Slashdot Mirror
Mad as Hell, Switching to Mac
justAMan writes "Security dude, Winn Schwartau, has posted an article on Network World about switching his company to Macs because he's fed up with the security issues plaguing Windows-based systems. He also offers his view on why Windows is inherently flawed and why it will eventually fail because of those reasons.
From the article, 'This is my first column written on a Mac - ever. Maybe I should have done it a long time ago, but I never said I was smart, just obstinate. I was a PC bigot.
But now, I've had it. I'm mad as hell and I'm not going to take it anymore.'"
Some Windows software applications are well written; others take shortcuts. : How is this different from Mac software?
Memory Not all RAM is equal. Some works well. Cheap stuff doesn't. : Makes save you from this trouble by only allowing you to buy the expensive stuff
Hard disks. Same problem: cheap or reliable. Your call. : Again, solved by Apple by not allowing "cheap".
Windows is complex, trying to be everything to everyone. : Have you seen an Apple commercial recently? Or the "switch" ones?
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Yes, there are security problems with windows, but no, you have to be a giant fucktard newbie to actually ever be affected by them.
So not installing a third party firewall, a third party antivirus scanner and third party spyware software makes one a "giant fucktard newbie"? Perhaps you should address why all these third party applications are needed just to give a Wintel box a basic level of security?
Trolling is a art,
I think there are a lot of clueless or bad sys admin who use "everyone knows Windows" is insecure to cover their asses for doing a bad job.
I used that excuse (and that our server was too overloaded) to switch our mail and VPN to Linux. I also used that excuse to get antivirus software and Mozilla Firefox installed on every machine. Guess what? It works and we have way less problems than we had before. No matter how much you lock Windows down (which is not always an option BTW, you're the employee not the boss) there are still security issues in Windows software that can blow you out of the water.
IMHO, it will be impossible to kill Microsoft even if Windows is supplanted. Microsoft will instead move to being a premier software provider for another platform, and continue to hang around as IBM did after they lost the market.
That would be awesome. Microsoft is capable of writing good software, the problem is that protecting their monopoly is always getting in the way. If they lose Windows and have to reinvent themselves as a real software company... well, let's just say I might buy a Microsoft product again.
Their hardware / gadget guy also goes to the Mac side, but he doesn't have as pleasant an experience:
5 backspin.html
http://www.networkworld.com/columnists/2005/05230
Come to the University of Mars! Classes starting soon!
I HAVE actually managed a huge Windows-only network (50K Win2k machines, 100K users, 80 servers), and I tend to agree with the original poster.
I was at the "helm" as a consultant turned IT manager/overseer while a full nationwide exec search was conducted to permantely fill the position for just about 11 months. The previous exec literally dropped dead a few days before an entire network upgrade: all new workstations, servers, cabling, routing equipment, and software packages went into effect. Four full timers on IT, 5 half-timers (24 hrs a week) on help-desk, and me.
In my time, we never had (1) any problems with patching, (2) a single piece of spyware found on any machine, (3) a single virus or worm or other such outbreak of unauthorized software, (4) any data loss or corruption and (5) a single BSOD. I had a core group of 12 servers that were "mission critical", whose uptime from the day I started to the day my replacement came aboard was perfect.
The point being, that your mileage may vary. With everything in this industry, YMMV. It should be stamped. We did BIOS upgrades, we had hordes of clueless users, we had clueless employees - the same problems as anyone else had. But we never let MS or Dell or anyone be our scapegoats, and we ended up really really meeting our goals and exceeding what anyone thought was possible.
Windows is complex (and Mac is as simple as my old TI-99 4/A?)
Let's use XP as the example here. I do phone support for DSL, and I have to help new users set up a static IP address. On OSX, it's "click on the apple at the top left, go to system preferences, a window will open. click on the network icon in that".
On XP, do I bother to ask them if they see a "My Network Places" icon on the desktop? It's often (but not always) hidden. If it's not there, do I ask them to go to the control panel, which may or may not be listed under Settings? Which may or may not be in classic view? Which if it isn't is one more nested icon, if they don't get confused and think I'm talking about the same thing? Do I say fuck it, tell them to click start, go to run (can this be hidden, some have a hard time finding it?) and type in "ncpa.cpl" ? You have no idea how difficult it is to spell for them over the phone. "What do you mean november, do i spell that out, or abbreviate it n-o-v?".
Once there though, I have to have them right click on "local area connection" (what, there's more than one?) select properties, that is if they're not too clumsy and they don't accidentally drag it a bit, bringing up the "create shortcut/copy/move" menu. Then a second window pops up. The item they need has a checkmark by it, ever try to talk one out of thinking they don't need to check/uncheck something? Sometimes if the resolution is wrong, they'd have to scroll to see it. Sometimes, only IPv6 is installed, on factory new machines. So, now they have to open it up, either by highlighting "internet protocol" and clicking on the properties button (do i have to right click?). But try to explain to them to click on the words, not the checkbox. Or maybe they can just double-click on the words "internet protocol" maybe not, depending on settings.
Then, A third window pops up. And they have to select static or dynamic. But hey! Even though they've selected static, they still have to choose whether to use static DNS, or dhcp (wtf?!?!!?). And do they have to type in the dots, (cause they are already there!). And it always auto-fills the subnet for them with 255.0.0.0 even when it's not a class A address (even if it were, how often do they think that that subnet is actually used?!?!).
And then, they have to click OK, and then on the previous window, either OK or close. It could be either one, I'm thinking a SP changes this button label.
And if the magic dll faeries are in a good mood, it just might work.
So tell me, which is more complex than the other again?
I've been pleased overall with my switch from Windows to OS X, but sometimes I miss the ease with which the "look" of Windows could be modified. Changing the scrollbar, the menu fonts, that sort of thing.
OS 10.3 (and I assume, 10.4) really limits the amount of customization that can be done to the interface. I know that the interface can be changed with a little work, but it's admittedly very low on my list of priorities. My point is that out of the box, Apple doesn't let you change the "look" of OS X to any major extent by just pointing and clicking, unlike Windows.
I get the impression that this was a deliberate choice by Apple, in order to maintain a uniform user interface. I can understand that decision, even if I don't fully agree with it.
Anakin Simpson: If you're not with me, then you're my enemy--ooh, donuts!
The popularity myth works for desktop apps. Apache doesn't go out to the web clicking willy-nilly on ad infested websites, only to place spyware in the registry. That s user-initiated. there's a big difference between a user-initiated action and a server process.
"I do use a 2003 Server at home and at work and I have yet to have a single virus or malware infection. I do apply patches, run a firewall etc."
I think this is part of the point -- why on earth do we have to keep applying patches, running firewalls, and running anti-virus software just to keep our computers running?
If you have to install a patch every six months to a year because of something truly awful, that's not so bad. But to have the current patch-mill is just insane. Why do you have to have a firewall and an anti-virus to be safe? Why not just run safe software?
Likewise, the article wasn't just about security, it's also about quality. Are there decent PC's out there that don't start breaking within 9 months? If there are, they certainly aren't being sold to consumers. In our office, we have laptops from several vendors. Some of them have lost use of their ethernet ports, some have lost use of their PCMCIA slots, and some have lost use of their USB ports. But the Mac ones, even the older iBooks and Powerbooks, are still running fine. We have the same situation with our desktops, though not to the same degree.
The basic point is that, to use WinTel, you have to spend a LOT of time and effort just keeping the stupid thing alive. With Mac, you spend your time actually working.
Engineering and the Ultimate
Exactly. If it makes you happy and you can do your job on it (or play your games on it or whatever), then more power to you, no matter what you use.
COMPUTERS ARE NOT A RELIGION
I can use either PCs or Macs... And I have both (shrug).
My PC is better for some things, the Mac better for other things. They're just tools to me.
(and for the AC up above, Steve Wozniak DID work on the Mac hardware, WAS with Apple at the time it was developed, and IS a heck of a cool guy).
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Part of the reason Macs are so secure is that Apple has designed the system such that it is extremely secure from the lowest level to the top. For example, OSX does not have a root account enabled by default. Everything lives in their own permission space and if you want to break out, you use sudo (and thusly have to enter your password).
Less commonly mentioned, however, is the way Apple encourages secure programming with Keychain and their authorization framework. The Keychain encrypts passwords and makes it very hard for an application to get passwords from other applications, meaning that in order to steal valuable information you'd first have to comprimise another application (which is actually quite tricky to do). Even if you do succeed in altering the application, the Keychain notices this and warns you, saying, "Hey, this application changed since it last used me, are you sure you want to allow it access?"
Add to that that Applications cannot alter themselves, and you have a pretty secure foundation for developers (which also, by the way, provides special UI for password entry that is highly resistant to keylogging).
At the lowest level, the PPC architecture is inherently harder to exploit with classic buffer overflows and printf exploits. The PPC system does not keep the current return address on the stack the way that x86 does. PPC chips have an explicit link register for this purpose.
What that means, in practice, is that in order for you to exploit a single function with a buffer overflow, you must inject your code, overwrite the previous function's (the caller of the current function) saved link register (on the stack, along with other saved registers), and then have both the current and previous function return without segfaulting or overwriting your exploit code.
While doable, this is a huge pain to get just right, and it means that the conditions where a buffer overflow can succeed are less prevalent. Add in the fact that instructions have fixed alignment (but data does not) and are of fixed width, and you have a significantly harder egg to write and deploy.
Don't get me wrong, I'm sure that virus writers can do this stuff. It's just that it's much harder and raises the entry bar.
Slashdot. It's Not For Common Sense
Couldn't the same be said about internet browsers? I want a browser to do just that.... browse. I don't need it to fix my spelling, that's what my dictionary is for.
Ah, you're obviously not a Mac user. The browser IS simple; the browser doesn't fix your spelling. The browser uses standard system APIs for text input, and the OS checks your spelling using the same standard dictionaries. The same spell checker is used whether I'm posting to Slashdot in Safari, writing an e-mail, chatting in iChat or X-Chat, or typing in TextEdit. This means that if I right-click a word and select "Learn Spelling", I'll never be bothered about that word again, no matter which application I happen to be using. It also means that if I change my preferred language in System Preferences (or just change to a different dialect, like British English instead of U. S. English) and relaunch my applications, spell check works with the new language automatically.
Finally, who in their right mind would host any type of server on a Windows or Macintosh machine? Hence the Linux boxes.
I use Linux for my dedicated servers too, but the fact that things like Apache, Samba and sshd are installed by default on my laptop comes in awfully handy from time to time. Not to mention a local copy of the complete Apache documentation, which is nice when I'm trying to remember the syntax for some obscure mod_rewrite thing while I'm on the road.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Dude, that's a hell of a lot of slick top there. Your description belittles something that those of us who love Linux only wish we could duplicate. Heck, Microsoft would love to duplicate it, too. Plenty of the tools to do what Apple has done are available to us, but actually pulling it off in a unified manner, putting a truly user-friendly face on that core, that's a tall task.
If it wasn't hard, there'd be several similar implementations. Just duplicating the nice printer setup UI they have for CUPS would be a good start, but I don't think I've seen that yet... much less point-and-click software update with push and server administration UIs.
I'm not saying our desktop UIs are terrible, but... an OS X experience is not what they deliver. Apple also has a pretty deep stack of stuff you won't find elsewhere, even well beyond the UI and ease-of-use space, and since OS X has developed a *nix-like ability to absorb anything else. It's a useful combination, and a very useful platform as a result.