Slashdot Mirror
Mad as Hell, Switching to Mac
justAMan writes "Security dude, Winn Schwartau, has posted an article on Network World about switching his company to Macs because he's fed up with the security issues plaguing Windows-based systems. He also offers his view on why Windows is inherently flawed and why it will eventually fail because of those reasons.
From the article, 'This is my first column written on a Mac - ever. Maybe I should have done it a long time ago, but I never said I was smart, just obstinate. I was a PC bigot.
But now, I've had it. I'm mad as hell and I'm not going to take it anymore.'"
Wowzers, every post on this topic is going to be modded flamebait...
Asbestos suits, anyone?
The NSA: The only part of the US government that actually listens.
I'm as mad as hell and I'm not going to take it anymore.
Queue the "why not use Linux on the hardware you already have" brigade! Fire up the klaxons! Bwooop, bwooop, bwooop!
Actually, there was a operating system called Apple SOS. The initial S stood for Sophisticated, though. It ran on the Apple ///.
Apple "SOS". Cute, eh?
He is upset over the flaws in an Operating System so he switches architectures? He wasn't a PC bigot, he was a Windows bigot.
Everyone is entitled to their own opinion. It's just that yours is stupid.
Ahhhh... Who doesn't like a cool, balanced opinion?
...must we post a story about every person who thinks that platform X is better than platform Y and is just plain "fed up"? Of course, as long as we include the statement "I used to be a platform X user ONLY, now I'm switching to Y," then it matters a whole lot more.
Some Windows software applications are well written; others take shortcuts. : How is this different from Mac software?
Memory Not all RAM is equal. Some works well. Cheap stuff doesn't. : Makes save you from this trouble by only allowing you to buy the expensive stuff
Hard disks. Same problem: cheap or reliable. Your call. : Again, solved by Apple by not allowing "cheap".
Windows is complex, trying to be everything to everyone. : Have you seen an Apple commercial recently? Or the "switch" ones?
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
I don't get it. Administering Windows XP in a corporate environment isn't that hard. There is no reason why a company that hires a competent sys admin (or multiple sys admins) cant configure and administer Windows XP so they are nearly virus-free, spyware-free and spam-free. Lock those machines down! Put in a good corporate firewall! Don't allow users to run as admin (never)! Don't allow users to install software, active-x or other junk. Use centrally maintained anti-virus and anti-spam. In a corporate environment there should be a limited list of authorized programs, nothing else should be permitted.
It isn't that hard. The permissions and controls on Windows are extremely fine grained. Learn about them and use them.
I think there are a lot of clueless or bad sys admin who use "everyone knows Windows" is insecure to cover their asses for doing a bad job. The same lousy sys admins could screw up Macs too.
Maybe we should forward the article straight to Microsoft?
You never know, he might win!
> I have a 500$ emachine that does everything the he/I wants to do. I run windows update on a regular
> basis and have never had a problem. What a whiner. What do i care about different bios versions?
Have you ever tried managing 1000 machines with 1000 average users? Please folks, having a PC at home does not make you an IT specialist. Nor does running linux make you a unix admin.
jfs
The only thing worse than a Democrat is a Republican.
http://www.internet-nexus.com/2005_05_22_archive.h tm#111706797008800101
He basicly points out that a lot of the things the guy says are not Windows spesific at all, such as RAM, BIOS versions, different hardware etc. It's worth noting that just becuase Apple brands a product identically and doesn't tell you what's in it it doesn't mean it's the same thing (Different mainboards for PowerMac systems etc)
My 3D Texturing Skinning work (under construction)
I've run OS X ony my home Macs for nearly 5 years now. (It was my great experience with NeXTSTEP back in '94 that let me know OS X is the only place I needed to be.) My XP box at work crashes hard or needs to be reset by me several times a month. Leaving it on at a stretch, I sometimes see unexplainable lags in responsiveness. It's a painful contrast.
Something that amuses me is the fact that OS X crashes out so infrequently (about once every 18 months) that when it does happen, I immediately assume I must have a hardware problem. That really is a testament to the solidity of an operating systemthat you might expect the hardware to go before the software crashes. And that's not to say I've had any hardware issues to speak of (outside of dropping an iBook onto a tile floor...)
Windows (and Linux) folks are really missing out, in my somewhat humble opinion. I'm most content with my G5, iBook, and new Mac mini.
blakespot
-- Heisenberg may have slept here.
iPod Hacks.com
I'm mad as hell and i'm not going to RTFA anymore.
That cheap memory in a Mac will cause the same problems it does in a "Wintel" PC. Same goes for hard drives.
I suppose the type of work his company does not rely on software thats only available for Windows. Because a lot of us run Windows not because we want to, but because we have to.
Am I the only one who thinks knee-jerk, lets convert 100% right now, shoot first ask questions later, is a bad way to convert from Microsoft to Macs (or Linux, Sun, etc.)?
Yes, there are security problems with windows, but no, you have to be a giant fucktard newbie to actually ever be affected by them.
So not installing a third party firewall, a third party antivirus scanner and third party spyware software makes one a "giant fucktard newbie"? Perhaps you should address why all these third party applications are needed just to give a Wintel box a basic level of security?
Trolling is a art,
We've heard many of the other comments from disgruntled Windows users before, but one that bears repeating is that Windows does tend to try to be all things to all people. Sure, there's a Home version of Windows XP (it's missing, among other things, domain networking ability), but it still contains far too many propellerhead parts that gunk up the works.
I can't really say that alternatives such as Mac OS X and Linux aren't as full of similar unnecessary parts as Windows. By, IMHO, when using OS X, the extras seem less likely to be in your way. A lot of this involves the interface; a good desktop manager in Linux should keep things similarly simple.
Someone said it when they were using Word for Windows, flummoxed by the myriad of controls: "Good lord, I don't need to launch a Space Shuttle--I just want to write a letter!" No wonder some new computer users have the movie "WarGames" running through their head each time they touch their PC--it's complexity seems to guarantee that something new will happen each time you use it...and not a "good" kind of "new."
Vos teneo officium eram periculosus ut vos recipero is.
I love the mac about as much as the next guy, but do we really need these "x switches to Mac" threads posted on a daily basis? This practically begs to reduce slashdot to just another forum for mac vs pc flame wars.
I'd like to think we're past that stage.
8==8 Bones 8==8
You know, not that I'm saying windows is the best platform in the world... But considering the issues he outlined in this artical, I'd say he is dealing with the wrong vendor for his computing solutions... With a good vendor (Dell, HPaq...) you will get the same level of hardware/software compatibility you will find on a Mac platform. The author also isn't doing a good job of choosing software. Basically, it seems to me his basic problem is going research finding good hardware/software solutions. I bet he'll have many of the same problems on the Mac platform.
> What I consistently fail to understand is how self-professed experts, in the same breathless
> exposition of their love for a non-windows OS, can both admit to having suffered the actual symptoms of
> security problems on Windows and then claim to be an authority.
>
> Yes, there are security problems with windows, but no, you have to be a giant fucktard newbie to
> actually ever be affected by them.
So to you 99% of the world are clueless fucktards? Because the number of people who understand how to secure a windows environment are few and far between.
jfs
The only thing worse than a Democrat is a Republican.
I do use a 2003 Server at home and at work and I have yet to have a single virus or malware infection. I do apply patches, run a firewall etc.
Yes, it is possible to set it up such that you can execute remote content automatically and get infected. But it is also trivial, and now it is a default setting to configure it NOT to execute remote content. Since Mac can not run that content anyway - that will not be a loss of functionality compared to a Mac.
P.S. I do like Macs, especially their laptops. If I was back at university doing physics data analysis that would be my platform of choice nowdays instead of Linux. But I definitely do not feel a pressing need to switch from 2003.
<^>_<(ô ô)>_<^>
Step 1: Avoid Fishy Sites. :)
This is 90% of the problem people assume that the internet is safe, and routinely surf the web, allow ActiveX controls to run unfettered, install Gator because it allows them to remember all their passwords. The internet is not a safe place, whether you are on a Windows, Mac, or Linux. It is a safe place for BSD users, because BSD is dead, so no one writes anything for it.
Step 2: Get updates every couple of months
Windows update, and apt-get make this process easier. Even Linux when it's not updated can get compromised (though not as easily nor as quickly as Windows).
Step 3: Use a Firewall of some sort.
99% of exploits require direct access to the machine, even the most basic firewall will prevent that access.
These are very basic tips that I think even Joe Blow on the street can learn if he is willing to listen. Sometimes that listening takes 2-3 times of his machine getting compromised and reloaded at $105 a pop.
One thing that I've always admired about Apple is that (like Google) they seem to have a corporate culture which heavily encourages new features to be integrated ELEGANTLY into existing frameworks. They really seem to spend time, thought, money, and even passion on finding a "clean" way to do things.
My impression of Microsoft has been rather the opposite: when they've decided to add a new feature, just add a new "required" desktop item; toss it in the Start menu; add a fifteenth tab to the Options dialog; create a bazillionth DOS8CHAR.DLL in the Windows directory; and you're done! The corporate culture seems to encourage slap-dash engineering of a form that would be frankly chucked out at Apple, Google, and other "cultured" companies.
Damn... I forgot to turn on sarcasm mode so the overly serious
The previous comment is purposely vague and generalized, but all of the facts are completely true.
XP SP2 and 2003 SP1 includes firewall, monthly spyware scanner and reasonable default settings for executing remote content (as in - don't) that make an infection an extremely unlikely thing to happen.
You do not need third party application to give a Wintel box a much better then basic level of security. That is a fact - and watch that getting moderated down on this forum.
<^>_<(ô ô)>_<^>
"Yes, there are security problems with windows, but no, you have to be a giant fucktard newbie to actually ever be affected by them."
So, you really expect a normal user to:
Check the Antivirus application.
Check for Spyware.
Implement intermediate mesures for holes that arent patched in months.
Do regular updates of all the installed applications.
Run everything as non admin and just toss those applications that came with the Camera/Camcorder/Mp3player etc out the windows and many games because they wont work as a restricted user.
Manage the browser security zones and update all of them regularly.
Dont surf on unsafe places, ie. dont use the internet at all.
Youve got to be totally insane if you imagine even a normal admin doing this on every friggin computer on his net. Its not even possible with SUS or Zenworks so it will require quite a bit of handjobs.
You do remember this OS is sold as userfriendly dont you? Its not like its some IKEA furniture.
HTTP/1.1 400
Their hardware / gadget guy also goes to the Mac side, but he doesn't have as pleasant an experience:
5 backspin.html
http://www.networkworld.com/columnists/2005/05230
Come to the University of Mars! Classes starting soon!
I HAVE actually managed a huge Windows-only network (50K Win2k machines, 100K users, 80 servers), and I tend to agree with the original poster.
I was at the "helm" as a consultant turned IT manager/overseer while a full nationwide exec search was conducted to permantely fill the position for just about 11 months. The previous exec literally dropped dead a few days before an entire network upgrade: all new workstations, servers, cabling, routing equipment, and software packages went into effect. Four full timers on IT, 5 half-timers (24 hrs a week) on help-desk, and me.
In my time, we never had (1) any problems with patching, (2) a single piece of spyware found on any machine, (3) a single virus or worm or other such outbreak of unauthorized software, (4) any data loss or corruption and (5) a single BSOD. I had a core group of 12 servers that were "mission critical", whose uptime from the day I started to the day my replacement came aboard was perfect.
The point being, that your mileage may vary. With everything in this industry, YMMV. It should be stamped. We did BIOS upgrades, we had hordes of clueless users, we had clueless employees - the same problems as anyone else had. But we never let MS or Dell or anyone be our scapegoats, and we ended up really really meeting our goals and exceeding what anyone thought was possible.
Yes, every Mac(and Mac OS X) ships with Apple's XCode. From my experience it is an amazingly powerful and easy to use development suite, the best I've ever used. I only wish I had the opportunity to use it at work.
Perfect timing! I'm mad as hell with Microsoft security issues too, and yesterday was a perfect example (though not unique) of why. Yesterday I got bitten not only personally but professionally by Windows XP security activity. Bear with me.... it's almost hilarious, but it's a down right comi-tragedy at the same time.
Yesterday, our wireless network was pathologically gummed up. I discovered that when I got on the treadmill, queued up my music for my run (Loggins and Messina On Stage for any who care) and began. The music sputtered and skipped... no biggy, it's happened before, someone upstairs must be using the microwave briefly. But it didn't recover and less than five minutes into my run it aborted and I was left to finish my run in the Hell of boredom and silence.
Still no biggy... but checking wireless music device upstairs and finding the same stuttering behavior with it I started to be a little uneasy. What was jamming my network?
I was scheduled for a very important demo of my software (am selling to large corporations) and now felt more urgency to ensure I'd debugged and fixed my network problem before the big demo. Still no biggy.... I've been troubleshooting networks and computers for years... I'd have it cleaned up in no time. So, I began my standard (among other things) check list...
I ran out of time to narrow anything down, so in desperation I did the standard reboot of the XP boxes.... interestingly, there was a momentary blip of network nirvana... but once the XP boxes were back up, the network was molasses again.
But I had to do my demo.... and now I was worried, and it turned out with good reason. The party for whom I did the demo was unable to connect to my application... and I had to fall back on my backup plan, which was to walk through a printout and describe my application.... how fscked is that? All in all the demo ended up going well enough, but I was perturbed as hell about losing the network like that right at the most inopportune time.
I continued my debugging, now focusing on the bogon messages... and now zeroing in on the tivo boxen... and while doing so, suddenly the WAN again achieved nirvana! WTF? Happy the network was back, but dazed and confused about why. I went back upstairs for one more check of the upstairs machines... and there.... on the task bar...., in the system tray...., in a bubble..., above the Microsoft icon...., was the bubble..., "Updates have been downloaded and are ready to be installed....". $()*&($#(*&$#(*%&!!!!!!!!!!!!!!!
So, bottom line, because of a middle of the day Microsoft update download, I had a miserable workout (yawn, big deal, who cares...), and was unable to give a live demo of my product to a potential customer (which I think is really a big deal!)! WTF? I know I'll get flamed about having auto-update, blah, blah, blah.... but it seems so "can't win".... without auto-update, you run the risk of exposure inadvertently, with auto-update you're apparently at the mercy and whim of Microsoft as to if and when that crap comes down the pipe. Sigh....
Switching to MAC for those reason is like saying i'm going homosexual because women have flaws!! Mac has flaws too i'm sure (no O.S is perfect)! the user are just blinded by all the pretty lights and colors of the desktop!
It seems the editor of NetworkWorld must have been asleep that day...Winn Schwartau isn't very well informed, nor do his points make much real sense:
Operating systems are complex... Patches sometimes install new functionality... some commercial software is badly written... expensive hardware is usually more reliable than cheap hardware.. Are any of these actually news to anyone?
My favourite of his issues is that not all Wintel machines have the same version of Bios. Wow. What a revelation. SO what? not all cars on the road are Ford Escorts either. The bottom line is most non-tech users never have a need to mess with the bios anyway.
The real indicator that he doesn't have a clue is that he could have saved $2000+ dollars by just installing Linux on his existing machine, rather than buying a new Mac.
iPod even helped get me in the store to play with them.
They let you in even if you don't have an iPod, you know...
MAC vs. PC is Sooooo 1990's.
Today's war is PC vs. Linux, and Slashdot if the focal point for this cutting edge flame war.
VI vs. Emacs on the other hand... Let's just say some debates never go out of style.
"Live Free or Die." Don't like it? Then keep out of the USA
Please, not another popularity argument!
We've heard those over and over and over again. And every single time they've been refuted. You want proof? Look at IE VS. Firefox: malware writers are becoming aware of Firefox, and there are reports of Firefox users having popups occasionally, because of a flaw in the javascript language. Firefox somehow managed to keep fixing itself for the consumer's experience, whereas IE is just a nightmare!
Another example?
I remember having a discussion in 98, or 99, with a big time mac fan. She said that her computer crashed "sometimes" but not too regularly that it impaired her work. Then we talked about viruses. Of course, I was using win98 SE at the time, and had mcafee installed. She said there were no viruses for macs. How wrong she was. There are viruses for Mac OS. Only for versions before OS X though.
Part of that is the kernel. Unix kernels are amongst the eldest still run today. And they are popular for servers. Linux is Unix based. It's not perfect by any means, nor do I think anything will ever be. Unix has been around since, what, the 1980s? It's used on servers. So why don't people write viruses to take down servers? The answer is they try, but the security is just superior on those kernels than in the windows kernel!
Mac OSX is based on Darwin. Darwin is a rock-solid platform, tested and proved!
Why can't you accept the fact that for all they've done, MS went down the wrong path. They used to write cheap software. Now they charge more for it, but the way they write it is still with the same thought in mind: maximize profit.
That's why they'll always be behind everyone else: they try and make it seem like they innovate, but in reality it's just copying what others have started doing. Microsoft is just a big marketing machine for a mediocre product. That's all.
---- I am certain of only one thing : I know nothing else.
I love how people love Macs because it's a very closed proprietary system that can then be controlled by a single entity. Isn't this what the /. crowd is supposed to be railing against?
.....
That being said I get my new mac on
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
Okay the guy sounds pissed, but it doesn't make sense why you'd drop all your hardware at the same time as you'd drop XP. Any PC that can run XP can in all liklihood run Linux (or BSD) and benefit from security goodness too.
Yes, and long term that would be wiser. My mom runs GNU/Linux and loves it. My sister, her husband, and their children likewise. However, my wife uses Mac OS X. Why? Because Microsoft used up all her tolerance of cantankerous technology, and while Linux is anything but cantakerous, it does have a learning curve that she simply wasn't willing to climb. Had I caught her before her experience with Dell and Microsoft, she probably would have been very willing to learn a new system (my mom and sister were delighted--but they hadn't lost entire weekends reinstalling bug-ridden, chronically unstable OSes).
I suspect this guy is in the same boat. He's worn out, and wants something that Just Works(tm) (this isn't Microsoft, regardless of what their deceptive advertising may say) with no learning required. Apple comes as close to fulfilling the "no learning required" aspect as anything.
Having said that, you're absolutely right and people really shoudln't kid themselves. Once Apple gets sufficient market-share it's going to be as ill-behavied as Microsoft is today. Granted, OS X will probably never be as insecure as Microsoft Windows--after all, its foundation is FreeBSD, which is very, very solid, while windows foundation is more akin to to quicksand--but if you think Bill Gates' customer lockin is bad (and it is), imagine what Steve Jobs is going to do once he's secured a big enough chunk of the market.
Don't believe me? Take a good, hard look at Apple's history. Apple has done it before--and drove a mass migration to IBM compatibles as a result. People forget that Microsoft initially emerged as the market leader because IBM clones emerged as the market leader, as a result of the hardware being open (despite IBM's efforts to the contrary) and competition making for a very robust marketplace, a lot of innovation, and (at the time) a lack of customer lockin. It was only later that Microsoft applied that customer lock-in at the software level...and Apple is almost certain to follow suit (repeating their old behavior) once their market share makes them feel confident enough to do so.
Long term, FreeBSD and GNU/Linux are the future for anyone who values their digital freedom in any form. But short term, Apple is a quick and painless way to get out from under the pile of Microsoft shit that includes, but is hardly limited to, endless spyware, endless viruses, endless worms, endless trojans, endless popup ads, endless crashes, endless security flaws crackers can drive a fleet of container trucks through, and endless demands for upgrades (and your hard earned dollars/euros/yen/what-have-you) that just give you more of the same.
Apple can give people breathing room, let them recuperate, and then, when Apple starts to get a little too big for its britches, people can look to making the move to a free foundation, such as Linux or FreeBSD. But until then, for those exhausted and traumatized by the Microsoft treadmill and the convicted monopolist's abuses, Apple offers a welcome, and easy, respite.
The Future of Human Evolution: Autonomy
He's upset at the lack of support that comes with having entirely different vendors supporting the hardware as opposed to the operating system.
From his blog:
"But, really, in the last few months, my frustration went over the top because I openly admit I am tough on laptops. I schlepp two of 'em everywhere 'round the world and I see no reason a $2000 box should not be able to take $2000 worth of airport abuse.
So, my beautiful new Sony 17" VAIO with 1920X1200 res (Freaking gorgeous) began to have mechanical problems. I can recognize a HW versus SW prob and this was hardware but the Sony folks, in an effort to save having to send a guy to me, tried to convince me "Reinstall Windows." NO! That is wrong! This is a HW problem."
While some might prefer to build, write, administer, and hold absolute control over their computer systems, most people just want to use them. They also want support on their computers to be as painless as possible.
That's one of the bigger advantages to a Mac over Windows or Linux: It's easy to find who to call when it breaks.
Not every argument requires reduction to absurdity.
1. No users ran with admin privelages, ever. That is huge, huge, huge. Even when I was logged in to a dev box, I was was not an administrator of anything. We heavily used RunAs techniques for slightly privelaged operations.
2. We used group policies to specify exactly which binaries a specific user or group of users could run. This is also huge.
3. ActiveX completely disabled.
4. All web content went through our web proxy, which aggresively filtered out potential problems.
5. Aggressive use of known good machine images. Each machine was literally one of 3 templates. We could log a user off remotely, reboot the box from the network RIS server, reload his/her machine image template, boot back up, log the user back in, and they'd never know that their entire hard drive had been erased, the OS and apps recopied, and reset. That process was an extreme measure, but it took about 6 minutes, start to finish. It was like a slightly longer version of a reboot to users.
Finally, it's worth noting, we never had an anti-virus package on the workstations, only on the mail server to scan incoming and outgoing mail. We used no anti-spyware packages! We ran two eight-hour shifts (big servicing center for a major worldwide insurance company) each with about 50K users. The users had "unrestricted" in a technical sense internet access - outgoing ports were watched but not restricted (we let them have an IM package installed, for those lulls in the action), and everything went through a proxy server, but otherwise, there was nothing stopping them from trying to visit any old dark corner.
Seriously: good IT policy uniformly set across the network (no exceptions for VIPs, the CEO, or the CIO), quality standard hardware, the best software products, and a liberal amount of scripting, testing, and process management. That's all it takes.
As long as they unplug that broadband connection, then I completely agree with you! Otherwise, they are zombies that provide a platform for attacking or spamming my non-MS machine.
I use windows XP all day long...I'm hooked up on the internet and surf and download and blah blah blah all day long. Not once have I been hit with a virus or a trojan or an email attack. I've used computers since 1979 and have seen only a handfull of actual viruses. Meh...maybe I'm just lucky. And everyone I personally know is lucky also as they've had the same experience. The one time I came upon a major virus was...suprise suprise...on a Mac! Granted, it was running System 8 at the time. But it was the one that spread itself on Syquest disks and we had customers that would send us data on Syquest and it would infect the computer as soon as it was inserted. That as a pain to take care of.
Security problems? has this guy actually HAD security problems, or has he just read of the threat of problems and anecdotes of others that have had problems? I read them all the time too, but it's not enough for me to change OS AND hardware just because the press overplays this threat.
I run virus checkers, adware checking...am behind a hardware router/firewall. Basically the same thing I would be running on OSX also. I don't even think about it and just get on with my day.
He's created a strawman argument. It has no weight.
Windows is complex, trying to be everything to everyone. This complexity comes at a terrible price: downtime, help desks, upgrades, patches and the inevitable failures.
And OSX doesn't have any of this? Linux doesn't either? Sorry, you use a modern OS you'll have upgrades/patches/downtime from time to time.
When a new operating system or service pack is released, there are tons of changes to the functionality.
Read up on some problems people are having with Tiger and get back to us.
WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility.
Um...ok. What's your point?
Some Windows software applications are well written; others take shortcuts. Shortcuts may work in some environments, but not all, and ultimately the consumer pays in lost time, availability and productivity.
Again, this is a windows only problem?? It happens everywhere. But it would be nice if he were to cite examples...but he didn't have time to bring facts into the picture.
Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever.
Some would call this choice. Also others would call it cheaper. Still others would call it the power to make what you want. Whatever.
Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't.
Again...hello? RAM isn't equal on ANY platform! There is cheap stuff being sold and bought everyday on the Macs too you know. People don't want to overpay Apple for RAM, so they try to get something cheap and WHAM, they end up with problems.
Hard disks. Same problem: cheap or reliable. Your call.
Last I checked, Apple used the same type of Hard disks as everyone else out there. I could take a HD out of an Apple and put it in my PC and vice-versa. So how is this a "windows" problem?
Now, I'm NOT a Windows lover by any stretch of the imagination...but come on. If you're going to attack it, at least do it in an intellegent manner. This guy was just full of himself, gave no real facts or data and just spouted crap. I love Macs too, love them to death. Just wish I could actually afford a good one. One that would equal my desktop machine now. Yeah, I could afford a Mac Mini, but it's too underpowered for me. Maybe one day I'll save my pennies and get a Mac...but not because I'm "mad as hell". I don't choose something because something else sucks. I go with something because that something is right for me. It's like this last Presidential election. Many people voted for one candidate only because they didn't like the other one. They didn't vote for the person because they liked him or believed in him...only because they didn't like the other guy. WTF is that?
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
not feeding the troll, but pointing out that when someone types MAC MAC MAC over and over again in all caps in their post, it's a sure sign that they have no clue what they're talking about.
I've been pleased overall with my switch from Windows to OS X, but sometimes I miss the ease with which the "look" of Windows could be modified. Changing the scrollbar, the menu fonts, that sort of thing.
OS 10.3 (and I assume, 10.4) really limits the amount of customization that can be done to the interface. I know that the interface can be changed with a little work, but it's admittedly very low on my list of priorities. My point is that out of the box, Apple doesn't let you change the "look" of OS X to any major extent by just pointing and clicking, unlike Windows.
I get the impression that this was a deliberate choice by Apple, in order to maintain a uniform user interface. I can understand that decision, even if I don't fully agree with it.
Anakin Simpson: If you're not with me, then you're my enemy--ooh, donuts!
Please don't haul me off to slashdotjail.
They have that!?
Holy crap, I'd better stop pointing out that Futurama and The Family Guy were never very funny.
(Pffft. -1 Flamebait indeed. It's like walking on eggshells with you people sometimes.)
You can't win, Darth. If you mod me down, I shall become more powerful than you can possibly imagine.
Burn, Karma Burn!
Information wants to be anthropomorphized.
Heh... I know sites with over 2000 Unix workstations and over 5000 Wintel boxes managed by less than 20 people... successfully.
I've seen a few comments along the lines of, "who is this guy and why do we care that he switched from PCs to Macs?" While he may be to security what Alvin Toffler is to science, Schwartau has been in the info security business for long time and has a fair amount of credibility, at least at the boardroom and executive level. So, if /.ers are going to take potshots, let's at least know something about the guy before we shoot.
:)
(Of course, why should we change now?)
Here's some background on Winn Schwartau:
Founder and CEO GetInsightU, Inc., www.GetInsightU.Com
President and founder of Interpact, Inc., The Security Awareness Company. Interpact develops information security awareness programs for private, public and government organizations.
He is the author of "Internet and Computer Ethics for Kids (and Parents and Teachers Without a Clue)" (2001/2002).
In 2002, he was honored as a "Power Thinker" and one of the 50 most powerful people in networking by Network World.
Founder of the InfowarCon conference, www.infowarcon.com.
Has been referred to as "the civilian architect of information warfare," he coined the term "Electronic Pearl Harbor" and was the Project Lead of the Manhattan Cyber Project Information Warfare and Electronic Civil Defense Team.
Books include:
Pearl Harbor Dot Com (2002)
Terminal Compromise (1991)
Cybershock (2000, 2001)
Time Based Security (1999, 2001)
General Abdication (2003)
Information Warfare: Chaos on the Electronic Superhighway (1994, 1996, 1997)
Information Warfare: Cyberterrorism, Second Edition," (1997/1998)
He has called for the creation of a National Information Policy, a Constitution in Cyberspace and an Electronic Bill of Rights. He was a contributor to all three of AFCEA's Cyberwar Books (Ethical Conundra of Information Warfare, Something Other Than War and The Carbon Unit as Target) and several international works on CyberWar and Espionage. "The Complete Internet Business Toolkit" (1996) is one of the first books to ever be banned from export out of the United States. His other writings include "CyberChrist Meets Lady Luck" and "CyberChrist Bites the Big Apple," "The Toaster Rebellion of '08", "Firewalls 101" (DPI Press), Information Warfare, (Schaffer/Poeschel, Germany), "Introduction to Internet Security" (DGI/ MecklerMedia), and chapters for Internet and Internetworking Security Handbook (Auerbach). His writing, interviews and profiles have appeared in Orbis, Wired, NY Times, Information Week, Network World, ComputerWorld, Network Security, St. Petersburg Times, Internet World, Virus Bulletin, Security Management, Infoworld, PC Week, plus dozens of magazines around the world.
Although not a hacker, he has been the popular host of DefCon's Hacker Jeopardy for nine years.
- Adjunct Professor: Norwich University
- Board of Advisors: ISAW, Information Security Awareness Week
- Board of Advisors: St. Petersburg College
- Contributing Editor: Infosecurity Magazine
- Contributing Editor: Journal of Information Warfare
- Advisory Board Member: CipherTrust www.ciphertrust.com
- Advisory Board Member: SSI, www.SecureSoftSystems.com
- Editorial Board Advisor: Network Security Magazine, (Elsevier), U.K.
- Contributor and Columnist: Network World (1994 - present)
- Consulting Security Expert: Giga Information Group
- Advisory Board Member: Milcom Technologies
- Advisory Board Member: 1GlobalCity.Com, Inc
- Member, Editorial Board of Advisors: InfoSecurity News. 1990 - present
- Advisory Board Member: Click2Send
- Contributing Editor: CartaCapital, Brazil
- Contributing Editor: Availability.Com
- Publisher and Founder: Security Insider Report (1992 - sold 1997)
- Contributing Editor: Secure Computing Online http://www.secure-computing.com/
- Contributing Columnist: PlanetIT, CMP Publications
- Former Member, Board of Directors: Tritheum Technologies, (company sol
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
For those of you who don't recognize it, that's a direct quote from the US Declaration of Independence -- s/Government/System/g
That's so good, I put it on my second website
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
I'm a Mac zealot and I hate Redmond crapware as much as anybody.
However, not adding features to useful, stable products is a trend that ought to be encouraged.
Microsoft takes a lot of flak for abominably bloated software filled with bells and whistles that nobody uses. Maybe we shouldn't criticize them for freezing the features and fixing the bugs.
-ccm
Too much Law; not enough Order.
I found his blog a little interesting because his true irritation appears to be the low quality of WinTel pre-packaged hardware as opposed to Microsoft Windows.
And personally, I find THAT to be a little irritating. He states that I have decided to look at PC/WinTel Security from a Systems Engineering View (SEV) - the world and discipline I grew up in at the turn of the last century. But then, he sites a string of (admittedly unfortunate) anecdotes. How is that a systems view?
Winn Schwartau appears to be shilling for Apple. Seriously man, just show us the check Apple sent you so we can rest assured that you haven't gone all soft in the head. At least then we would know you're being rational and that, every time the syllables WinTel leaves your lips, that we should just stop listening.
I guess I'm irritated with his position because of its spectacularly uninformative stance. I thought I was going to hear about all the good reasons WinTel really did suck from a security standpoint (even despite Microsoft's recent considerable efforts to resolve this). Or maybe I was going to hear about how OS X really does rock from a security standpoint (aside from the vaguely true but unquantifiable "well, it's like Unix so it must be better"). But to get none of the above just so he can rant an opinion?
Phooey..
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
Some Windows software applications are well written; others take shortcuts. : How is this different from Mac software?
The shortcuts programs can take are less likley to affect system stablity.
Memory Not all RAM is equal. Some works well. Cheap stuff doesn't. : Makes save you from this trouble by only allowing you to buy the expensive stuff...Hard disks. Same problem: cheap or reliable. Your call. : Again, solved by Apple by not allowing "cheap".
So a philisophical question - is it better for a company to use more expensive products they are sure will work for 99% of the userbase, or to use parts with an acceptable failure rate of 20% and just bake extra support costs (handled by India of course) into the equation? Is it better for most users to allow them an option of using cheap parts if they buy on thier own instead of forcing it on them in disguise as "bargain" systems?
Windows is complex, trying to be everything to everyone. : Have you seen an Apple commercial recently? Or the "switch" ones?
How are those related? In the first case you have an issue of functionality - in the second marketing. And we all know marketing != reality...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
But you haven't provided any sort of evidence whatsoever to support the correctness of the popularity myth. So far as I am aware, no one has. Yet, many people accept it because it comforts them to think that their platform would be just a secure as the other guys if it weren't so darn popular.
Correlation does not necessarily imply causation-- just because it is popular and has the most vulnerabilities does NOT mean that those security lapses are BECAUSE it's popular.
God is imaginary
Actually, there was an exploit, once.
It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.
I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.
The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.
~Philly
You don't seem to understand that it's a problem to make the most popular operating system in the world secure for even the newest of newbie, without pissing off the experienced user. I think the fact that they're still the most popular operating system in the world despite everything that's happened in the last five years says a great deal about Windows: it works, and it's good enough for most people.
People on slashdot should realise that an OS is a tool and not a religion. I switch operating systems like I change my underwear. Certain tools are better for certain jobs. Windows is fine for gaming and desktop use. Linux is great for servers. OS X is great for DTP etc. This says little about the kernel underneath, but says a lot about what sort of userland software is available for those operating systems.
OSX is UNIXy enough that I'm seriously considering making an Apple my next hardware purchase, too, and I've been running Linux since '95 and building my own computers since '89. I gotta admit that the Dual G5 with 30 inch flat screen gives me wood.
I've been trying to convince my parents and sister to go the Apple route with very little success, though. They refuse to so much as look at one in the store. They have a preconcieved idea about Apple and are probably worried about having to replace all those Windows 3.1 apps they've been carrying around since the mid-90's. I'll keep pushing it, though, whenever they ask me what they should get when upgrading. I think Apple really needs a killer app to convince those users to give it a try. I'm sure that once they took the system for a test drive they'd like it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Install XP, then get back to us. I don't think anyone has had too many problems with Win2k as a desktop OS. I know I haven't. And although XP doesn't crash, per se, it still needs to be rebooted often. I use it at work, and have a nice dual monitor setup. Lots of windows open. But it still needs to be rebooted often either because of security updates (don't you install those? They require a reboot) or because *something* causes it to just come to a crawl. I haven't figured it out yet, and it has happened to me in the past on other work computers too.
No BSOD does not necessarily mean "stable".
To speak to Macs, I just don't get it. I am not saying I don't recognize the quality of the whole package, it just isn't for me. It all doesn't make sense to me. I have a G5 with OSX sitting on my desk at work (for testing out stuff with Mac browsers) and I hate when I have to use it. I just don't like the way it feels and the way things happen on it. It just isn't for me. I can see why some people might like it, but not me.
Personally, I run Linux when I can. It makes sense to me. I know it, I like it, and I am used to it. I can see why everyone wouldn't though, and I am OK with that. I don't have much desire to force people to like what I like. I have no desire for Linux to take over the desktop. I just want to use it. As long as I can do that, everyone else can use what they want. My machine is usually up 24/7. Current uptime is only 9 days, I had a hard drive issue. But it has been has high as the 300s. I find that I usually only have problems upon rebooting, for some reason. But nothing that has happened, and things happen with computers, that makes me want to switch to something else. Linux has made me angry, Windows has infuriated me, and Macs make me feel kind of creepy.
My beliefs do not require that you agree with them.
After my wife updated to SP2, the HP7130 driver started crashing the explorer with every boot. Fresh reinstall worked until I downloaded and installed the latest HP driver. She had me working on it every night for a week before I finally broke down and fixed it for good.
By installing Fedora Core 3. For the first time in years, everything worked out of the box, and she discovered the miracle of Frozen Bubble and Scribus. Suddenly she became a certifiable Linux bigot. That is, until last week when my PowerMac arrived.
Mine, you hear! Now can I please use my computer again?
Liberty you never use is liberty you lose.
Part of the reason Macs are so secure is that Apple has designed the system such that it is extremely secure from the lowest level to the top. For example, OSX does not have a root account enabled by default. Everything lives in their own permission space and if you want to break out, you use sudo (and thusly have to enter your password).
Less commonly mentioned, however, is the way Apple encourages secure programming with Keychain and their authorization framework. The Keychain encrypts passwords and makes it very hard for an application to get passwords from other applications, meaning that in order to steal valuable information you'd first have to comprimise another application (which is actually quite tricky to do). Even if you do succeed in altering the application, the Keychain notices this and warns you, saying, "Hey, this application changed since it last used me, are you sure you want to allow it access?"
Add to that that Applications cannot alter themselves, and you have a pretty secure foundation for developers (which also, by the way, provides special UI for password entry that is highly resistant to keylogging).
At the lowest level, the PPC architecture is inherently harder to exploit with classic buffer overflows and printf exploits. The PPC system does not keep the current return address on the stack the way that x86 does. PPC chips have an explicit link register for this purpose.
What that means, in practice, is that in order for you to exploit a single function with a buffer overflow, you must inject your code, overwrite the previous function's (the caller of the current function) saved link register (on the stack, along with other saved registers), and then have both the current and previous function return without segfaulting or overwriting your exploit code.
While doable, this is a huge pain to get just right, and it means that the conditions where a buffer overflow can succeed are less prevalent. Add in the fact that instructions have fixed alignment (but data does not) and are of fixed width, and you have a significantly harder egg to write and deploy.
Don't get me wrong, I'm sure that virus writers can do this stuff. It's just that it's much harder and raises the entry bar.
Slashdot. It's Not For Common Sense
It sounds like this guy had an especially bad day at work--I don't see where he made his case for tossing out his PCs and switching to Mac. Let's take a closer look....
Windows is complex, trying to be everything to everyone.
True. Many mac apps, especially those from Apple, will sacrifice features to keep things simple. Other apps keep the complex stuff hidden behind the simple stuff.
When a new operating system or service pack is released, there are tons of changes to the functionality.
Yes, the updates I get from Apple seem to focus on bug fixes, while Microsoft seems to create these huge updates that add new features and often break old ones.
WinTel machines use different versions of BIOS. They are not all equal, nor do they all have the same level of compatibility.
Well, that's the price you pay for being able to buy PCs from a number of different manufacturers. Apple is the only source of macs, they control the BIOS and the quality. Sounds like a trade off.
Some Windows software applications are well written; others take shortcuts. Shortcuts may work in some environments, but not all, and ultimately the consumer pays in lost time, availability and productivity.
You could also say the same thing about Mac applications.
Hardware. There are hundreds of "WinTel-compatible" motherboards, each claiming to be better than the next. Whatever.
This is a reason to switch to macs?! He's complaining about security, then instead of going into more detail about that, he complains about hardware.
Memory. Not all RAM is equal. Some works well. Cheap stuff doesn't.
So buy better RAM! Jeez!
Hard disks. Same problem: cheap or reliable. Your call.
So buy a better hard disk! Why is this a reason to switch to Macs?
I'm very happy with my mac, and it's well designed and built (and I've added good quality RAM and a couple of Seagate hard drives), but this guy could have gotten accomplished his goals without taking the drastic step of switching to a Macintosh.
I am so smart!
I am so smart!
S-M-R-T!
I mean S-M-A-R-T!
it's a very closed proprietary system that can then be controlled by a single entity
/. crowd is not a mono-culture. Some of us actually believe that a company that consistently shows for the most part that they are interested in making products that excel in usability, interoperability, and security are OK to spend a penny on now and then. Because if we don't support those companies that do support open standards and practices and who decide occasionally to share their innovations in that medium, there's going to be nothing left but a incredible mess of crap.
The hardware? You mean because Apple takes a ton of commonly sold components and puts them together in their fancy boxes? Just like Dell and HP do? You mean because they've spearheaded most of the now commonly-used device interface standards?
The software? You mean because Apple puts a slick top on their completely open source, community-contributed Darwin OS? You mean because a fair number of their component technologies have been developed starting with existing open source projects? You mean because a fair number of their own in-house technology ideas have been opened either in source or in standard? You mean how there's only a few proprietary standards that they're using to store files, communicate on networks, or connect to devices?
There is a hell of a lot of difference between Apple and M$. You can argue about whether it's because of "who's on top" right now, but the stunning difference between even Mac OS 9 and Mac OS X and how the hardware has evolved in the same time wrt/ all the things I mentioned above suggests to me that someone (hopefully more than one) at Apple has a freakin' clue that's more than just trying to get on top.
And that being said, the
... and it was this "iPhoto was crashing when sorting only 18GB/15000 pictures and making thumbnails of them" experience, which shook the author to the bone ;-) Otherwise, he absolutely seems to love his Mac (have you RTFA?).
But the one thing that WASN'T wrong with Macintosh was network security. It was ironclad and simple: Without a correctly-typed user name and password combination and the appropriate privileges to even SEE a volume, you didn't get in. Period. No hacking. No buffer overflows (well--there was one in a third-party server product, but they cleaned that up quick).
The reason the "nightmare" was "completely undocumented" was that it didn't exist.
In my personal experience, I agree with the substance of the article more than the style. We've had both Windows and Mac OS machines in our house for some time now - home-built Windows desktop for games, a Gateway laptop that I lug around, and an iBook that my wife uses heavily are the current lineup (PowerBook coming soon). I'm no slouch when it comes to administering and maintaining Windows machines, as I've been in the trenches of IT for about 8 years now at DEC/Compaq/HP, with a few side jobs here and there.
Aaaanyway - my Windows machines are patched regularly (just about every Tuesday), I run anti-virus, anti-spyware, and firewall software on both (the desktop runs consumer-level stuff, the notebook is used to connect to work, so it runs the corporate versions of same). I routinely run all the beloved "maintenance" tasks on both the Windows machines to keep 'em running normally. And you know what? I still have to reimage the Windows desktop machine every 6 months or so, 'cause things just stop working. The notebook needs a reimage about every 4 months or so.
I don't use Suspend or Hibernate on either machine - when I did, I had to fix things even more often. As a lark, I took a more hands-off approach to maintenance on the Windows machines for about 6 months just to see if my maintenance tasks were making things worse, and there was no change. Desktop Windows install failed within 6 months, laptop within 4.
By contrast, my wife's iBook, which also gets rather heavy usage, only had 1 problem - my wife left it in reach of our 2-year-old son when she got up to answer a phone call, and he pulled it off the desk and used it as something to stand on to reach the other fun stuff on the desk (didn't quite give him the height needed, but points for the effort). He got excited when our cat got up on the desk, and started jumping up and down... on the iBook. There were no native failures at all - especially in the OS or applications. Antivirus and firewall were installed more as a precaution than anything else, and there were 0 problems with spyware, etc. The iBook went to sleep when the lid was closed, and woke right up when it was opened. Effectively the only times we had to reboot the machine were after installing updates, and not always then. I recall maybe twice in 2 years did the some piece of software (or the OS) wedge itself so badly that a restart was required.
I'm not a zealot for either platform, and I have played reasonably extensively with Linux as well (it's got a long way to go before it will be a viable desktop OS for the casual user, in my opinion). When I was a bit younger (and didn't have kids), I would tear down and rebuild my computers regularly. My friends and I would get together and rebuild our computers. While I still appreciate the skill required to do it well, I don't have time or inclination anymore (I'm also looking to change careers to get out of IT, which may be related...) to tinker extensively. System maintenance is moving further and further away from being interesting or fun.
My wife's iBook and my Gateway laptop are used for substantially the same thing - word processing, spreadsheets, email, web browsing, etc. The usual productivity grind. The iBook does it with less fuss and bother, and doesn't require as much maintenace. As my priorities change, the Mac platform becomes more and more attractive. I do enough work at work - I don't want to do more of the same at home, and Windows on the home machines is becoming a bother.
In my own, purely anecdotal experience, the Mac is looking better and better. If they had a spreadsheet component of iWork, it would do literally everything I need, but Office for the Mac is no slouch. We'll probably always have at least one Windows box for games (and one of these days, I'll get smart and make a proper image so reinstalls don't take so long in case of failure), but we'll be moving more completely to Mac in our house.
We have multiple labs with Windows machines here that are for students, who get no admin access. In the main labs there are around 30 apps, mostly specialized engineering apps isntalled. Now engineering apps are famously picky about running without admin. Some do without complaint, but many won't. They all do in our labs, however. Why? Well when we find an app that doesn't work, we investigate why, what it is trying to do that it doesn't have permission for, and then we give it permission for that.
Number one problem is apps that want to write to their own directory. Users don't have write access to the Program Files tree. No problem, give users write to that program directory. Means they can fuck up the app, but nothing else and we keeps logs so we'll know who did it. Next biggest problem is write access to a temp directory other than the one they are supposed to be using. Again, no problem. After that, it's modification of registry keys. Same fix as before, and so on.
That's what the grandparent means by a competent admin. Not that when something doesn't work you throw your hands up and say "Oh well, admin access for everyone" that you go and find what the problem is and fix it.
We go through similar shit with apps on the Solaris systems all the time. Most of them won't install right off. Their installer is proke, their documentation is poor, their license server conflicts with an existing one, etc. Well there again we can't just give up and not install it, we work out how to fix it, get the app installed and running.
That's our job.
So it's perfectly possible to lock a Windows system down to user mode in a setting where there are admin(s) managing it. Yes, it may take some work, but that's what you gt payed for. You can lock it down so that the most a user can do is to screw up individual programs. Well, you just make sure to log all that, and then you can have a little talk with them when it happens.
It's really not that hard.
Yes, the Mac is flawed. No, that doesn't mean it's just as susceptible to exploits. There are whole classes of exploits that only Windows is susceptioble to. Really. No other platform in the world, for example, is subject to "cross zone attacks". None. Security zones (should be insecurity zones) are purely a Windows problem AND they're the biggest problem Windows has.
I think the point the author's making here is that Macs are high retail, but if you want a reliable PC, you'll be spending comparable money. Bad security and mediocre robustness mean high retail Macs are a better deal. (I don't want to argue the truth of that, I just wanted to make the author's point--or at least elucidate a reasonable conclusion.)
I think really it boils down to the experience. The average people don't want to know how the computer works or why it works or anything about it, they just want to use it to get info. They don't want to worry about virus scanners or pop-up blockers or spyware. You may not have any security problems, and your friends may not have had security problems, but there are hundreds of thousands of compromised Windows boxes out there filling up our spam boxes. I'm not anti-microsoft, I'm just an advocator of doing it right. In all honesty, I hope MS copies the hell out of Apple and does it right too, then we can all just sit and bitch about how things were copied instead of trying to say "My insecure OS is secure as hell, honestly! And stable too!"
The hardware? You mean because Apple takes a ton of commonly sold components and puts them together in their fancy boxes? Just like Dell and HP do? You mean because they've spearheaded most of the now commonly-used device interface standards?
Ugh. What a complete red herring. Yes, a Mac is built from off-the-shelf components. What does that mean for me as a user? Suppose I like Mac OS X, but the hardware is too expensive for me, or doesn't meet my specific requirements, etc. Where can I go to get a competing piece of hardware to run my Mac applications on?
Likewise for the software. Sure, if your applications are all just pure console programs, you can typically run them on your favorite Unix clone. But the real value of Macs for many users lies in the graphical Mac-specific applications, and for those you are tied to the proprietary bits of Mac OS.
Truth is, with Windows you get software lock-in, but at least the hardware is an open market. With Macs, you get both software and hardware lock-in.
(And yes, I am a Mac user. But let's not pretend that the Apple world is so wonderfully open.)
Have fun with them. I know it sucks when you run out of the darn things.
This comment does not exist.
Though the standard Mac mouse is only one button, Macs can use multibutton mice. Apple even sales them. They also sale scrolling mice.
FalconShould there be a Law?