dialog box in the menu stack. If it is present, the handler changes the menuitem's call address to a custom routine which fakes a memory clear. As with yours, it stays in even if you delete the program, etc.
I hereby place the above post in the public domain.
"HAHAHAHAH!! Mac OS X isn't perfect! Duh, I'm so smart!"
Is this guy for real? How does a vulnerability which involves an attacker having to break into your home network (much less a corporate one), take over a machine and then set it up as a rogue DHCP server anywhere near equivalent to something like Blaster, which spread automatically, with no machine spoofing required? Honestly, if your network is so utterly open to attack that it's a trivial task to spoof a DHCP server, there are bigger problems than OS X's security flaw there.
The claim that Mac OS X would have more viruses if it was more popular holds some merit, but it says nothing about the lethality of those viruses. OS X has all sharing network services off by default, unlike Windows, shutting down a large avenue for virus propagation. Mail shows the entire file name of an attachment, preventing attackers from hiding extensions. Mail also does not automatically execute attachments. Furthermore, any application wishing to do anything as administrator has to ask for a password by default, and root is disabled by default. This is not the case in Windows, where tales of administrator accounts with blank passwords abound. While there may be more attempts at writing viruses for OS X if it was more popular, far fewer of them would actually reach the scale of damage that things like Blaster did. Windows is an ideal virus propagation platform not just because it's popular, but more importantly, because it's default setup is insecure as well.
I'll admit, right away, that I'm a Mac user. Then again, I'm also a Windows user, Linux user, SunOS user, etc. I'm really not *that* platform dependant. I guess I really don't understand the reasoning behind arguing over an OS. The argument is rather petty if you are not doing anything to improve upon the security of the operating system you favor. No OS is perfect, and no OS is totally secure.
I did find a few problems with the article (beside the fact that the author was bashing mac users who bash windows users...circular logic, anyone?). The author claimed that due to the fact that DVD Jon cracked quicktime encryption of ACC streams (used by the iTunes Music Store) doesn't mean it's going to bring either the MacOS or Windows to its knees. It's a f**king MP3 player for Chrissakes. Sure, vulnerability that could circumvent OS security might exist within iTunes, but the specific nature of DVD Jon's crack has nothing to do with OS security.
The author made this claim about the cross-platform iTunes "exploit" while failing to mention anything at all about Macros, and the possible for viruses that accompany them. To me, it seems that the author was grasping at straws without having any concrete evidence to back up his claims.
Whenever I read an article from one side of the OS wars bashing the other side, I tend to think that the author was in danger of missing his deadline and needed to come up with something in a hurry. Why does this issue never get old? Perhaps we should think about ways to make our OS of choice more secure rather than bashing others' flaws.
AgentOJ
no... really.
Unless you can be more clear WTF are you on about?
Actually, you can often do the exact same thing in Windows 2K/XP. When you go to install a program in Windows you typically only need Admin access if:
1) The program needs to write files to C:\Program Files, C:\WINNT, C:\WINNT\system32, or any of a number of other protected directories.
2) The program needs to add a system service.
3) The program deals with low-level drivers.
4) The program needs access to HKLM or other restricted areas of the registry.
5) The user account in question has been explicitly disabled from doing Widnows Installer installs and the program in question using a Windows Installer install.
Number 1 is by far the biggest program. Most programs default to installing in C:\Program Files and most users leave it set to that and then get upset when the install fails....but only Admin and Power Users have default access to that directory...if you want to do a "little" install then just change the installation path to your local directory...typically C:\Documents And Settings\[username]...and you'll be all set as long as it does not violate on of the other conditions stated above.
Which machine would you take out the box and hook up without worrying too much about being hacked. It's not Windows. The situation has improved, but one vulnerability (not an exploit) compared to how many WinOS exploits? Come on, my grandma's getting a Mac.
I dont know if anyone else has said this yet, but the specific vulnerabilty that this guy is referring to was fixed by Apple and downloaded by me no less than 6 days after Panter was released. That is service. Apple took care of the issue before it was indeed and issue. Before however many millions of computers were affected by it.
One could argue the author was incorrect when he stated Jon Lech Johansen circumvented the iTunes music protection scheme.
It takes eons to make any system user friendly, but security is inherently part of neither the friendliness nor the usability equation. Similarly, making a secure system friendly need be no more difficult than making an insecure system friendly and easy to use.
That's not, however, why "no other OS even competes for Windows market share yet." The reason MS has no competition is Microsoft's monopoly position in the market and the massive inertia behind Windows. But again, don't neglect to notice that Windows is neither secure nor easy to use, so any difficulty other hypothetical systems might have in combining those two characteristics shouldn't really be too relevant in that system's difficulty in competing. Market forces aside, for an alternative system to match Windows, that system only need be minimally secure and surficially easy to use.
But even back then, I had this gnawing suspicion that 18-month software development cycles could somehow hurt the platform. Before the tide really turned, however, I switched to PCs. I had joined PC Magazine, and the editorial staff used them.
That's the Mac's problem! He has nailed it! Apple develops new and vastly improved features (in the range of 150+) - basically an overhaul of the operating system - every 18 months. Rather than this whole OS X thing, they should have just created a new theme for OS 9 (oooh, maybe with Green highlights) and changed its name every so often...
If you can't taste the sarcasm, just smile and nod...
Disclaimer: This comment was generated by a Flock of Trained Microsoft Programmers for Aqua_Geek.
That was awesome. Seriously.
Just the fact that OSX is Unix based automaticlaly makes it more secure you fuckhead. Kill yourself to preserve the intelligence of the human race if you think Windows is just as good as OSX. Mother of god, some people really deserve to die for stupidity. Why would anyone be an advocate of Windows anyways? Just because you use a PC? I hate Microsoft with all my heart and the only machines I've ever used were PCs. Uh oh, 1 OSX flaw vs a million more serious Windows flaws and counting. Eat a dick asshole.
I'm not anti-microsoft. I'm anti-bullshit. Which means I'm anti-microsoft.
I used to have a USB hub that I eventually determined was the source of a long running string of kernel panics under 10.2.2-6.
Bad hardware can bring to a halt even the best operating systems.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
"How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here."
Not if you allow some feedback you ignorant a**hole
When you think about it, there are probably hundreds of Macs connected to the Internet these days. Imagine the mess if all of them were compromised at once.
Funny how he keeps attacking Mac Fan(atics) and calls himself not a fanatic, all the while the tone of his writing is pro Windows
>
Why is he taking this personally if he is not a Winows Fan(atic)? With statements like this, who is the fanatic now?
>
so he found a vulnerablility on OS X, as opposed to wekkly findings of vulnerabilites on Windows... why is this a story?
This means anyone can walk up to your machine and boot it into single user mode and completely root you.
oh my god you mean someone with physical access could also somehow DNS spoof net info and get root access. Oh my alert the media.
The point is where one draw the line between ease of intergration versus security becomes cloudy once one gets to the point of requiring physical access to engage in a hack. The ONLY thing that I see distinguishing these analogous root attacks is that most people are aware of the single-user boot attack and though it was well documented the DNS attack was not well known and thus could have surprised a lot of people.
Fixing this now presents apple with a dilema. Consider that happens if they were to issue a security update that went around and turned off this feature. Suddenly all networks that had actually been using it suddenly stop working and some sysadmin has to figure out why then reconfigure every machine to turn it back on.
Thus you can see why they have not rushed to change the default. But one assumes that they will ship NEW os's and new computers with it turned off in the future.
this choice for easy configuration assuming the local network can be trusted dates back to the time of NFS. And NFS is still presents almost exactly the same potential security hole (if you remote NFS mount your home directory you just pulled your pants down, grabbed your ankles, and said "ah" if I can jack onto your network. ). NFS has not fixed this problem yet either cause doing so would break a lot of networks.
Some drink at the fountain of knowledge. Others just gargle.
mod up the yin yang
So an attacker who can gain access to your network -- over a wired connection or wirelessly -- can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.
Okay, so the article is saying that by tricking a Mac into mounting my drive and having that Mac reboot I can magically take it over????
This article seems to be just an excuse to bash Macs. Very little is talking about the actual security problem.
Anyway I find it hard to believe that those Macs have the remote volume mounting features on by default since most Mac users probably would not use such a feature.
Too bad the author did not pull his head out of his you-know-where to tell us anything useful like how dificult it is to pull off such an attack. If it is only a problem on a local network then the atricle blows things way out of proportion. If you could pull this off over the Internet then a Dial-up user would get a new IP address and would need to be tracked down again.
Ultimately, those on the Mac fringe have to face facts: Panther and Jaguar were not better at outrunning vulnerabilities than Windows.
You don't "outrun" vulnerabilities, you avoid creating them. So just because someone found one (probably) weak-ass vulnerability in Macs, Windows is magically on par with Macs as far as security goes.
I would be more convinced if I saw a side-by-side list of all known Mac & Window vulnerabilities. The author of the article needs to be drug into a dark ally and have some sense beaten into him.
Losing faith in humanity one person at a time.
So what do viruses actually do today that require root access? Most viruses are DDOS zombies or spam relays. So, it can't write to the base filesystems - big deal. All it needs to do is run when the user is logged in, and it's just as effective.
.bash_profile as it is to be run from /bin.
This argument should be retired. If the virus isn't looking to delete protected files, it's just as deadly run from your
"How cocky are you feeling now, mac elite?" Hmm, still pretty cocky. How bout you?
Even if I say something insightfull or inteligent, it doens't matter cause I'm an ass.
PC Mag Exec: Look at all the free press we're getting because ole Lance wrote a stupid story! Give him raise!
Everytime one of my PC using friends gets a virus, MY inbox fills up... I wish I wasn't in their address list.
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
The truth is that in most corporate networks they ARE trying to take away our Macs! All in the name of a "reference platform" and "reduced support costs". The argument goes something like this: if everyone had the exact same hardware and software then it will be easier to maintain and cheaper.
Of course this doesn't take into accout that using a system that is more vulnerable to attacks or more prone to HW & SW issues is by design more expensive to maintain. The more issues to identify and solve per system / user, the more costs associated with this activity.
This should be economics 101 (and IT support 101), but sadly it doesn't even seem to be considered. Most every normal task can be performed on both Windows and Macs. Software selection is not an issue for these tasks, you only need one set of software that works. It doesn't matter if one platform has 100 choices and the other has 3 or 4. If you have a set that works reliably you are all set, and patching constantly and dealing with the headaches isn't reliable in my opinion.
And I work with both systems daily, including programming in C/C++ and others.
BC
What qualifies the password file as brain damage? It's not that different from LDAP support on Linux and Unix systems. On those, LDAP will be used before /etc/passwd. The passwd file is just a fallback for uids only defined locally, or when LDAP is down.
Why would one read about Macintosh, or for that matter any, news from PC Magazine. I don't consider it a valid source. Now I will go read it, maybe he cites a valid source.
He has learnt that there is one security flaw on OS instead of hundreds on Windows, and concluded that "Panther and Jaguar were not better at outrunning vulnerabilities than Windows". Am I missing something here?
>> I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts.
He is tired of the truth.
>> I generally counter with what is apparently a secret carefully hidden from Mac zealots: "That's because only a fraction of the world uses Macs. What's the point of attacking a niche market? No one will notice!"
This argument is really old and doesn't make any sense. More usage doesn't always mean more security issues, because Apache is twice more popular than IIS and has less that 50% vulnerabilities.
>> But the mindlessly superior retort is always the same, "No, it's because the Apple OS does not have the same holes as Windows. OS X is just a better operating system."
MS has issued hundreds of security patches over the last few years, versus only a few by Apple. If that doesn't prove superiority, what does?
>> Given this recent development, my question is, "Will you be stuffing that superior attitude in your crow or eating it separately, sir?"
Do you have an inferiority complexity, Sir?
And make one. Call it whatever.
Then... Start... Run... gpedit.msc
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
And assign the rights you want to the group.
Try:
(Access computer, Allow Logon, Bypass Traverse, Change Time, Profile Processes, Remove from Dock, Shutdown)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
n/t
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
See how far that gets you...
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
This was scored as insightful? Please. The "vulerability" does not actually affect 99% of Mac users and was put out by a company that is a shill for Microsoft. Please do some research next time.
Try making the world's 3rd fastest and 1st cheapest supercomputer with a bunch of Windows boxes! HAHAHAHA
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
is it that hard?
A lot of the IIS problems became so damaging because for a long time, Windows 2000 came with IIS enabled by default. So in terms of installed servers, IIS had a much larger "market share" than Apache, even if those servers weren't doing anything aside from sitting around like little ticking timebombs.
I agree that the privs on / suck. On X Server / is not group writable, but it is on the client OS. I understand why Apple did this, since they want it to feel like the old Mac OS, but it still sucks.
As for lookupd (that crazy authentication daemon), you might not like it, but you have not pointed out any problem other than that it is different. lookupd allows Mac OS X a lot of flexibility and simplicity in configuring the OS to work with various directories such as NetInfo, NIS, LDAP, Active Directory, et al., with sophisticated high level APIs, while still being compatible with getpw*(). I do not see this as weakening the system.
>The holes are no surprise.
No holes in OS X I am aware of reported so far have been related to weak privs on / or lookupd.
Hyperbole is the worst thing ever.
People, in general, are stupid
This guy makes almost his entire argument based on the fact that osx has such less marketshare then windows
But does this matter? The best selling car in america is the toyota camry. would you rather drive a camry, or if you can afford it, a cadillac?
I own a mac. and ive owned two cadillacs. and ive used PCs. and ive driven camrys.
ill stick with a computer that is problem free (mostly. noting is problem free, but the more problem free systems are prone to people saying "I TOLD YOU SO" whenever the slightest problem arises), and the smoothest riding car on the planet.
you CANNOT judge the quality of a product by marketshare, when 90% of the world are idiots.
So, tell me, how do I know that if I turn "Workstation" or "Server" off my machine will go kaput, but that I *should* turn off "Messenger" and "UPnP" (which are on by default, or were when XP originally shipped).
And should it be "disabled" or "stopped" or something else?
This stuff is NOT clear to the average user, at all. I've figured it out for the most part, but mainly through enthusiast magazine articles.
Get an inexpensive router/firewall box from your local computer store. Set it up before you do your install. It's not 100% proof against someone with the determination and skills, but it's enough to keep the skript kiddiez out, at least until you can patch and harden your system and turn off the dangerous services.
Knowledge is power. Knowledge shared is power multiplied.
"This is a significant hole."
One hole was found, not one every day, week, or hour in the like of the MS empire.
I alway thougth of:
MS = mediocre software
Written by people wearing suits pretending to be educated. Sigh, go back to your 'meetings'.
We all know the mac has a huge security risk. It's a major issue. From now on OS X is as virus prone as XP. And Apple's DRM has been Hacked. People are pirating the iTMS as we speak.
;-)
And in other news, SCO really was attacked from outside by an evil DDOS. Those Open Source Commy Bastards.
Believe everything you read folks.
I think, therefore I am...I think.
give MacOS even 50% of the market share and see what changes... The viruses will always be written for the most damage. thats the reason there aren't many Mac viruses or Linux Viruses, they do exist, and they can be just as devastating as the viruses on pc. sure there's no "blaster" worm for macs (yet) that doesn't mean there won't be in the future. remember the blaster worm's vulnerability was patched long before the virus came out. I was protected because A. I had a firewall blocking those ports already and B. I kept my windows up to date. same with my work, it was all locked up tight.
I don't own a Mac, nor do I want to really. I have enough to spend my money on thank you. I find it funny though Mac users tend to push themselves as superior, and maybe macs are superior, their users aren't, they're equal, maybe a bit more arrogant when the next biggest worm comes out for windows. but if Apple was in Microsofts shoes, with a huge share of the marketplace, and windows was relegated to MacOS levels, roles would be reversed, the viruses would be written for MacOS, the vulnerabilities would be found more readily for MacOS, and there would be millions of Mac bashers here on Slashdot...
When you think about it, which system should you write a virus for? Mac? nah, they don't have enough of a userbase, Linux, nah, again they have too small a userbase, and they're technical, they'd find me... Windows, wow, there's millions and millions of them, and most are too stupid to know better... There's the target...
Local admin is certainly not the same as Domain admin.
somebody needs a hug
Here
Several years ago when Microsoft settled a lawsuit with Apple and paid Apple, was it $200M, it also paid the same amount for nonvoting shares of Apple.
Should there be a Law?
"Local admin is certainly not the same as Domain admin."
True, but the issue doesn't involve a domain. I was referring to the default setup of users on a standard install of a home-use machine.
dmiessler.com -- grep understanding knowledge
Look out for him on this here 'interweb'...wouldn't want to bump into him in a dark dorm hallway...
Um. As an administrator user, yes,
echo "foo" > /bar
works. What happens if I try to modify any meaningful directory, though?
dhcp150% echo "foo" >zsh: permission denied:
dhcp150% echo "foo" >
zsh: permission denied:
dhcp150% echo "foo" >
zsh: permission denied:
dhcp150% echo "foo" >
zsh: permission denied:
Furthermore, your original test case appears to only work for an administrator. (People seem to forget that "administrator" is a separate concept from "root user" under OS X.) Create a standard user and try to create a file in the / directory; at least on my 10.3 system, it gets a "permission denied" error.
I'm not convinced you've made an airtight case against any "seasoned administrator" ever letting OS X into production.
Sounds like a good reason to keep M$ boxes off your network. That steaming pile of dung is easily owned and then used as a base of attack. Think about it, in a properly constructed network there's nothing to fear even when using obsolete protocals like telnet and ftp. You only have to hide your passwords when someone you don't trust might be listening and a well constructed gateway would keep that from happening. All is well till you put a machine in that runs an email client as root that automatically loads music, images, scripts and other stuff.
Friends don't help friends install M$ junk.
Motion in the gloom of a side street catches your eye. You turn to see what it is. There, in the vomit and urine stench of a gutter, you see a form rising. You see the whites of someone'e eyes. The stench and filth turn your stomach but you stare transfixed. You think of calling an ambulance for the poor trashed bastard. There, it's a man! It's Bill Gates!
He points a finger and thunders with all of his might, "You are no better than I am!"
Friends don't help friends install M$ junk.
Before I start, let me say I have a PC w/ Linux and an iBook which is the computer I use for school work, email, IMs, etc.
Apple occupies much less of the market, so obviously there are going to be fewer "exploits," at least fewer that are in the public. Second, because Apple has less of the market, the is less incentive to exploit anyholes that one may find - do you want to spend your time writing a worm that can infect 85% or 10% of computers? Third, both OSes are really very good, but out of the box, comparing security between the two is a joke. Its like comparing two guitars when neither of them are tuned correctly... some configuration by a knewlodgeable person is always, no matter what, going to be required.
Looks like Apple set the sticky-bit on /. Even though you can create a new file in /, you can't edit any of the important files there nor can you modify any of the files in /etc w/o sudo/su'ing first. (My experience is only w/ 10.3.)
The guy's a total moron. Ignore him.
they ARE trying to take away our Macs!
Unless you're using your personal Mac at work then its not your Mac, it belongs to the company you work for. If they're paying you then you should use whatever they provide. If it is your Mac you're using at work then your IT is wrong for allowing machines beyond their control access to their networks.
The most cost effective solution is a completely homogeneous network comprised of identical machines and software. If the IT Dept is doing its job the users should be unaware of any patching (which can be minimized and automated by utilizing the Admin tools that come with W2k or XP Pro).
Obviously it's not cost effective to try and cater to every user's personal preferences. Not only would IT have to deal with cost by new Macs and Office for Mac but they'd have a whole new set security issues to deal with. Which translates to higher costs though increased training and staffing.
And, on a side note. Slashdot Accounts are Free and Fun. Or, if you've already have one, Log-on.
I think I think, therefore I think I am.
If you want a pure Unix environment, then stick to Linux or BSD. Though, even they are evolving, though in a more conservative manner. For the IO Apple dropped the traditonal architecture and designed their own object oriented driver architecture known as IOKit.
The root directory is very much like that of the boot drive on MacOS 9 or MS-Windows, in that you can put anything there, though there are certain directories which must remain for the system to operate. If you wish to keep the base directory organised in a more traditional manner, then that is your choice entirely.
If you are interested in reading more, then some links are as follows:
Darwin Documentation
IO I/O Kit Fundamentals
Jumpstart the tartan drive.
He may not have made "an airtight case against any 'seasoned administrator" ever letting OS X into production," but he sure did impress me with his Unix Kung Foo!
;
I'm also impressed by how thoroughly he investigated the platform. Impressive.
Doug
A Dannish company announced a secutiry hole in IE today. Kind of ironic, huh? http://www.informationweek.com/story/showArticle.j html?articleID=16700218
Vindication!!!!
I have just read two articles by you, linked from slashdot, the site you love to hate because simply no one likes you or your opinions, which, to me, is what it seems to boil down to. I was amazed on your wild theories of OS security, mainly because I use OSX (which really isn't the same thing as System6), OpenBSD and Windows XP at home, and while recently reinstalling Windows XP on my new Dell (I was dumb enough to have it connected directly to the internet) it got rooted before I even had a chance to get to Windows Update. I somehow think you have no idea just how bad the security is on Windows (At my last job I was a system admin for a small company with 20 WinXP machines).
Mac OSX isn't perfect, and Apple has let some nasty bugs siip into the OS from time to time, but I have peace of mind at home because I don't have to worry that the Firewall isn't on by default etc. Don't get me wrong, I find Windows ok if correctly maintained and you're right about Apple zealots bashing Windows for no real reason, but you give the impression of doing exactly the same thing form the other side.
Maybe it's time to visit the doctor and get the EEG checked out.
Peace and Love Lance, say hi to Darl when you get to the clinic.
I think the tone of the article is just a result of most non-mac users just sick of mac zealots in general. The holier than thou attitude and rampant annoying fanboy squealing every time Steve Jobs farts in their general direction (MP props).
Bottom line. PC folks just don't spend that much time waxing their dicks over their OS. They spend time using their computer. If Apples are easier to use (I don't agree), then it's a good thing because 50% of the time spent is rubbing one out to how your baby blue GUI makes you randy.
Christ..
Karma means nothing to me, so suck it...
Honestly, the whole "mac elite" statement just tells me that this guy wants a mac, but has to use a pc at work, and can't afford to buy a powerbook.
Have we LOOKED at a dell laptop when it sits next to a powerbook? NO! the dell looks like a mass produced piece of IKEA shit compared to the thought out design of a mac.
and that is just the industrial design.....
about this is that in the end bad press has become the norm.
This guy's fud is picked up by ABC news without any balance. That's something else than a PCMag editorial masturbation. His editorial, his party, let him have fun, but for "serious press" to run this? fffff
Likewise every SCO fart is largely picked up without any balance either. Really, they were attacked from outside. By those bad OSS programmers, the commie bastards.
What a shame when well thought out arguments and facts are just a few clicks away.
Oh well, everybody has the right to remain stupid...
I think, therefore I am...I think.
Windows corrupting sounds like it might be a hardware issue if it's your files getting corrupted. Either a bad hard drive or ram/cpu/mobo issues. Don't worry apple was a good choice as you'll surely get quality hardware.
Running pc's ain't that hard, especially in a controlled setting like a lab.
Hmmm... Pie...
I remember using OS X from version 10.0-10.2.x (haven't gotten around to panther yet). I remember updating it using the update utility and there were some for security as well so this can't be the first and only one.
A lot of it was for individual applications BUT most windows flaws seem to related to programs like IE which are also application flaws.
Hmmm... Pie...
Sure enough Lance Ulanoff can not be the only one that has grown pissed off by users of other systems constantly declaring their superiority. Some of the Windows users is bound to be pushed over the line by constantly having their OS of choice criticised, and some of those users must be familiar with programming.
So just why has none of those users come up with a proof of concept for nay of the current or past known vulnerabilities for Mac OS X. Not something ultra malicious needed, just a small example that proves it can be done? I am sure allot of people would like to see that.
But until then I will continue to use Mac OS X with a smug look on my face.
How does a default setting regarding a specific directory's permissions plus the fact it doesn't use /etc/passwd make it "unfit for production"?
/etc. That's just how it works. It uses the NetInfo database. This is one of the few actually well-documented parts of OS X. /etc is a vestigial limb, it's a dummy file which is involved in startup but it is not actually used for real user info. It's used in single user mode because single user mode is an emergency startup mode used for debugging, and NetInfo doesn't launch in this mode unless you launch it, because part of the single user mode's hypothetical purpose is to debug problems with NetInfo!
OS X doesn't use
You might as well call Linux unfit for production because you can do some potentially nasty security-related things in some versions of Lilo.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Although I don't know you, I'd bet heavily that I'm a far more seasoned UNIX admin than you are.
That said, what exactly is the point you're trying to make about NetInfo?
If I'm getting you, you're suggesting that NetInfo in place of flat text is somehow wrong? Have you ever admin'd a cluster of several dozen boxes with thousands of accounts?
I have better things to do than manually or script-sync thousands of accounts across multiple boxes.
It seems fewer and fewer people can afford clues these days.
bash-3.00$ uname -a
SunOS panda 5.10 Generic sun4u sparc SUNW,Ultra-2
>> It's pretty sad that Mac users have to make themselves feel good about their preference by pointing out all of Windows flaws.
:-)
This is commonly known as a "S.O.D." or "service of denial" attack.
Well this guy seems very XP-enthusiast. Well another story by himself : "The Fog of XP", 00.as p
:)
http://www.pcmag.com/article2/0,4149,1211175
It was written in august : it seems to me this man has a less than 4 months memory...
IT'S FREAKIN BSD!
Stuck in the middle by the GNAA...?
This is creepy. He just described what happened with me as I installed Win2000 on my girlfriends computer last week! It installed, and before I could download a firewall via the dial-up, the computer was infected with a variant of the Blaster virus.
What do you say? He's talking about Macs? But my girlfriend just got her iBook and she did not get the Blaster virus within 10 minutes of dialing up to the net.
My head hurts...
Uh, yes that is the point. I prefer to use a superior OS instead of an inferor one. If you think that is besides the point, be my guest.
And for the record: I use Debian.
I don't want to get too involved in the debate, but I'm a freshman at Berkeley. One of my roommates has a Mac, doesn't use virus software, and has never been infected. My other roommate stays current with security patches AND has virus protection software. He had to nuke his computer a few days ago because his virus software only could contain 30 viruses, and he had gotten a 31st. Within minutes of booting his reloaded computer, WITH SECURITY PATCHES, he had already gotten his first virus. I mean, for God's sake, he hadn't even opened a web page or a file. He hadn't done anything. His only crime was turning the damn thing on.
A kid down the hall got a brand new Toshiba a couple days ago. Fresh OEM software with all patches pre-loaded. He had a virus within 2 minutes of plugging into the internet.
It's hard to argue with stories like these.
" If macintosh computers and OSX got as popular as Windows [...]"
Sure, but part of the point is they won't. Ever. So its like Ken Beatrice used to say "If 'ifs' and 'buts' were candies and nuts, oh what a party we'd have".
If you use OS X, you're simply not going to be subjected to attacks that way.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
And someone that cares about his OS to a certain degree bothers to write an entire page (which is full of crap by the way) to explain why Mac OS X sucks as much as Windows?
Silence, sometimes, is valuable. You don't deserve an answer.
Diego Rey
diegoT
This whole "Windows patches suck" issue has been done to death, people. Yes, there were instances in the past where things went really wrong. However, Microsoft HAS gotten better from NT to W2K, and will presumably continue to get better.
If a patch fails, it's probably because of another piece of software on the system. That's why it is important to do at least some rudimentary testing of a patch before applying it on a system. Also important is to read the entire security bulletin; Microsoft now lists all other known ways to remove the vulnerability without installing the patch (i.e. stopping vulnerable services).
For our department, it has gotten much easier to keep our Windows systems secure over the past year, and that is completely because MS has gotten better with their patching procedures.
Apple Magazine: PCs insecure
"And I for one welcome our new insect overlords."
Macs are usually single user systems. A single-user system should use /etc/passwd, and the single user should give up all privileges when they are not needed.
Ever hear of slipstreaming? You can take a SP and make a new install CD with it.
Visit a site like bink.nu and look for slipstream (AKA bootCD) info.
The fact of the matter is that many things are not totally secure right out of the box (even OpenBSD experienced this once or twice). If you buy any machine where security is an issue you really need to take an actice role in securing that machine and keeping up with security patches and the like.
Mac, Linux, Windows, whatever... you need to activly make sure your machine is secure if that's important to you. The default settings on a new machine are usually pretty permissive so that most generic 'end users' will be able to do all the things they need to do without having to understand any "internals" of the OS.
The point is, if you get a computer of any kind it is -your- responsibility to keep it secure if need be.
Dear Mr. Ulanoff,
/. and so seen by thousands) this paper shows up:
S X_ Shellcode_Assembly.pdf
/., not some backwater usenet), anyone could attack MacOSX boxes, *if* a vulnerability is discovered in it or in its running services.
I am writing to you just to send you a couple of informative references on general computer security. I promise to stick to the basics, and I am sure you will dig deeper if interested.
One of the basics of remote exploits is the ability to -once a remote vulnerability is discovered-, send malicious code snippets that get executed with privileges on the target computer. For instance, they might be sent exploiting a buffer overflow bug or a flawed service left running on an open port.
This is well known in the MS Windows world and even Linux, as they commonly share the same underlying hardware architecture (namely x86). There is plenty of information on how to build such malicious code snippets (basically anyone knowledgeable in x86 assembler can do it) as well as pre-built apps and scripts to send them. This is well known. It is also well known that a vulnerability must be present for the code to be able to be executed at all.
It is a common myth that -by following this logic-, other platforms that are less used, like for example MacOSX (subject of a security article of your own), are more secure because technical knowledge about them is less common (eg. PPC assembler language) and are not so commonly used. One might think the malicious code needs to be built by real gurus, few in number, that have no interest in doing that.
*However*, doing a trivial search on Google (also published on
http://www.securiteam.com/securityreviews/PPC_O
Is a no-nonsense compilation of MacOSX PPC malicious payloads and the rationale behind them. After copy-pasting from it, anyone can do remote attacks on MacOSX, *provided* a vulnerability is actually found. No vulnerability, no attack. The paper requires a low level of technical knowledge and actually has little merit (apart from being somewhat clear and concise).
So, using information freely available, easily found, in common knowledge (published on
So it *cannot* be possibly said that MacOSX achieves its high level of security by obscurity. It accomplishes it by *design*.
It is really sad that the old argument of 'security by obscurity' is being raised over and over. Read that paper.
Mr. Ulanoff, I promised you two links and I have provided only one. The other is not actually a link but a reference. Just walk to your nearest technical bookstore or Computer Science library, look for the PPC assembly and architecture books that have been publicily available for years. My cheapo college library has them, yours surely has.
I am looking forward to further informed security articles by you. Please do not hesitate to mail me should you need further references on this or any other technical question.
Best regards,
xxxxxxx
I like you alot, even so.
Blar.
If I have to admin the security from the console, apply the security fixes from the console, and have to go to the console to even check to see if there's a break-in, then having a hard time controlling a machine remotely helps me in terms of security how?
One way that the open DHCP configuration could be exploited from anywhere on the internet is if there is a Windows machine on the same subnet. It could be broken into, and used to own the Mac. This IS serious. It appears best not to run Windows on the same subnet with your Mac.
This is only a Major Mac Breach in the sense that, it's the most serious security issue on the Mac today. In the mean time, someone anywhere on the internet can do whatever they want with your machine just because you run Internet Explorer on Windows. And this isn't serious because no one has bothered to exploit it. There are so many other choices for which exploits are easily available.
At work, I use Windows 2000 Pro. It works fine. In the past 6 months, I haven't been infected with a virus or worm. However, the network was slowed to a crawl for about a week this summer when a significant fraction of identical machines were compromised. The de-lousing and the patch downloads, installs, failed installs, reinstalls loaded the network down, and positive non-zero work (for me) could really only be accomplished on the Unix servers.
Since then, about twice a month, when I boot Windows, some patch or other gets installed, and, typically, my machine is rebooted, and I have to log in again. It's a nuisance, costing me only about an hour a month. I've only had to call the help desk twice over patch issues.
The reason it works so well, is that the company has a firewall, which is monitored continuously by staff. Vendor patches are monitored, tested on isolated test machines, and automatically sent to end user systems on reboot. This works, because, in Windows land, frequent reboots are still manditory. System stability is such that you can't simply leave the system up and running for weeks or months. This is still an improvement over Windows 95, where in addition to insecurity, installation of commercial software ran the risk of creating software incompatibilities, compromising stability. The company's response was to have a staff perform compatiblity testing, to ensure that I could get the right versions of the tools I might need.
At home, I'm also connected to the internet on a 24x7 basis. I don't have a staff to monitor vendor patches and firewalls or to man the help desk. I can only look at the system for about a half hour a week night. This is not enough time for me to read my email, and persue my interests. I still need security, so Windows simply isn't an option. The options are 1) a Mac, and 2) Unix (Linux in my case). I'm on a limited budget, so I have opted to use Linux as my firewall. So far, it's been secure. I've shut down non-essential services, I've applied both relevant patches so far (I have not heard that there is an exploit for either).
My email client has a built in spam filter, and does not, by default display email. I get to evaluate the subject line first. Therefore, I generally do not get smut in my face. My email client is incapable of executing anything that is sent to me. It does not run Java or Javascript even when I view a message. When I forward a message to my friends, the default is not to forward attachments. As a result, I do not participate in email viruses. I can generally read my email even if my six year old son is in the room.
My internet browser does not know how to launch pop up (or under) windows. I haven't missed it.
A coworker runs XP at home. His chat client has compromised his machine so as to send him to smut sites constantly. Ostensibly, he's a computer professional, but he's not been able to rid his computer of constant pop up smut. As a result, he can't let his children use his computer. Or even be in the same room when it is on. I suggested the Linux Patch disk.
The easiest way to make your Windows box secure today is to never connect it to a network. No anti-virus install. No patches. It just works.
As a Linux and Mac
-- Stephen.
Windows users are typically math challenged.
- 1 exploit doesn't make Mac's just a vulnerable as a windows platform.
- Until the unprofessional, childish, machivellien management at microsoft is beheaded, quality will never be a microsoft attribute.
It cost's too much money.
- Cheapness at microsot is engrained into the lowest levels of mgmt. The press release says one thing, the manager's say 1 month server up time is Good Enough.
- Microsoft Design Churn will not stop till Gates is gone. You can't get really good quality unless you let you software mature with additional updates. But, Microsoft's business model is to "re-invent" everything on a 3 year cycle. Incredible WASTE OF TIME AND MONEY.
And this business practice doesn't allow it's software to mature to anything close to a UNIX or MAINFRAME model.
The losers never learn.
If you are brainless, stick with Microsoft.
The smart have already left.
( And we can't spell either. )
Ha! I just haX0red your b0x! Now just let me format your main partiti
-Looking for a job as a materials chemist or multivariat
Let's see...my wife's Dell got hit with sobig and my daughter's hp with ad/spyware. My macs have so far stayed clean. Yes, I'm still feeling pretty cocky and elite. How about you?
first post?
The Windows XP built in firewall is terrible. I would go without a firewall before using it. If you are a business person, sure, its useful, but then if you are a businessperson and use Windows, you're either too stupid to use an ultra stable Mac or your company's too stupid to buy them.
I am a PC user. I have a PC laptop and several PC desktops. All have Windows XP- my best desktop is dual booted with RedHat Linux. I have an 800 mhz iBook G3 w/DVD and CD-RW, 30 gig HD, etc etc- and it is my best computer of all. But I have to use Windows because not only do I have a lot of Windows only programs, but I have a huge pile of Windows only games.
If it weren't for the games, I would have all Macs. I would also have Macs for those other desktops if I had the option, but I only learned about Mac OS X in the last two years.
Now, as you know, I use my PC desktops for games. Tell me, what happens when you enable the Windows XP built in firewall? It completely screws up most multiplayer games. Excepting Age of Empires, it screwed up every game in my collection. You can't connect with a game to any other computer on the internet. With Norton, you can tell it to let a specific program through, but not with the XP firewall.
The XP firewall KILLS games. If Windows enables it by default, it'll hurt gamers. There are two types of gamers: Those that are knowledgeable about computers (possibly mod their games), and those that know nothing about computers and just use them to blast stuff in games. The latter category will have a nightmare of a time if they install Windows XP, install their games, and find themselves unable to play them online, with no idea why not.
Mac OS X is way way WAY better. That PC world article sounds more like a "Ha ha stupid Mac users!" than an informational article.
How many Safari-related security problems have you seen reported? Compared to Internet Explorer?
.ASP or whatever - it's still VB)
How many ActiveX-related security problems have you seen on OS X?
How many scripting, or RPC, or buffer overrun-related problems have you seen on OS X?
Have you ever seen any AppleScript-related security problems like the VB-related ones on Windows? (you can call it macros, Windows Scripting Host,
Most of the problems I've seen on OS X thus far are problems in the open source pieces that affect that product across the industry, including distros in Linux. This is one of the few security flaws that is _native_ to OS X - I can't even remember the last one I've seen. And it does require you to go through plenty of hoops - having control over the local DHCP server, for instance.
Yes - we're going to see security problems with OS X. But not ridiculously stupid ones that could have easily been prevented like we've seen on Windows... I think it's silly to even put them in the same league with each other.
I have a linksys unit myself, (BEFSR11, it was cheaper to get that and a 5-port switch than the SR41 by itself at the time) and it used to have difficulties requiring a reset when it's firmware was yonger, but the latest firmware (1.45.7 for me, I should check for more updates) seems to be completely stable. Your unit will probably lose those glitches as the firmware matures and updates become available, also.
The unit itself only consumes 0.7A at 7.5VDC - five watts, and is fanless and smaller than an 8-port switch. It's also very simple, which suggests to me that it's a lot less likely to have some sort of exploit that can root it. If an exploit was discovered, it would take an embedded devices expert to actually make use of it, and even if THAT happened, the router contains next to nothing in the way of sensitive data, and further attacks would be necessary to cause any serious damage to my datafiles. Also, it's capabilities to launch other attacks would be insignifigant, especially compared to a P2+ Linux or BSD box.
The linksys box also handles PPPoE, which is necessary with some high speed ISPs up here, which frees me from the burden of having to compile PPPoE support into a kernel, and/or installing that broken Access Manager onto a Windows box.
One last thing, it boots almost instantly, and is ready right away. Most of my PC boxes take at least 30 seconds to boot, Linux AND Windows (2k) both.
He checked the default permissions on / and he noticed /etc/password is a garbage file. The former is hardly "through" and the latter is something that every single person who's ever attempted to run "chsh" on OS X has noticed.
The author of the article forgot to mention one thing: OS X has is based on Mach microkernel with a BSD layer on top of it. The latter provides a UNIX security model which is far better than what Windows has to offer because UNIX was designed with simple and efficent security principles in mind (access control and user administration are a part of the system, not an option in most of the cases).
UNIX haters complain that 'root' is way too poweful and that other users should be able to do privileged things too. Well, first of all, UNIX was designed as a multi-user system and secondly, please do 'man sudo.' The concept of breaking down users into groups and have one root to rule them all is one of the reasons why UNIX servers can be so secure with proper system administration. One of the key principles of UNIX security is the ability to manage users and restrict their access. Also, this feature is a part of the operating system, it is not optional.
Secondly, you must be pretty fucking smart to write a UNIX virus that can damage a system through an e-mail attachement. First of all, you need to learn the architecture of the different platform you try to exploit. Secondly, you must find a program that can be "stack smashed" and that runs under uid 0. Then you must create a trojan horse and let a user run it. Now, it is pretty hard to find a right combination of all these things. May be that is why I haven't seen a worm designed to exploit a UNIX OS via e-mail.
Panther has a security feather that can encrypt and decrypt a user's home directory on the fly. Does Windows offer that? I mean you have to be pretty fucking paranoid to do that to your $HOME, but the option is there.
I do not care about the rest of the article that explains some exploits that can be achieved if a hacker gets to my DHCP server. Panther has most of these settings disabled by default and if somebody gets into my DHCP server, I should be blamed and not the OS that has a potential of being exploited.
I'm really not belonging to an elite in either way, but the point I realized, why I don't like Windows was, when I had to clean up several machines from W32.Blaster.
Well, yes, it's a root access flaw in OS X - but you can shut this off with a workaround proposed by Apple with a few mouse clicks, while in Win XP, to stop RPC you need to type in a command (no, I'm not afraid of that, but to the average user it makes *quite* a difference), and then browse through a fuckin' list of about 250 Keys... Know what? I managed, but the people I know wouldn't... In OS X I can THINK DIFFERENT and be sure, everyone I sent this workaround WILL actually shut automatic LDAP acceptance off, 'cause we're a community. Microsoft is restricting their SP and Patches to those machines they were downloaded to, but to OS X Users I can pass every Update I want via any medium I like. Please, finally accept these differences=advantages.
OS X runs on (highly estimated) 5% of all PCs used. I believe it's true, that, if there were more OS X users, there would be more known vulnerabilities (good), more exploits (not that good) but not more attacks - 'cause the Apple's faster.
As my signature states, I am not at all pro microsoft, so don't even let that cross your mind!
On the other hand, I'm not pro Apple or pro Linux. But, I AM pro secure-reliable-notownedbyanevilcorporation OS. I don't care what it is.. as long as it works.
And one more thing: Microsoft Works is an OXYMORON
WINDOWS!? We don't need no steenkin' Windows!
In the middle of making this reply, I forgot I wasn't making an anti-microsoft post and I began making a long list of stuff why you shouldn't use windows. I then remembered that this convo was about why Macintosh doesn't get as many viruses as windows. I accidentally left one of those things (the one about Redhat and Konqueror) there. Please ignore it.
WINDOWS!? We don't need no steenkin' Windows!
Jeez, this post made alot of Troll/Offtopic replies. And "Score: -1, Funny???"
WINDOWS!? We don't need no steenkin' Windows!
From the article:
OS X 10.x may not be as widely used as Windows (let's face it, it isn't) but some of its devotees seem far more fanatical than Windows users.
Tha's because we're extremely pleased with our OS of choice. One or two security flaws (which are easily avoidable, by the way) are nothing compared to the experience of using such a beautiful and comforting OS. A Mac user couldn't be in a better position at this time. Think about it: we have a company that produces both the OS and the hardware, giving us excellent performance and support; we are an extremely small (but not a niche) market, and that's great, too - would we really want to be part of a community of users that depends on an over-inflated company that is blowing it weekly and barely has the time to work on a new OS?; and at least when a vulnerability is discovered, our software company releases a timely update (unlike Billy Boy who's decided to give his users a Christmas gift and not release any updates in December).
It's good to be number two (or three, I'm not sure where Linux falls into the market).
Mr. Bond, they have a saying in Chicago: Once is happenstance. Twice is coincidence. The third time is enemy action.
Is the OS all of the problem?
Oh - sorry judge, I forgot. The email client and the browser are of course inseparable parts of the OS.
Perhaps Lance Ulanoff can help us all with a reasoned discussion of why it's a good idea for an email client to just run any old crap that shows up?
Macs do have holes. But, so does Linux, BSD, and even OpenBSD! Windows has more than all the others combined. A plank in the eye whilst announcing a splinter in anothers.
Look folks, it's just a tool. These Win v Mac pissing contests are about the same as rednecks arguing about which truck is better--Ford v Chevy.
In the end, the job usually gets done--which one fits your personal tastes is up to you.
Macs are still slower than the PCs--but the gap is closing!
Macs do have some security holes--but not as many or as serious!
Macs have very zealous advocates--well, by this writer's tone, PC mag writers do, too.
I once had a Red Hat system hacked in during install.... the moral is to never connect to the net until the machine is ready
This must mean that a 1996 LEXUS ES 300 is as dangerous as a Corvair... I saw one that was in an accident and the Lexus was dented. I know that the Corvair will only explode and catch on fire... but... the Lexus is just as dangerous as the Corvair.
I had a flame... but she had a fire.
To: Lance_Ulanoff@ziffdavis.com
. as p
...you're an idiot. The next time you issue a challenge to over a milliion zealous users make sure you know what you're talking about.
Subject: God... I'm feeling sooooo cocky now.
Cc:
Bcc:
X-Attachments:
http://www.eweek.com/article2/0,4149,1408909,00
I especially liked this quote:
""If someone hasn't applied the patch but blocked the ports as they should have, they're still vulnerable," said Max Caceres, a product manager at Core Impact."
You worry about your buggy Windows machine... I'll worry about a rogue DHCP server on my subnet... I think I'll sleep just fine. Oh!
--
Love,
Gary
Something in your post makes no sense whatsoever!
.
because my girlfriend clicked on a "see my vacation pictures" email
Ok, it's a huge stretch that you have a girlfriend, but let's just say that you do. .
You let her touch your computer?!!!!
It's not offtopic, dumbass. It's orthogonal.
I resent that remark.
Sincerely,
Bill Oh'Really
It's not offtopic, dumbass. It's orthogonal.
Let us be reminded of this dear brethren; an OS is not a religion. So let us refrain from writing about them as though they were.
Just the facts, mam, just the facts.
PegQuin--I've got a sneakin' suspicion
The author of that article seems to be pretty insecure himself.
Okay, the default Mac OS X user isn't root (it's admin) but how difficult can it be to write a Mac troyan that becomes root... Well IMHO not difficult at all.
A Mac user that uses the keychain or installs applications is constantly asked for their password. This password is used by a security mechanism to start something with root privileges. Well, the troyan would simply have to use this exact same method to become root. Nine out of ten people will simply type their admin password when asked for. Simply because you're being asked for it ALL THE TIME.
It amazes me that noone has as-of-yet written a Mac OS X troyan. And I think it's only a matter of time.
To make it worse, in Mac OS X 10.3 the Finder even asks for the admin password (when you want to do something for which you don't have the privileges) and following that the Finder has root privileges for a couple of MINUTES! I've not checked this but I wouldn't be surprised if a troyan could simply wait for the Finder to become root and then use this to tell the Finder to do dirty stuff (using AppleScript)...
I think this prompting for admin passwords is a huge security risk. I have no idea how to do it otherwise though (you don't want to have to relogin as root to install software, do you?). Anything could use a similar dialog to get your admin password easily.
Ernst Mulder
Freaks and their linux routers ... I tried it, took forever to boot, compared to the dedicated routers, and then there is the added fan noise ... no thanks!
http://www.infowarrior.org/articles/2003-08.html
The only reason that this article was written was to drum up the online subscriptions. Seriously this guy cannot be that retarded and have the kind of job he has. First of all it isn't a real security hole, if you change the basic settings it is irrelevant. Secondly the supporting link he gives also reports 5 IE holes that need patches to fix. Come on OS X turns up one security issue vs. thousands of Widows ones, so what. He was only attempting to piss people off enough to flame him, and to do so they need to sign up to the site.
I have several mac's connected to the internet at home via dsl, and there are no problems EVER... or have never been for the last 6 years. At my office we run windows machines for 15 people and need 1 FULL TIME staff member to keep them all up and running all the time. I don't care about all the technicalities, I'll take personal experience first
You wanna know how many DSL and/or cable-connected windows boxes have been totally owned thru various design flaws in that operating system, be them related to very basic network and application security such as default ports or poorly-designed security-related user interfaces such as ActiveX controls in web pages? Just ask any IRC system administrator of popular IRC networks, such as efnet or undernet. Thousands upon thousands of unwitting "drones" from all over the world can be summonned at will by some lame-ass script-kiddie asshole who issues commands from a hidden IRC channel to launch most deadly denial-of-service attacks.
TO THIS DAY that stupid-ass nimda worm is still probing my DSL connection's port 80.
how many network ports do most windows boxes have opened? A WHOLE FUCKING LOT, and far too many.
This is all the result of microsoft building an operating system that made close to ZERO distinction in its distribution format between a home, average-joe-end-user and a business, enterprise, corporate network end-user, blindly choosing convenience over security.
the other key microsoft failure is that for years it barely ever attempted to make the distinction between an operating system designed to be a SERVER vs a CLIENT. Far too many CLIENT machines have shipped with features turned-on by default that were only useful to SERVER machines.
Extraordinary Vacations. Exceptional Prices
uh, interesting points. but in your sig use meta-moderate and spelling.
forget about all the times when windows has been cripled and the mac unaffected. because of this exploit, the mac sucks, and windows is great.
how does that work? windows is now more secure because someone FINALLY found a way to exploit a mac? don't think so.
Apple makes their product easier to implement on a windows network by turning on somthing that would normally be off, and because windows networks are so insecure by default, someone exploits the mac.
and so now macs suck, eh? never fails. windows users are so desperate to justify why they use this inferior system, that they take any chance to bash the mac and make it seem inferior.
wait...what's that? i think you have naked pictures of Anna Kornikova in your inbox! better open 'em up now.
20% Offtopic
20% Troll
Apparently it also has 20% super secret moderation.
Don't blame me; I'm never given mod points.
I am not a Mac OS X user so I don't know how bad people get crippled by funky default settings but I do know that big Microsoft bugs crippled the entire network infastructure in the United States and abroad due to worms that exploited deep problems in the Windows Operating System. These worms took down Fortune 500 Companies, Government computers, and thousands of small businesses.
- Kill Yourself, spare us all! -
I always hear people talking about how secure linux is compared to windows and others, but the truth of the matter is a new root exploit can be discovered tomorrow... and even scarier, what if the founder of this root exploit never does his/her civic duty to report it to the community. They could potentially own every box on the net. Imagine that. The only thing we can judge by how secure a certain os is design, and statistical track record. Provided that there are no private back doors from the beginning. If I had to choose a secure os to run, between linux and other unixlike os's, I would probably choose a bsd because of its history, completely rewritten from system 5 code in an academic environment. which brings us to openbsd. I must admit, as fun as linux can be, it is probably the most volatile thing on the planet. How can you possibly call something anything when it changes daily? OpenBSD's track record is amazing, it may not be as fast as a linux kernel, who knows if it will e v e r support SMP, but if your installation doesn't require those shortcomings by all means embrace it. I am not a coder, and who knows if there is an obscure back door programed into openbsd, fact is we dont know, but what we do know is that it has gone through probably the toughest security audit any os has gone through. encrypted memory space is a must, because the last thing we want is the os barfing out a password when a daemon gets hacked. Getting back to the subject of os 10, the dhcp exploit was huge, the probability of another big exploit I would say is medium, and as far as virus's are concerned, the only reason it has a better track record is because it is more obscure than windows. so its security through obscurity right now, but I dont think os 10 shares the same type of foundational flaws windows has suffered from the get go. I think everyone knows by now to be aware of where you are downloading from, and to choose the software you run wisely. just my 2 cents.. Hiiiieeeeeeee yyyaaaa. the kungfu jew.
Well, i'm glad this makes some Windows users happy. I'll still take a Mac over windows any day. :)
-Admin
www.TheMacOS.com
The Register sets the record straight here.
My opinion? See above.