Slashdot Mirror

← Back to Stories (view on slashdot.org)

PC Mag - Mac OS X Insecure

Posted by CmdrTaco on from the no-big-surprise-here dept.

Suki writes "In this recent story a PC Mag writer concludes that "Panther and Jaguar were not better at outrunning vulnerabilities than Windows" and as my personal fav. ends by asking "How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here." The article discusses many previous Windows security holes against a recent Mac OS X security flaw."

13 of 991 comments (clear)

  1. Re:Same DHCP "Flaw" by jimbo3123 · · Score: 5, Informative

    The earlier slashdot story is here: http://apple.slashdot.org/article.pl?sid=03/11/28/ 2226226&mode=thread&tid=126&tid=172&tid=179&tid=18 5&tid=190

    Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network."

    --
    There should be a moderation category "Dumbest Comment EVER"
  2. it's quiet because you're such a pussy.... by otis+wildflower · · Score: 5, Informative

    ... that you don't put your email in your attribution or anywhere in the article.. Luckily, thanks to Google, your bio reveals your email to be:

    Lance_Ulanoff@ziffdavis.com

    Share and enjoy!

  3. Re:The author is an idiot by psychogentoo · · Score: 5, Informative
    In regards to the Directory Access / malicious DHCP vulnerability, the "use DHCP-supplied LDAP server" option is turned on by default. For this vulnerability to be exploited, either you're using an "untrusted" network or your network got hacked!

    If you don't use a DHCP / LDAP server then its recommended that you turn it off.

    This is from the apple site:
    You don't use a directory service

    1. Click the Finder icon in the Dock.
    2. From the Go menu, choose Applications.
    3. Find the Utilities folder and double-click to open it.
    4. Open the Directory Access utility.
    5. Click the lock button, type your password, and click OK
    6. to authenticate.
    7. Select the LDAP service and click Configure.
    8. Deselect the "Use DCHP-supplied LDAP Server" option. See Figure 1.
    9. Click OK. Your computer is no longer susceptible to this exploit.
  4. Re:Good points... by danielrm26 · · Score: 4, Informative

    "Actually to be fair, you don't run as the administrator account in XP by default."

    As others have noted, yes, you do. The main user you are asked to create when you setup a machine is an admin, and that is the account that most home users use.

    --
    dmiessler.com -- grep understanding knowledge
  5. iTunes by Mr+Pippin · · Score: 5, Informative
    To quote part of the article:

    Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.

    An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking -- and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.

    Steve Jobs stated when the iTunes music store was announced that the DRM would be hacked. The point was to provide a DRM solution that was not restrictive to honest users. That was delivered.

  6. The author also says: DRM is NOT Evil by GillBates0 · · Score: 4, Informative
    DRM is not Evil

    His email address: Lance_Ulanoff@ziffdavis.com

    His brief bio here

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  7. Re:Good points... by leifm · · Score: 4, Informative

    I could be wrong on this, but I believe home doesn't even ask you to set up a user. It just sets up Administrator as the default account, with no password. I should know for sure, but it's been 6 weeks or so since I did a Home install, but at any rate I think that's how it works.

    --

    "Windows Me offers tremendous reliability and stability improvements..." -- Paul Thurott
  8. Re:If Mac OS X were REAL unix... by b17bmbr · · Score: 4, Informative

    AFAIK, Joe Blow can write to / on a new 10.2 install. This is madness.

    then, apparently, you don't know jack. you absolutely cannot write to / unless you (and follow this carefully):

    1) open up a terminal
    2) type sudo
    3) then type say: cat /etc/hosts >> /hosts.txt
    4) type password

    you my friend, are full of shit. now, if like me, you create another user, which i always run at, then i have to open the term, su to an admin user, then sudo. osx turns off root by default. to enable it, you have to go into net info, and specifically enable root, THEN, you have to change it's terminal from /dev/null to /bin/bash (or whatever). apparently somebody at apple actually thought about security BEFORE they shipped the product. evn if yo install any application, the best you can do is install it into ~/Applications. if you want to install it into /Applications, then it asks for a admin user AND a password. make shit up in chat rooms. not /.

    --
    My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
  9. Re:Good points... by HoldenCaulfield · · Score: 4, Informative

    Actually, Power Users can do almost everything an Admin can do. They can't create Admin accounts, and they can install most programs. A nice reference table comparing accounts is at http://www.bc.edu/offices/help/meta-elements/doc/a rticles/html/SW-WinXPUserAccounts.shtml

  10. Re:Good points... by Anonymous Coward · · Score: 4, Informative

    Wrong. Windows is easier to write viruses for. You simply have to get someone to open an email message in Outlook, and a virus will automatically spread itself. If you wrote a virus for Mac OS (or linux, or any other OS), it would have to convince every person it was sent to, not only to open the email message but to intentionally run it. There's where the problem with Windows lies, and why no other OS is as virus-prone as Windows.

  11. another funny thing. by sammy+baby · · Score: 4, Informative

    Anyone notice this?

    From Mac Fan(atic) to Windows User

    ...So I am by no means a Windows apologist or Microsoft partisan. I began my computing career as a Mac patriot, in fact. I used a Mac SE/30 with PageMaker version 1.2 and laughed at the lowly IBM PS/2, which could just hobble along on the subpar Windows 3.0... But even back then, I had this gnawing suspicion that 18-month software development cycles could somehow hurt the platform. Before the tide really turned, however, I switched to PCs. I had joined PC Magazine, and the editorial staff used them... ...

    Please, please, tell me that he's not trying to convince us of his "Apple cred" by noting that the last time he used a Mac in a serious capacity was ten years ago?

  12. Rebuttal by The Mac Observer by benst · · Score: 4, Informative

    Bryan Chaffin from The Mac Observer goes into some of the points mentioned in the original article: The Back Page: PC Apologist Asks If We Mac Users Are Now Humble

    One interesting point made is that those who say that Mac OS X suffers fewer security and virus problems than Windows only because there are fewer Mac users just don't have a leg to stand on.

  13. To summarize the article ... by Durandal64 · · Score: 4, Informative

    "HAHAHAHAH!! Mac OS X isn't perfect! Duh, I'm so smart!"

    Is this guy for real? How does a vulnerability which involves an attacker having to break into your home network (much less a corporate one), take over a machine and then set it up as a rogue DHCP server anywhere near equivalent to something like Blaster, which spread automatically, with no machine spoofing required? Honestly, if your network is so utterly open to attack that it's a trivial task to spoof a DHCP server, there are bigger problems than OS X's security flaw there.

    The claim that Mac OS X would have more viruses if it was more popular holds some merit, but it says nothing about the lethality of those viruses. OS X has all sharing network services off by default, unlike Windows, shutting down a large avenue for virus propagation. Mail shows the entire file name of an attachment, preventing attackers from hiding extensions. Mail also does not automatically execute attachments. Furthermore, any application wishing to do anything as administrator has to ask for a password by default, and root is disabled by default. This is not the case in Windows, where tales of administrator accounts with blank passwords abound. While there may be more attempts at writing viruses for OS X if it was more popular, far fewer of them would actually reach the scale of damage that things like Blaster did. Windows is an ideal virus propagation platform not just because it's popular, but more importantly, because it's default setup is insecure as well.