Slashdot Mirror
Apple Patch Released, But Is It Enough?
entenman writes "Apple Computer's security update train rumbled into the station with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities. The Security Update patches 31 flaws in the Mac OS X, most of them serious enough to cause 'arbitrary code execution attacks.'" Unfortunately, InfoWorldMike writes "InfoWorld.com reports that Independent researcher Tom Ferris said there were still holes in Safari, QuickTime, and iTunes that he reported to Apple but were not patched in the latest release on Thursday. Ferris told InfoWorld he is considering releasing the details of the unpatched holes on May 14 on his Web site. He also says he has found new holes in OS X affecting TIFF format files and BOMArchiver, an application used to compress files. He did not provide details about the flaws or proof of their existence."
and there is debate about whether Apple's shift to the same Intel architecture used by Microsoft Windows will change the security posture of Mac systems.
Let's settle this debate.
No.
Changing CPU architectures will have absolutely effect on security.
Switching to Intel will make it easier for game developers to port their code, which will lead to more games available for the Mac. This, combined with the ability to dual-boot to Windows and eventually the ability to run Windows apps through virtualization, makes the Mac platform more appealing to consumers, which will probably lead to an increase in Apple's market share. This could lead to more malware creators taking an interest in the Mac platform, which would lead to more security holes in Mac OS X being exploited (which is not the same as more security holes existing).
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Whoever modded you down "Troll" has obviously not heard of sarcasm.
Anyway. The difference between Mac OS X and XP can be summarized thus:
Every time a potential breach of OS X security is discovered, it's front-page headline news on Slashdot.
If a new actual virus or worm comes along for Windows, making it ever more sure that you still can't even put a new Windows box online to download patches until after the patches you need are already installed... it's business as usual.
Windows users concerned about they penis size go on chanting "B B B But that's only because the Mac is less popular, so nobody bothers to write malware for it. Wait until the Mac gets more popular, then you'll be in a world of hurt!!!1!"
Whatever. The Mac is probably never going to see double-digit market share, and even if it does, it's still vastly more secure than Windows is, and you all know it. So there's no need to worry about such a scenario ever happening.
So I use Macs.
If the market dominance of Windows has anything to do with Macs being relatively free of haX0r attention, then I just gotta say to all you stubborn Windows users out there:
Hey man, thanks for taking one for the team.
Information wants to be anthropomorphized.
I think you underestimate the importance of assembly language when coding exploits. There are plenty of crackers out there who know x86 ASM. There are *far* fewer who know PPC ASM.
I think you overestimate the effort required to learn PPC once you know x86. The first assembly language you learn is difficult, especially if it is x86, but for subsequent ones it is far less difficult. After many years of x86 I wrote my first serious PPC code, it beat Apple's MrC compiler quite easily.