Slashdot Mirror
BBC Writer Responds To Mac Security Critiques
minimunchkin writes "BBC Correspondent Bill Thompson responds to the flaming he received for an article on the vulnerabilities in Mac security. He knows that there are no Mac OS X viruses in the wild, and he doesn't believe there ever will be." From the article: "However the wider point, that there are exploitable vulnerabilities and sometimes Apple puts them there, remains. Even if I'm careful to apply updates when they are made available, some people might not and their systems could be compromised. And there is always a gap between the discovery of an issue and an available fix, a gap which could be exploited. "
Add to that the following statement (my own): "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."
:)
You should pick that up as a sig, it's good
I am unamerican, and proud of it!
Looking at most of the vulnerability patches over the past year or two, the ones I have seen appear to be cross platform. Oddly enough I have yet to see a vulnerability in a major Apple implemented library. Things like the JPEG exploit, the PHP XSS attack exploit are all cross platform issues that affect Mac OS, Windows, Linux, Unix etc.
When I hear of a major Apple specific flaw, like a flaw in an iLife app perhaps, then I will be worried. Until then I need to get back to patching my Windows system for its flaws in IE, WMF, and the list goes on and on and on... not to bash MS or nothing, but its a fuckin pain that the OS size is mainly patches sucking room on my hard drive...
Seriously, the argument that there are exploits is an important one to keep in mind. Nobody questions that Firefox is so far ahead of IE on security that the difference can be measured in red-shift. However, anybody who then concludes that Firefox users can afford to be complacent is completely outside the Universe entirely. The same is true of OS vulnerabilities. If a vulnerability is detected, it needs fixing. Ideally, you write the software correctly in the first place so that there are extremely few vulnerabilities that ever need to be fixed, but that doesn't generally happen.
Is Bill Thompson a troll? To a degree. He has absolutely zero diplomatic touch, which is presumably why the BBC put him on the technology desk and not in foreign affairs. If you're in a war-zone, tact is an important skill to have.
The part that concerns me most, which I'm not seeing enough commentary on, is the extremely serious allegation that Apple have deliberately installed backdoors into their systems. If this allegation has any foundation in fact, Apple should face intense questioning on their conduct. Cisco got burned when the backdoors they installed were discovered and although you can argue that an Apple is not quite as critical a part of the infrastructure, backdoors are certainly not ethical and possibly not legal.
I've heard people arguing that you can't prove a program bug-free (actually, the Halting Problem only proves you can't do so for the general case, it says nothing about specific cases), but the more I hear of people abusing trust (eg: Sony), wilfully releasing defective software with known and documented bugs on the grounds people will update eventually anyway (Microsoft) and incorporating deliberate backdoors (Cisco), the more I am convinced that there should be consumer protection legislation that forces software companies to maintain certain standards. These sorts of wilfull, knowledgable, abuse of consumers is simply not acceptable.
And, yes, I don't care if it takes a BBC hack journalist to point this out.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
They claim complete rewrites of the OS occured, but I'm willing to bet tons of code was copied-and-pasted in the process.
The WMF vulnerability is proof of that. Supposedly Win2K was a "from scratch" OS, which is why they were about 3 years late with it - according to MS at the time.
Now it seems that (gasp!) they lied! Who would have thought it? (The line starts to the right).
To some extent this is true. But on the whole it's utter bullshit. If I get a user-level virus that mails itself to all my friends and deletes all my documents, it doesn't make the slightest different if it needs or wants root access. The mail goes out. My files get deleted. Root access isn't required.
One of the real differences between Windows and more sensible OS's is that Windows actively seeks out and tries to run code from untrusted sources. Screensaver sent in email? LET'S RUN IT!! Code on a web page? RUN IT!! Autorun file on something that's supposed to be an audio CD? MIGHT AS WELL RUN IT!! Bits of code embedded in an image file? LET'S GET IT ON!!
Most of the time Windows practically goes out LOOKING for things it can run from untrustworthy sources.
Linux doesn't do this
FreeBSD doesn't do this
OSX Doesn't do this
It's a stupid thing that _only windows_ does. which is why _only windows_ gets hit so hard and so frequently by these stupid viruses. (there are other things that also contribute to the problem, but this is IMHO one of the major factors)
455fe10422ca29c4933f95052b792ab2
As I'm sure most people have encountered in their lives, it's very easy for a very vocal minority to overwhelm a majority. Look at how many non-Americans believe that the United States is full of evangelical, "fire and brimstone" Christians. They're obviously a majority, but vocal and active enough as to appear to be a majority. They're not the only group in history who as acted as such, either.
But anyway, majorities are historically awarded rights before minorities, and, due to their majority status, are often reluctant to give up any priviledges which they perceive as rights. It can be rude and backwards, such as the perceived right of not having to hear other languages or introduced to other cultures, or it can be the idea that a company always run by black people should continue to be run by black people. True equality is exceedingly difficult to attain, as that majority you mention is usually the most reluctant to give up their priviledge.
"I use Macs but I certainly don't count on OS X being secure enough for me to connect to the internet without using a correctly configured firewall."
oh yeah? first of all, macosx has a built-in firewall you can enable at your leisure, and therefore talking of OS X not being secure enough for you to go online without the use of a firewall as if these two were exclusive different things is nonsense.
but even if you don't use a firewall, try plugging your up to date mac directly into your internet connected modem and wait for its security to be compromised.i don't advise you to hold your breath.
i've done plugged straight in without the use of a firewall many times and haven't had a single problem.
It seems easy enough to piss of Apple/MAC fans: just say something slightly negative, no matter how grounded in fact, about Apple or Mac.
Only if you say it without knowing what you're talking about.
It reminds me a bit of the Linux zealots.
Only if you say it without knowing what you're talking about.
This guy did that, so he got flamed.
This guy didn't know what he was talking about and now is backpeddling. That's what the higher profile trolls do, they say "If you think you're safer on a Mac, you're completely mistaken!", and then "Of course I don't mean in reality, nobody who read my article could think I was talking about reality! I was talking about my own little fantasy world where you're less safe on a Mac!"
Of course, if he had said it that way, he probably would've at least gotten a laugh. Instead his retort was to play the semantics game, and no wonder lots of people got upset.
Here's a person who either doesn't know what he's talking about (that is, merely repeats stuff people tell him, or is making conclusions that he isn't knowledgeable enough to make) or he's a mean old troll trying to piss people off. Either way, he's to be detested.
I personally didn't know much about the Mac crowd until recently -- but they are very touchy.
Good for you! Bridge that race gap!
Meanwhile, I know many Mac users and many Windows users, and I'd agree that most Mac users are most certainly touchier than Windows users, but that most Windows users don't even know they're running users and in fact, the defenders of Windows can't ever seem to do it with something even resembling a trace of logic. These people are far more touchy than Mac users, and worse still, are morally reprehensible because they defend it at the expense to themselves and others!
Here's a clue: In the last 5 years, not a single exploit that has been deployed for Linux has affected me, and yet all those dasturdly Blasters and Code-Reds are still affecting me - despite the fact I don't run Windows.
I don't care if you patch your system, I care that all these other people don't.
I contend- and others often more so that everyone would be much happier if there were no Microsoft and no Windows. I most certainly would be: You wouldn't be talking to me, and I wouldn't need to buy more bandwidth right now.
Thompson has a track record of writing articles that are either ill-informed or technically incorrect and then defending himself with the lame excuse that his is an 'opinion piece'. I can never understand why Slashdot (or the BBC for that matter) give him the space he clearly doesn't deserve. He tries to present himself as something of a guru, but probably couldn't get a job as a junior IT helpdesk worker (apologies to all the highly competent helpdesk guys out there).
He's the poster-boy for the phrase "a little knowledge is a dangerous thing". If you look at his resume it's clear that he tried to make it as a techie, but didn't have what it takes, and so became a "commentator". It's funny - there used to be a feedback section on his BBC column, but it mysteriously disappeared a few months ago, shortly after he posted some badly researched drivel about problems copying his archived email from Windows to OS X and got shot down in flames by almost everyone who responded.
On the other hand some Mac users are setting themselves up for failure. I have one client who INSISTS on chmod 777 -R / because he finds security "inconvenient" -- and any viruses that DO hit the wild are 100% guaranteed to hit their network. They miss the old MacOS and its total lack of security. I'm sure they're not the only ones with that shortsighted and foolish outlook based on the false sense of security that "if it hasn't happened yet, it never will"
/. so take my advice: download clamav (it's FREE - as in beer, as in speech, etc.), install it, and run it on occasion. I'd point you at the project page only I know that you know how to google. :) clamav is a very small project, taking up very little space, and again it's FREE and virus signatures are usually updated more than once per day.
Not only that, but if you have any shares/dropboxes/etc. openly accessible in a heterogeneous network, windows viruses can plant viruses there or infect documents which other windows users can pick up from that share and infect their machines with the scumware. Heck, even Linux or Solaris servers running file shares will be running clamav and antivir, and be scanning the samba shares any time a file is accessed.
Additionally, like it or not, there are worms which coulc conceivably infect your mac and add it to script kiddie's DDoS attacks. If you're running a web server with OpenSSL (or a commercial variant thereof) chances are you're vulnerable to slapper. ClamAV detects slapper and can remove it.
Mr. Bill Thompson I KNOW you're reading this thread on
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I believe that the best defence of Unixs (specially non OSX unixes) from virus is not root isolation, but heterogenity.
When a virus arrives in a Linux computer, it really doesn't know what to expect. The user can be using a dozen of mail clients, different kernels, windows managers, etc... You don't know what exploit to use. Even if you develop a virus that is good to exploit a linux system, this doesn't mind that it can take another one.
Even in Windows, as soon as you put some different programs in the computer your safety level increases dramatically. Just throw firefox, eudora or openoffice. The level of viruses and malware that affect you are reduced by each "non-standard" program that you use, specially if it's an internet related one.
From working in PC/Mac customer service, my experience is that Mac users have no more or less clue than Pc people on average. That way they are saved from a lot because of their system, but there's no particular trend that I can see where Mac users are somehow smarter. The Mac users posting on /. aren't necessarily the average Mac user. The average Mac users you meet first when you support services and networks for people who are more focused on what they do and less on what system they use to do it and who use Mac only because it feels easier for them that way and not due to any infatuation with Steve Jobs.
Easily 60% of the customers I talk to don't know what version of OS X they have or that its named OS X. Almost 20% (rough guesstimates) don't know whether they run OS X or OS 9.