BBC Writer Responds To Mac Security Critiques

minimunchkin writes "BBC Correspondent Bill Thompson responds to the flaming he received for an article on the vulnerabilities in Mac security. He knows that there are no Mac OS X viruses in the wild, and he doesn't believe there ever will be." From the article: "However the wider point, that there are exploitable vulnerabilities and sometimes Apple puts them there, remains. Even if I'm careful to apply updates when they are made available, some people might not and their systems could be compromised. And there is always a gap between the discovery of an issue and an available fix, a gap which could be exploited. "

The Rules

[gbulmash]

To the old rule that one should never argue politics or religion, because there is no way to win, I believe we must add operating systems as a third thing one should never argue.

Add to that the following statement (my own): "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

- Greg

Re:The Rules

[spitek]

Agree here. Even trying to cover this subject in "vendor neutral" manner, pointing out the pros and cons based of what the need or usage of the system would be, still be like the white guy.

Re:The Rules

[Krach42]

Add to that the following statement (my own): "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

You should pick that up as a sig, it's good :)

Re:The Rules

[MrNougat]

And yet, being a white male in a discussion about discrimination does not necessarily make your position incorrect.

But those Microsoft advocates - GOD.

Re:The Rules

[Bazzalisk]

As a white male from a poor background I can discuss discrimination a bit at least ;)

Re:The Rules

[Savage-Rabbit]

"Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

Hmmmm... nice analogy but why choose such a complicated topic??? I have found that in order to trigger the unwinnable argument effect it is usually enough (assuming you are a human male) to get into a discussion with a human female as to whether the toilet seat should be left up or down. This argument is actually much more venomous than the one you cited since it tends to go on forever and can furthermore result in a permanent damage to your sex life unless you resort to subterfuge and allow the female to believe she won.

Re:The Rules

[borganha]

Some places include football in the list of non-discussion topics. The real football, the one played with feet.

Re:The Rules

[EggyToast]

I'm a male, and that argument's a non-starter. Of course it should all stay down. That's the "closed" state. Similar to many other household objects, the natural rest state is closed. Doors, windows, etc. They're opened when used; otherwise they wouldn't exist.

Most males encounter toilet seats that are "down," and have to lift them. Even ones without a proper lid. Why they should assume that leaving them in a state unlike they were found, well, that's just slobbish.

Re:The Rules

white male in a discussion on discrimination.

until you consider "Affirmative action" which is legal descrimination

Re:The Rules

[carlislematthew]

"To the old rule that one should never argue politics or religion, because there is no way to win, I believe we must add operating systems as a third thing one should never argue."

Being a Mac user is both religion *and* politics! It's religion because you believe in a supreme being (Steve Jobs), have a bunch of people that agree on a set of beliefs (e.g. one button is best) and think that other religions (Linux, Windows) are stupid and false. It's politics because you can only be on one side!

(Before you respond, please understand that I was joking) http://en.wikipedia.org/wiki/Joke

Re:The Rules

[iwsnet]

I think Mac users feel they are safe with security since they have only 5% market share and most hackers are on Windows trying to rip off most people.

Re:The Rules

[hobbit]

"Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

I used to be a white male.

My name is Jamelia Uwimana, and I'm a "switcher".

Re:The Rules

[chrispatch]

That one is easy, most home toilets have a seat and a lid. Everyone leaves BOTH down when they are done,

Re:The Rules

[uncoveror]

When you are talking about Mac it is religion, not a third thing. Bill Thompson blasphemed the Mac religion, and they are calling for Jihad! It doesn't matter that what he said might be right.

Re:The Rules

[MobileTatsu-NJG]

"But those Microsoft advocates - GOD."

Compared to "Bill Gates is the anti-christ" Linux zealots...?

Re:The Rules

[rbannon]

When at home, everyone should sit when going to the bathroom. It's plain filthy to stand. I actually have a sign in my bathroom (bought it in Berlin) that sternly warns against standing. Yes, I am a man, and you'd better politely smile if you question that.

Free iPod?

Re:The Rules

[ceoyoyo]

Ah, yes, the LID should be down. Then both sexes have to lift the lid.

The female argument that you should put the SEAT down is interesting. The most common one I hear is that if you don't put the seat down they might fall in. I personally look before I sit down on anything, but to each her own. I think it would be awfully funny to see one fall in!

Re:The Rules

[Scudsucker]

is like being a white male in a discussion on discrimination

It's fairly easy, actually. For example, prostate cancer kills about as many men as breast cancer kills women, and yet breast cancer gets 3x the funding. Or how men make up at least 35% of the victums of domestic violence, and yet receive virtually no funding, no outreach, and no respect.

Re:The Rules

[rtb61]

Vendor neutral, nows its obvious why you feel like the "old guy" in an operating system dicussions, it is not about brands it is about access and openess, it's about customers choice over the life of their use of the software. It's just another overhead and it's the function of good managers to continually reduce overheads. Don't get caught talking, my brand is better than your brand, it is pointless.

Microsoft is quite welcome to produce an open source operating system, I would with out qualm try it because that is my preffered style of operating system, open source (I might even be tempted to take a maintenance contract on that open source operating system, although in truth it would be highly unlikely based upon by past experiences with microsoft, they just don't seem to be a company you can trust).

So that's where your vendor neutral idea just doesn't make any sence. If microsoft wants to produce, sell and maintain a Linux distribution they are quite welcome to (or for that matter, any other open source operating system). There is a market there and it is the market that will dominate and it seems strange that they are so afraid of it. Your just stuck on the old idea of my closed source operating system is better than your closed source operating system, when the whole discussion is shifting to who does the best implementation of which open source operating system (don't worry there is every chance you will catch up ;-)).

Re:The Rules

[sdedeo]

Wow, it took me two minutes to debunk both those claims.

prostate cancer kills about as many men as breast cancer kills women

No, it doesn't. Prostate cancer deaths are 75% of breast cancer deaths.

breast cancer gets 3x the funding

No, it doesn't. It gets 2x the funding. So, for reference, breast cancer is slightly "overfunded" ($/death, we spend 60% more.) If you're looking for a reason why that might be so, it's because breast cancer strikes at an earlier age. A woman under 40 is EIGHTY-FOUR times more likely to develop breast cancer than a man is to develop prostate cancer.

My guess would be that counting $/lost year of life makes the most sense; we spend (and should spend) much more per death on, say, preventing SIDS than we do on, say, preventing some equally rare consequence of late-stage chemotherapy. You could try to work out the numbers yourself, but I have a feeling you're not the kind of person who likes facts. Facts... they are so cold. Breast cancer versus prostate cancer stats.

OK, onto the next one:

men make up at least 35% of the victums of domestic violence

Well, you have to scroll through a few pages of websites whose main existence is to either promote "Men's Rights" or criticize feminism until you get to a reasonable source: the BBC. There you find the results of a 2001/2002 British Crime survey: "19% of domestic violence incidents were reported to be male victims with just under half of these being committed by a female abuser."

I'm going to take a wild stab in the dark here and suggest that you are less concerned with gay victims of domestic abuse because your larger point is that men in heterosexual relationships are somehow "discriminated" against. In any case, the correct statistic would be 9.5%, not "over 35%." BBC reference.

Thanks for playing "make up facts"; you have lost. Please try an easier game. We suggest cable TV.

Re:The Rules

[Shano]

Having got into that argument before (with a female flatmate, not an SO), I've figured out how to win it.

She'll have a very hard time convincing you you're wrong if your opening argument is "down".

Re:The Rules

[Eivind]

Sure. There's lots of examples like this. Most from child/family settings. The reason being that the traditional role of the female is to deal with the children, so she often gets the final say by default (or because the laws are old)

For example, in germany (and many other countries) when a nonmarried couple gets pregnant, the mother *automatically* get sole child-custody. The father gets no rigths whatsoever, except offcourse the rigth to pay. The mother:

• Decides by herself if she wants to keep the child. She can put it up for adoption if she likes, the biological father doesn't automatically get the child even in this case.
• Doesn't need to let the father ever even see his child.
• Can move away, even to another country, and take the child along.
• Automatically gets the pension-bonus given to people who care for small children. (Note: This is true *even* in the case where the mother works full-time and the *father* is the one actually caring for the child!)
• It's even in the german constitution that "the mother" receives special protection. Fathers aren't mentioned with a single word and certainly receive no special protections.

Re:The Rules

[MrNougat]

Oh sorry, I meant that in a "Napoleon Dynamite" kind of way, not a literal way.

Re:The Rules

[tbone1]

Add to that the following statement (my own): "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

Um, aren't you discriminating against us white guys? Luckily, Jesse Jackson always fights for the repressed and the discriminated, so he ... Oh, Jesse can't make it? Well, then, Martha Burke will ... What? She has a tee time with Hootie Johnson? Oh, Hootie and the Blowfish. Well, our great political advocate ... hey, who is our great political advocate?

Re:The Rules

[tbone1]

Being a Mac user is both religion *and* politics!

No it isn't!!!!

[Crushes the Unbelieving Heathen Commie Scum with a cracked old Apple Cube]

Re:The Rules

[mike77]

to get into a discussion with a human female as to whether the toilet seat should be left up or down.
I'm a male, and let me tell you, it goes DOWN!
Your argument is too simplistic, it does not take other factors into account

For instance, let us hypothesize you have a playful young cat who thinks the toilet is interesting and should be played in.

Unless you like waking up to a toilet bowl soaked cat at 2 AM when they jump on your head, the argument is already decided.

Re:The Rules

[spitek]

Don't get caught talking, my brand is better than your brand, it is pointless. Yes! Once again it's not about brands when it really comes down to it. Time changes all things. Look at the car industry, or so many industries. I would have never bought a Ford years ago, that 2006 Explorer.. Hmmm. Everyone from the Banyan Vines days thought, "Microsoft, what kind of silly ass name is that" So basically this is just like everything else. Generally if you're doing this or that, than x is what you want. Except if your doing this other thing only then y is what you want. Only when you are able to take that step back, look at everything unbiased (I know this can be hard... maybe ease into it, start with something small) does reality set in. And thank you so much for the "old" comment! :)

Re:The Rules

[99BottlesOfBeerInMyF]

"Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

You are incorrect. Being a Microsoft proponent in an argument about operating systems is like being a Nazi, KKK member in a discussion on discrimination. White males are born that way and in no way predisposed to being racist. People who argue the superiority of Windows have made a choice to use and extoll that OS.

People who argue Windows is superior are like KKK members, generally misguided and misinformed. I'd also like to say that as a white male, I've had plenty of discussions about racism and I've noticed as many black people who are racist as white people.

Re:The Rules

[rbannon]

Piss while standing and the probability for urine to splash beyond the bowl is vastly greater. Just take a look at any public restroom where people tend not to sit and you will see urine almost everywhere.

Free iPod?

Re:The Rules

[rtb61]

Your getting closer in your car analogy but is more about the changes in transport from the horse and buggy to a modern automobile rather than comparing brands. Some companies, like microsoft just can't get out of the old way of doing things and fall by the wayside, not that they disappear altogether they just drop that particular area of business because they can't adapt to the new demands of their ex-customers i.e. they don't seem to be able to make the transition from closed source operating systems to open source operating system and that is the way business and government customers demands are going.

Face it the old operating system model either requires a blind trust in the supplier or the willingness to pay the cost of auditing their code because it has becomes necessary. Open source allows for the public audit of the code, hence significantly reducing business risk without the exorbitant cost of attempting to audit all of the code yourself, bearing in mind every company and government that requires that level of assurance has to repeat that same excersize independently, an exorbitant waste of money (just for the supposed privilege of buying one particular companies product, it just does not make any sense).

Re:The Rules

[Scudsucker]

Wow, it took me two minutes to debunk both those claims.

Pretty big words from someone with two links in his post.

No, it doesn't. Prostate cancer deaths are 75% of breast cancer deaths.

Yes, it does. Prostate cancer deaths: 40,000 a year. Breast cancer deaths for this year are estimated at 43,000.

No, it doesn't. It gets 2x the funding.

If you only go by what the NIH spends, sure. The 2006 estimate for breast cancer research is $716 million for bresat cancer, compared to about $380 million for prostate cancer. However, there's the DOD's breast cancer program, which nets around $150 million a year. And then we can compare the funding that the national Office of Women's Health spends on breast cancer to the amount the Office of Men's Health spends on prostate cancer. Oh wait, we can't, because the OMH doesn't exist.

You could try to work out the numbers yourself, but I have a feeling you're not the kind of person who likes facts. Facts... they are so cold. Breast cancer versus prostate cancer stats.

Sorry, but the facts are deserting you faster than Republicans can distance themselves from Jack Abramoff. Here's another one for you: yes, prostate cancer strikes later in life than breast cancer, but women also live 5.7 years longer than men. But hey, we can only even out statistics when women are at the short end of the stick, right? Like how you'll hear complaints about "glass ceilings" and "pay gaps" but you don't see NOW wringing their hands over the fact that over 90% of workplace deaths and injuries are suffered by men.

Well, you have to scroll through a few pages of websites

No, I don't.

whose main existence is to either promote "Men's Rights" or criticize feminism

Yes, the women can have their Oprah, their Lifetime channel, their NOW, their decades of "women's rights" but if men raise their voice they're just a bunch of complainers.

reasonable source: the BBC. There you find the results of a 2001/2002 British Crime survey: "19% of domestic violence incidents were reported to be male victims with just under half of these being committed by a female abuser."

Looks like you skipped over the part of your article where they said "Figures on the extent of male victims vary considerably so it's difficult to state with any accuracy the true extent." I went with 35% because it is on the low end of the estimates. Studies of studies have pegged it more at 50/50. The problem with relying only on police reports is the fact that women are far more likely to report abuse then men, due to culture and outreach.

I'm going to take a wild stab in the dark here and suggest that you are less concerned with gay victims of domestic abuse because your larger point is that men in heterosexual relationships are somehow "discriminated" against.

Wow, that's funny. It's funny because a consequence of domestic violence being culturally and politically defined as something male abusers do to female victums, is that violence in lesbian relationships is ignored.

Thanks for playing "make up facts"; you have lost.

Let me guess, you have a big poster on your wall of Nixon and his "victory wave" after he just resigned. You can quibble on the statistics, but even you are are right on all points it still doesn't change the fact that men are indeed getting the short end of the stick in many areas. 75% of the deaths deserve more than half the funding. 19% of the victums of DV would deserve more than zero support and respect. So to get back to the GP's point, yes it is easy to be a w

Re:The Rules

[Eivind]

Most women agree with you. Most *everyone* agrees with you, certainly in Norway, which is relatively radical about equal rigths. But several of the laws I mentioned are precisely the same in Norway. (I happen to be Norwegian by the way, I only live in Germany at the moment) For example, a unmarried woman who gets a child with someone gets absolutely *all* the rigths of a parent while the father gets none whatsoever, except the rigth (and duty) to pay for the child offcourse.

Fathers who *are* married are not much better off: The normal case in Norway (atleast on paper) is that the parental-rigths are split. But this can only work if both parts wishes it to work. If the woman simply refuses, she ends up getting all parental rigths alone in like literally 98% of the cases. Not by law, but because the judges are old conservative males who basically think a mother is more suited as a parent than a father in 98% of the cases.

My opinion: Sharing the responsibility should be the norm. If one of the sides refuses to cooperate in sharing, then as a rule, the sole custody should automatically go to the *OTHER* parent. This makes sense, because it's the only way to ensure the child gets to have contact with both parents. It's pretty much the same for lesbians (Hi, I peeked at your website). The one who physically is pregnant will in most cases receive all rigths if the couple splits up, the other is only allowed to pay. This is one reason why quite a few choose to adopt a child instead of having their own -- it is the only way to ensure that both parents are treated as equal.

Re:The Rules

[Squirrelgirl]

I agree with your opinion wholeheartedly. I have met several women who did not get the custody though, and some who even gave it to the father because she felt he had a better support network to take care of the children. We can't easily adopt and getting a baby with a guy opens a hornets nest of issues so I'll settle with being childless for now. ;) I'm also not really eager to have a kid now. We have enough work with our kitten. ;)

Re:The Rules

[Eivind]

Sure. In the (in Norway around 8%) of the cases where the father has custody, the overwhelming majority it is so because the mother agreed to this arrangement, or the children are old enough that their meaning counts. When my parents divorced I stayed with my father, but I was 14, and he was staying where I had lived all my life, had all my friends and my school, and my mother was moving away to start a new life with a new child and a new man -- it wasn't really much of a question.

Not all women are assholes. Indeed the large majority aren't. Even most of those who have custody, wishes for the child to have the possibility to also meet the father. In those (majority!) of the cases it matters little what the law says, because the parents reach an agreement anyway.

Thing is though, the law is there for those (few!) cases where one part does *NOT* act reasonably.

But I Only Meant All Of You

[American+AC+in+Paris]

From Thompson's original article:

Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised by malicious software and opened up to exploitation by others. It's time they started behaving a bit more responsibly.

Dear Mr. Thompson:

When you accuse several million people of demonstrating "indefensible smugness" based solely on the type of computer they're sitting in front of, you must certainly expect something of a backlash from those of us who do, in fact, take security seriously. When you tell the likes of systems administrators and security experts they should behave "a bit more responsibly", they're rightly going to tell you to go piss up a rope.

On the Internet, we refer to people who make statements such as the one quoted above as "trolls". Engaging in this type of behavior is generally frowned upon. For example, if I were to say "this is the sort of idioctic drivel the world has come to expect from those effete Brits," I, too would be guilty of trolling and would receive untold amounts of well-deserved invective from the readers of this post.

Fortunately for me, I know better than to make such outrageous statements.

Re:But I Only Meant All Of You

[sepluv]

Isn't that flamebait rather than trolling?

Re:But I Only Meant All Of You

[ettlz]

"this is the sort of idioctic drivel the world has come to expect from those effete Brits"...

What was that saying... "Over-paid, over-sexed, and over here"? ;)

Re:But I Only Meant All Of You

[JourneyExpertApe]

On the Internet, we refer to people who make statements such as the one quoted above as "trolls".

NO, WE DON'T! "Trolling" is the act of saying something false or inflamatory in order to provoke a reaction for your own amusement. It takes its name from the fishing technique where you drag a line from a slow moving boat. I doubt a columnist would risk his career just for a laugh.

Re:But I Only Meant All Of You

[iangoldby]

When you accuse several million people of demonstrating "indefensible smugness"...

Smugness is highly subjective, and says much more about the person making the judgement than the person being judged.

I doubt that many Mac users think to themselves "I'm very pleased with myself because my Mac is immune from viruses." They just don't really think about the problem at all.

That isn't smugness in any objective sense.

The Mac user may appear 'smug' to the embattled Windows user who has just had to do a clean install for the 3rd time due to virus damage. But that's purely subjective.

I think Bill writes a great deal of excellent stuff in his columns. Let's not get hung up on one sentence and then miss the entire point of the essay.

Re:But I Only Meant All Of You

[vague+disclaimer]

Also from TFA: I believe that security through obscurity is no security at all,

So it's probably just as well that OSX doesn't rely on it then.

Re:But I Only Meant All Of You

[dotgain]

Oh, right. So making a sweeping generalisation isn't good enough for you. We actually have to precede it with "All" just to hammer the point for idiots like you.

"Anonymous Cowards are idiots, and never add anything to the discussion". Hey, I was only talking about you, not all the ACs.

Re:But I Only Meant All Of You

[jskiff]

And the response is: "under-paid, under-sexed, and under Ike."

Re:But I Only Meant All Of You

[minuszero]

...you must certainly expect something of a backlash...

or perhaps a forward slash...

...followed by a full-stop.

Re:But I Only Meant All Of You

[American+AC+in+Paris]

"Trolling" is the act of saying something false or inflamatory in order to provoke a reaction for your own amusement.

...so are you saying that the statement "Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised by malicious software and opened up to exploitation by others. It's time they started behaving a bit more responsibly" is true? Are you suggesting that it is somehow not inflammatory? Trolling for amusement is but one form of trolling--you can also troll to draw attention to yourself.

Had he said "Linux users are snide and condescending when it comes to answering requests for help. It's time they learned some manners and grow up a bit", would he be trolling, or would he simply be telling it as it is?

I doubt a columnist would risk his career just for a laugh.

...can you imagine a columnist writing overgeneralized, inflammatory statements in order to make more people pay attention to him?

Re:But I Only Meant All Of You

[nathanh]

When you accuse several million people of demonstrating "indefensible smugness" based solely on the type of computer they're sitting in front of, you must certainly expect something of a backlash from those of us who do, in fact, take security seriously.

Given the vitriolic and indignant responses I read on /. to what was a very reasonable statement by Bill Thompson, I think he was correct in his identification of "indefensible smugness". Mac users need to move past the infatuation phase with OS X and realise that OS X has many of the same weaknesses as Linux, Solaris and BSD. I run a virus scanner and I practise good security on my network. Why is that so many OS X users think they're beyond all that?

It was amusing that the most popular response to Thompson's article about "indefensible smugness" was a variant of "OS X doesn't have any known viruses" followed by various rants about Windows. Proved his point rather well, I thought.

Fortunately for me, I know better than to make such outrageous statements.

Indefensible smugness, indeed.

Re:But I Only Meant All Of You

[ceoyoyo]

No, no. See, he wrote that making false statements for your own amusement is trolling, and he doubted that a columnist would risk his position for mere amusement, which is at least reasonable.

So my question is, what's it called when you make false and inflammatory statements (referring to the name calling here, NOT the valid point about security) in your professional capacity? I guess if you're Jerry Springer or a writer for the National Enquirer then I guess it's par for the course, but I don't think it's all that cool from someone who's not there strictly for our entertainment.

His second article was much better then the first. Left out the name calling entirely and actually had a wee bit of content!

Re:But I Only Meant All Of You

[dbuttric]

I have to agree here.

I am a Mac User, but I have a long history of UNIX behind me.

When confronted with a modern mac user, I am amazed at the level of complacency they display. They literally do not understand the responsibility they bear.

Hey, at least Windows users understand that they have insecure systems. They might not be able to get at the magnitude, but they'll tell you: "Yes, that thing pops up all the time, I always just cancel it..." -- sigh...

But Mac users -- "Why would i need a firewall?"

-- All this said, I'm a die hard Mac user. I know where the vulnerabilities are. But that's because I have REAL understanding of the systems that I have to use.

Thanks.
Dave

Re:But I Only Meant All Of You

[Hungry+Admin]

I don't know who said it first, but here goes:

"I don't have anything against Apple computers, they are pretty nifty. It's the users I can't stand."

Instead of paying tithes to the majority monopolist, MAC users pay even higher tithes to the minority monopolist in order to be "cool" and not have to learn any of that egg-headed computer stuff.

I prefer to invest a little effort in understanding my computer system, and try to support open source whenever possible... I happen to like free choice, and openness. And function over form.

Unfortunately, the masses don't think like engineers, they think like Homer Simpson.

Re:But I Only Meant All Of You

[sg3000]

P.S., I could have done without the self-pitying, "woe is me" attitude in his second article:

> I hope I achieved that goal, even if I did upset a lot of people who seem to feel that anything but
> fawning admiration for Apple is an act of betrayal by an apostate.

His first article was talking about how "smug" Mac users are about security. Then his second article admits "I don't believe that Mac viruses already exist, and I think it's very unlikely that they ever will." Maybe he could have said that Mac users were "confident" about security without resorting to the pejorative word in order to sensationalize.

His article was a troll. His first article used the word "virus" nearly a dozen times, but in the second article, he admits there have been no Mac OS X viruses and the security flaws he mentioned had been fixed long ago.

He claims he writes for people of all audiences and he must simplify. Maybe instead of doing the useless screen shot of a mail client, it would have been more educational to put a bar graph of the number of Windows viruses versus Mac OS X viruses to put a sense of scale on his claims. To put it in context, he could have done a number of viruses / number of users per platform chart.

Sheesh. The author wrote an unnecessarily sensationalist article, and he keeps accusing various targets of taking a rational issue and making it emotional ("smug", "fawning admiration"). He whines when he does sloppy reporting, gets caught, and then has to correct himself.

Re:But I Only Meant All Of You

[bemenaker]

Just because you do actually follow safe computer practises, doesn't make this article invalid. Being that I am an IT person and have been for 10 years, I couldn't agree with this article more. Would I say that OS X is more secure than Windows? Yes, I would, would I say that Linux is more secure than OS X? Yes, I would. Does that mean that Linux users shouldn't follow safe computing practises? No, absolutely not, that is like saying well I put that gun away without bullets in it, so I can grab it out of the closet a year later and it's 100% safe. The OVERWHELMING majority of Mac users I have ever talked to fit the exact bill that Mr. Thompson is talking about. They are clueless users when it comes to security. They follow the fallacy that because it hasn't happened yet, it can't. That is sheer stupidity. There is no system that is 100% safe. Everyone needs to use safe computing practises, and the majority of Mac users need to comprehend that. If you are one of the users following safe computing practises, the world thanks you, you are helping us all out. If you aren't learn the lesson from this article. All this, "I already do that, so this article is BS," is more BS than this article could ever POSSIBLY be. Thicken your skin, wake up and realize if he isn't describing you, he isn't talking about you, so STFU!

Re:But I Only Meant All Of You

[geoffspear]

If you think the term "minority monopolist" means anything at all, you're so incredibly stupid that you can't really expect anyone to take anything else you say seriously.

By the way, you're paying your soul to the collective Linux monopoly.

Re:But I Only Meant All Of You

[dangitman]

It takes its name from the fishing technique where you drag a line from a slow moving boat.

C'mon. You must be trawling me.

Re:But I Only Meant All Of You

[dangitman]

Mac users need to move past the infatuation phase with OS X and realise that OS X has many of the same weaknesses as Linux, Solaris and BSD.

And black people need to get past their infatuation with their African culture and realise that black people suffer from the same diseases and weaknesses as white people, hispanics and asians.

Re:But I Only Meant All Of You

[dangitman]

Hey, at least Windows users understand that they have insecure systems. They might not be able to get at the magnitude, but they'll tell you: "Yes, that thing pops up all the time, I always just cancel it..." -- sigh...

How does that show they are aware of the security flaws? To me that shows the opposite - apathy and ignorance of security. I'm pretty sure that most Mac users would think "something is seriously wrong here" is something popped up all the time, and try to find out what the hell it is.

All this said, I'm a die hard Mac user. I know where the vulnerabilities are. But that's because I have REAL understanding of the systems that I have to use.

So, what makes you think that the majority of Mac users don't have the same understanding? Anecdotal evidence isn't always reliable.

Re:But I Only Meant All Of You

[squiggleslash]

You know what? Whenever I've pointed out that OS X is not 100% secure, that it only takes one bug, and that there have been huge holes in OS X in the recent past (such as the "A redirect to a .sit containing an executable that's associated with a common file type you're likely to open from the Finder causes the .sit to be downloaded, extracted, and the associations set up without any intervention on your part, by Safari - fixed about a year ago with that "This is the first time you have tried to run XXX..." thing), I've been flamed by Mac users and rarely, if ever, come across anyone who agreed with me. And I'm not talking about writing flamebait, I'm talking about common sense advice, y'know, "Don't buy a Mac simply because it's supposedly more secure than Windows, because it's not immune, and it's largely been lack of numbers that have caused people to avoid attacking it thus-far. You'll still need to be vigilant."

Given that, it's not hard for me to agree with the BBC writer's conclusion that Mac users are, generally, prone to illogical and ultimately dangerous smugness when it comes to the security of their systems.

Re:But I Only Meant All Of You

[dotgain]

"it's largely been lack of numbers that have caused people to avoid attacking it thus-far. You'll still need to be vigilant."

I agree - I think MacOS X does go a long way towards being a more secure system, but I also have no doubt that if my Mum dropped her Windows box for a Mac, (along with millions of others), she wouldn't really have much less trouble, because her problems are largely her own doing, not her OS's.

Having had said that, though, Windows has completely lost my trust as a secure operating sytems for the masses. Even if we go months without a vulnerability, I know there's still one just around the corner. With other OSs I'm more optimistic.

Re:But I Only Meant All Of You

[Squirrelgirl]

From working in PC/Mac customer service, my experience is that Mac users have no more or less clue than Pc people on average. That way they are saved from a lot because of their system, but there's no particular trend that I can see where Mac users are somehow smarter. The Mac users posting on /. aren't necessarily the average Mac user. The average Mac users you meet first when you support services and networks for people who are more focused on what they do and less on what system they use to do it and who use Mac only because it feels easier for them that way and not due to any infatuation with Steve Jobs. Easily 60% of the customers I talk to don't know what version of OS X they have or that its named OS X. Almost 20% (rough guesstimates) don't know whether they run OS X or OS 9.

Re:But I Only Meant All Of You

[dangitman]

From working in PC/Mac customer service, my experience is that Mac users have no more or less clue than Pc people on average.

I agree. I was arguing against the idea that Windowsw users are somehow more security-conscious than Mac users.

Fourth Rule

[Harmonious+Botch]

Emacs vs Vi

Re:Fourth Rule

[bmwm3nut]

but emacs is an operating system...*duck*

Re:Fourth Rule

[Philip+K+Dickhead]

He used "slashdotted" and "traduced" in ONE sentance! Give that man a Webby!

Re:Fourth Rule

[drauh]

ed

Re:Fourth Rule

[Pogue+Mahone]

No it isn't. It's vi ...

This guy is full of it

[pHatidic]

It doesn't matter whether how secure the OS is, all that matters is how secure your data is. You could have an OS with more holes than a sieve, but if for one reason or another your data is less likely to be compromised then that is all that matters. Apple has unfound theoretical vulnerablities. So what, it doesn't matter. All that matters is that my word documents stay mine.

Re:This guy is full of it

[slashname3]

The whole matter of computer security comes down to make sure your system is just a little bit harder to exploit than the one down the street. Apple has done this. Microsoft systems are much easier to gain control of than just about any other system out there. Mind you that there are Microsoft Windows systems that are very secure. The admins on those systems have take the time to patch the holes and take measures to secure those systems. Is this true of all Windows systems? No. Are all Apple systems secure? No. It comes down to how much does the end user of that system care about security and how much time, effort, and money do they want to expend securing the system. This is true of all systems.

As another poster wrote the orginal article is at best flamebait.

Re:This guy is full of it

[datafr0g]

That's fine if all you want to protect is your data - what about people installing trojans turning your computer into a worm distributor or even someone rebooting your machine remotely everytime you log on?

Security should also be a function of the OS.

Re:This guy is full of it

[nolife]

So what has access to that data besides some type of OS? Can you describe how this data is maintained "secure" from the OS accessing that data? I can think of some type of hardware write protect but that is hardly a reasonable compromise in almost every situation. Maybe I missed your point.

Re:This guy is full of it

[geekee]

I would argue that Macs are mcuh easier to exploit, since most people don't bother to patch the OS. Becuase of the small market share there's really no point in wasting your time attacking Macs, though.

Re:This guy is full of it

[gutnor]

Basically there is not even need for a vulnerability.

If a user open any executable that comes as attachement in an email, then the executable has whatever rights the user has, and generally that means accessing his documents ( and therefore potentially delete all of them )

The 'security' that Mac provides in this case is a different executable format, different way to make them run actually than Windows. Therefore if he receives a mail crafted at Windows user ( eg 'click on naked_girls.exe' ), it just does nothing on the mac.

That unfortunatly means that the mac user is unsafe to an attack like 'save the file 'naked_girls' on your disk, chmod and run' or whatever is needed on Mac to run something if he just think 'Hey, I'm on a Mac, if somebody tell me to run something it must be safe because my Mac OS is safe.'

There is a lot of education going on for Windows user to 'get a security clue' and stop making stupid thing on the net ( downloading crap, ... ), and that's a shame if that this education is completely overlooked by a significant proportion of user that think they are safe in ANY circumstance ...

Re:This guy is full of it

[slashname3]

Actually what makes Microsoft systems easier to exploit is the fact that users generally run with admin privileges. And a lot of programs under Windows run with admin privileges. On most unix systems, including Macs, most users do not run with admin (root) privileges. Because of this one fact if a virus or hacker does manage to get on a Mac or unix like system it is unlikely to gain control of that system. Unlike a Windows based system where a virus simply needs to get executed and it has admin privileges allowing it to then insert itself into all sensitive places on the system and if the hacker is really good, hide itself from the owner of the system. While the market share probably does affect how many hackers attack a particular system it is the ease at which the system can be taken over that matters the most. Face it, if Macs where really easy to exploit, there would be thousands of hackers scanning the Internet looking for Macs to take over. This does not appear to have happened.

And like I said before, the idea of security on the Internet is to make YOUR system just a little bit harder to exploit than the next one. And time after time it has been proven just how easy it is to exploit a Windows system.

All is forgiven

We forgive you on one condition: you admit publicly that emacs is the one true editor. Then you won't have to worry about anyone flaming you ever again.

Re:All is forgiven

[Heembo]

You macro-writing emacs-installing COWARD! Behold the simplicity and power of the only true text editor for UNIX, VI. No matter what UNIX machine I log on, in the entire world, I have the power to edit text without installing software, and that matters when I am developing code and fixing code on many dozen machines that I do not even own! That makes me infinitely more powerful that you EMACS users, lower than DIRT ON A WORM.

...seem to form a paradox

[sm284614]

So you're discriminating against white males by not allowing them to discuss discrimination because they're not discriminated against? But then, because you've discriminate against them, they can discuss it, but then you haven't discriminated against them because you've....

Re:...seem to form a paradox

[Orion+Blastar]

Discrimination against white people is still discrimination even if they are the majority. Please read the Civil Rights Act of 1964, it says it is against the law to discriminate against race, religion, creed, color, national origin, and gender. It does not say that only minorities are covered and majorities are not.

Martin Luther King Jr. talked about everyone being equal and everyone being friendly with each other, not just minorities. He said not to judge someone by the color of their skin but as individuals. Discriminating against white people goes against MLK Jr's philosophy, and against the Civil Rights Act of 1964.

Re:...seem to form a paradox

[EggyToast]

I agree, although I think it's a much finer line to walk. Ensuring equal rights is one thing; demanding priviledge based on past inequality is another.

As I'm sure most people have encountered in their lives, it's very easy for a very vocal minority to overwhelm a majority. Look at how many non-Americans believe that the United States is full of evangelical, "fire and brimstone" Christians. They're obviously a majority, but vocal and active enough as to appear to be a majority. They're not the only group in history who as acted as such, either.

But anyway, majorities are historically awarded rights before minorities, and, due to their majority status, are often reluctant to give up any priviledges which they perceive as rights. It can be rude and backwards, such as the perceived right of not having to hear other languages or introduced to other cultures, or it can be the idea that a company always run by black people should continue to be run by black people. True equality is exceedingly difficult to attain, as that majority you mention is usually the most reluctant to give up their priviledge.

Re:...seem to form a paradox

[drinkypoo]

I think you need to go back and read the assorted civil rights acts. Assuming you ever were exposed to them? You may not discriminate based on any of those things for any purpose anywhere in the U.S. and in many places and/or for several things (like purposes of hiring) you may not discriminate on the basis of sexual orientation, either.

Re:...seem to form a paradox

[Orion+Blastar]

The word used was sex in the law, but it means sexual gender or gender, male or female. Some people confuse this for sexual orientation and then claim that gender is not covered by the civil right laws. They are mistaken on both counts. The coverage is there can be no discrimination against someone for being male or female the way the law is phrased and worded.

Sexual oritentation protection usually exists at the state or local level for coverage, but it is not covered by the federal civil rights act of 1964. Usually you will find states or major cities having civil rights laws protecting sexual orientation or affinity orientation as it is called sometimes. Regardless it is not right to discriminate against someone for their sexual or affinity orientation anyway. It usually is protected by the state or city/local level, but not by the federal government. Some states and cities lack sexual/affinity orientation protection. These laws, if they exist, protect straight people as well as people of homosexual, transgender, and other sexual/affinity orientations.

Re:...seem to form a paradox

[Orion+Blastar]

Oddly geeks and nerds are not protected classes in discrimination laws. Perhaps they should be, but no law that I know of has been passed to protect them.

Re:...seem to form a paradox

[freedom_india]

Yo man !

The Parent was a JOKE !!!
Come on ! Loosen up...

Re:...seem to form a paradox

[Trigulus]

That is not true. I work for a company of 50 whites and I (also white) hired a black female who just happened to be the best applicant for the position I was hiring for. A programming position. The color of her skin did not enter into the process at all.

Re:...seem to form a paradox

[Scudsucker]

lease read the Civil Rights Act of 1964, it says it is against the law to discriminate against race, religion, creed, color, national origin, and gender.

SCOTUS might disagree. They did when the ruled that age-discrimination laws did not apply to younger workers.

Re:...seem to form a paradox

[LegendLength]

Oddly geeks and nerds are not protected classes in discrimination laws. Perhaps they should be, but no law that I know of has been passed to protect them.

It's actually strange to me when people are banned from discriminating by religion but not by other beliefs. For instance, I can refuse to hire someone in a stock market job because they believe that analog cameras are worth investing in, but I can't refuse them because they believe in the bible (in my mind showing that they have no interest in scientific method, perhaps essential for stock trading).

I would rather the laws stop discrimination against phyiscal attributes only, rather than beliefs or other vague things that are hard to define.

Re:...seem to form a paradox

[a5y]

I would rather the laws stop discrimination against phyiscal attributes only, rather than beliefs or other vague things that are hard to define.

Perhaps that piece of law was more vital when it was written than it is now, but removing it from the books would cause more problems than it solved.

I mean, just substitute "being allowed to discriminate based on religous belief" for "flag burning" in that Bill Hick's routine...

Did you watch the flag burning thing? Wasn't that great man? Boy everybody showed their true colours then didn't they?....Scary... People just flipped, they reacted like The Supreme Court approved of flag burning, know what I mean?

" Does that mean we have to burn our flags?.. They said that we ha-"... NO NO NO NO NO NO,...

"They said we should bur-".... They didn't say that, they didn't say that, they didn't say that (snip)

"Does that mean I have to go and -"....NO NO NO NO NO NO NO... Listen, read , think, calm down, relax, SHUT THE FUCK UP

"Well I don't get it..I don't wanna burn my flag"....THEN DOOOOOOOOOOON'T

Re:...seem to form a paradox

[mdwh2]

I would rather the laws stop discrimination against phyiscal attributes only, rather than beliefs or other vague things that are hard to define.

It's unfair that religion is protected, but other personal beliefs are not - but I'd go the opposite way, and say that all discrimination should be protected.

For example, in the UK, unlike many (most?) US states, you can't be fired for no reason. This to me seems a better and fairer system than one where you can be fired for any reason, except if one of a few arbitrary protected classes.

Re:...seem to form a paradox

[mdwh2]

Actually, I wonder why sexual orientation discrimination can't be considered a subset of gender discrimination. Consider, if a man is discriminated against because he is attracted towards men, when a woman who is attracted towards men wouldn't be, then that is clearly discrimination based on gender (yes, clearly it's specifically based on orientation, but only as a subset of gender discrimination).

It seems a bit of an odd way of looking at it, but only because we are used to thinking of orientation in terms of straight/gay rather than in terms of attracted to men/attracted to women.

Re:...seem to form a paradox

[drinkypoo]

FWIW I used to work for gay.com but I think they were pretty happy to hire some straights in there. The only straights were in IT, which included me, and there were only three of us. Literally everyone else was homo- or bisexual as far as I could tell. I figure we were just there so they had someone they could point to that would prove they didn't only hire queers :)

Re:...seem to form a paradox

[Orion+Blastar]

That is discrimination against Scientists who are Christians and follow the scientific method. Not every Christian is a fundie, you know. Some Christians believe in evolution and other scientific theories. You would be discriminating against them.

I am a Christian and believe in the bible, but I followed the scientific method when I took college classes to earn my bachelors of science. If I didn't, I would not have passed or earned a 3.91 GPA. If I applied for a job with you, you'd just discriminate against me because I am a Christian, because you are bigoted towards Christians and think that all of us do not follow the Scientific Meathod, because of your stereotyping. Hence the need for such laws to protect certain beliefs like religion.

Re:...seem to form a paradox

[Orion+Blastar]

Oh really? What is to stop the company from giving a bogus reason and then documenting false evidence to show why they fired someone? Say like they don't like a person's religion, and they encourage some of their coworkers to file complaints against them in exchange for better working hours or pay raises? Suddenly that person has bad behavior and unethical conduct, and thus is fired for such and has the documentation to back it up and these people will swear to it in court as well. How can you defend yourself against a dozen of your former coworkers who are testifying against you, and they used to be your best friends?

In the USA some of our states are no-fault states and either the employer or employee can terminate the employment for no reason to be given. Only the employer is the more likely to create false evidence and documentation to make up false reasons to let the worker go, so they can try to avoid unemployment benefits going to the ex-employee.

Trust me, if they have to give a good reason to let someone go, most companies are expert liars and can come up with dirt on anyone and if not they will make stuff up.

Re:...seem to form a paradox

[Orion+Blastar]

Oh it happens. A company I worked for turned away some African-American friends of mine that I had told about job openings that they were qualified for, only they were turned away. I had some other friends who were white and asian and qualified as well, but they were turned away. The company hired some men, who later I found out were homosexuals after they intorduced me to their life-partners at the company events. They did, because previously they were not qualified for the job, and I had to train them to do their jobs and I had helped them out a lot. The only thing the other men had in common that didn't get hired, was that they were straight. I am not sure why, but later on the men that I trained got promoted to jobs I was told I was qualified for as I had more years with the company and I had more experience and had been training other employees. There was a lot of favortism going on at that company, and it caused a high turnover rate. Later it was found out that some of the managers doing the promotions were homosexual as well and refused to promote straight people to supervisor or management positions. Obvious discrimination, but these days it is hard to prove unless the managers wrote a confession or the court supeona's their email and finds incriminating evidence. I myself do not hold it against homosexuals, as this was a rare case of discrimination and favortism which I am sure does not happen everywhere. Yet it does seem that such laws ought to be able to protect everyone, regardless of sexual orientation, in order to be fair.

I cite this case as one example in which not being gay resulted in being not hired or passed over for promotion. At least that is one way to look at it, proving it in court would be a whole different thing of itself.

It is in the past, I am over it now. I think I am much better off not working in a workplace that practices a form of discrimination.

Re:...seem to form a paradox

[Orion+Blastar]

Surely there was great injustices done. One cannot change the past. One can only make changes in the present to affect the future.

Sure my child and myself would feel that opression. I choose to be more like Bill Cosby or Martin Luther King Jr. and not focus on the negative, but focus on the positive. To teach my child positive things, and grow up in a positive environment, and learn how to improve on himself/herself to rise above that opression and prove the bigots and stereotypes wrong. That violence and hate, because of that past opression, is not acceptable things to have or harbor, and that it is just as wrong as that past opression was. That everyone, every race, is equal and nobody and no race is superior to the others. That one day the races will join together in friendship and we can put that opression behind us.

Re:...seem to form a paradox

[mdwh2]

Oh really? What is to stop the company from giving a bogus reason and then documenting false evidence to show why they fired someone? Say like they don't like a person's religion, and they encourage some of their coworkers to file complaints against them in exchange for better working hours or pay raises? Suddenly that person has bad behavior and unethical conduct, and thus is fired for such and has the documentation to back it up and these people will swear to it in court as well. How can you defend yourself against a dozen of your former coworkers who are testifying against you, and they used to be your best friends?

Well obviously a company could choose to illegally fabricate evidence - in that case, you make a claim of unfair dismissal, and get the courts to sort it out. You might as well say that it's pointless making theft (or whatever) illegal, because someone could get their friends to lie for them and hence get away with it.

The point is that if it's a lot harder to fire someone, and the company has to both engage in illegal activity, and encourage the coworkers to illegally file false claims, then clearly this is not going to happen anywhere as often, and if it does happen, the employee has some chance of sorting it out through the courts.

Like any law, the system isn't perfect, but that doesn't mean the law is useless.

Furthermore, this doesn't really change my point, in fact, you argue in favour of it: If a company is willing to lie, then there is no point protecting only some classes such as race or religion. A company would simply fire the employee for some other unprotected reason, and it's a lot easier to do that than having to fabricate evidence that they've committed some gross misconduct worthy of dismissal.

Re:...seem to form a paradox

[Orion+Blastar]

There are other protections that race or religion. There is color, natural origin, and gender for the Civil Rights Act of 1964. There is an act on age discrimination (over 40) and disability as well. In some states and cities sexual oritentation is protected as well.

Yes you can let the courts sort it out, it is a matter of finding the evidence and having good lawyers. If the company only said or did certain things verbally, it is hard to prove unless they are caught in a lie or had documented it in email or memos. Either that or one of the accusers breaks down and confesses to lying.

There are also exceptions, if the company has 15 or fewer employees it is exempt from discrimination. If they can prove that accomodating the employee is an undue hardship, the employee loses the discrimination case.

The law is not useless, I was trying to show one way that a company can dismiss an employee if they have to give a reason to, and they don't truthfully have one.

Another one is to simply say that they had to make budget cuts in their department and randomly chose that employee to cut to save money. Then they hired someone at a lower salary to replace them. That one is harder to disprove than the gross misconduct false charge.

And in another bit of pure wisdom.....

[achesterase]

But spyware and keyloggers are written for Mac OS as for other Unixes, and could be installed on a compromised system by a worm or even by a Trojan that is installed with user permission.

Gee, who would think? This statement gives the impression that Unix is especially vulnerable to this issue and that there is some solution to this problem. The fact that Unix's user segregation is one of the cleanest and most secure out there obviously doesn't factor into his security assessment and what I really wonder is what his suggestion for changing this "vulnerability" is. If he's looking for a technical one, I think he'll be looking for a while, since there is none. The human is always a security risk on the system. The question is only to what degree. Technology can help minimize the damage but in the end, it's always the same problem.

Re:And in another bit of pure wisdom.....

[geekee]

"Gee, who would think? This statement gives the impression that Unix is especially vulnerable to this issue and that there is some solution to this problem. The fact that Unix's user segregation is one of the cleanest and most secure out there obviously doesn't factor into his security assessment and what I really wonder is what his suggestion for changing this "vulnerability" is. If he's looking for a technical one, I think he'll be looking for a while, since there is none. The human is always a security risk on the system. The question is only to what degree. Technology can help minimize the damage but in the end, it's always the same problem."

Ahh, Isn't that what the whole point of the article? That Mac users think they're secure so they don't worry about such thing? You can't see the problem because you're the person he's describing.

Not a "troll" at all.

[CyricZ]

Please don't misuse the word "troll". Like it or not, he is pointing out a very serious issue that affects all operating systems, be it Windows, Mac OS X, OpenBSD, UnixWare, OS/2, MS-DOS, VMS, or basically any other operating system.

Frequent updates are necessary, especially when it comes to networked systems. Concurrently, many users (even experienced administrators) fail to keep their systems patched and up to date, be it for a lack of time or due to financial constraints.

Remember, Mac OS X is often targetted towards more inexperienced users, or those who just want a system that works. For the most part, that is true of Mac OS X. It does often just work. But likewise, it is necessary to keep it updated.

Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way.

If your doctor were to diagnose you with AIDS, and you did indeed have the syndrome, he would not be a "troll", regardless of how much you were angered by his diagnosis. In much the same way, this BBC author is not a "troll".

Re:Not a "troll" at all.

[Morky]

Please mod parent down "-1 Troll".

Re:Not a "troll" at all.

[Moofie]

"Remember, Mac OS X is often targetted towards more inexperienced users"

Uh, says you. I know exactly what I'm doing, and I think MacOS X is pretty rockin'.

Re:Not a "troll" at all.

[American+AC+in+Paris]

Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way.

Wait, it's a fact that "Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised"? You'll note that I don't take issue with his assertions that there are very real dangers that all computer users need to be aware of; I take issue with his saying, in essence, "If you use a Mac, you're irresponsible and smug when it comes to security".

That is indeed trolling--at least, it's either trolling or flaming, depending on how you judge his motives. Had he said, "for many casual computer users, there is a common misconception that the Mac is perfectly secure," I would have absolutely no beef with his statement. As it is, though, you'll generate a lot more attention and traffic if you simply say that Mac users on the whole are smug and irresponsible. If making inflammatory statements for the apparent purpose of drumming up attention and agitating readers doesn't count as trolling, I don't know what does.

If your doctor were to diagnose you with AIDS, and you did indeed have the syndrome, he would not be a "troll", regardless of how much you were angered by his diagnosis. In much the same way, this BBC author is not a "troll".

Absolutely true. However, if your doctor were to then go on and say, "so, are you homosexual, or are you a junkie?", would his actions still be defensible, or would you smack him upside the head for making an innacurate and crass assumption about you based on a sweeping generalization?

Re:Not a "troll" at all.

[thatguywhoiam]

Absolutely true. However, if your doctor were to then go on and say, "so, are you homosexual, or are you a junkie?", would his actions still be defensible, or would you smack him upside the head for making an innacurate and crass assumption about you based on a sweeping generalization?

Ouch. You are gonna get some nasty responses to that example.

This is not one of them, though.

Re:Not a "troll" at all.

[Trurl's+Machine]

"Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised"? You'll note that I don't take issue with his assertions that there are very real dangers that all computer users need to be aware of; I take issue with his saying, in essence, "If you use a Mac, you're irresponsible and smug when it comes to security".

I disagree. I would rather say that this very kind of interpretation, in which you are putting a flamebait into a text where there was none, is more trollish in nature. I understand this column in a quite simple way: there is a widespread attitude in Mac community that boils down to "I have a Mac so I am safe". It differentiates Mac users base from Windows user base - Windows users learned the hard way that they have to be careful. Mac users didn't and indeed among my friends I notice quite relaxed approach to matters of security. I don't mean anti-virus software, I'm talking of such elementary precautions as choosing a non-trivial master password! Sometimes among drivers you can notice similar approach that I call "Hogwart school of driving" - it's when someone believes so strongly in the power of safety increasing Three Letter Acronyms, that he drives as the law of physics would no longer apply to his beloved vehicle. There is something similar among the Mac users, who feel so secure ("it's this Unix thing, you know!") that they use administrator password "xxxxxx" with FTP access enabled on a computer connected to the Internet (and, of course, see no need to change it periodically).

Re:Not a "troll" at all.

[sorak]

  "Remember, Mac OS X is often targetted towards more inexperienced users"

Uh, says you. I know exactly what I'm doing, and I think MacOS X is pretty rockin'.

Wasn't it apple that made all those commercials with stoned teenagers saying "I plugged in my camera...and it went "buzz"...i was like...bummer...ummm...apple just...i don't know...it just...uh...what's the word...works!"

Face it. Apple is not appealing to the cyber-elite. I don't know how they compare with Windows users, but there is no IQ test on the order form.

Re:Not a "troll" at all.

[Moofie]

You pay attention to marketing? Guess you're not a member of the "cyber-elite" either...

Re:Not a "troll" at all.

[Weedlekin]

"Windows users learned the hard way that they have to be careful"

The number of viruses, worms, and trojans that are still spreading widely via security holes which MS have already fixed with patches months or even years ago would seem to indicate that large numbers of Windows users are being anything but careful.

Re:Not a "troll" at all.

[blakestah]

Remember, Mac OS X is often targetted towards more inexperienced users, or those who just want a system that works. For the most part, that is true of Mac OS X. It does often just work. But likewise, it is necessary to keep it updated.

Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way.

He is either an ingorant fool or a troll, take your pick.

Last time I checked, nearly every UNIX vulnerability was the result of attacks through open ports, including http ports via php attacks, sendmail, BIND, and so on.

Mac OS X is a Unix that ships with no open ports, because it is principally a CLIENT operating system, not a SERVER operating system.

Windows has made an entire industry out of making a CLIENT OS insecure by default. However, it is not so tough to make a CLIENT OS incredibly secure by default, in the way that Apple has done. And it is not because the software has no bugs. It is not because the programming is perfect. It is because the users operate with limited permissions, AND THERE ARE NO OPEN PORTS!

None of this is to say there can never be a virus. Of course there can. But just as a virus spreads much faster in the 2 year old daycare class than in the adult office, Macs will remain relatively immune and slow to spread viruses compared to Windows.

Re:Not a "troll" at all.

[99BottlesOfBeerInMyF]

Remember, Mac OS X is often targetted towards more inexperienced users...

And Windows is not? If anything I'd say Mac users, in general, are more clueful about security than Windows users. When making an assertion like this, I'd like to see some sort of numbers to back it up. I'm sure Apple includes vim, by default, for all those clueless newbies. Just because something is easy to use, does not mean it is targeted at idiots.

Re:Not a "troll" at all.

[Dekator]

This is an assumption you make. In my experience, Mac users are at least as experienced as average Windows users. Remember, if you assume, you make an ass of u and me.

Re:Not a "troll" at all.

[dangitman]

Please don't misuse the word "troll". Like it or not, he is pointing out a very serious issue that affects all operating systems, be it Windows, Mac OS X, OpenBSD, UnixWare, OS/2, MS-DOS, VMS, or basically any other operating system.

How does saying that Mac users suffer from "indefensible smugness" point out "a very serious issue that affects all operating systems"?? if he wants to be taken seriously, this is not the way to do it. If anything, it makes a mockery of any serious points he might make.

If your doctor were to diagnose you with AIDS, and you did indeed have the syndrome, he would not be a "troll", regardless of how much you were angered by his diagnosis. In much the same way, this BBC author is not a "troll".

how is this relevant to what he was saying? He did not diagnose Mac users as having viruses. He gives no clinical evidence of smuness. He just insults a bunch of people based on his own feelings and assumptions.

Re:Not a "troll" at all.

[dangitman]

Windows users learned the hard way that they have to be careful.

Are you on crack? Windows users are still doing the same stupid things. Running Windows is not being careful.

Re:Not a "troll" at all.

[laird]

"Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way."

So what was the very real, very serious fact that he pointed out? That there's a hypothetical risk of future security issues? It's true that some day a real Mac OS X virus will emerge, and at that point it'll make sense to do something about it, but until then, as he admits in his follow-up article, there's no point in installing current anti-virus software.

And what are Mac users supposed to do about this hypothetical future risk? Since there are no Mac viruses, and no Mac anti-virus software worth installing, the only concrete recommendation he made was to install the latest patches (i.e. run Software Update, or turn automatic updates on), which is good advice, of course. But Mac users already run Software Update (at least as much as Windows users do the equivalent on their systems), and everyone in the industry makes the same recommendation, his doing so is hardly news.

Pretty much all that's "news" about this article is that he called Mac users "smug". Given that, as he confirms, Mac OS X really is more securely designed, has no viruses, and is unlikely to have viruses in the future, perhaps there's a factual basis for Mac users to feel more secure than Windows users?

Re:Not a "troll" at all.

[sorak]

No, Apple is targeting people who want to get their work done without having to deal with computer administration. Sadly, you seem "experienced" in the sense that you assume one MUST have to deal with a lot of administration in order to get anything done. Which is probably why you're confusing inexperience with "I want to get my work done and then go do something else".

No...I'm confusing the slow, inarticulate speech patterns normally used by stoned teenagers with "I want to get stoned"...You can't honestly watch the commercial with the slow-witted teenager and think "she's a businesswoman looking for the most efficient solution"?

Re:Not a "troll" at all.

[sorak]

Face it. Apple is not appealing to the cyber-elite. I don't know how they compare with Windows users, but there is no IQ test on the order form.

Maybe I shouldn't have said that they aren't appealing to tech people, since, they use a BSD kernel for OS-X. My point is that they do often try to appeal to what the original poster described as "inexperienced users".

It's not "flamebait".

[CyricZ]

Just because a legitimate, completely truthful opinion angers some, it does not make the opinion "flamebait".

Words like "flamebait" and "troll" are most often used seriously by those who are trying to incite trouble amongst people who are pointing out real, solid facts.

We see this today in the media, where various governments label their opponents as "terrorists". Of course, in many cases those governments are partking in the very same actions that may be construed as "terrorism".

These sorts of labels are useless just because they are misapplied so often, by so many different people and groups.

Re:It's not "flamebait".

[sepluv]

You misunderstand. I was not accusing the BBC guy of flamebaiting. I was just saying, that what the great grandparent was describing (as his opinion of what the guy was trying to do) sounded to me like it was covered by the word, `flamebaiting'. I personally, don't have a problem with the article (except that it is content-free BS like most computing articles by the mainstream press...hey you could never accuse /. of that could you? ;-) ).

Re:It's not "flamebait".

[drinkypoo]

But there ARE real things which are called trolling and flamebaiting. Trolling is saying something you don't believe, in order to elicit a desired response. Flamebaiting is saying something you do believe, with the express intent to begin a flamewar. Most people don't seem to understand these definitions which is why I have a bunch of Troll mods on my record. I never troll. I might be guilty of the occasional flamebaiting though :)

Re:It's not "flamebait".

[LegendLength]

Words like "flamebait" and "troll" are most often used seriously by those who are trying to incite trouble amongst people who are pointing out real, solid facts.

We see this today in the media, where various governments label their opponents as "terrorists". Of course, in many cases those governments are partking in the very same actions that may be construed as "terrorism".

You claim that the US government is involved in terrorist activities right after lecturing us on trolls, bravo!

Re:It's not "flamebait".

[arose]

I don't think he specified any of the goverments in question.

Re:It's not "flamebait".

[blakestah]

Just because a legitimate, completely truthful opinion angers some, it does not make the opinion "flamebait".

Words like "flamebait" and "troll" are most often used seriously by those who are trying to incite trouble amongst people who are pointing out real, solid facts.

He pays almost no heed to the nearly diametrically opposed approach to security taken by Apple compared to Microsoft, and writes off the lack of viruses on market share.

That is either complete ignorance or a blatant troll. Someone who writes columns on IT should at the very least know better.

Macs USED to have viruses. They changed their approach years ago, and now have all but eliminated them, and their prognosis for spreading is pretty limited too.

Microsoft could very easily engineer this approach into the next version of Windows. And kill a billion dollar anti-virus industry. But they won't, simply because people are going to buy Windows whether it is susceptible to viruses or not.

A great virus story. A friend at work had a virus on his Windows laptop. He had the sys admin wipe it, and re-install Windows. Then he had to get SP1 and SP2. In the process of downloading those, he got re-infected. So, the sys admin pulled out a hardware firewall, installed a second time, and was actually able to upgrade the service packs without being infected.

If Microsoft shipped their OS with no ports open by default, and forced users to act with limited permissions, 99.9% of all Windows virus activity would cease. This is the critical point the author missed, either out of sheer ignorance or because he is a blatant troll.

In calling him a troll you can really give him the benefit of the doubt.

Re:It's not "flamebait".

[99BottlesOfBeerInMyF]

Words like "flamebait" and "troll" are most often used seriously by those who are trying to incite trouble amongst people who are pointing out real, solid facts.

On Slashdot I usually see them applied to comments that are either ignorant, or deliberately wrong in such a way as to try to get a response. I rarely (although occasionally) see them misapplied. Of course truly ignorant people who make bold assertions may believe these labels are being misapplied to them, in truth that is usually just because they are ignorant.

The simple fact of the matter...

[thewiz]

is that nothing is perfect. We flawed humans created flawed machines and flawed software. No matter what OS you run there will always be flaws that someone could exploit. I use Macs but I certainly don't count on OS X being secure enough for me to connect to the internet without using a correctly configured firewall.

Re:The simple fact of the matter...

[eturro]

"I use Macs but I certainly don't count on OS X being secure enough for me to connect to the internet without using a correctly configured firewall."

oh yeah? first of all, macosx has a built-in firewall you can enable at your leisure, and therefore talking of OS X not being secure enough for you to go online without the use of a firewall as if these two were exclusive different things is nonsense.

but even if you don't use a firewall, try plugging your up to date mac directly into your internet connected modem and wait for its security to be compromised.i don't advise you to hold your breath.

i've done plugged straight in without the use of a firewall many times and haven't had a single problem.

Re:The simple fact of the matter...

[node+3]

nothing is perfect

Agreed, and for the discussion at hand, this also includes OS X.

I use Macs but I certainly don't count on OS X being secure enough for me to connect to the internet without using a correctly configured firewall.

While I don't mean to discourage the use of a firewall, it is wholly unnecessary, at present, with Mac OS X, and is likely to remain that way for quite some time.

Since I have a LAN, I have a hardware firewall by default (WiFi+10/100 Ethernet router), but I've run with Macs connected directly to the cable modem, and would do so again without fear. I most certainly would not do that with Windows. I would do it with Linux as well, although I'd run a portscan first and make any necessary configuration settings.

Really, Mac OS X does not need a firewall. But it's still a good habit, it makes it easier to add other computers (especially Windows machines) to your network, and "some day" may even be necessary on OS X (although that mythical "some day" is more theoretical than imminent).

Is that the "smugness" people are always talking about? It's not that I feel smug, so much as I am unconcerned (based on a rational assessment of the facts). Are Windows users "smug" because they can run the most games? Or are they just taking advantage of the fact that there are more Windows games than Mac games? Sure, one can be smug about these things, but they are true, and acting on those truths does not equate to smugness.

Re:The simple fact of the matter...

[LoRdTAW]

Think for a minuet. What if some malicious individual decides to show those smug bastards how secure OSX really is? Someone in theory could develop a worm or virus to exploit some vulnerability in OSX. Then all the OSX users in there ignorant bliss will finally wake up and realize Internet security is for all to practice not just windows users. The GP poster is taking the preemptive approach and not taking any chances. He also might have a LAN and wants a central point of protection for all his systems. I hope you keep your firewall on at all times and not just at your leisure. Security is an on going process not a quick fix or OSX.

Re:The simple fact of the matter...

[gnasher719]

'' but even if you don't use a firewall, try plugging your up to date mac directly into your internet connected modem and wait for its security to be compromised.i don't advise you to hold your breath. ''

Statistically, if you connect a PC with a fresh install of Windows to the internet with a broadband connection, and you hold your breath until it is infected, you will die with a propability of 90 percent.

Re:The simple fact of the matter...

[advocate_one]

Since I have a LAN, I have a hardware firewall by default (WiFi+10/100 Ethernet router),

why do people seem to believe that because it's in a little sealed box that it's hardware??? it's running software inside it... and in all probability, it's Linux that is running.

Re:The simple fact of the matter...

[kristjansson]

Think for a minuet.

Can I think for a waltz instead? </spelling nazi> Sorry, couldn't resist. I'll take that pun outside and shoot it later...

Re:The simple fact of the matter...

[Bazzalisk]

Yeeees, and that software is running on hardware ...

Hardware firewall means a seperate device through which all packets must pass before entering the network, which acts as a firewall - how that's implemented internaly is pretty much irrelevent.

And the grandparent is very much correct - firewalls serve to prevent unfettered acces to open ports from outside, and unlike windows both Linux and MacOS do not open unnecessary ports by default.

Too much generalization.

[CyricZ]

It's not appropriate to generalize about UNIX these days, considering how many different UNIX-style systems there are.

Linux might be vulnerable in one case, while Mac OS X, UnixWare, FreeBSD, Solaris, AiX and other such systems are perfectly safe. Likewise, Solaris might be affected, while the other systems are not. And so on, and so forth.

Now, various UNIX-like systems have run into problems in the past with regards to security. Thanks to the relative degree of fragmentation, such incidents are usually isolated to a particular brand or product, and thus do not appear overly severe. But they still do exist, and we shouldn't forget that.

As users of UNIX-like systems, the best thing we can do for ourselves is always remember that our systems are vulnerable, even if they are often of a higher quality than other systems.

Re:Too much generalization.

[achesterase]

This is true, of course, but where user management and segregation are concerned, most Unixes are very similar, at least as far as I know.

Re:Too much generalization.

[CyricZ]

The general theory and concepts behind UNIX are often quite sound. That's well known, and does help lead to more secure, more stable systems.

But it's only half the battle. The other half is in the implementation itself. This is where OpenBSD, for instance, really shines. They take solid, secure theory, and apply it via a well-developed implementation. That's not to say other UNICES are poor; of course they often are not! Nevertheless, it may even be said that a poor implementation of a solid/secure theory is worse than a great implementation of a poor theory.

Re:Too much generalization.

[Skye16]

Conceptually, pretty much right on. Implementation-wise, however, some Unixes could be (and probably are) different. So you may protect yourselves from flaws inherent in the concept, but not flaws in the code implementation.

That's a naive statement...

[WebHostingGuy]

>>doesn't believe there ever will be.

Let's not be too naive and write statements like there will never be a worm for Macs. If someone wanted to they could write a worm to infect them. Saying I don't believe anyone will write one is sticking your head in the sand. You have to assume there will be one and then start to protect yourself, not the opposite.

Re:That's a naive statement...

[Bazzalisk]

It would be a lot of work. UNIX style security settups are not very friendly for Worm writers.

Re:That's a naive statement...

[777film]

You have to assume there will be one and then start to protect yourself, not the opposite.

If there are no viruses or worms for the Mac then overprotection is costly, time-consuming and useless. Of course a firewall is a good idea as well as reasonable precautions like not opening a .dmg from a warez site and being attentive to the tech press and updates available... But buying a suite of worthless Mac antivirus programs (for example) is a waste of time and money.

It's a bit like stocking up on Tamiflu because a couple of kids across the world got the bird flu. It's a bitch to get, it's going to cost you a fortune and it probably won't work anyway.

With OS X there's even such a thing as being too quick to update. There are often bugs and flaws that cause problems-- for example a recent one permanently disabled the RAM on a smattering of 15" Powerbooks-- and it's best to let others sort the flaws out and hold off a few weeks. That's incredibly risky behavior in the Windows world, but nothing to sweat over on a Mac.

Re:That's a naive statement...

[SuiteSisterMary]

You're kidding, right? You are aware that before there were tomes and tomes of Windows Security books written, there were tomes and tomes of UNIX security books written, yes? You are aware that everything people say about Windows now, they said about UNIX fifteen, twenty years ago, yes?

Hell, if worms don't run on UNIX, what was that Morris Worm that ground the Internet to a smoking, train-wreck style halt? And that's just one example.

I'll never understand why so many people tout UNIX as a 'secure OS' when the definition of UNIX is 'MULTICS, with all of the security stuff removed.'

Yeah?

[VargrX]

so sayeth Bill Thompson in a fluffy article:

some people might not update and their systems could be compromised. And there is always a gap between the discovery of an issue and an available fix, a gap which could be exploited.

(emphasis in italics mine)

Dear M. Thompson:

No Shit, Mr. Holmes(ne: Thompson). Welcome to the real world, where there are unscrupulous characters just waiting for you to wander past that allegorical dark alley, and get gobsmacked for doing something unconditionally stupid.

defensibility

[abes]

Firstly, saying that vunerabilities exist is akin to saying that there are bugs in someone's software. You're just about guaranteed to be right.

Smugness, I'm not sure about (I'm a linuxite). Certainly there is something that most Windows users don't experience, and that is actual *enjoyment* from their OS. Microsoft has never tried especially hard to make their OS enjoyable, only usable.

Would things be different if OS X were the predominant OS? Without doubt. However, OS X, both the kernel (Darwin), and user interface, have been precisely engineered. Windows, one might argue, more evolved. They claim complete rewrites of the OS occured, but I'm willing to bet tons of code was copied-and-pasted in the process.

This does not guarantee it is fool-proof. Only time can tell that. But I would be willing to hedge a bet that less exploits exist for OS X than for Windows.

Re:defensibility

[Freaky+Spook]

Certainly there is something that most Windows users don't experience, and that is actual *enjoyment* from their OS

I get plenty of enjoyment from my Windows Experience thank you very much!

Windows has given me so much porn over the last few years i wouldn't know what to do with myself. I could be working on a stressful Powerpoint presentation for work & then all of a sudden pops up some porn, it always comes in at the right time, it makes the windows experience truley worth it.

And don't forget clippy, that helpful son of a gun, always answering all the questions I have when I get stuck.

Re:defensibility

[NorbrookC]

They claim complete rewrites of the OS occured, but I'm willing to bet tons of code was copied-and-pasted in the process.

The WMF vulnerability is proof of that. Supposedly Win2K was a "from scratch" OS, which is why they were about 3 years late with it - according to MS at the time.

Now it seems that (gasp!) they lied! Who would have thought it? (The line starts to the right).

Re:defensibility

[abes]

Enjoyment is a purely subjective experience, as I beleive is your main point. But here is a general difference: Mac users tend to use macs because they like the Mac and how it works, whereas Windows users (and I'll make the outrageous claim: majoratively) use Windows because they have to. This is in part due to the size difference in the markets. Were Mac the primary computer maker, I'm sure there would be plenty of people who used Macs, but hated the interface. I *know* people who fiercely dislike the Mac interface. Thus the subjective part.

However, Apple goes to the *extreme* to make things easy to use and intuitive. Take the ipod. It doesn't really *do* anything that other MP3 players cannot also do. But it has a much nicer look and interface. This is what Apple does. They make things more enjoyable. Some people hate the ipod too.

I wouldn't claim that OS X always works .. sometimes it doesn't. It's not an all-or-none thing. But from my personal experience, it works better and with less faults. There may be many reasons for this. Maybe it's better software engineering. Maybe it's the fact that it runs only on limited HW. Maybe it's because they made it difficult to shoot yourself in the foot (which can sometimes also mean less powerful).

Am I a yuppie? No. Do I drink expensive wines? No. Usually I go for the $6 yellowtail. If you never tried it, it's worth the try. Am I a Mac elitist? No. I usually run linux, but boot into Windows when I have to. And at school, when there is the need I use OS X. I would say I have a fairly good sample of all three OSes. Windows is constantly causing me pain. Things that should just work, like trying to install applications often fail (ala installshield -- yes it's a third party, but it's still ultimately part of the windows experience, and the primary install software used).

My $0.02

Re:defensibility

[KarmaMB84]

They did rewrite significant portions of the OS. I don't believe MS *ever* claimed it would be done from scratch.

Re:defensibility

[Craig+Davison]

Nobody ever claimed that Win2k was a "from scratch" OS. That would be a serious wasted effort. I think the last release they put out that comes close to "from scratch" would be the Windows NT 3 kernel, or the Windows NT 4 UI (Windows 2000 is Windows NT 5).

And besides that, the WMF vulnerability was a design flaw that has been around since WMF was first supported in Windows 3.0. They're probably not still working with code from that time.

Re:defensibility

[jimijon]

So are you saying Intelligent Design is better than Evolution? ;-)

It does matter

[sterno]

Invariably the security of your data is dependent on the security of your OS. If you have some wonderfully encrypted data files you have to interact with them via the OS. So somebody exploits a vulnerability, you end up with a key logger on your machine, and now your intricate password to protect your encrypted files is forfeit.

As for the article's conclusion that viruses are unlikely, I think he's wrong. What makes Unix safer from viruses, etc, is the isolation between user level activity and administrator activity. Thus while one account may be compromised a whole system isn't. So this makes it harder for viruses, but not impossible by any stretch.

For example, a virus can be destructive without becoming root. It can, as you allude to, attack only your data, instead of a whole system's data, but in the end, it's still your data getting corrupted. Furthermore, most of the exploits I've seen of Linux systems involve taking a non-root exploit and then using another vulnerability to make it a root exploit.

Something else to consider on OSX is the sudo. As I understand it, any user on an OSX system can use sudo. So, if an exploit can gain user level privleges, it can then use social engineering, keylogging, etc, to gain the users password and then, in effect, gain root priveleges through sudo.

What protects OSX for now is that it has a smaller share of the market so there are less people trying to exploit it. Eventually if OSX gains market share, then there will be far more incentive to write malware for it. Certainly it will take greater skill to exploit OSX and it will be easier to defend against those exploits, but it only takes one clever hacker to completely ruin your day.

Re:It does matter

[zcat_NZ]

To some extent this is true. But on the whole it's utter bullshit. If I get a user-level virus that mails itself to all my friends and deletes all my documents, it doesn't make the slightest different if it needs or wants root access. The mail goes out. My files get deleted. Root access isn't required.

One of the real differences between Windows and more sensible OS's is that Windows actively seeks out and tries to run code from untrusted sources. Screensaver sent in email? LET'S RUN IT!! Code on a web page? RUN IT!! Autorun file on something that's supposed to be an audio CD? MIGHT AS WELL RUN IT!! Bits of code embedded in an image file? LET'S GET IT ON!!

Most of the time Windows practically goes out LOOKING for things it can run from untrustworthy sources.

Linux doesn't do this
FreeBSD doesn't do this
OSX Doesn't do this

It's a stupid thing that _only windows_ does. which is why _only windows_ gets hit so hard and so frequently by these stupid viruses. (there are other things that also contribute to the problem, but this is IMHO one of the major factors)

Re:It does matter

[cmdrbuzz]

As I understand it, any user on an OSX system can use sudo.

You have to be a member of the admins group in order to use sudo on OS X.
Ordinary users don't get to play.

Re:It does matter

I believe that the best defence of Unixs (specially non OSX unixes) from virus is not root isolation, but heterogenity.

When a virus arrives in a Linux computer, it really doesn't know what to expect. The user can be using a dozen of mail clients, different kernels, windows managers, etc... You don't know what exploit to use. Even if you develop a virus that is good to exploit a linux system, this doesn't mind that it can take another one.

Even in Windows, as soon as you put some different programs in the computer your safety level increases dramatically. Just throw firefox, eudora or openoffice. The level of viruses and malware that affect you are reduced by each "non-standard" program that you use, specially if it's an internet related one.

The only good bug...

[jd]

...is a squished bug. (See xroach for details.)

Seriously, the argument that there are exploits is an important one to keep in mind. Nobody questions that Firefox is so far ahead of IE on security that the difference can be measured in red-shift. However, anybody who then concludes that Firefox users can afford to be complacent is completely outside the Universe entirely. The same is true of OS vulnerabilities. If a vulnerability is detected, it needs fixing. Ideally, you write the software correctly in the first place so that there are extremely few vulnerabilities that ever need to be fixed, but that doesn't generally happen.

Is Bill Thompson a troll? To a degree. He has absolutely zero diplomatic touch, which is presumably why the BBC put him on the technology desk and not in foreign affairs. If you're in a war-zone, tact is an important skill to have.

The part that concerns me most, which I'm not seeing enough commentary on, is the extremely serious allegation that Apple have deliberately installed backdoors into their systems. If this allegation has any foundation in fact, Apple should face intense questioning on their conduct. Cisco got burned when the backdoors they installed were discovered and although you can argue that an Apple is not quite as critical a part of the infrastructure, backdoors are certainly not ethical and possibly not legal.

I've heard people arguing that you can't prove a program bug-free (actually, the Halting Problem only proves you can't do so for the general case, it says nothing about specific cases), but the more I hear of people abusing trust (eg: Sony), wilfully releasing defective software with known and documented bugs on the grounds people will update eventually anyway (Microsoft) and incorporating deliberate backdoors (Cisco), the more I am convinced that there should be consumer protection legislation that forces software companies to maintain certain standards. These sorts of wilfull, knowledgable, abuse of consumers is simply not acceptable.

And, yes, I don't care if it takes a BBC hack journalist to point this out.

Re:The only good bug...

[MickDownUnder]

Nobody questions that Firefox is so far ahead of IE on security that the difference can be measured in red-shift

Nobody ?

Re:The only good bug...

[plasmacutter]

"but the more I hear of people abusing trust (eg: Sony)"

i'm sorry but Sony did more than "abuse trust", the committed a federal felony offense (rooting millions of computers) in most major industrialized nations and nobody who made that decision have yet to be prosecuted. After all, they have money and lobbying power, they don't have to go to jail, but the people who hack their sites in retaliation.. theyll likely be tracked down and shot.

Slashdot story is misleading

[this+great+guy]

The Slashdot story is misleading by saying "[Bill Thompson] knows that there are no Mac OS X viruses in the wild, and he doesn't believe there ever will be.". Actually Bill Thompson thinks it is possible but unlikely, quoting TFA: "I don't believe that Mac viruses already exist, and I think it's very unlikely that they ever will."

There is a big difference between saying "I don't believe in <foobar>" and "<foobar> is very unlikely". Such subtle differences in phrasing totally explain why some people agree with Bill and some others disagree.

Re:OS Vulnerabilities

[prockcore]

Oddly enough I have yet to see a vulnerability in a major Apple implemented library.

That's because your rose colored mac-glasses filter them out.

There are a bunch of vulnerabilities listed there that are from Apple implemented libraries.

Some of the really bad ones ("arbitrary code execution"):

CoreFoundation: Resolving a maliciously-crafted URL may result in crashes or arbitrary code execution

Quicktime: A heap buffer overflow could allow attackers to execute arbitrary code

QuickDraw Manager: Viewing a maliciously-crafted PICT image may result in arbitrary code execution.

AppKit: Opening a malicious, rich text file could lead to arbitrary code execution.

AppKit: Opening a maliciously crafted Microsoft Word .doc file could result in arbitrary code execution.

The JavaScript engine in Safari uses a version of the PCRE library that is vulnerable to a potentially exploitable heap overflow.

WebKit contains a heap overflow that may lead to the execution of arbitrary code.

Clicking on a link in a maliciously-crafted PDF file in Safari could lead to arbitrary command execution.

And those are just from the past 4 months!

A factual clarification

[fortinbras47]

From above post:
The part that concerns me most, which I'm not seeing enough commentary on, is the extremely serious allegation that Apple have deliberately installed backdoors into their systems.

And from the article:
Sometimes Apple make things worse. For example, widgets, small programs that can do things like search online dictionaries or let you listen to streamed BBC programs, can be installed without your permission when you visit a website using the Safari browser, just like Windows does with ActiveX controls.

Bill Thompson does NOT claim Apple purposefully installed backdoors. He claims that Apple has installed features which historically have had security problems.

I personally find Thompson's comment a bit worthless (browsers have historically had security flaws and caused vulnerabilities, why not ship without a browser?). But to be fair, he is NOT claiming Apple is doing anything malicious.

The language is what upsets people.

[Warlock7]

The term "smug" carries a negative connotation. This is what upset most Mac users that I know. If he had used the term "proud" or "content" there would have been very little in the way of flaming.

It's all about the connotation that was carried by the headline.

A group that has been bashed for nearly the last twenty years are touchy about how you represent them?!?! What would you expect? The Windows crowd have tried every conceivable way in the world to put the Mac community down and get them to give up the OS and hardware selection that they chose and they're touchy? Again, what do you expect?

I hate to break this to you, but your lack of knowledge of the community is one of the key reasons that all the other "communities" have chosen to attack those in the Mac camp for all this time.

Re:The language is what upsets people.

[putko]

"I hate to break this to you, but your lack of knowledge of the community is one of the key reasons that all the other "communities" have chosen to attack those in the Mac camp for all this time."

I'm afraid I don't get you -- my personal lack of knowledge about the MAC crowd is why they've been attacked?

I don't think so. I'm an insignifigant Unix user. I have no dog in this fight.

But look at my post (g.p.) that got modded troll -- somehow I've gone and pissed off the MAC/Linux zealots, just by stating the obvious.

You've also gone and referred to the MAC people as being touchy, but I bet you'll get modded "insightful" for being part of the fold.

Personally, I hope that one day a nasty worm goes and slays all the Windows-running motherboards out there. Or just flashes the bios. That would be fitting, given that those users have chosen to hand their security over to a company that has shows a callous disregard for their security.

I don't particuarly wish the Mac people any ill will. But a worm or two might be nice, as then they might take security a bit more seriously.

Re:The language is what upsets people.

[Blakey+Rat]

I'm a Mac user, and I do take security seriously. I'm sure there are tons of Unix/Linux people who don't. The reason the article is offensive is because it paints everyone with a broad brush and decrees that *all* Mac users are smug and irresponsible, and that's plain not true.

And to be the stereotypical Mac user, I'll also point out that "MAC" is a Media Access Controller, not a computer. Learn the difference between an acronym and an abbreviation.

Re:The language is what upsets people.

[Warlock7]

I didn't intend to suggest that you specifically are responsible for the prejudice shown to Mac users. I meant to suggest that the general lack of knowledge that most people have regarding Mac users leads to the prejudice. When people get abused/disliked due to their choices not being those of the rest of the herd then they have a tendency to become touchy when people use negative terminology to describe them. That's the point I was trying to get at. I did not intend to condemn you for your observations.

Re:The language is what upsets people.

[Warlock7]

You have a skewed perspective, sorry.

I've experienced the ridicule and attacks first hand. Without that experience and understanding, you don't have a clue what you are talking about.

The arrogance which oozes off of those that you refer to being largely ignorant is extreme. Their ignorance is what makes them such a threat. Many of them live in a "team" delusion and that generally makes them aggressive about subjects that they, more often than not, know very little about.

It amazes me that you consider that people who tend to defend themselves are somehow waging a war. Interestingly enough most Windows users hate Windows, yet they still use it. While those that choose to use Apple products and truly enjoy their experience are the ones that are constantly attacked and forced to defend themselves.

Your interpretation is rather common and uninspired.

Example: Apple users are referred to as "gay" due to their choices. Who do you think decided that this was the way to portray them? Not the Apple users themselves... Think about it. Windows users know that they mindlessly use an OS that makes them mad and frustrates them. They think that everybody should be as miserable as they are so they attack those that are content by calling them names and trying to rationalize their positions.

Keep rationalizing and hiding behind that AC...

Re:The language is what upsets people.

[nolife]

Why are you globbing all Mac and Windows users into very specific groups that all believe the same thing? I am a Windows and various unix user and I've never felt inclined to defend myself or the OSs. I may point out technical differences or attempt to clear up misconceptions from time to time but I never take it to any extreme where I would even get close to getting frustrated. Just today at work we were going over a plan to spread out some MS file servers around. I commented that with Samba, all of the shares are done via a conf file (smb.conf) and it is easy to move and modify that config file around from server to server as needed. It was a point, not a slam, not an attempt to prove something and not an attempt to get anyone to switch, just a tidbit of info for my co workers who are not familiar with Samba.

Just by reading your post, I can make a good guess of why you are always trying to defend yourself and I can say it probably has little to do with your choice of computer.

Re:Looks like he pissed off the Mac People

[mrsbrisby]

It seems easy enough to piss of Apple/MAC fans: just say something slightly negative, no matter how grounded in fact, about Apple or Mac.

Only if you say it without knowing what you're talking about.

It reminds me a bit of the Linux zealots.

Only if you say it without knowing what you're talking about.

This guy did that, so he got flamed.

This guy didn't know what he was talking about and now is backpeddling. That's what the higher profile trolls do, they say "If you think you're safer on a Mac, you're completely mistaken!", and then "Of course I don't mean in reality, nobody who read my article could think I was talking about reality! I was talking about my own little fantasy world where you're less safe on a Mac!"

Of course, if he had said it that way, he probably would've at least gotten a laugh. Instead his retort was to play the semantics game, and no wonder lots of people got upset.

Here's a person who either doesn't know what he's talking about (that is, merely repeats stuff people tell him, or is making conclusions that he isn't knowledgeable enough to make) or he's a mean old troll trying to piss people off. Either way, he's to be detested.

I personally didn't know much about the Mac crowd until recently -- but they are very touchy.

Good for you! Bridge that race gap!

Meanwhile, I know many Mac users and many Windows users, and I'd agree that most Mac users are most certainly touchier than Windows users, but that most Windows users don't even know they're running users and in fact, the defenders of Windows can't ever seem to do it with something even resembling a trace of logic. These people are far more touchy than Mac users, and worse still, are morally reprehensible because they defend it at the expense to themselves and others!

Here's a clue: In the last 5 years, not a single exploit that has been deployed for Linux has affected me, and yet all those dasturdly Blasters and Code-Reds are still affecting me - despite the fact I don't run Windows.

I don't care if you patch your system, I care that all these other people don't.

I contend- and others often more so that everyone would be much happier if there were no Microsoft and no Windows. I most certainly would be: You wouldn't be talking to me, and I wouldn't need to buy more bandwidth right now.

He did his job well

[thunderpaws]

Look at all the discussion. His article has gotten 2 days of coverage, and lots of attention. I applaud the article, and if some of us Mac users get a little bothered, I hope they at least look at the points he made.

I do expect, though, that Mac users will take umberage anytime some one, especially another Mac user, points out anything less than glowing about our favorite platform. I don't think of it so much as smugness, rather a learned response to all the years of FUD targeted at Apple through the well know "business" practices of Microsoft. It is hard at times to not appear smug when the truth aboout Windows vulnerabilities is so predominant.

Re:He did his job well

[Squirrelgirl]

Microsoft themselves are hardly the worst. I get MORE crap from Linux and UNIX people who start endless discussions on "Apple Monopoly" (because only Apple makes Macintoshes), the choice of Mach kernel, how much UNIX-like it is etc. Most Windows USERS make snide remarks about price (easy to discuss with them) and perceived (or accurate) lack of games and software. The software part is actually also fairly ok to discuss, you need to wrest them out of the thinking of "I need to use application X", but find out what application X does for them and then find application MacY that does the same job. So Windows people are in my experience easier to convert or calm than UNIX/Linux people who're frequently extremely opinionated.

Mac viruses and such

[firesuite]

I believe our Bill may have thrown down the gauntlet to all the hackers out there :)

expect a flurry of updates and patches for the mac o/s from Apple very soon :P

And I quote,

[burndive]

"Mac users are divided equally between elitist snobs and fucking morons."
http://www.cad-forums.com/showpost.php?p=1481181&p ostcount=852

Re:And I quote,

[Moofie]

Oh, right, because most dichotomies are meaningful and accurate. Thanks for sharing!

Re:And I quote,

[burndive]

It's funny. Laugh.

It's also somewhat true, and quite relevant to the discussion at hand. Mac elitists think they're untouchable, and the morons (who are almost as ignorant about computers as AOL users are about the Internet) don't know any better, especially since all the elitists keep telling them that they're safe and secure from all possible attacks.

At least with Windows, the OS experts are aware of the problem and actively encourage protection. Linux users, while being somewhat snobbish, are generally well aware of security risks and take it upon themselves to make their boxes secure.

Re:And I quote,

[Moofie]

If it was funny, I would have laughed. See, that's how you can tell when stuff is funny...you laugh at it! It's pretty straightforward.

I still think your distinctions are completely meaningless. I am a Windows "OS Expert", and that's why I use a Mac.

The key issue is that...

[kadathseeker]

OS X and Linux are currently less popular. This means they will be infected with less stuff. They are gaining popularity, though slowly. However, becuase of the nature of open-source software, patches can be applied every time there is a new vulnerability discovered or exploited, so that by the time it is a really big target most of the obvious problems will be fixed. At least that's the theory. I've heard that one current example of this is the fact that MS IIS is a fraction of its market compared to Apache, but that IIS gets a disproportionately large amount of attacks compared to Apache (which receives a very tiny number of attacks).

Re:The key issue is that...

[argent]

one current example of this is the fact that MS IIS is a fraction of its market compared to Apache, but that IIS gets a disproportionately large amount of attacks compared to Apache (which receives a very tiny number of attacks).

This is also due to the fact that IIS has poor internal security design: the local parts of URLs are parsed multiple times where Apache maintains them intact, and there are few tools in IIS or Windows to establish internal privilege separation of the kind that comes naturally to UNIX and Apache.

Re:The key issue is that...

[kadathseeker]

But it's true, right? That an OSS app is clearly more secure than a CSS app, despite being a large target - that Windows isn't just attacked the most only because it's the most common OS, but possibly because it's not as good and isn't fixed as easily?

Re:The key issue is that...

[argent]

It's not just a matter of it not being "as good", or "not as easily fixed", it's a matter of the basic design of the program is such that no amount of fixing or improving the code without changing the design and making it incompatible with existing applications can solve the problems. Windows applications expect to have a rich set of APIs available to them, involving unencumbered communication with many components that are not intended to be secure in the way a webserver has to be. UNIX applications expect to operate though a small set of well defined APIs designed around an opaque file handle... on the other side of which is alien and untrusted territory. Windows applications grew up in an environment where EVERYTHING on the same computer is implicitly trusted. UNIX applications grew up in an environment where you had things like... students writing papers and teachers grading papers on the same computer.

Re:The key issue is that...

[kadathseeker]

That's a great explanation. Thanks for clarifying clearly.

Not so fast

[Swift2001]

He was, in fact, a pontificating Mac owner.

An analogy...

[Macdude]

On a planet far far away live two races of people; The Gatesians (who make up 90-95% of the poulation) and the Jobsians (who make up the rest).

The Gatesians have weak immune systems and frequently suffer from viral and bacterial infections, often necessitating a hospital stay. The problem is so bad that almost all Gatesians wear face masks and rubber gloves, use copious amounts of anti-bacterial soap, sterilize all items they come in contact with and get immunisation shots on a weekly basis. And despite all this they continue to get sick.

Jobsians, on the other hand, have very strong immune systems, so strong that no Jobsian has gotten so much as the sniffles in the last few years. Many Gatesians make the claim that the Jobsians don't get sick simply because there aren't enough of them for an infection to spread. The Jobsians point out that there are no known viruses or bacteria that affect Jobsians (the odd rumoured virus built in a secret government lab aside).

A few scare mongers (like Bill Thompson) like to argue that the Jobsians need to take the same precautions against disease that the Gatesians do and that if they don't if a virus or bacteria that can infect them ever shows up will wipe them all out. For the most part the Jobsians just ignore the ranting and get on with enjoying their carefree life and laugh at all the sneezing, coughing and hospitalized Gatesians.

Re:An analogy...

[ScaryFroMan]

I think that's a false analogy. It's more like:

Gatesians are frequently hunted and killed by a vicious breed of beast. Gatesians sometimes live in houses with walls, and so are not attacked by beasts, but most Gatesians believe that they don't need walls, and are attacked.

Jobsians are tasty to beasts too, but they live in a separate town, that's kind of far away from where the Gatesians live. They might even be a little tastier, too, because all the running makes them nice and juicy. But beasts rarely attack Jobsians because once they get to the Jobsian city, there aren't enough of them to be worth the effort.

So the beasts stay around the Gatesians, because most of them are dumb, and there's just so many that there's not much of a point to try attacking the Jobsian village.

Then again, there's the Torvaldites, but that's a different story for a different day.

Re:An analogy...

[catahoula10]

"For the most part the Jobsians just ignore the ranting and get on with enjoying their carefree life and laugh at all the sneezing, coughing and hospitalized Gatesians."

What an brilliant/amusing post.
Next....

Re:An analogy...

[2nd+Post!]

Almost right! Jobsians would be tasty to beasts too, if only the beasts developed the hunting tactics to capture them; because right now, for the last six years, not a single Jobsian has been even rumored to have been attacked and killed by the beasts. The Jobsians walk right by piles of Gatesians being devoured without a care because the beasts are too busy filling themselves on Gatesians.

Eventually Gatesians will wise up; marry into Jobsian households, live Jobsian lives, and starving beasts will start looking at the increasing Jobsian populations as food sources. Until then, however, Jobsians can walk by piles of dying Gatesians without a worry because the beasts are too busy eating Gatesians to even bother expending effort in slaying a Jobsian.

Re:An analogy...

[vishbar]

Then, a single infection wipes out the Jobsians because they had made no significant preparations for a disease pandemic.

Re:An analogy...

[Macdude]

Then, a single infection wipes out the Jobsians because they had made no significant preparations for a disease pandemic.

Who is more likely to suffer a pandemic? The Gatesians who have weak immune systems (and have suffered numerous pandemics in the past) or the Jobsians who have strong immune systems and don't ever get sick?

Re:An analogy...

[vishbar]

The Gatesians, of course. However, they're used to pandemics. A pandemic among the Jobsians, while less likely, will catch many of them with their proverbial pants around their ankles. The Jobsians have become used to thier immunity to these diseases. Also, such a pandemic would most likely prevent Gatesians from looking up to the Jobsians and their superior immune system.

Re:An analogy...

[martinX]

that'll teach them to get rid of the telephone sterilisers.

Re:An analogy...

[SuiteSisterMary]

Ah, but because the Gatesians suffer more pandemics, they're more aware of how to deal with them and minimize the disruptions.

Or, put another way, Gatesians live in the Middle East. Terror attacks, while unfortunate, are something that happen all too often; so they know how to deal with them, and move on with life.

Jobsians, however, living on the other side of the planet, happily whiled away their lives assuming that it could never happen to them, until one fateful day it did...and they were never the same again.

It's not like he's never done this before.

[McFadden]

Thompson has a track record of writing articles that are either ill-informed or technically incorrect and then defending himself with the lame excuse that his is an 'opinion piece'. I can never understand why Slashdot (or the BBC for that matter) give him the space he clearly doesn't deserve. He tries to present himself as something of a guru, but probably couldn't get a job as a junior IT helpdesk worker (apologies to all the highly competent helpdesk guys out there).

He's the poster-boy for the phrase "a little knowledge is a dangerous thing". If you look at his resume it's clear that he tried to make it as a techie, but didn't have what it takes, and so became a "commentator". It's funny - there used to be a feedback section on his BBC column, but it mysteriously disappeared a few months ago, shortly after he posted some badly researched drivel about problems copying his archived email from Windows to OS X and got shot down in flames by almost everyone who responded.

Re:It's not like he's never done this before.

[x3ro]

Exactly right. His original article was so full of holes it was barely there. Even in the second article he seemed vague and unsure of his territory. The excuse that "he isn't writing for a tech readership" is bullshit: even more reason to get it right, when this may be the first his readership has heard on a given topic.

Re:It's not like he's never done this before.

[neillewis]

The fact that he gets treated as some sort of technology expert by the BBC would be a joke if it didn't mean that I'm forced to contribute to his salary.

Re:It's not like he's never done this before.

[McFadden]

Spot on. I think a more accurate statement would be, "I write for a non-tech audience because I can convince them that I know something about I.T."

Re:It's not like he's never done this before.

[Tommac2005]

Thats a good post. Nice one

What's "possible", versus what is observed.

[dr2chase]

I've never come across perfect software, but at this point (using a Mac) my time is better spent worrying about failing hardware than it is about Mac viruses and worms. I've had failed power supplies, memory gone bad, disks crashed, and three chips smoked into nonfunctioning lumps. I worry that the flight attendent will dump a drink into my laptop on the airplane, or that one of my kids will use my laptop for something Horribly Inappropriate; those are the more likely failures.

It is also worth noting that "if Macs were as popular as Windows" is one of those hypotheses contrary-to-fact; perhaps, if that were the case, OS X would contain further safeguards. Perhaps Apple would bundle their own antivirus software, and perhaps it would work, and perhaps it would not pester me for yet another year's subscription to continue my protection. Perhaps they would release that information on an RSS feed, and perhaps they would propagate it via a peer-to-peer network. If I can assume that pigs fly (that a false thing is true), there's no limit to the possibilities. We can argue endlessly about what might be; what is, is an OS that is more secure by design (never had ActiveX, root privileges require a password for each activation, ports kept shut by default), that has not been host to anything like all the vermin that infest and attack Windows boxes.

what he said...

[Old+Fart]

...was that Mac users are smug and complacent, that they are ignoring their vulnerabilities. To wit, "I worry that we do not take security seriously enough as a community."

What, pray tell, are Mac users *not* doing (in their complacency) that they *should* be doing? Are they not updating their software as often as other users? Do they not run firewalls? Do they not backup data? Are they not spending millions of dollars for security software? Are they somehow *more* complacent than other users?

Where's the data? Whose *scientific* survey or research was quoted?

This is just another example of shoddy I-got-a-deadline tech journalism. The reference to the SANS trash should be enough to tip you off. If he really wanted to do the Mac community a service, he could expose the security software ripoff that's been sucking millions from Mac users for years to protect them from ghosts and goblins.

Thread highjack!

[Retardismo]

We also expose those who know little about computers but chose the Mac because of its ease of use and elegance a disservice by encouraging them to think that they don't need to think about security at all.

This is the original sin of mac users. I myself, a mac user, have told someone that it is okay to open an email because they are using a mac. Security needs to be an important consideration in all computer use. In the same way that the /. community has imposed upo the world that good passwords are important, we must impose that good security practices are important.

Re:Thread highjack!

[wealthychef]

I myself, a mac user, have told someone that it is okay to open an email because they are using a mac.

While I agree that Mac users cannot ignore security, I see nothing wrong with your instruction. It IS ok to open an email, and it IS because they are on a Mac that this is true. Or does Entourage continue the grand Microsoft tradition of exposing mac users to vulnerabilities created and maintained in Redmond?

The fact remains that Macintoshes are right now and have historically been more secure than Windows PC, for various reasons. Some people think it's because of Apple's low market share. Some because of Unix file-level permission control in OS X. I think these are both factors, and also Microsoft doesn't give a damn about security while Apple does (at the moment).

Attacks on Macs have to be by trickery ("social engineering" or "phishing" mostly). On Windows, you can be "attacked" simply by turning on your computer and reading email. Scary.

But whatever the reasons, if you buy and use an Apple Macintosh, you are SAFE from viruses and email-based attacks, at least for now. So go ahead, Mac users, read your email! :-)

The only thought the normal Mac user needs to give to security is, don't give out your personal information to strangers without thinking about it. And don't respond to spam.

Re:Unsafe behind closed doors.

[Apple and Microsoft both] pursue that old-fashioned model of closing their codebases and asking developers to sign NDA's.

Um... Microsoft doesn't open source the basis of their OS. Apple does: http://developer.apple.com/darwin/.

Since "mission critical applications" are likely to be built on lower layers of the OS, I'd expect them to use Darwin directly, rather than OS X. Is it possible you are wearing open source colored goggles that distort your vision?

Re:OS Vulnerabilities

[ceoyoyo]

AppKit can open Word documents? How'd they pull THAT one off?

Re:Looks like he pissed off the Mac People

[mrsbrisby]

"Windows users don't even know they're running users "

Could you please translate that to english for me? Google is having problems.

Ask people what kind of computer they have: Some can proudly say "I have a Mac" or "I have a Dell" - nobody says "I have a Microsoft Windows PC" - even though that's usually what is asked.

"I wouldn't need to buy more bandwidth right now."

Why do you need to buy more bandwidth?

Because a significant amount of my traffic is taken up by junk email generated by zombied Windows PCs and Windows worms and viruses. I thought I made that clear by pointing out that insecurities of Windows have a great effect on me despite the fact that I don't use it.

Re:Looks like he pissed off the Mac People

[putko]

OK, now I get you. Well, I guess you would approve of my plan then, right: a worm that moves through the Windows computers, frying their boot flashroms. Any box that can be rooted is a box that could be wasting your (and my) bandwidth. So they have it coming to them.

Sony's DRM hits Macs, too.

[Animats]

Sony's infamously intrusive DRM on their audio CDs hits Macs, too. More user interaction is required for the install than on Windows, apparently.

A question I haven't seen answered: apparently the Windows version installs the spyware and backdoor even if you reject the EULA. Is this true for the Mac version?

Re:Sony's DRM hits Macs, too.

[mclaincausey]

Here's how to remove it.

Re:Sony's DRM hits Macs, too.

[Animats]

And here are his removal instructions for MacOS X:

1. Open a terminal window
2. cd /Library/Application\ Support/M4/Resources/C/Kext
3. sudo kextunload Pho*
4. cd ../../../..
5. rm -rf M4
6. cd /System/Library/Extensions/
7. Repeat step 3
8. rm -rf PhoenixNub*
9. cd ../StartupItems/
10. sudo kill -9 `ps aux | grep lsmftd | awk '{print $2}'`.
11. sudo rm -rf sfpatd/
12. Either try step 10 again, or restart the computer.

Oh, and be careful typing those "rm -rf" lines. You're running as superuser.

On the other hand. . .

[kimvette]

On the other hand some Mac users are setting themselves up for failure. I have one client who INSISTS on chmod 777 -R / because he finds security "inconvenient" -- and any viruses that DO hit the wild are 100% guaranteed to hit their network. They miss the old MacOS and its total lack of security. I'm sure they're not the only ones with that shortsighted and foolish outlook based on the false sense of security that "if it hasn't happened yet, it never will"

Not only that, but if you have any shares/dropboxes/etc. openly accessible in a heterogeneous network, windows viruses can plant viruses there or infect documents which other windows users can pick up from that share and infect their machines with the scumware. Heck, even Linux or Solaris servers running file shares will be running clamav and antivir, and be scanning the samba shares any time a file is accessed.

Additionally, like it or not, there are worms which coulc conceivably infect your mac and add it to script kiddie's DDoS attacks. If you're running a web server with OpenSSL (or a commercial variant thereof) chances are you're vulnerable to slapper. ClamAV detects slapper and can remove it.

Mr. Bill Thompson I KNOW you're reading this thread on /. so take my advice: download clamav (it's FREE - as in beer, as in speech, etc.), install it, and run it on occasion. I'd point you at the project page only I know that you know how to google. :) clamav is a very small project, taking up very little space, and again it's FREE and virus signatures are usually updated more than once per day.

Re:On the other hand. . .

[Ilgaz]

It has been discussed at Tidbits a while ago that Clamav does NOT check for OS X spesific viruses (there are none), Malware (Oh that exists, check MS Office Trial installer on gnutella) or OS 9 viruses (they exist)

It is an excellent program to transform a Mac (g3 even!) to a PC virus scanning dedicated machine IMHO.

I can understand his feelings. Even being a PC convert (2003) and innocently asking if there are spyware for mac on any platform including usenet, you get flamed. You get flamed to a point that you think if you were a spyware developer, MAC IS THE PERFECT TARGET. There are (always flamed) Symantec Firewall, Intego Firewall (netbarrier) on Mac OS X for Application filtering firewalls. There is "little snitch" as a program to check what opens outgoing connection. Notice for spyware, IP/Port filtering firewall built in is irrelevant.

If you combine macupdate/versiontracker total downloads of 3 programs, you will understand what I mean.

Also check that tiny url of google cache, if he is reading and he is a one could dare to make it story, I wish he check too.
http://tinyurl.com/cu7o2

I can't remember how many posters on usenet including ones actually code parts of OS X flamed when I kept saying there were spyware on OS X and there will be.

Also as they got flamed for finding a huge finder vulnerability, I don't think Intego will "share" their findings that easy. Last time I checked, they were "snake oil" selling people.

Re:On the other hand. . .

[kimvette]

Right, but if you re-read my post you'll see my point is regarding application viruses (apache/openssl) as well as Windows viruses that may get dumped onto shares infecting files which other Windows users may need to open, if the machine is on a heterogeneous (not mac-only) network.

Virus scanners do more than protect the local computer against hijacking or data loss - it helps prevent other infected computers from using your computer's share to infect others.

Lastly, wouldn't it be nice to know that the Word document your colleague authored on Windows won't contain a macro virus when you send it to a client? That macro virus may not execute on your machine, but if you forward that document along unscanned, you will be passing that macro virus on to the next Windows user.

Re:OS Vulnerabilities

[gnasher719]

'' There are a bunch of vulnerabilities listed there that are from Apple implemented libraries.

Some of the really bad ones ("arbitrary code execution"): ''

For each of the vulnerabilities listed, could you check which ones can definitely be exploited, and then check for which ones an exploit actually exists?

A bullet through the head will kill you, whether you live in a quiet little town in England or in the middle of Baghdad. I feel considerably safer in England.

Naive question about network propagation

[cmoney]

This is an entirely naive question as I have no knowledge of viruses or how they spread, etc. But is it possible that at 3%, there simply aren't enough Macs to support network propagation of a virus? Or rather, that the density of Macs simply won't support it? Just thinking aloud and wanted to put the thought out there.

Re:Naive question about network propagation

[atarione]

i actually thing you may be right... I wonder if someone could use exploited Windows Machines to form a botnet to search out mac's and then launch a target worm attack on preidentified mac targets? or just f'ing DDoS them? hmmm...

Re:Looks like he pissed off the Mac People

[putko]

Sorry, you're just paranoid. I don't do the AC thing, or the sockpuppet thing.

Re:Looks like he pissed off the Mac People

[stanleywong]

i want to ask. on the next disc format, HD-DVD and Blu-ray which one will apple support? can anyone tell me?

There No exploits because theres no cash

[chaos4u]

once the mac market becomes big enough to build profitable zombie networks

will you see the exploits .

until then, the enginers of these networks will continue to focus on what works and works well

Bill Thompson

[Helicoil]

What a donkey! In one sentence he's going on about how macusers are irresponsible when it comes to viruses/malware, in the next sentence he says that he doesn't use anti-virus s/w on his mac. The phrase "Twat" springs to mind, I guess its alright for twat journos to get viruses in email and happily forward them on to their pc mates but not us dweeb members of the public.

I use Mac OS because I'm a geek

[kt0157]

The Mac appeals to two sorts. Those that just want to get some work done without computer hassles, and those geeks who like Unix, love the bundle of stuff that comes with the Mac (e.g. my favourite editor, vi).

It has two communities, sometimes in the same person: I too have days when I just don't want to be hassled with weird dropped connections, or have to screw around with drivers to get my camera working.

K.

Re:I use Mac OS because I'm a geek

[Moofie]

Uh huh. Any way you slice it, that dichotomy doesn't mean anything. Most don't.

Re:I use Mac OS because I'm a geek

[kt0157]

It's not a dichotomy, since the two reasons aren't contradictory. And it's not devoid of meaning. It's devoid of comprehension (on the part of at least one person, anyway).

K.

Re:Looks like he pissed off the Mac People

[putko]

Blu-Ray.

They are part of the Blu-ray coalition.

I don't know what that means though -- is Blu-Ray somehow better than the other format?

I ignore this stuff.

So.. has this guy ever defended DRM?

[plasmacutter]

DRM is security through obscurity. If he has ever defended the efficacy of DRM, he just shot himself down.

"Indefensible" smugness?

[ZombieRoboNinja]

"Sure, there haven't ever been any viruses for OSX, and there probably never will be, while there are thousands upon thousands of Windows viruses out there... but you Mac users are INDEFENSIBLE in your smugness!"

This sounds like a case of rather defensible smugness to me.

Is Thompson partly right?

[MisterSquid]

For the most part the Jobsians just ignore the ranting and get on with enjoying their carefree life and laugh at all the sneezing, coughing and hospitalized Gatesians.

As a Mac user, I nodded at your extended analogy and laughed at your last sentence.

That's when I realized that Thompson is not entirely mistaken.

Re:Is Thompson partly right?

[Macdude]

For the most part the Jobsians just ignore the ranting and get on with enjoying their carefree life and laugh at all the sneezing, coughing and hospitalized Gatesians.

As a Mac user, I nodded at your extended analogy and laughed at your last sentence.

That's when I realized that Thompson is not entirely mistaken.

Thompson is wrong though, Mac users are at such less risk than Windows users they are justified being more lax security wise. Even with Mac users not worrying about security issues I'd lay 10:1 odds that the next wide-spread debilitating virus/worm/etc. is Windows based.

Computer security is an issue for everyone, Mac users included. But the theoretical possibility of a risk is not grounds for panic. Mac users should use basic security practices; don't use root or supervisor accounts for your normal day to day work; keep your system up to date; don't enter a supervisor password when requested unless you know why it's being asked for; be wary of software you receive from dodgy sources; don't enable system functions if you don't understand what they do; and if you have a full time internet connection use a hardware firewall (with network address translation).

Viruses, trojans, worms etc., are rare or nonexistant on Macs. You don't have to live your life in fear.

Re:Is Thompson partly right?

[MisterSquid]

As a system administrator wearing various hats, I'm with you regarding advisable practices in the context of software installation and precaution in day-to-day usage. Where I think Thompson may be right is in my (our?) "laugh[ing] at all the sneezing, coughing and hospitalized Gatesians" which certainly looks a lot like smugness. Unfortunately, schadenfreude has its pleasures.

As long as she doesn't mind me pissing on it

[elrous0]

See, honey, I can be reasonable.

-Eric

I enjoy all the games for my Windows machine

[elrous0]

Microsoft has never tried especially hard to make their OS enjoyable, only usable.

Why would they have to, when virtually ever major PC game out there is designed exclusively for them?

-Eric

Mac Virus Out There!!!

[zpok]

Only yesterday I got a little window telling me there was "Security Update" and wanted me to "click to install".

I trashed it before it could do more harm, thank god!

Serious though, while I agree with the guy in general (yes we are smug, no we don't care) I'd like to see more proof from him that lots of mac users aren't updating their computer when asked to.
Everybody I know does the intelligent thing the moment Software Update pops up and has their firewall on at all times. This apart from maybe being a bit smug about it. That may not be enough for real security maniacs, but has proven to be more than sufficient for all regular (professional or home) mac users the last five years. So, what else does he want us to do? Shout "the end is near"?

And BTW most people I know really don't know who this mythical ROOT person is and wouldn't know how to log in as him anyway.

Re:Frequent Updates

[Richard+Steiner]

Frequent updates are necessary, especially when it comes to networked systems.

When it comes to systems which are exposed to the outside world, you mean, or perhaps to potentially hostile users.

For systems like dedicated fileservers which are safely hidden behind a firewall, I'm not so sure that system updates or patches are all that important.

Re: (OT) The Rules

[mtdnelson]

...get into a discussion with a human female as to whether the toilet seat should be left up or down.

There is a trick to winning that argument. I learnt it from my father.

The key is to start the argument yourself. All you have to do is reverse the roles, and complain about women always leaving the seat up. Don't accept the idea that men do it - that's preposterous, after all!

There's just no way to win against such a foolproof line of reasoning...

My dad usually takes it one step further and complains about women who miss the toilet and make the floor wet. Someone will always try to say that it is physically impossible. For a suitable reply, just use your imagination. It's not as hard as it sounds. Make sure to keep a straight face!

Re:The Rules (OT)

[mtdnelson]

I know that the parent is clearly flamebait.

So, (tongue-in-cheek) what's up with that pansy sport called American football?

Surely real men play rugby, or Gaelic/Aussie rules football. Personally, I like cricket.

Re:Unsafe behind closed doors.

[delire]

Only the kernel, Darwin, is opensource, but what about the application layer?

It's here we're likely to see as many vulnerabilities as we do at the kernel layer. In fact that's probably even an exagerration; reading about exploits more generally, how many of them are at the kernel level? By most estimates 30% of OSX, in the scope of what is shipped, is distributed with the rights to view distribute and modify source code.

If, by your standards, this concern is still 'distorted', I would say yes, Apple users are far too relaxed about the relative security of their systems.

He doesn't take security seriously enough...

[argent]

No wonder he's worried about Mac users being naive about security, when he writes "The security model in Unix-based operating systems like Darwin means that it is very hard to see how an infection could spread, even if an executable could be compromised."

The main reason that Mac OS X is more secure than Windows is that Mac OS X has a smaller surface area exposed to attack, but it has a smaller surface area exposed to attack than most default Linux distros, or most historical networked UNIX systems... and the main reason it's got a smaller surface area exposed to attack is because of the way the browser works... not because of the UNIX roots of OS X. Browsers on OS 9 were also safer than on Windows, and for the same reason.

Once an executable is compromised, it's little harder to transmit an email virus or set up a trojan horse in OS X than in Windows. You don't need "root" to send email or listen on a high port or sneak a credible-sounding backdoor program into a user's login preferences.

That's a funny kind of door.

[argent]

Both companies pursue that old-fashioned model of closing their codebases and asking developers to sign NDA's.

Here is the source to WebCore as shipped with OS X 10.4.4, which is Apple's equivalent to Microsoft's HTML control. Now, this is kind of an important part of the OS from the point of view of security, since Microsoft's HTML control is by far the biggest security problem in the Windows world, and has been since 1997. The BSD core, everything you need to get to a self-hosting OS with login and user-account security, is in the tree at opendarwin.org. From the point of view of a security analysis, the difference between Microsoft and Apple's openness is pretty much as wide as you can get between two software companies.

Oh, certainly, there's a lot of OS X that isn't as open as this... but even the closed parts are amazingly transparent and easily understood compared to Windows, and no important part of Windows is open at all.

Where do you want your application layer to start?

[argent]

Only the kernel, Darwin, is opensource, but what about the application layer?

WebCore, the majority of both Safari and Dashboard, is here.

OpenSSH, remote login.

launchd, system startup and configuration.

The shell, print spooler, local web server, all the security components, the equivalents of virtually all Windows services and registry, basically every command line application or daemon is there. Not a lot of the GUI, with the exception of WebCore, but a hell of a lot more than just the kernel, and the corresponding components to most of the parts of Windows that have been big security problems: RPC, HTML and HTTP, IIS, CMD.EXE and the Registry, remote file access and file-and-print service, it's all in there.

Safari and Dashboard are the bits I'm most worried about in OS X. WebCore is there, and the parts of them that aren't in WebCore are pretty thin shell layers (in fact they've been re-implemented by third parties). The biggest component left out that doesn't seem to be covered is LaunchServices (not launchd, that's an unrelated coincidence), and you can limit your exposure to any LaunchServices-related issues by disabling "Open Safe Files after Downloading" in Safari.

BRING BACK VI IN OS X!

[argent]

Apple removed the One True VI from Panther and replaced it with that sorry compromise "VIM", which was probably written by an Emacs user. And not a REAL Emacs user, no, I'll bet they were using Lucid Emacs or something.

(Actually, to make full disclosure, I wrote some of the code that ended up in vim. Ironic, wot?)

Re:BRING BACK VI IN OS X!

[Heembo]

This goes to show you just how UN-PURE OS X is! A true unix OS has VI which OS X does not so it is not! Whomever you are, you are both intelligent and wise, thanks for your comment!

Re:BRING BACK VI IN OS X!

[greed]

You are all lamers! Using massively bloated or merely bloated editors, when everyone who is anyone knows that it is ed that is the Standard Editor!

It is small! It is efficient! It is scriptable! It works with any termcap, no matter how broken! It works on a 52 bps paper teletype!

Ed is so useful, a very handy UNIX tool is named after one of its internal commands: g/re/p!

Why do you need anything else? And there are no confusing error messages to understand!

(Seriously, there's this "you know you're a real sysadmin when" moment when you actually make it through a VI "open mode" session because the termcaps are still on the disk that hasn't mounted and which you're trying to repair from the emergency single-user session using some strange IBM TTY that doesn't do any VT or ANSI terminal emulation. If you haven't used "open mode", it's only slightly more sophisticated than ed all on its own. Ed is actually easier to use.... And OS X does have ed.)

(For the truly humor-impaired....)

MOD THIS GUY UP

[Heembo]

I admit to my lameness as a VI user now that I have basked in this guys obvious "real sysadmin" power!

Two More Rules of Mac Club

[HaveNoMouth]

1. Do not talk about Mac vulnerabilities.
2. DO NOT TALK ABOUT MAC VULNERABILITIES.

Carrying further...

[jsiren]

Were this an actual ecosystem, the Jobsians would quickly outnumber the Gatesians, unless the Gatesians could reproduce despite being sick all the time...

--js--