Slashdot Mirror
PC Mag - Mac OS X Insecure
Suki writes "In this recent story a PC Mag writer concludes that "Panther and Jaguar were not better at outrunning vulnerabilities than Windows" and as my personal fav. ends by asking "How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here." The article discusses many previous Windows security holes against a recent Mac OS X security flaw."
He raises good points (I actually read the article), but one thing that OSX will always have over current versions of Windows, however, is the fact that in OSX you don't run as root/admin by default when you start off or create new users.
Until this is fixed, the same attacks will be much more effective against Windows users just because of the rights the current user has on the box.
dmiessler.com -- grep understanding knowledge
and a known patch is on the way. it's a very easy vulnerability to avoid. there's no virus yet...
was it worth the rant, or has he just been waiting a long time to make it?
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
I can feel a big commentary fight coming on this post :)
Pro-MACs on my left, pro-PCs on my right.
Ready ?
FIGHT
He's basically saying that since there was one widely-reported Mac security hole, Macs are as insecure as Windows? Odd comparison.
Mind you, I'm not too overwhelmed with his research; if he'd been paying attention, he'd have caught the SSH vulnerability the other month. It's not like Macs have been immune, and nobody with any clue claims they are.
What you can claim accurately is that Apple fixes holes promptly and fairly quickly, and that the MacOS X architecture does not have flaws which result in two or three active IE holes in the wild right now.
Apple isn't perfect, they're just pretty good. Microsoft isn't evil, they're just not as good as they should be. It's perfectly reasonable to use those two facts in making one's security decisions.
Can someone tell him that HIS WEBSITE IS NOT A BLOG, OTHERWISE HE WOULD BE INUNDATED WITH REPLIES!!!!
Thank you. ;-)
I'm a leaf on the wind. Watch how I soar.
It's pretty sad when Windows-users feel they have to start defending themselves by pointing out that other operating systems are vulnerable too. The last paragraph pretty much says all in that regard...
But the mindlessly superior retort is always the same, "No, it's because the Apple OS does not have the same holes as Windows. OS X is just a better operating system."
Whatever. All OSes have their inherent problems, but next month, when Microsoft racks up another suit of deathly insecure vulnerabilities, OS X will probably be fixed and free from defects for another couple of months.
I'm not a Mac fanatic, but it's because OS X is based on Unix, and Unix is more elegant in its design that gives OS X its better security.
Ruby on Rails Screencast
Mac OS X gets one flaw and it's suddenly on par with the truckload of Windows security problems? What a funny little man...
.. This article was nothing more than +1 Flamebait. The author sounds like a little boy who finally gets to say "I told you so! I told you so!" when there really isn't anything to be told. All OSs have undiscovered holes and problems. The key is how fast the vendor deals with the problem.
Trolling is a art,
The hole he's referring to requires some particular circumstances before it's even viable.
The attacker must:
Be on your local network
Already have control of your DHCP server
If both of the above are true, you already have much more serious problems.
While I agree that remote root/admin is bad juju, in this case it's hardly equivalent to the Windows remote admin exploits to which he's comparing it.
First, let's get the obvious stuff out of the way. THIS VULNERABILITY IS NOT ON BY DEFAULT ON OSX! You have to go into an obscure app (Directory Access) that most users don't know about, and turn on an option that most users don't need, in order to be vulnerable. Also, this vulnerability was never exploited.
How can this idiot compare that to the hundreds of millions of computers ACTUALLY INFECTED by Windows vulnerabilities like Nimda, Code Red, Melissa, Klez, Sobig.f, and thousands of others? Using Windows is like buying random illegal drugs on the street to treat a headache.
The MacOS is not without its flaws, but Windows is the swiss cheese of the secure computing world. It's very telling that the author didn't allow for any feedback or provide his email address.
- Vincit qui patitur.
sigh. this argument gets old. unix is designed to be more secure than windows. not only that, but it IS more secure than windows. no amount of screensaver errors, cocoa text field overflows, or netinfo exploits will change this. the day windows is more secure than mac os x is the day i can get by without ever needing the root (Administrator) account with access to everything. yes. everything. install apps, install libraries, use current apps, develop apps (with the exception of kernel code but this needs root no matter what OS).
- tristan
Typical Windows User: Stupid virus, now I've got to use my restore disks. Stupid popups, I only want to look at the porn I ask for. Stupid spyware, I can't believe adaware only found 26 new spyware programs today.
Typical Mac User: Stupid virus, my computer is fine, but my ISP is down. Stupid popups, oops forgot to check the option in Safari, okay better now. Stupid spyware, it made me hit cancel when it tried to install itself.
Now understand I'm talking about the standard consumer, of course there are many of us that can keep the windows problems at bay.
I do the majority of my computing work on my TI-92. Havn't had a virus yet!
paintball
> a recent OS X security flaw
That's the significant word, I think. A single one
They will never know the simple pleasure of a monkey knife fight
It sounds like this is just the same "Flaw" in OSX's DHCP settup. There was a thread on this earlier. They essentially use a server to assign a number of items as well as IP. If I reacall correctly, this was never that big of a security flaw (at least not moreso than any other standard DHCP setup)
This is just some guy on a soapbox blabering on about how this "flaw" proves that OSX is just as bad as any Microsoft product. Hopefully others can see past this guy's rhetoric.
There should be a moderation category "Dumbest Comment EVER"
We do not want to encourage behavior like this, do we? Reading the article, sheesh, what's next, checking for duplicates before posting?
Sigs for Nerds. Sigs that Matter.
Geez, I write like that sometimes here, but only to blow off steam in a forum where it's not unacceptable, and even then I feel bad about it. Perhaps the local trolls should apply for a job writing for ABC News? I'd love to see the Greased Yoda Doll guy become a colleague of Peter Jennings.
Also, for the bazillionth time -- Jon Johansen did not crack DeCSS. He hung out with guys who did, and as a minor was the front man for distributing it. It's one of those myths that is too fun to allow truth to get in the way.
What I'm listening to now on Pandora...
... that you don't put your email in your attribution or anywhere in the article.. Luckily, thanks to Google, your bio reveals your email to be:
Lance_Ulanoff@ziffdavis.com
Share and enjoy!
Well, this is one very good reason why the operating system monoculture is bad.
Security also isn't just a matter of the OS. My office-mate got her AOL account owned by someone who apparently did a dictionary attack on her password (which was her dog's name). If people open executable attachments in Outlook, it's the fault of the application, not the OS.
Find free books.
So an attacker who can gain access to your network -- over a wired connection or wirelessly -- can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.
So, a guy has to get on my network, set up another machine as a trusted server, wait for me to reboot, and then...? Is this a fair comparison to email viruses, etc...?
My cube's been up for 90 days. I plan to take it down and upgrade it eventually. Does this mean I'm going to be vulnerable?
Whatever.
-- The world is watching America, and America is watching TV.
It's about time Apple did something about the POS security in OS X!
Obliteracy: Words with explosions
If you want to read a well thought out and constructive rebuttle to this article, click here.
Everyone talks about us Mac zealots, and yet no one ever talks about the Anti-Mac zealots, and let me tell you there are a lot of them.
t's got FAR less viruses and haxx0r attempts because it's less popular.
I hear this claim all the time, usually in Windows vs Linux debates. What do you base this claim on? Other people claim Windows has more viruses because it has more exploitable weaknesses rather than a larger installed user base.
I say that the number of viruses is not related to the number of users. If Linux or Mac had a larger user base than Windows, Windows would still have more viruses than either other OS.
It's simple: I demand prosecution for torture.
He starts off by listing that NetInfo/DHCP thing that was not exactly a trivial exploit... and that most dial-up cable/dsl users weren't vulnerable to then...
:)
mentions a few global headline news Worms and Viruses that had Windows users on the run, and sort of throws in a known history of dozens of severe security problems that have consistantly been popping up for years on end.
Oh! And iTunes was hacked. Riiiight... that was never a problem in the first place.
So you see now! Mac are just as insecure as Windows machines are!
Not quite.
Cwm, fjord-bank glyphs vext quiz
Look at what it means to a typical user, doing things the way such users typically do. Do some real risk analysis. That is what folks are truly interested in-the difference in risk to them when they plunk down their money for a PC vs. a Mac.
Not only is he arguing that OS X is as insecure as Windows because of only ONE (that's 1) flaw, but he's comparing apples and oranges (ah, so to speak): the OS X flaw he (poorly) describes affects only a tiny fraction of OS X users, depending on their network context, and those who ARE affected can easily change some settings to fix it. (Why do you think Apple didn't release an immediate fix, Z-D media clone? Hmm, seems pretty quiet around here now.) Many of the reported Windows flaws, otoh, have widely affected average Windows users who perform such mundane tasks as, say, opening a web browser.
This guy's either another FUDbot or he's technically clueless. Either way - next, please!
That's the sound of no one caring what you think, Lance.
A series of what ifs, followed by the reaction of imaginary mac fields that exist only in Lance's head.
And the whole "Macs don't suffer viruses because there's so few" myth was dead and buried long ago. Sheesh. Who cares? If Lance is happy with his bloated, cheerless, abominable bugfest of an OS, more power to him.
And now, Obligatory Car Analogy: it's like Lance is sitting by the side of the road with his Chevy Vega that just flew to pieces for the fifth time that week, and he's pointing at the Lexus that just sped by because it had a defective radio knob that just fell off.
--- Ban humanity.
Excellent comments. Please post them in our forum:
s p,
http://discuss.pcmag.com/pcmag/start/?msg=32413
-----Original Message-----
From: ***
Sent: Thursday, December 11, 2003 10:24 AM
To: Ulanoff, Lance
Subject: Eureka
Hello.
in your piece at http://www.pcmag.com/article2/0,4149,1408953,00.a
you have this to say in conclusion:
Ultimately, those on the Mac fringe have to face facts: Panther and Jaguar were not better at outrunning vulnerabilities than Windows. I expect other gaps will emerge, and while the Mac OS may still draw far fewer attacks, this discovery might suck a little wind (or is it Windows?) out of Mac radicals' sails. They can scarcely claim this was a minor hole. OS root access is serious stuff. How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here.
So, that's all it takes for you? One potentially serious loophole in an
OS to declare it "no better at outrunning vulnerabilities than
windows"?
Have you recently counted the number of Cert advisory reports that have
come out for XP? Last I checked, more than a month ago, it was in the
40-some range. For XP alone. This year only. For the past few weeks,
those reports have come in bundles of 3-to-5 at a time. Nearly every
other week.
While gaining root access is serious on a Unix machine, you also need
to point out the fact that to be able to gain access to this loophole,
you absolutely need to be on the same subnet as the compromised
computer. Therefore shielding 60%-some percent of home Mac installation
(as those connect to the interner through some phone connection like
PPP) and a great deal (don't have numbers) of the remaining 40% still
not at risk, provided their Cable or ISDN, [A]DSL ISPs have done their
work properly.
It's not like one could attack the entire machine simply by sending an
email containing some VBL script. Right?
Of course I'm a Mac head. And I'm still as cocky as I've been since
roughly 1988. Because every time I see those IT folks around here
struggling to keep the company running when the next wave of Win
trouble appears, I'll be smiling at my desk, uninterrupted, and
occasionally offering to help (okay... I'm just pointing them to some
Linux site or Apple.com... but hey... I seriously believe that would
help
them).
Keep us entertained.
Have a good day.
Not quite true. Of course it is technically, but to develop applications which typically live in kernel space in most operating systems, say device drivers, you don't necessarily need root. On a GNU system (with its native kernel, the Hurd, not Linux) you don't need root for this. Only to change the microkernel you would need root, but the idea of using a microkernel is that it hardly ever needs to be changed.
Remember, this is PC Magazine, so naturally they will be very PC-centric, for lack of a better term. And most PC users will show anything from mere ennui to full blown fear and loathing about anything that is fruit-flavored.
This sig no verb.
- Number of Macs reported/suspected to be cracked by recent vulnerabilities: ZERO
- Number of Windows PCs known to be cracked by recent vulnerabilities: MILLIONS
So... I'm feeling pretty damn cocky, thanks for asking.> My Mac never has never told anyone ILOVEYOU.
Poor thing. Perhaps you could get it another Mac to play with?
I've been a Mac user for four years now, but I still regularly use Windows and occasionally Linux. To me, Mr. Ulanoff seems to embody the worst type of Mac user - the cynical ex-user. All the Mac users I've talked to aren't snobby or "elite" but almost every single ex-mac user is. It's almost like they were upset that they had to leave MacOS and now all they do is spit insults at anyone who thinks that Macs are cool.
I feel bad for anyone who feels the need to put a group of users down simply due to their choice in tools. That goes for the "Mac elite" that Mr. Ulanoff has to deal with as well.
You can find a better article about the OS X vs. Windows with respect to viruses here.
I have never been able to shake my perception of PC Magazine/ZD as just a shill for their biggest advertisers. Just ask yourself: Who butters their bread?
I understand that a lot of you here on Slashdot are new to the Mac (since OS X) but those of us who have been on Macs for longer recognize this type of junk tech writing for exactly what it is: an attempt to stir the shit and increase readership. It's probably easier to sell advertising on your site or magazine if you can create just the right anti-Mac tempest in a teapot and sell a few more copies or increase your web site hits. This tactic used to run under the headline "Apple going out of business" or "Apple to close up." Now that's mutated into a "critique" of security or speed claims or whatever. Sadly, there is a fraction of Mac users out there who are still willing to take this bait and play into the game. I'm not even looking at the article. Been there, done that. I recommend that you stare out the window and observe the slow but steady growth of the grass outside--that would be far more productive that playing into this kind of shameless, professional trolling masquerading as tech reporting.
--Rick "If it isn't broken, take it apart and find out why."
Wrong. There is something to be said for how security is considered in the design of an OS. For Windows, it wasn't much of a consideration, which contributed heavily to why there have been so many systemic vulnerabilities.
The system was designed to be user-friendly, not secure. They got their market-share because of that fact. I think it is much easier to make a secure system user-friendly than to make a user-friendly system secure. Microsoft is finding that out as well. You reap what you sow.
My beliefs do not require that you agree with them.
Heebie JEEBUS, If this guy isnt someone that is desperately looking to validate his existence I don't know anyone who is. To go about comparing one, frankly obscure, dhcp exploit compared to the neverending cavalcade of windows holes. I wonder if mr self satisfaction actually has a timeline of windows exploits and issued patches. I doubt his wall would be long enough to hang such a thing.
Wow, this writer for PC Magazine obviously has some issues when it comes to attitudes. This article is written mostly as an "IN YOUR FACE" to the Mac community. I also find humorous the huge, honkin' HP advertisement right in the middle of the article.
Anyway, while it may be true that there have been some insecurities with OS X (as you'll have with _any_ operating system), most of them have been what I'd classify as low-risk. Go read all the advisories for them, they all require either physical access to the local box/network or are vulnerabilities with the open source components of OS X (like OpenSSL) that affect everybody in our (Geek) community.
So quite frankly, I see this as overreacting on the writer's part and worse, it's not terribly objective and horribly whiney.
(btw, as you read my sig, you'll say I'm just as bias and you're right. But I'm not whining am I?)
I just wasted your mod points! HA!
Notes From Under *nix: blas.phemo.us
granted i prefer my mac, so the argument is biased, but i have a win32/pc i use every day as well..
what bothers me about this article, is the author assumes that by "more secure" the mac elite has meant to saying their OS is perfect. obviously, this isn't the case.
i've had my newest mac for over a year now, and have only seen 2 vulnerabilities made public (openssh, and this trusted host thing). during this same period, i've seen more windows vulnerabilities than i can recall, and i've had encounters with at least 4 widespread microsoft worms [found in my inbox], and watched them bring many networks to their knees.
i haven't seen a virus for mac since the days of System 7 on M68K chips.
bottom line is -- yes, OS X has vulnerabilities... but there will have to be a lot more discovered, and a lot more damage on its behalf (worms, etc.) before anyone can call it even.
-m
To be fair, I didn't read all the comments, so this might have been said already.
Of those comments I did read, it seemed to me that the authors who wrote pro-Mac comments missed the point of the article entirely.
The author is saying that because Windows is nearly ubiquitous (mean everywhere), it's bound to attract more attention than Mac OS, or Linux, or OS/2, or Unix. With more attention devoted to it, obivously more bugs are going to be found. Let's face the facts: If Mac OS (any version) had 70-90% market share, people would more than likely be finding bugs left, right and centre, while Windows falls by the wayside. The same would be true of Linux, or OS/2, or Unix.
Before you go deriding someone for making a point, try standing in their shoes and see if their opinion makes sense.
Is being secure the same as security? Let us take a look and see. Starting out let us compare raw numbers.
Building A has one broken window, that is kind of small and can only be breached if you can get passed the outer gate (with its own security), and have the right (specialized) equipment.
Building B has many broken windows, and windows breaks as fast as they fix them. Many of the broken windows can be breached from down the street. The latest broken window could allow anyone to imitate building C, and only when you have entered the building do you realize that you have been duped into entering Goat's house of cx.
Which building is more secure?
The issue is that security is offered in LEVELS. No place is 100% secure, however some places offer much higher levels of security, providing a safer place to be.
So which building is more secure?
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Security is only as good as how often the users patch.
The focus on patch management starts becoming embarrassing. Not too long ago, the mantra was, "Security is only as good as how often you update your antivirus scanner", or "Security is only as good as your firewall".
It's sad that so few people realize that patch management is part of the problem, and not a solution. It's only a question of time that the patching process fails in a blatantly obvious way (in part it already did for Slammer and the Blasters, but you could blame the users, so few people questioned the basic idea).
Don't get me wrong, being alert about patches (and applying them when necessary) is a good thing, but the current fuzz about it is beginning to blind users and admins. Patching is not the final answer to our security problems, just a workaround that appears to work (mostly from a software vendor perspective, it's a nice way of shifting responsibility).
Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.
An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking -- and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.Steve Jobs stated when the iTunes music store was announced that the DRM would be hacked. The point was to provide a DRM solution that was not restrictive to honest users. That was delivered.
His email address: Lance_Ulanoff@ziffdavis.com
His brief bio here
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Holy crap! You mean that if some ass-taco gets physical access to my network and can set up a rogue DHCP server he'll be able to get root access to my Mac (unless of course I took the 5 minutes to read the technote article and disable all my unused directory services)?
Dammit! I'm gonna' go back to my OpenVMS box!
If what this guy really wants is absolute security right out of the box, I guess he'll have to do the same.
You are attempting to read sigs. Cancel or Allow?
So we know there is a vulerability... How many people do we know of that got infected or hacked via this exploit. Lets pretent that Apple has 5% of the marketshare. I know 40 people that got hit with Blaster and many of them were also hit with the I Love you Virus and a few others along the way. So with the Windows machines taking up 95 percent of the market... going by the numbers there is 1 mac user for every 19 PC users... So I should definatly know 2 people that were r00ted by a L33T H4X0R with this recent attack?
However I know of Zero that were affected by it.
Take a second... figure my point out.
I had a flame... but she had a fire.
Overheard whispers: "He's not going do it" "Yes, he is - you didn't see last months rant against one button mice?" "I dare you" "I bet his ethernet cables not plugged in" "It's been a pleasure working with you" "I knew he was an idiot, but nobody's that dumb" "Didn't his last article get taken out by the Melissa virus?"
How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here.
I think you can add Lance Ulanoff to the list of things that are "insecure".
Quick, send him an Outlook virus!
I think I already did.
The ______ Agenda
AFAIK, Joe Blow can write to / on a new 10.2 install. This is madness.
/etc/hosts >> /hosts.txt
/dev/null to /bin/bash (or whatever). apparently somebody at apple actually thought about security BEFORE they shipped the product. evn if yo install any application, the best you can do is install it into ~/Applications. if you want to install it into /Applications, then it asks for a admin user AND a password. make shit up in chat rooms. not /.
then, apparently, you don't know jack. you absolutely cannot write to / unless you (and follow this carefully):
1) open up a terminal
2) type sudo
3) then type say: cat
4) type password
you my friend, are full of shit. now, if like me, you create another user, which i always run at, then i have to open the term, su to an admin user, then sudo. osx turns off root by default. to enable it, you have to go into net info, and specifically enable root, THEN, you have to change it's terminal from
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
No, he's doing the reasonable Mac observance that 50 versions of a greeting card program does not count.
You can tell a great deal about the character of a man by observing those who hate him.
i don't think that is entirely true. i know lots of kids who used to write virii, and they wrote them for microsoft machines because that was the machine that they had. these would also be the same people that would defend the IBM/Micro$oft machine to the death in a windows/mac debate, but that was the platform they had. mostly, i guess, is that they didn't want to even bother with mac users.
I see Windows, I see Mac. I see Linux on the rack.
Then you can go here to discuss what a steaming load this "commentary" is. Oh, my gosh. Someone who already has access to your network can put a malicious machine on it that will lead to your Mac being owned when it reboots. That's so freakin' simple. Not like those astonishingly difficult Windows attacks of sending emails, setting up websites and/or having users download spyware. The sky is obviously falling. AAAAAHHHHHHH!
Mac OSX has a bad set of settings. Yep, that happens. That is a bug. Likewise, there were other bugs on OSX that were actually just as bad if not worse (they use a lot of OSS and they will have the same faults as the OSS world does).
The real problem is that Mac OSX (and most other systems) have a fundementally sound architecture, while none of the the current Windows do. I suspect that Longhorn is taking a long time to get around these huge design holes, but the current ones have them and there is nothing that can really stop these. In fact, MS has confirmed it numerous times in gov. and court hearings.
So yes, the *nix based system will continue to have holes (in fact what system does not), but they have a much more sound design from the ground up. Hopefully, Longhorn will as well.
I prefer the "u" in honour as it seems to be missing these days.
Personally I would not have made that choice, but at least there was check box to turn off the default DNS trust. If only windows came with checkboxes to remove its bugs. And I dont mean like checkboxes that say "turn off scripting and cripple my browser please".
In fact mac has not even fixed the so-called hole because its not neccessarily a mistake.
In any case the SSH vulnerability, and the screen-locker vulnerability were in fact true holes created by mistakes. These are what should be scrutinized. But these did not lead to widesperead network worms at least. they did not arrise out of a insecure by desing attitude that pervades all the Active-X philosopy, the power-user-by-default philosophy, the standards crushing embrace-and-extend, the optional log-in password philosophy, or the add features rather than fix bugs philosophy that rightfully inspires all the anti-windows zealotry.
Some drink at the fountain of knowledge. Others just gargle.
I said nearly the same thing about Linux last time somebody spouted junk about Linux not really being any more secure:
When OS X has a vulnerability, it shows up in a few specialty news sites, a few people tsk, and maybe a few people even get hacked.
When Windows has a vulnerability, it shows up as a worm that takes over millions of machines in a matter of hours and cripples the entire internet.
The OS X vulnerability in the article isn't even a remote vulnerability. You need access to the machine's local network to pull at off, and you need to do it when the machine boots.
Major Windows vulnerabilities, on the other hand, let anybody who can ping the machine take it over completely and at will. You don't even need to be that smart; a small computer program can do it automatically.
Which one is more secure?
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
no point in generating revenue for them to produce more pap like this character's "analysis".
If English was good enough for Jesus, it's good enough for everyone else.
ALL operating system are insecure. No exceptions. It is the responsibility of the OS vendor to find, fix and release patches for vulnerabilities. It is the responsibility of the user to apply those patches and secure his box. The issue here is not that OS X has a vulnerability. The issue is that Windows has a larger installed based and thus being a more lucrative target has MORE of its vulnerabilities exploited. MS is consistently late releasing fixed and then once the fixes are released, the sheer installed base of windows works against it. Around 80-87% of US internet users are on dial up. Most likely 90% of dial up users use Windows. A clean WinXP install requires over 128MB of downloaded patches. Exactly how many dialup users will ever patch their systems? MS owes its users at a minimum a monthly CD of patches in the mail at NO charge if it wants to be a responsible internet neighbor. That alone would remove the most common reason why MS systems are so vulnerable.
it seems far more constructive to discuss the merits here (which I am sure he will read)...
Heehee, (giggle), that was a good one.
Get real. This guy's job is to generate ad revenue by bringing in eyeballs. Writing an inflammatory article does just that. Having done so, he goes home. He doesn't give a shit whether he's right or wrong, and he certainly won't be following up the "community's" response. He will laugh all the way to the bank, however.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
thanks for the supporting evidence. very convincing. I SAY the Doublemint Gum twins rule the world as part of a secret cabal that includes Cobra Commander and Billie Holiday.
"the starry sky above and the moral law within"-Kant
If you have to change your configuration from the default in order to have a secure system, then you have a security hole. Most of the really big microsoft security hacks are things just like this - the system is configured open by default when it should be configured closed by default.
The rationale for configuring the system this way is that it's easier to administer - you just plug it in and it starts working. This is why Microsoft used to configure the system insecure by default. This is why Apple is still configuring the system insecure by default. But part of what you're plugging in, with no authentication at all, is your authentication system. So if the thing that tells you what authentication system to use lies, you're hosed.
This is less severe than the recent Microsoft bugs because the attack is hard to do from the outside of a firewall. So probably Apple is not going to get the kind of bad publicity for this security hole that Microsoft has gotten for, e.g., the Blaster worm. But this is actually a much worse security hole, in a sense, because there is no Software Update coming down the pike that fixes it - Apple has, so far, taken the position that this is a feature, not a bug.
Because the number of people who run software update automatically is much higher than the number of people who pay attention to security alerts and do what is recommended in them, this particular security hole is going to remain on pretty much every MacOS X install in existence. So I can see why the guy from the PC magazine is acting all smug.
The right thing would be for Apple to fix this, but I don't see them doing it - there's no way to secure the DHCP transaction, and there's no way to secure the LDAP transactions either. I hope there's someone in a back room at Apple working on closing this gap, but they've been silent on the issue so far, other than maintaining that because it's a configuration thing, it's not a problem.
Mac OS X is not a secure OS, neither is windows or linux. A secure OS is one that is competently adminned with all services except the bare essentials disabled, all patches applied and is constantly auditted for holes.
"security is a process, not a product" - Bruce Schneier
So Mac OS X has security problems, so what? so does do linux and windows. Too bad for those two mac os certainly makes up with its superior gui and os design.
I have never seen someone get so seriously bent over such flawed logic.
There are several things to consider:
While complexity may provide an opening for flaws, it does not atutomically mean the code is flawed if it is complex. People who care that there code is used ( Apple Engineers) can surmount the problems that complexity poses.
MacOS X is complex because it DOES MORE. Samba,NFS, CUPS, X11, SSH, shells... and is INFINITELY more configurable.
XP et all is complex because it does marketing and because it attempts to deliberately obscure configurability and portability of code. These are essentially arbitrary complexities that are in direct conflict with good code practices.
Just do what you do best
Arnold "Red" Auerbach.
"How cocky are you feeling now, Mac elite?"....Aha! At least they are now recognising that we are an elite! ;-)
"This is crazy, you realise we could all go to jail for this?" - my manager, somewhere I used to work.
When I went from OS 9 to OS X, I knew that I was giving up a large amount of security to get a *nix base and loads of features never before seen in a Mac "OS". I think that was well worth it.
What else that has definitely made it worth the move is that Apple has been very fast, IMHO, in offering patches for security holes (note: the recent cookie vulnerability).
There are dozens, maybe hundreds of more holes in Windows and we all know that many of them will never be fixed.
At least Apple acknowledges security holes and makes effort to fix them.
-A
1. Notice flagging readership, reduced ad revenue
2. Write audacious, insupportable story that will anger people
3. Submit to Slashdot
4. Profit!
And sitting and imagining a theoretical is not actually "putting it into action". It's just an opinion derived from whatever biases you hold.
--- Ban humanity.
Anyone notice this?
Please, please, tell me that he's not trying to convince us of his "Apple cred" by noting that the last time he used a Mac in a serious capacity was ten years ago?
Microsoft's startling accomplishment is that, in addition to fundamentally failing to make its system easy to use, it has also simultaneously managed to leave it insecure.
Microsoft doesn't understand ease of use. Ease of use is making an internally consistent system that minimally technical users can quickly understand and apply to accomplish much more complex tasks. Ease of use is not designing a condescending wizard to walk a person through a bizarre fifteen step process to do whatever it was they were trying to do (and God help someone if they ever need to do something even slightly different than what the "wizard" has be pre-programmed to do).
Likewise, as many others have pointed out, Microsoft has failed to understand security. Security isn't developing a system to automatically download all this month's security patches, nor is it simply patching problems in a timely manner (both of which, ironically, Microsoft has also failed at). Rather, security is the well thought out implementation of an entire top-to-bottom design philosophy to allow a computer to exist in a hostile environment.
So the system was really designed to be neither user friendly nor secure. That leaves other market forces in command of its popularity. For example, ability to run on commodity hardware, relative ease of use in its early monopoly forming stages, later exploitation of its monopoly, broad 3rd party software support, lack of wide appreciation of the security problems (especially in the pre-monopoly and early monopoly stages), and ongoing familiarity to users (among others) as the reasons Microsoft got its market share.
You didn't install anything, you mounted and copied. You need root (sudo) access to to an actual install on OS X. So in a way you both are correct, you DO need root to install, but it can be circumvented if instead of "installing" you merely mount an image file and copy the executable out.
"It's better to be a pirate then join the Navy"
viruses attack the OS!
Just because there are less identical copies of an OS out there does not make it more secure.
Just because there are more identical copies of an OS out there does not excuse multiple, unpatched, vulnerabilities!
The Underlying OS is what is secure or not. The Mac OS has a flaw, openBSD has a flaw, the Linux kernel has flaws, Open Source applications have flaws, and the Windows OS series have severe cracks in the foundation of their operating systems.
Why do all the Microsoft apologists point to vulnerabilities in other Operating Systems as a justification for having the worst security track record in the history of computing?
You know why? It marks the point at which Macs have climbed back into the ire of PC Mag editors everywhere. 3 years ago, a mac article wasn't worth the soy ink and electrons it took to create an anti-mac article.
Wow, it's like it's 1988 all over again. Some Tool nitpicks one or two items to make himself feel better because he's a Windows user for whatever reason.
Next we'll hear how overpriced Macs are.
Actually, the only difference between this and 1988 is that games used to come out first for the Mac (Real business users don't need games! Was the rallying cry).
"oohhh... I didn't know Schopenhauer was a philosopher!"
OSX has the out of box simplicity edge while still having all these services off?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In your install of Mozilla, you are just copying some files to you user Applications directory. You aren't accessing anything directories which as a user you are not allowed access to. For other software that installs for all users, or needs to change something in a directory for which you as a user don't have access, you'll have to run an install app. And that *has* to ask you for the root password, otherwise it can't do these things. As someone else said, it's the gui equivalent of sudo.
I have recently audited an xserver running the latest Jaguar. Within the first 20 minutes of looking, I found 3 command-line overflows for suid apps. These are textbook overflows and appear to be trivial to exploit. IMHO the developers have performed very little vulnerability (fuzz) testing against their privileged applications and services. Many many more bugs will be found. I encourage any newbie vulnerability researchers to get their hands on a copy of Jaguar ASAP. As mentioned in a previous post, file permissions are screwed up all over the system, and the amount of suid binaries is astonishing. You *will* find *many* vulnerabilities.
I'm not sure your example of "installing" mozilla is substantively different than the way an ordinary user could "install" many peice of software in Linux, namely put them in your home directory and run. You only need root access if the program needs to run as a different user (esp. root) or to put it in a place like /usr/bin, because often users can't write there. It seems the only difference is that OS X lets you put this new software in with all the software installed by the admin. That's not good (because then there're indistiguishable to a cursory examination), but not so bad.
I would think a bigger question is whether you can modify or replace existing programs. It sounds like and answer is yes, and that IS bad news. Another question is, can you cause the program you've added to run automatically for other users (or by root at next boot)? I don't know. I haven't used OS X enough.
"You call it a new way of thinking; I call it regression to ignorance!" -- Operation Ivy
Just to be picky: that sudo command won't work.
/etc/hosts >> /hosts.txt <ENTER>
/bin/sh <ENTER> /etc/hosts >> /hosts.txt <ENTER>
if you meant:
sudo cat
type password
Then this won't work, since the shell redirect is running in the shell of the non-admin user. However, if you meant:
sudo
type password
cat
Then it would work.
"If the Macintosh OS ever became dominant, the tables would turn, and there would be just as many reports of viruses, security holes, and attacks on it as we currently have with Windows."
Apparently the author thinks that it is impossible for the dominant OS, whatever that may be, to be more secure than Windows. He belives that a products percentage of proliferation in the marketplace determines its security. Not the programming.
He's saying that UNIX based operating systems with as much exposure as Windows will be subject to as many vulnerabilities and exploits as Windows is. He thinks it is not possible for an operating system to be made more secure and less vulnerable.
In effect, what he is saying is that Windows is the best the human race can do. This is it. This is the culmination of our species ability to write software. No operating system can ever improve on the constant barrage of patches and updates that must be done to keep Windows safe.
Obviously, while humans can not ever write flawless code, I certainly hope for our sake someone somewhere can do it better than Microsoft. If that someone is Apple, great. If it's a Linux distro, that's fine, too. But I am certainly going to hold on to the belief that there exists the possibility that an OS can be as dominant as Windows without being as insecure. Otherwise, we don't have much to look forward to in the realm of computing, do we?
Bryan Chaffin from The Mac Observer goes into some of the points mentioned in the original article: The Back Page: PC Apologist Asks If We Mac Users Are Now Humble
One interesting point made is that those who say that Mac OS X suffers fewer security and virus problems than Windows only because there are fewer Mac users just don't have a leg to stand on.
First of all, any operating system can have a bug in it, just like any other piece of software can have a bug in it. Some are serious, some are not. And anybody who knows anything about internet security can tell you that the next thing to get you will almost always be the thing that nobody thought of. If you're depending entirely open your OS security to keep you safe, you have a problem.
When bugs are found and updates are released, this is a good thing. If the vendor doesn't get an update out in a reasonable amount of time, that's a different issue.
Having said all that, I should say that OS X being Unix underneath certainly does come in handy for security issues that come up. Windows users do not have (and often could not use anyway) that luxury. Yes, I'm an OS X user, although I am a long-time Windows user (since 3.1) who still has a Windows box. Both of them are behind a firewall so I don't spend a whole lot of time sweating every little security hole that comes up in my operating systems.
RP
After reading the article, I bave two things to say:
1. These aren't exactly easily exploitable remote root's like windows has had 50 of. There really is no comparison.
2. Installing XP yesterday, I was r00ted before I could get to Windows Update. This is just. plain. ridiculous.
I don't know about you guys, but there really is no question of what OS to use if you really want it to work right, be stable, and be secure. NO QUESTION. "usability" is close enough in Linux for me. AND ISN'T A VIRUS EVERY FIFTEEN MINUTES SOME SORT OF USABILITY PROBLEM?>??
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
Bear in mind that at least UNIX was designed with multiple users and administrators in mind, whereas Windows most certainly never was.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
I wouldn't call it circumvention - if you could copy the file and preserve its suid bit, then yes.
What were the skies like when you were young?
Unix is more elegant, but the fact that it grew up together with the Internet as a networked OS. This was not an afterthought. Neither was multiple users and security. When you work with something long enough, it becomes second nature and solid and secure. How did Windows start out? Single user. No Internet. No concept of services/daemons. You machine was its own little island. It was all about the single user GUI in the office to do one task.
And anyway, if XP is so secure, why are they scrapping it for a complete new rewrite - again? It's because it can't be fixed and it has more security leaks than a seive. Microsoft has tried and tried to reshape the Internet into what they want it to be and, thank god, it's failing. And in a way so stupendous that now those that get sacked regularly gotta go off and complain about it. Well boo hoo to them. I've never experienced a virus or worm on OS X or Linux/Unix and I don't suppose I will be anytime soon. There's a reason for that and m$ still doesn't get it.
A bug in Windows 3.1 and forward allows a malicious attacker with access to the local network to hijack your machine and run any program he wants on the users machine.
The attack goes like this:
He sets up a DHCP server
Feeeds computers booting with fake IPs for DNS and WINS servers.
Redirects the NETLOGON server shares to a share under his control. Makes sure the login script runs his software.
It is thus recommended that all Windows users, especially coorporate users, disables DHCP in the TCP/IP settings, until Microsoft starts shippign support for DHCPS - which is DHCP over SSL/TLS.
It is important to do this, since if only some users does it, it might be difficult for thew machines to connect to each other.
"HAHAHAHAH!! Mac OS X isn't perfect! Duh, I'm so smart!"
Is this guy for real? How does a vulnerability which involves an attacker having to break into your home network (much less a corporate one), take over a machine and then set it up as a rogue DHCP server anywhere near equivalent to something like Blaster, which spread automatically, with no machine spoofing required? Honestly, if your network is so utterly open to attack that it's a trivial task to spoof a DHCP server, there are bigger problems than OS X's security flaw there.
The claim that Mac OS X would have more viruses if it was more popular holds some merit, but it says nothing about the lethality of those viruses. OS X has all sharing network services off by default, unlike Windows, shutting down a large avenue for virus propagation. Mail shows the entire file name of an attachment, preventing attackers from hiding extensions. Mail also does not automatically execute attachments. Furthermore, any application wishing to do anything as administrator has to ask for a password by default, and root is disabled by default. This is not the case in Windows, where tales of administrator accounts with blank passwords abound. While there may be more attempts at writing viruses for OS X if it was more popular, far fewer of them would actually reach the scale of damage that things like Blaster did. Windows is an ideal virus propagation platform not just because it's popular, but more importantly, because it's default setup is insecure as well.
I'll admit, right away, that I'm a Mac user. Then again, I'm also a Windows user, Linux user, SunOS user, etc. I'm really not *that* platform dependant. I guess I really don't understand the reasoning behind arguing over an OS. The argument is rather petty if you are not doing anything to improve upon the security of the operating system you favor. No OS is perfect, and no OS is totally secure.
I did find a few problems with the article (beside the fact that the author was bashing mac users who bash windows users...circular logic, anyone?). The author claimed that due to the fact that DVD Jon cracked quicktime encryption of ACC streams (used by the iTunes Music Store) doesn't mean it's going to bring either the MacOS or Windows to its knees. It's a f**king MP3 player for Chrissakes. Sure, vulnerability that could circumvent OS security might exist within iTunes, but the specific nature of DVD Jon's crack has nothing to do with OS security.
The author made this claim about the cross-platform iTunes "exploit" while failing to mention anything at all about Macros, and the possible for viruses that accompany them. To me, it seems that the author was grasping at straws without having any concrete evidence to back up his claims.
Whenever I read an article from one side of the OS wars bashing the other side, I tend to think that the author was in danger of missing his deadline and needed to come up with something in a hurry. Why does this issue never get old? Perhaps we should think about ways to make our OS of choice more secure rather than bashing others' flaws.
AgentOJ
But even back then, I had this gnawing suspicion that 18-month software development cycles could somehow hurt the platform. Before the tide really turned, however, I switched to PCs. I had joined PC Magazine, and the editorial staff used them.
That's the Mac's problem! He has nailed it! Apple develops new and vastly improved features (in the range of 150+) - basically an overhaul of the operating system - every 18 months. Rather than this whole OS X thing, they should have just created a new theme for OS 9 (oooh, maybe with Green highlights) and changed its name every so often...
If you can't taste the sarcasm, just smile and nod...
Disclaimer: This comment was generated by a Flock of Trained Microsoft Programmers for Aqua_Geek.
This means anyone can walk up to your machine and boot it into single user mode and completely root you.
oh my god you mean someone with physical access could also somehow DNS spoof net info and get root access. Oh my alert the media.
The point is where one draw the line between ease of intergration versus security becomes cloudy once one gets to the point of requiring physical access to engage in a hack. The ONLY thing that I see distinguishing these analogous root attacks is that most people are aware of the single-user boot attack and though it was well documented the DNS attack was not well known and thus could have surprised a lot of people.
Fixing this now presents apple with a dilema. Consider that happens if they were to issue a security update that went around and turned off this feature. Suddenly all networks that had actually been using it suddenly stop working and some sysadmin has to figure out why then reconfigure every machine to turn it back on.
Thus you can see why they have not rushed to change the default. But one assumes that they will ship NEW os's and new computers with it turned off in the future.
this choice for easy configuration assuming the local network can be trusted dates back to the time of NFS. And NFS is still presents almost exactly the same potential security hole (if you remote NFS mount your home directory you just pulled your pants down, grabbed your ankles, and said "ah" if I can jack onto your network. ). NFS has not fixed this problem yet either cause doing so would break a lot of networks.
Some drink at the fountain of knowledge. Others just gargle.
PC Mag Exec: Look at all the free press we're getting because ole Lance wrote a stupid story! Give him raise!
Why would one read about Macintosh, or for that matter any, news from PC Magazine. I don't consider it a valid source. Now I will go read it, maybe he cites a valid source.
We all know the mac has a huge security risk. It's a major issue. From now on OS X is as virus prone as XP. And Apple's DRM has been Hacked. People are pirating the iTMS as we speak.
;-)
And in other news, SCO really was attacked from outside by an evil DDOS. Those Open Source Commy Bastards.
Believe everything you read folks.
I think, therefore I am...I think.
Installing Mozilla and many other apps that do not require system file changes do not require root. Many basic apps are in .app bundles and do not have files beyond that.
/Applications folder does require a user that is in the admin group. A non-admin user cannot write files to /Applications. It does not require the additional step of actually logging in as root.
Basic application install into home directories obviously do not require more than the user's permissions.
Installing to the
Installing files that are owned and controlled only by root (system files, etc), require a sudo login (ie. root uid execution).
The default *nix permissions used on MacOS X are pretty decent.
One of the keys to the permissions though is not that anyone can install an app (ie to their home directory), but that if they did, when they run the app, their user (and this apps they run) still doesn't have any ability to damage the system.
-Alex
Um. As an administrator user, yes,
echo "foo" > /bar
works. What happens if I try to modify any meaningful directory, though?
dhcp150% echo "foo" >zsh: permission denied:
dhcp150% echo "foo" >
zsh: permission denied:
dhcp150% echo "foo" >
zsh: permission denied:
dhcp150% echo "foo" >
zsh: permission denied:
Furthermore, your original test case appears to only work for an administrator. (People seem to forget that "administrator" is a separate concept from "root user" under OS X.) Create a standard user and try to create a file in the / directory; at least on my 10.3 system, it gets a "permission denied" error.
I'm not convinced you've made an airtight case against any "seasoned administrator" ever letting OS X into production.
Sounds like a good reason to keep M$ boxes off your network. That steaming pile of dung is easily owned and then used as a base of attack. Think about it, in a properly constructed network there's nothing to fear even when using obsolete protocals like telnet and ftp. You only have to hide your passwords when someone you don't trust might be listening and a well constructed gateway would keep that from happening. All is well till you put a machine in that runs an email client as root that automatically loads music, images, scripts and other stuff.
Friends don't help friends install M$ junk.
Motion in the gloom of a side street catches your eye. You turn to see what it is. There, in the vomit and urine stench of a gutter, you see a form rising. You see the whites of someone'e eyes. The stench and filth turn your stomach but you stare transfixed. You think of calling an ambulance for the poor trashed bastard. There, it's a man! It's Bill Gates!
He points a finger and thunders with all of his might, "You are no better than I am!"
Friends don't help friends install M$ junk.
Before I start, let me say I have a PC w/ Linux and an iBook which is the computer I use for school work, email, IMs, etc.
Apple occupies much less of the market, so obviously there are going to be fewer "exploits," at least fewer that are in the public. Second, because Apple has less of the market, the is less incentive to exploit anyholes that one may find - do you want to spend your time writing a worm that can infect 85% or 10% of computers? Third, both OSes are really very good, but out of the box, comparing security between the two is a joke. Its like comparing two guitars when neither of them are tuned correctly... some configuration by a knewlodgeable person is always, no matter what, going to be required.
Looks like Apple set the sticky-bit on /. Even though you can create a new file in /, you can't edit any of the important files there nor can you modify any of the files in /etc w/o sudo/su'ing first. (My experience is only w/ 10.3.)
You can't ignore him. The Windows fanatics are all behind him! Both of them!
Kevin Gilhooly
Migrant Programmer
How does a default setting regarding a specific directory's permissions plus the fact it doesn't use /etc/passwd make it "unfit for production"?
/etc. That's just how it works. It uses the NetInfo database. This is one of the few actually well-documented parts of OS X. /etc is a vestigial limb, it's a dummy file which is involved in startup but it is not actually used for real user info. It's used in single user mode because single user mode is an emergency startup mode used for debugging, and NetInfo doesn't launch in this mode unless you launch it, because part of the single user mode's hypothetical purpose is to debug problems with NetInfo!
OS X doesn't use
You might as well call Linux unfit for production because you can do some potentially nasty security-related things in some versions of Lilo.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
I have a router now - see, I can learn :)
Some people tell me I should set up an old PC to run Linux and configure that as a router, but they don't seem to understand that:
* That requires significant effort on my part
* My router is small (paperback book size)
* It doesn't make loads of noise and consume loads of power.
* When I occasionally get problems with my connection (about once every 2 months), whatever the problem, it's usually solved by toggling the router power switch, and takes a few seconds.
But you can't tell some people...
Possibly the drag and drop installs have everything the application needs in the app package. If it installs anything in the library or system folder, that might be when you need admin access. Just a guess...
"This is you left and that's your left. This is your right and that's your right. You're gonna die!
>Apple's response was that it doesn't happen in Panther, so just upgrade.
Those BASTARDS! How can you get any work done in Jaguar without this critical feature. I just can't believe that somebody inside Apple decided not to backport this.
*cough*
Jesus Christ.
Please also keep us posted on the progress of the bug whereby a 20" iMac cooled to nearly absolute zero incorrectly reports a temperature value of MAXINT. That one's really slowing me down at work and if they don't fix it soon I'm gonna have no choice but to switch back to Windows.
Apple Magazine: PCs insecure
"And I for one welcome our new insect overlords."
Dear Mr. Ulanoff,
/. and so seen by thousands) this paper shows up:
S X_ Shellcode_Assembly.pdf
/., not some backwater usenet), anyone could attack MacOSX boxes, *if* a vulnerability is discovered in it or in its running services.
I am writing to you just to send you a couple of informative references on general computer security. I promise to stick to the basics, and I am sure you will dig deeper if interested.
One of the basics of remote exploits is the ability to -once a remote vulnerability is discovered-, send malicious code snippets that get executed with privileges on the target computer. For instance, they might be sent exploiting a buffer overflow bug or a flawed service left running on an open port.
This is well known in the MS Windows world and even Linux, as they commonly share the same underlying hardware architecture (namely x86). There is plenty of information on how to build such malicious code snippets (basically anyone knowledgeable in x86 assembler can do it) as well as pre-built apps and scripts to send them. This is well known. It is also well known that a vulnerability must be present for the code to be able to be executed at all.
It is a common myth that -by following this logic-, other platforms that are less used, like for example MacOSX (subject of a security article of your own), are more secure because technical knowledge about them is less common (eg. PPC assembler language) and are not so commonly used. One might think the malicious code needs to be built by real gurus, few in number, that have no interest in doing that.
*However*, doing a trivial search on Google (also published on
http://www.securiteam.com/securityreviews/PPC_O
Is a no-nonsense compilation of MacOSX PPC malicious payloads and the rationale behind them. After copy-pasting from it, anyone can do remote attacks on MacOSX, *provided* a vulnerability is actually found. No vulnerability, no attack. The paper requires a low level of technical knowledge and actually has little merit (apart from being somewhat clear and concise).
So, using information freely available, easily found, in common knowledge (published on
So it *cannot* be possibly said that MacOSX achieves its high level of security by obscurity. It accomplishes it by *design*.
It is really sad that the old argument of 'security by obscurity' is being raised over and over. Read that paper.
Mr. Ulanoff, I promised you two links and I have provided only one. The other is not actually a link but a reference. Just walk to your nearest technical bookstore or Computer Science library, look for the PPC assembly and architecture books that have been publicily available for years. My cheapo college library has them, yours surely has.
I am looking forward to further informed security articles by you. Please do not hesitate to mail me should you need further references on this or any other technical question.
Best regards,
xxxxxxx
How many Safari-related security problems have you seen reported? Compared to Internet Explorer?
.ASP or whatever - it's still VB)
How many ActiveX-related security problems have you seen on OS X?
How many scripting, or RPC, or buffer overrun-related problems have you seen on OS X?
Have you ever seen any AppleScript-related security problems like the VB-related ones on Windows? (you can call it macros, Windows Scripting Host,
Most of the problems I've seen on OS X thus far are problems in the open source pieces that affect that product across the industry, including distros in Linux. This is one of the few security flaws that is _native_ to OS X - I can't even remember the last one I've seen. And it does require you to go through plenty of hoops - having control over the local DHCP server, for instance.
Yes - we're going to see security problems with OS X. But not ridiculously stupid ones that could have easily been prevented like we've seen on Windows... I think it's silly to even put them in the same league with each other.
This whole "Windows patches suck" issue has been done to death, people.
Yeah, it did our computer to death.
Yes, there were instances in the past where things went really wrong.
Funny, because this same patch killed a computer in the lab across the hall as well. We only found out at a departmental meeting when we were talking "computers".
Yes, there were instances in the past where things went really wrong. However, Microsoft HAS gotten better from NT to W2K, and will presumably continue to get better.
This was a bone stock W2k system with no third party software on it.
That's why it is important to do at least some rudimentary testing of a patch before applying it on a system.
Our lab does not have hundreds of computers with "testing" systems. Rather, we have a number of systems that are in place in order to actually accomplish work. If Microsoft cannot create a system that will work reliably and not require huge investments of time to manage, then we will use better tools. Right now those tools are OS X.
Visit Jonesblog and say hello.