Slashdot Mirror
Mac Users Blast Symantec ... Again
An anonymous reader writes "Once again Symantec has spouted FUD about Mac OS X ... perhaps in an attempt to make more money as Microsoft pushes its own security products? A commentary on the issue entitled "Symantec 'scare tactics' don't rattle Mac users" says Symantec's latest Internet Security Threat Report continues to voice concern for the security and stability of the Mac operating system, Mac OS X in particular. However, there isn't proper evidence to back this claim. Also from the story, readers are asked: Do Mac users think they are immune to security problems or is Symantec and others fishing for a new revenue stream? Do you think Apple should start following Microsoft's model by rating vulnerabilities and patches?"
That is not to say that there _will_ be as many threats, but let's not kid ourselves here. There will be viruses written for and holes exploited on MacOS X. It's just a matter of time and then the whole house of cards will come crashing down. If Symantec's products didn't suck so bad on the Mac, I'd go ahead an pick it up -- just in case...
--mike
Not to mention that rating a vulnerability as "high" will help hackers decide which hole to screw (that's what hackers do) with first, before everybody else had the time to apply the patch.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
With their crystal ball are managing to see some ghosts in the machine , I don't believe in ghosts .Show me hard evidence or flutter off
OS X's stability is absolutely , in all the time i have been running the system I have had one crash (The Crash was my fault ) , The finder has restarted itself a few times which i believe has lost me a sum total of 60 seconds working time .
The only times I have had programs that were unstable was when i was using Beta versions of things.
Security has also not been a problem , It automatically runs the system update regularly if you don't do it yourself . The worst that could happen is someone passes you a dodgy installer which runs some sort of server but that's not OS X's fault .
OS X is up there with the best *NIXs in these regards .
Symantec I believe has been using classic mac OSs (someone should tell them that 10 is a bigger number than 8) , They were buggy and full of holes .
OS X is not perfect by any means and has had its fair share of patches , But I could say with confidence that it could go toe to toe with linux in these areas .
The only things certain in war are Propaganda and Death. You can never be sure which is which though
I'll be getting some x86 Powermacs this coming summer.
My only security concern comes from not knowing how many threats out there are based on CPU vulnerabilities that don't affect PPCs but do affect x86 based CPUs.
Will it soon be as easy to port over viruses, trojans and worms to OS X as it will be to port games and other apps?
Otherwise I have no worries... Apple stays on top of security issues and doesn't have the back log of known vulns that windows has. In addition, many of the vulns that could affect OS X would also affect Linux/BSD so OS X gets the benefits of those communities watching for problems/patching problems as well.
A fool throws a stone into a well and a thousand sages can not remove it.
Of course mac users wont be used to viruses and other "infections" we've never really experienced any so it feels like we're invincible. The thing is that we just dont realize that someday, there will be some jackass (or team of jackasses >.< ) that decides "hey, i think i'm gonna make every newspaper and online news headline all over the us", and he's going to write a damn good mac virus. and you know what, we will go nuts because we've never seen it before.
OS X is by far my OS of choice. Sure I use Windows and Linux for different things, but when it comes to ordinary stuff as well as some cross-platform development I love my Powerbook. It's more stable and secure than my windows box and more pleasant to use than my Linux box.
That being said, one day it will hit the fan. Someone will write a really bad virus or find a big exploit and keep it on the down-low until they release it on a large scale. It will hit us, it will hit us hard.
It will be like a family living in a gated community where there's no crime. Feeling safe they never bother will any security system or guard dog. Then one day they all wake up to find their 1st floor completely raided of all valuables. The initial shock to Mac users will be the same (all-be-it less devastating than seeing your tv and stereo gone) . After being safe for so long and not having to worry about it will hit us really hard.
I don't bother running Virex, nor do most people I know. But I know one of these days I'm gonna pay for it.
Symantec is trying to sell a product that doesn't really apply in the Linux/OS X environments.
I'm not saying Viri and Worms don't or couldn't exist on a *nix platform. What I am saying is that security patches are released within the same timeframes as virus updates, so why not just set your box to auto-update those patches and skip the Anti-virus software route all together?
On other vendor's platforms, there are both a greater frequency of attacks and longer delays between patches (probably due to the shear number) so Anti-virus software serves a market there.
So it isn't hubris that the Linux and OS X are imune, it is that the OSS community and Apple work quickly to patch any vulnerability ASAP.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Is the following assertion fair and accurate:
"It is easier to secure OSX against malicious intrusion at least partly because administrators have more extensive control over the OS and the applications that run on it."
Microsoft just doesn't seem to like making security easy to do, without buying something. Heck, I can't turn off popups in IE unless I get a third-party add-on. Safari - no problem. Not trolling, but I am curious - I only use M$ at work and I *hate* it, but I am also not a sysadmin, so I can't look 'behind the scenes' and see what is possible in Windows, vs. what my employer has choosen to implement/switch on/switch off.
Well, I might not have been QUITE as acerbic in my review, but I do have to agree with the spirit of this post. When I came back to the Mac from several years owning only PCs, I purchased very few software packages for my G5. I intended to use primarily shareware and free programs. I did purchase Symantec Anti-Virus, though. It had worked so well on the PC side, and caught so many viruses. Well, it's been a year since I flung the CD into the trash, so I can give many details, but it was awful. The auto function slowed me down like molasses. So, I turned it off and set it to do a nightly scan. That resulted in MODAL dialogs telling me it had done it's job. There was no way to make them not come up. There was no way to make it run silent. I wouldn't have minded dialogs that told me what went wrong, but why keep telling me that everything's ok? And it would tell me that it had downloaded the latest update of the defs. It wouldn't tell me what that update was, just that it had downloaded it. Well, actually, it told me that it downloaded the defs update and the latest version of the app. Well, it listed both, though it can't have been the app - unless it was loading it over and over every day... or ... why would it list it otherwise... oh ... whatever. I called Symantec, but they just got confused.
(I also vaguely remember problems removing it, but I can't recall details now.)
In short, the function AND interface of the Mac version was WAY inferior to the PC version - and that was never any great shakes anyway.
So, I took it off. A waste of $70, but the machine ran so much better with that stuff gone.
I got a distinct impression that Symantec was interested in the quality of the Mac version in direct proportion to the percentage of Mac sales they had. I suppose that makes good "business" sense, but it makes for a crappy product. And that, in the end, makes for no business at all.
I'm new to the Apple world (just got my iBook a month ago), so I don't know all the ins and outs yet. Could you explain what the point of Acrobat is when I can already print to PDF and read them easily with OSX?
No OS is immune from exploits.
Symantec shouldn't just be pointing out how many exploits have come to their attention, they should be providing evidence to support their position. Things like, how many exploits became full blown threats to the security of OS X. None.
They should be providing details about how their NAV(Norton Anti-Virus) software has changed over the past several iterations to deal with this pervasive threat. It hasn't.
Currently Symantec is using the same software, without any significant changes, since the release of OS X, that's no significant changes or enhancements, zero, zilch, nada, for over three years, but they're still happy to sell you a new version for $70+ and come out and make wild claims about how you too are unsafe. When what the consumers are really unsafe from is bad business practices and corporations that are willing to try and scare you out of your hard earned cash.
Why is this happening? Money, greed, avarice and lying.
Yes, Acrobat is more feature rich than the OS.
But please explain why it need to have the admin password to install it. Is there anything in Acrobat that is system wide, moreso than something like Office would provide? I really don't think so, but would love to be enlightened.
More likely, it's Adobe being lazy with programming and making things easier on themselves rather than proper and secure programming techniques. Remember, if there's a bug in their application at a system level, it could represent a real security hole because of the way the installer works.
There are two types of people in the world: Those who crave closure
Clearly something does stop Spyware authors, otherwise Mac users would be complaining about spyware.
However, why on earth would one think that Symantec is the solution to the problem? If there is a known problem, Apple will patch it. If it is an unknown problem, Symantec cannot fix it.
I was a loyal Symantec user and used their product religiously on my PCs and Macs, knowing that sooner or later something ugly would rip through the Mac community. When I renewed a license on the Mac side the license they gave me didn't work. I emailed customer service twice and still received no response. When I read the fine print, the license must be applied within a month of being issued or it does not work. I did that, and followed all of their installation directions, but no luck. The lack of response from their customer support was the last straw, none of my systems run Symantec products now. Their troubles may run deeper than a lack of scary OS X security stories to drive their sales.
Free Adam Smith! (Or best offer.)
There's a big difference in the sources where people get their virus news. On the Windows side, you see it in trade journals, on news sites, even on TV when there's a big virus making Windows machines crap out left and right. Yet...you only hear about Mac viruses from companies (Symantec?) who are trying to make a buck. Maybe when I read about Mac viruses in InfoWorld or some other news source I'll be mildly concerned.
"He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
I found a serious one when I was doing some testing prior to the implementation of Mac OS X 10.3. As far as I know, this issue still exists despite my reporting it to BOTH Symantec and Apple... (I believe Symantec did something about it in their latest version, though I haven't had a chance to test it yet... but I know OS X would still allow the problem in 10.4.)
The scenario goes like this: Create a cron task to update Norton AV for Mac from the command line. Log off the system. Unplug the network cable. Wait for the cron task to fire. Norton tosses up an error box indicating that it couldn't update itself. This error message appears OVER the login screen, along with an Apple menu that shows you logged in as the administrator user who setup that cron to update Norton. Even without logging in you have limited access to OS X as AN ADMINISTRATOR!
(I discovered this little "hiccup" when I'd configured Norton to auto-update and found that our network had experienced a problem overnight when the update was scheduled to take place. Imagine my surprise to come in and find a machine with an administrator's Apple menu accessible and no one logged into it!)
Personally, I think applications shouldn't be able to display GUI elements if the user initiating those applications isn't logged in at the moment, and certainly not if NO ONE is logged in.
For slightly more information on how to update Norton AV 8.0 and 9.0 from the command line and via cron, see: http://mikesalsbury.com/mambo/content/view/115/