Slashdot Mirror

← Back to Stories (view on slashdot.org)

PC Mag - Mac OS X Insecure

Posted by CmdrTaco on from the no-big-surprise-here dept.

Suki writes "In this recent story a PC Mag writer concludes that "Panther and Jaguar were not better at outrunning vulnerabilities than Windows" and as my personal fav. ends by asking "How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here." The article discusses many previous Windows security holes against a recent Mac OS X security flaw."

20 of 991 comments (clear)

  1. so, there's a hole by squarefish · · Score: 5, Insightful

    and a known patch is on the way. it's a very easy vulnerability to avoid. there's no virus yet...

    was it worth the rant, or has he just been waiting a long time to make it?

    --
    Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
  2. Not much of a comparison by Bryant · · Score: 5, Insightful

    He's basically saying that since there was one widely-reported Mac security hole, Macs are as insecure as Windows? Odd comparison.

    Mind you, I'm not too overwhelmed with his research; if he'd been paying attention, he'd have caught the SSH vulnerability the other month. It's not like Macs have been immune, and nobody with any clue claims they are.

    What you can claim accurately is that Apple fixes holes promptly and fairly quickly, and that the MacOS X architecture does not have flaws which result in two or three active IE holes in the wild right now.

    Apple isn't perfect, they're just pretty good. Microsoft isn't evil, they're just not as good as they should be. It's perfectly reasonable to use those two facts in making one's security decisions.

    1. Re:Not much of a comparison by nicodaemos · · Score: 5, Insightful

      Very good points. People who bundle their sense of self with their machine seem to get their panties in a bunch when their platform gets owned more than others. They seem to 'jump for joy' whenever a security vulnerability is distributed for some other platform. Personally I think this author should seek a priest, hobby or sufficiently drunk woman to help disassociate his feeling of being a man with owning a Windows machine.

      Lance writes: I know this is wrong, but in one respect I was happy to learn earlier this month about the discovery of a significant security hole in the Jaguar and Panther versions (10.2 and 10.3, respectively) of the Apple operating system (OS).

      Lance, let me tell you. It's not wrong for you to feel this way .... it's pathetic. Have you felt so diminished as a person this past summer, as wave after wave of virii pummeled your Windows box, that you now revel in the misfortune of others? Do you have these same insecurities about whether you purchased the correct toaster, hair dryer and nose hair clipper?

      Get a grip on yourself, man! Stand up straight, take the panties off your head and start acting like you've got a pair! Repeat after me, I am not the products I buy. Sometimes the products I buy work out, sometimes they don't meet my expectations. When they fall short, it is not a reflection of who I am, my intelligence or the size of my magic wand. If the product fails, it is a reflection of the manufacturer.

      Now go out there and do something useful with your life like kicking the butt of the manufacturers who sold you inferior products!

  3. sad... by h4x0r-3l337 · · Score: 5, Insightful

    It's pretty sad when Windows-users feel they have to start defending themselves by pointing out that other operating systems are vulnerable too. The last paragraph pretty much says all in that regard...

    1. Re:sad... by Disco+Stu · · Score: 5, Insightful

      It wouldn't be as bad if it didn't stink of shit.

      I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts.

      So what? I'm not a mac nut. If anything, I'm more partial to Linux, but I say the same thing. Is this guy trying to imply that anyone who cites this perfectly valid reason to prefer macs to PCs is a nut? Real mature.

      I generally counter with what is apparently a secret carefully hidden from Mac zealots: "That's because only a fraction of the world uses Macs. What's the point of attacking a niche market? No one will notice!"

      Actually, he's wrong. There are reasons beyond marketshare why macs are more secure than PCs, but frankly, who cares? When I go home at night, the last thing I want to do is spend my evening reinstalling my OS because my girlfriend clicked on a "see my vacation pictures" email. Fortunately, that's not something I've ever had to do. Whether that's because macs are more secure by design or because no one bothers to write virii for them really doesn't matter to me. All that does matter is that running my computer is a lot less of a pain in the ass.

      So I am by no means a Windows apologist or Microsoft partisan.

      So what? If your arguments were solid, it wouldn't matter if you were. If not, it also doesn't matter.

      Ultimately, those on the Mac fringe have to face facts: Panther and Jaguar were not better at outrunning vulnerabilities than Windows.

      Really? Got any evidence to back that up, mister
      ulanoff? Or is just this your expert opinion? Because I just read your bio, and I didn't see a damn thing that indicates you know architecture or the security implications of design choices from a goatse.cx post.

      Bill O'Reilly just called, and he wants his credibility back.

  4. How many recent flaws? by The+Grassy+Knoll · · Score: 5, Insightful

    > a recent OS X security flaw

    That's the significant word, I think. A single one

    --
    They will never know the simple pleasure of a monkey knife fight
  5. Re:Good points... by ethanms · · Score: 5, Insightful

    I read the article too, this guy using a valid point:

    Mac OSX is not perfect

    To bash Macs... it's paragraph after paragraph of "See? I told you so."

    I own a mac, but I use PC's at work and home, I barely notice a difference between the two when I move between them because most of the apps that I use, like Office and Mozilla are fairly close in appearance and functionality.

    BUT... the absolute, positive, no questions asked fact, is that last time my office of 300+ people had some worm running around, my mac was NOT infected and I was not required to jump through IT-hoops for hours to get rid of it or prevent it from happening.

    Whether or not it has flaws or not is a stupid question, of course it does... but so far they haven't proven to be anywhere near as disasterous as the bullsh*t that we have to deal with from Windows.

  6. Re:Good points... by gsfprez · · Score: 5, Insightful

    there are also incredibly FEW network services turned on (come on, someone spoofing your DHCP server on YOUR network and inserting malicious code? You've got bigger problems, my friend, than your vulernable Mac) out of the box when you install a Mac.

    This in and of itself is another 50 pounds of "bite my shiny metal ass, Micro Soft apologist" to hand to the author of this article (i RTFA as well - he carped on a LONG time about this one quite obscure vulnerability, and didn't bother to name a single Mac virus or mail.app worm.. i wonder why?)

    Until Microsoft changes their ways on having every useless network service turned on by defualt and making it easy (read: not requireing use of Regedit) to turn off and on services (read: Sharing System Preference Panel - checkboxes for all services), Macs will continue to be far less vulnerable to attacks than Windows is.

    --
    guns kill people like spoons make Rosie O'Donnell fat.
  7. Mac Elite? by ibullard · · Score: 5, Insightful

    I've been a Mac user for four years now, but I still regularly use Windows and occasionally Linux. To me, Mr. Ulanoff seems to embody the worst type of Mac user - the cynical ex-user. All the Mac users I've talked to aren't snobby or "elite" but almost every single ex-mac user is. It's almost like they were upset that they had to leave MacOS and now all they do is spit insults at anyone who thinks that Macs are cool.

    I feel bad for anyone who feels the need to put a group of users down simply due to their choice in tools. That goes for the "Mac elite" that Mr. Ulanoff has to deal with as well.

  8. Re:Good points... by McDutchie · · Score: 5, Insightful
    seem to remember that the OSX machine prompts for a password before making the changes though. That's a definite advantage.
    Exactly, it's actually the root account and not the user account that installs the programs. Think of it as a GUI version of sudo.
  9. The new variant of "Apple's dying" by inkswamp · · Score: 5, Insightful

    I understand that a lot of you here on Slashdot are new to the Mac (since OS X) but those of us who have been on Macs for longer recognize this type of junk tech writing for exactly what it is: an attempt to stir the shit and increase readership. It's probably easier to sell advertising on your site or magazine if you can create just the right anti-Mac tempest in a teapot and sell a few more copies or increase your web site hits. This tactic used to run under the headline "Apple going out of business" or "Apple to close up." Now that's mutated into a "critique" of security or speed claims or whatever. Sadly, there is a fraction of Mac users out there who are still willing to take this bait and play into the game. I'm not even looking at the article. Been there, done that. I recommend that you stare out the window and observe the slow but steady growth of the grass outside--that would be far more productive that playing into this kind of shameless, professional trolling masquerading as tech reporting.

    --
    --Rick "If it isn't broken, take it apart and find out why."
  10. reaping and sowing. by gosand · · Score: 5, Insightful
    Security is only as good as how often the users patch.

    Wrong. There is something to be said for how security is considered in the design of an OS. For Windows, it wasn't much of a consideration, which contributed heavily to why there have been so many systemic vulnerabilities.

    The system was designed to be user-friendly, not secure. They got their market-share because of that fact. I think it is much easier to make a secure system user-friendly than to make a user-friendly system secure. Microsoft is finding that out as well. You reap what you sow.

    --

    My beliefs do not require that you agree with them.

  11. PC Mag proves once again its writers are inept by tres · · Score: 5, Insightful
    This guy should obviously keep to using PageMaker, and fixing fonts. He obviously doesn't know much about computers, and even less about OS security.

    Microsoft's less-than-stellar OS security took a while to become apparent. In fact, the problem wasn't epidemic until a few years after the Internet took off. Windows' market domination makes it a target for the virus authoring community.
    Um maybe that's because Microsoft built the OS around the paradigm of security by obscurity, where there was any security at all. The Internet was added as an afterthought to the OS. It wasn't built for a hostile environment. It was built around the idea of some knuckle-head sitting in front of it, playing games, writing Office Documents, printing office documents. It wasn't built (as UNIX and Linux systems were) to live in a hostile environment.
    If the Macintosh OS ever became dominant, the tables would turn, and there would be just as many reports of viruses, security holes, and attacks on it as we currently have with Windows.
    This argument is ridiculous. Apache hosts over 60% of the websites out there, and it's certainly not getting hit like IIS has. People who associate things like security problems with market share prove just how little they know about what OS security means.
    In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.
    Sorry, Jon neither cracked CSS nor the iTunes music protection. Both these items were posted to a bulletin board hosted by Jon. Being that this has not thing one to do with security, I'm baffled by this. It's truly an idiotic stretch to associate the popularity of iPod with iTunes DRM being cracked (which, by the way, it wasn't).

    --
    Notes From Under *nix: blas.phemo.us
  12. Re:Good points... by garbletext · · Score: 5, Insightful
    Until Microsoft changes their ways on having every useless network service turned on by defualt and making it easy (read: not requireing use of Regedit) to turn off and on services (read: Sharing System Preference Panel - checkboxes for all services)
    Control panel -> Administrative Tools -> services. easy as pie. That's not to say that the average windows user has a clue what a service is, let alone how to turn it off. The problem is that unnecessary services are on by default. But, hey, it's the age old compromise; out of the box simplicity vs. configurability.
  13. What a bunch of crap by goombah99 · · Score: 5, Insightful
    Uh the so-called mac hole has been known since the days of NeXT. Its not a whole it was a deliberate choice for default settings. And that's the key difference. Windows security holes are totally blind siding bugs, whereas this so-called hole was a well documented and well considered choice.

    Personally I would not have made that choice, but at least there was check box to turn off the default DNS trust. If only windows came with checkboxes to remove its bugs. And I dont mean like checkboxes that say "turn off scripting and cripple my browser please".

    In fact mac has not even fixed the so-called hole because its not neccessarily a mistake.

    In any case the SSH vulnerability, and the screen-locker vulnerability were in fact true holes created by mistakes. These are what should be scrutinized. But these did not lead to widesperead network worms at least. they did not arrise out of a insecure by desing attitude that pervades all the Active-X philosopy, the power-user-by-default philosophy, the standards crushing embrace-and-extend, the optional log-in password philosophy, or the add features rather than fix bugs philosophy that rightfully inspires all the anti-windows zealotry.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  14. Re:And this guy is an editor? by b-baggins · · Score: 5, Insightful

    Apache killed it. Apache runs 70% of the web. IIS receives 90% of the attacks and hacks.

    Claiming that OS X sufers fewer hacks because it's a smaller market is a post hoc fallacy.

    --
    You can tell a great deal about the character of a man by observing those who hate him.
  15. Re:It's all about the scope... by Graff · · Score: 5, Insightful
    The attacker must:
    Be on your local network
    Already have control of your DHCP server

    You forgot one important thing - you must also reboot. If you don't reboot your Netinfo daemon doesn 't pick up the new information supplied by the poisoned DHCP server. So the attacker must also trick you into restarting your computer.

    In short, yes this is a potential exploit but an extremely unlikely one. By the time the attacker does all of these things he probably would have been better off just walking over to your computer and stealing it from you.
    --
    Sapere aude!
  16. Then how come... by SuperKendall · · Score: 5, Insightful

    OSX has the out of box simplicity edge while still having all these services off?

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  17. Re:Good points... by John+Newman · · Score: 5, Insightful

    By the same token, you could also call the user, impersonate an Apple tech, and ask them to turn on SSH and tell you their username and password. Or, if a user leaves their front door unlocked, you could walk in and remove their computer. Both obviously point to glaring security holes in OSX.

    The point, however, is that it's extrememly difficult and/or impossible to write an autonomously propogating virus or worm for OSX that doesn't require active user intervention. Contrast with Windows...

  18. Flawed Arguments... by AgentOJ · · Score: 5, Insightful

    I'll admit, right away, that I'm a Mac user. Then again, I'm also a Windows user, Linux user, SunOS user, etc. I'm really not *that* platform dependant. I guess I really don't understand the reasoning behind arguing over an OS. The argument is rather petty if you are not doing anything to improve upon the security of the operating system you favor. No OS is perfect, and no OS is totally secure.

    I did find a few problems with the article (beside the fact that the author was bashing mac users who bash windows users...circular logic, anyone?). The author claimed that due to the fact that DVD Jon cracked quicktime encryption of ACC streams (used by the iTunes Music Store) doesn't mean it's going to bring either the MacOS or Windows to its knees. It's a f**king MP3 player for Chrissakes. Sure, vulnerability that could circumvent OS security might exist within iTunes, but the specific nature of DVD Jon's crack has nothing to do with OS security.

    The author made this claim about the cross-platform iTunes "exploit" while failing to mention anything at all about Macros, and the possible for viruses that accompany them. To me, it seems that the author was grasping at straws without having any concrete evidence to back up his claims.

    Whenever I read an article from one side of the OS wars bashing the other side, I tend to think that the author was in danger of missing his deadline and needed to come up with something in a hurry. Why does this issue never get old? Perhaps we should think about ways to make our OS of choice more secure rather than bashing others' flaws.

    AgentOJ