And every article on this subject has ignorant posts like yours that purposely ignore what Microsoft told us all years ago, which was that Internet Explorer was attached to Explorer because it was fundamental to the operating system and that it couldn't be removed without crippling Windows, and that tying it to the shell was absolutely necessary for some reason.
IE was used in various areas (including Explorer, although you could disable those parts) to improve the UI and remove redundant code (eg: the help system).
Subsequently, third party applications started depending on its functionality, again so they could reduce their development effort.
"IE" is as fundamental to Windows as any widely-used shared component is on any other platform. For example, ripping glibc out of a Linux distro will pretty much render it useless.
Apple actually shipped Internet Explorer for years until Microsoft discontinued support and forced them to provide their own browser and rendering libraries.
Apple started doing that before IE for Mac was discontinued.
Other platforms have not gone down the same path as Microsoft did with Internet Explorer.
Yes, they have. OS X, GNOME, KDE - all of these have implemented a browser shared component which other applications can (and do) re-use.
In fact, even Microsoft has abandoned its older path and decoupled Internet Explorer from the shell.
That Explorer now launches the IE shell rather than loading the component internally, does not change the architecture of IE. It's a minor change.
They were caught because of the copyright infringement, you could see the Stacker strings in the win.exe with a simple text search.
Evidence ? Because none of the links I discovered (including court documents) - nor my memory from when it was actually happening - support your assertion.
(Not to mention "Stacker strings" wouldn't have any reason to be in "win.exe", but I suspect you were just using that as a random example of a Microsoft OS file).
For the same reason that 95% of my 1.5 Terrabytes of data is compressed maybe?
Damn. Brave man.
Disks are cheaper than ever, but they are still slow. Processors are relatively fast and can decompress the data quickly.
I've heard this claim before, but I've never actually seen any data to support it (for the general case). Certainly my anecdotal experience would suggest any such benefit is imperceptible in general usage.
See above. I don't use Microsoft Windows, but my impression is that this is something you have to enable for each directory you want to compress.
It's a file attribute. If you want to compress a whole directory (or disk) just set it at the top level and the permission will be inherited.
A smart implementation would figure out which files would benefit on the speed of access metric from compression and would compress those files as a low priority background process. Most of my data is in a data specific compressed format, those files would not benefit from compression, but raw pictures from my cameras would, as would wav files from my audio captures.. To address the multiplied data loss from a single (or multiple) block failure all you need to do is add some FEC w/reordering, this would make the compressed files more reliable than the uncompressed ones.
I'm still sceptical of the purported performance improvements.
I removed mail.app long ago because I couldn't convince it to quit parsing html. I can remove webkit and my system still works fine.
Except for all the things that rely on it and break.
Contrast this to a windows machine and there's a world of difference. Even on Windows 98, where it was, despite the manufacturers testimony under oath to the contrary, possible to remove IE completely, this required patching several system binaries and breaks many applications.
Right. So apart from all the stuff it breaks - that requires patching to fix - it "works fine".
That doesn't mean it "works fine". When you have to go in and fix things after removing IE, that means removing IE broke them.
But there are definitely very significant technical differences in the implementation of IE on Windows versus Safari on Mac.
Show us the supported steps to remove IE from your windows machine. What you suggest is nonsense, since it is not supported.
Settle down, tiger. I didn't say anything about removing IE, I explained how to delete the shell that wraps around the shared OS components - the equivalent of the original poster's example of deleting Safari.
I have seen Ubuntu use 6 months updates to great advantage - every release just gets better and better because you don't expect too much out of a 6 month update, while MS promises the sky and doesn't release for years on end.
It's really easy to make frequent, significant improvements when those improvements need to be made.
Windows (and even OS X, now, which is why its cycle has slowed) has well and truly hit the point of "good enough". There aren't many compelling updates because there's just not that much stuff that needs significant improvement.
Again, that's why I said "in English". If a program is attempting to make a port 25 connection, you can easily say "send an email" instead of "make an outbound network connection". And if it strikes you odd that tic-tac-toe.exe is attempting to send an email...
The problem is it *won't* strike most people as odd that $SOME_PROGRAM is making $SOME_SECURITY_REQUEST. All it will do is annoy the hell out of them they need to do so much fiddling to get comet cursor installed.
Apple does the same thing with Safari. Or does that not count?
No. Because if there is one thing the "geeks" of Slashdot have demonstrated time and time again, it is that they do not understand the software engineering behind "IE" and the way it is the same as the equivalents on other platforms (Safari/WebCore in OS X, khtml in KDE, whatever-it-is in GNOME).
Therefore, the fact that every platform has since gone down the same path Microsoft did with IE, doesn't make them the same because anything Microsoft does is bad, but anything !Microsoft does is ok.
According to the information I can locate, it was a patent infringement case. I haven't seen anything reliable that talks about copying source code (which would be copyright infringement).
Also, it was a depressing to see how badly our legal system handled the infraction, Stac was killed causing everyone there to lose their jobs and breaking up a good development team. The only relief was a few hundred million dollars for the investors in the company, much of which went to their lawyers. Stac probably would have become a multi-billion dollar company and today we might all have faster disk access through a clever mix of compression and better filesystems.
Stac were killed by plummeting storage prices. Why would any sane person want to use risky compression (especially the whole-volume-in-a-file approach that Stacker and Stacker-like used) when they could just buy a bigger drive. Even in their heyday, programs like SuperStor and Stacker weren't _widely_ used.
I bought Stacker. I even bought the version that came with the compression coprocessor ISA card. In the days when a 100 meg hard disk was "big" and a 386 processor "blazingly fast" it had a real purpose. But it was still an ugly and fragile kludge and the writing was already well and truly on the wall even as Microsoft was putting Double/Drivespace into DOS.
Similar disk compression schemes went the same way, for the same reason. Even the NTFS file compression in Windows (which is implemented far more intelligently and less kludgily) is rarely used. Why would you bother, when hard disks are so cheap ?
I won't debate you as I can't win on mpg. However on safty... that depends on whose safty you're talking about. Minivans (and most SUVs) are pretty darn safe to the occupents of the vehicle as long as they are driven properly. But I suspect you mean the safty of the people the large vehicle creams. Which serves as a nice physics lecture. So, what's your solution?
People in (modern) standard cars are at least as safe - if not safer - in those than they are in an SUV, *unless they hit an SUV*.
In other words, if the majority of people are driving around in regular cars, the net safety level is higher.
SUVs are popular because they're relatively cheap, despite being the worst at just about everything. Take away the massive tax concessions that make these vehicles economical and their usage would disappear nearly overnight.
I always enjoying watching those (Sydney) north-shorers spending $100+ filling up their X5s. It's nearly as entertaining as watching them gets the kids out of the car to guide them into the parking space.
About ten approvals after installation of zonealarm, you never get bugged again, until some virus tries to do something nasty, at which point you're REALLY HAPPY you have this information coming your way.
I think you meant to say "at which point you just click allow like you did the ten times beforehand so the damn thing will work".
The vast majority of end users lack the necessary fundamental knowledge to make educated decisions about whether or not to do things like "allow $PROGRAM to make an outbound network connection".
How odd. I'm logged into an administrative account right now (on another machine) and it is not a root account.
You are one misplaced password prompt away from code elevating itself to root. Which is likely not a big issue for you, personally, but is a significant risk for the generic "you".
You know, repeating unsupported assertions over and over again doesn't actually lend them any more credibility.
Something I keep telling people all the time. Never seems to sink in, though.
You actually have to present support for them, like facts.
Are you suggesting that Linux doesn't have a relatively tiny number of ignorant users ? Or that OS X doesn't have a relatively tiny market share ?
Or are you arguing these two aspects of "security" are not significant ?
Failing to contain trojans is what happens when you let the users that exist use Windows.
Neither OS X, nor the vast majority of Linux installations, "contain trojans" in any meaningful way.
You can argue that the user has failed, but it doesn't matter because so has the OS by not being designed to work properly for said user.
Being that psychic OSes are still a ways off, I daresay you'll be waiting a while for the OS that "works properly for said user".
An Operating System does not - and can not - know what the user *wants to do*. It only knows what the user has *told it to do*. An OS can make *guesses* about what the user wants it to do, but these guesses are equally as likely to be wrong (eg: running a trojan that deletes important data) as it is right (eg: running some program).
No, I'm not saying that. I'm saying they ported TrustedBSD's MAC system and combined it in some unspecified way with application signing trust levels. It would be stupid to try to stop users from running unsigned code. It makes a lot of sense to restrict the access of unsigned code by default.
So are Apple going to break all those old, unsigned legacy applications by stopping unsigned code from doing anything interesting, or are programs still going to be able to do pretty much anything they want ? Because if it's the latter, the net benefit - at least in the short-, and probably in the medium- term is going to be basically zero.
Here's the problem with going down the path of signed apps and strict controls (which is probably the closest thing to a real, workable "security improvement" I think I've ever seen you suggest): to be effective, it must lock out pretty much any software that doesn't originate from high profile, professional, commercial software developers, released after those strict controlers were implemented.
I would have thought that Windows has demonstrated quite convincingly that good technology on its own is not enough to keep a platform from being compromised, when that technology is poorly used (if it is used at all) and utilisation of legacy software incompatible with its advantages is common.
On the other hand, Apple does have the advantage of a) a tiny, very loyal userbase and b) a ruthless approach to dropping legacy support when it becomes inconvenient. Linux, meanwhile, has the advantage of a userbase made up almost entirely of technically-proficient users and a miniscule presence on the unmanaged desktop (on the downside, it's got a large collection of advocates who make my "most security breaches are the human's fault" attitude look positively wishy-washy). So Apple might actually be able to pull off a migration to the sort of security model you're talking about in a ~5 year timeframe, rather than the ~10 - 15 it will take Windows. Linux.... Well, Linux will probably have all the infrastructure there, but it still won't be used by any meaningful proportion of the market because (like most things that come out of the OSS community) it's just so much freaking work to make it usable.
Personally, I think could help security a lot. So do Microsoft, obviously, because they've been working towards
Windows was designed to be a single user system (like pre-OS X versions of Mac OS), and has just had supposed "multi-user" capability grafted on to it over the years.
Windows NT was designed and build from day one to be a multiuser OS. Back when Apple were working with System 6 and 7.
I could be wrong, because I really know jack crap about Windows.
You're hiding it well.
I have Parallels/XP on my MacBook for testing, and that's about it. Any Windows zealots (are there *any* here?) please feel free to correct me if I'm wrong about this pseudo-grafted multi-user security thing.
Happy to help. You're wrong.
I'm proud to be an IT pro who can honestly say "I don't do Windows."
Proud of being ignorant ? How "IT Pros" have changed...
Guess I've gone off topic somewhat, but someone please at least mod me Interesting because the main point is security in Windows vs. security in *nix is just two entirely different ballparks.
Indeed. The security in Windows is vastly more capable than the security in traditional unix.
Any piece of software attempting to open an outbound connection, particularly to common port like SMTP, needs to flag the fact to the user and explain, in English, what's going on.
That's gonna make using a modern computer a pretty painful experience. Heck, if I was prompted about (and had to subsequently approve) every outbound network connection on my PC, my productivity would probably halve, (if not more).
Not to mention it's pretty much guaranteed to make the prompts utterly ineffectual, as users will just be conditioned to clicking "Allow" all the time. It would be like your car prompting you every time you turned the steering wheel.
Why would any malware writer target an unexploited segment of several million households that have an above average amount of disposable income?
Because the ROI is higher targeting several hundred million other households.
* There are many fewer open ports and services by default.
Current versions of Windows have no open ports by default.
* OS X security updates are installed in a timely manner by a simple but effective dedicated application
As they are in Windows.
..whereas Windows requires that the default web browser be insecure enough to install kernel updates,
Every program on your Mac is "insecure enough to install kernel updates" if you run it with the appropriate permissions (just like Windows).
..and Windows does not automatically check for security updates by default.
All current versions of Windows do.
When they are set to automatically check for updates, either the notification can go unnoticed in the system tray, or the pop-to-front notification can cause inadvertent reboots (by stealing the focus and defaulting to reboot).
No, it can't, because the pop up notification doesn't have any buttons highlighted by default.
How about this instead: Your computer shouldn't self destruct doing normal user activies.
What's "normal" ? How do you propose "normal" is defined in a way that is both flexible enough for real-world usage, but strict enough to be defined programmatically ?
If someone is standing on the corner going 'neener neener you can't hit me' someone out of spite regardless of any reward is going to do it.
Of course. But if this happens in a bar with a brawl between 90 other people, do you think anyone is even going to notice that one guy got smacked ?
The fact that they've been touting they can't be hacked for several years now and they still haven't been hacked says to me that it's not easy to do/not able to be done as easily as it is on Windows.
They've been hacked numerous times. There have been several "proof of concept viruses" for OS X. The difference is none of them have even hit critical mass.
Plus a lot of the 'security' problems don't focus on the exploits of IE and simple browsing hijacking your system with crap. That's the largest problem facing most IT departments that I've run across in the last year or two, not the OS itself being hacked but something stupid the browser does destroying the system.
If the browser destroys the system, the person managing that system isn't doing their job properly.
Despite the statistics from the article, my department (which has 500 computers, with a mix of windowsXP, OSX and Linux) has had not a single security breach of a Linux or OSX system, but lots of breaches of Windows systems.
So how are these "breaches" occurring ? You firewall your machines, run users with reduced privileges and restrict IE usage, and if the machines allow people to run their own code, you have an active virus scanner running, right ? What's the vector ?
And every article on this subject has ignorant posts like yours that purposely ignore what Microsoft told us all years ago, which was that Internet Explorer was attached to Explorer because it was fundamental to the operating system and that it couldn't be removed without crippling Windows, and that tying it to the shell was absolutely necessary for some reason.
IE was used in various areas (including Explorer, although you could disable those parts) to improve the UI and remove redundant code (eg: the help system).
Subsequently, third party applications started depending on its functionality, again so they could reduce their development effort.
"IE" is as fundamental to Windows as any widely-used shared component is on any other platform. For example, ripping glibc out of a Linux distro will pretty much render it useless.
Apple actually shipped Internet Explorer for years until Microsoft discontinued support and forced them to provide their own browser and rendering libraries.
Apple started doing that before IE for Mac was discontinued.
Other platforms have not gone down the same path as Microsoft did with Internet Explorer.
Yes, they have. OS X, GNOME, KDE - all of these have implemented a browser shared component which other applications can (and do) re-use.
In fact, even Microsoft has abandoned its older path and decoupled Internet Explorer from the shell.
That Explorer now launches the IE shell rather than loading the component internally, does not change the architecture of IE. It's a minor change.
They were caught because of the copyright infringement, you could see the Stacker strings in the win.exe with a simple text search.
Evidence ? Because none of the links I discovered (including court documents) - nor my memory from when it was actually happening - support your assertion.
(Not to mention "Stacker strings" wouldn't have any reason to be in "win.exe", but I suspect you were just using that as a random example of a Microsoft OS file).
For the same reason that 95% of my 1.5 Terrabytes of data is compressed maybe?
Damn. Brave man.
Disks are cheaper than ever, but they are still slow. Processors are relatively fast and can decompress the data quickly.
I've heard this claim before, but I've never actually seen any data to support it (for the general case). Certainly my anecdotal experience would suggest any such benefit is imperceptible in general usage.
See above. I don't use Microsoft Windows, but my impression is that this is something you have to enable for each directory you want to compress.
It's a file attribute. If you want to compress a whole directory (or disk) just set it at the top level and the permission will be inherited.
A smart implementation would figure out which files would benefit on the speed of access metric from compression and would compress those files as a low priority background process. Most of my data is in a data specific compressed format, those files would not benefit from compression, but raw pictures from my cameras would, as would wav files from my audio captures.. To address the multiplied data loss from a single (or multiple) block failure all you need to do is add some FEC w/reordering, this would make the compressed files more reliable than the uncompressed ones.
I'm still sceptical of the purported performance improvements.
That's because iexplore.exe is NOT Internet Explorer.
Correct. And Safari is not the equivalent of "Internet Explorer".
It's just a shell. You cannot remove the actual code, and the many security breaches it contains, without causing serious problems.
Just like the Internet Explorer equivalent in OS X. Which was, incidentally, my point.
I removed mail.app long ago because I couldn't convince it to quit parsing html. I can remove webkit and my system still works fine.
Except for all the things that rely on it and break.
Contrast this to a windows machine and there's a world of difference. Even on Windows 98, where it was, despite the manufacturers testimony under oath to the contrary, possible to remove IE completely, this required patching several system binaries and breaks many applications.
Right. So apart from all the stuff it breaks - that requires patching to fix - it "works fine".
That doesn't mean it "works fine". When you have to go in and fix things after removing IE, that means removing IE broke them.
But there are definitely very significant technical differences in the implementation of IE on Windows versus Safari on Mac.
No, there's not.
I don't lie.
Show us the supported steps to remove IE from your windows machine. What you suggest is nonsense, since it is not supported.
Settle down, tiger. I didn't say anything about removing IE, I explained how to delete the shell that wraps around the shared OS components - the equivalent of the original poster's example of deleting Safari.
I have seen Ubuntu use 6 months updates to great advantage - every release just gets better and better because you don't expect too much out of a 6 month update, while MS promises the sky and doesn't release for years on end.
It's really easy to make frequent, significant improvements when those improvements need to be made.
Windows (and even OS X, now, which is why its cycle has slowed) has well and truly hit the point of "good enough". There aren't many compelling updates because there's just not that much stuff that needs significant improvement.
What, did I just say something stupid?
Yes. In particular, you seem to miss the point of shared code and ignore that every other platform (now) has an equivalent to IE.
Again, that's why I said "in English". If a program is attempting to make a port 25 connection, you can easily say "send an email" instead of "make an outbound network connection". And if it strikes you odd that tic-tac-toe.exe is attempting to send an email...
The problem is it *won't* strike most people as odd that $SOME_PROGRAM is making $SOME_SECURITY_REQUEST. All it will do is annoy the hell out of them they need to do so much fiddling to get comet cursor installed.
Key difference: You can delete Safari, and Mac OS X doesn't break.
No difference. You can do the same in Windows. Deleting iexplore.exe is trivial and harmless.
It astonishes me that anyone would stand up for them.
Are you similarly astonished by the quote "I may disagree with what you are saying, but I will defend to the death your right to say it", as well ?
Apple does the same thing with Safari. Or does that not count?
No. Because if there is one thing the "geeks" of Slashdot have demonstrated time and time again, it is that they do not understand the software engineering behind "IE" and the way it is the same as the equivalents on other platforms (Safari/WebCore in OS X, khtml in KDE, whatever-it-is in GNOME).
Therefore, the fact that every platform has since gone down the same path Microsoft did with IE, doesn't make them the same because anything Microsoft does is bad, but anything !Microsoft does is ok.
What on earth does that even mean?
It means SUVs aren't subject to the same taxation structures as normal passenger vehicles. Hence they are relatively cheap to manufacturer and sell.
Maybe we should provide the *same* "tax concessions" on *all other* vehicles, if you think it's such an important factor ...
That could work as well.
Microsoft copy-n-pasted the code!
According to the information I can locate, it was a patent infringement case. I haven't seen anything reliable that talks about copying source code (which would be copyright infringement).
Also, it was a depressing to see how badly our legal system handled the infraction, Stac was killed causing everyone there to lose their jobs and breaking up a good development team. The only relief was a few hundred million dollars for the investors in the company, much of which went to their lawyers. Stac probably would have become a multi-billion dollar company and today we might all have faster disk access through a clever mix of compression and better filesystems.
Stac were killed by plummeting storage prices. Why would any sane person want to use risky compression (especially the whole-volume-in-a-file approach that Stacker and Stacker-like used) when they could just buy a bigger drive. Even in their heyday, programs like SuperStor and Stacker weren't _widely_ used.
I bought Stacker. I even bought the version that came with the compression coprocessor ISA card. In the days when a 100 meg hard disk was "big" and a 386 processor "blazingly fast" it had a real purpose. But it was still an ugly and fragile kludge and the writing was already well and truly on the wall even as Microsoft was putting Double/Drivespace into DOS.
Similar disk compression schemes went the same way, for the same reason. Even the NTFS file compression in Windows (which is implemented far more intelligently and less kludgily) is rarely used. Why would you bother, when hard disks are so cheap ?
I won't debate you as I can't win on mpg. However on safty... that depends on whose safty you're talking about. Minivans (and most SUVs) are pretty darn safe to the occupents of the vehicle as long as they are driven properly. But I suspect you mean the safty of the people the large vehicle creams. Which serves as a nice physics lecture. So, what's your solution?
People in (modern) standard cars are at least as safe - if not safer - in those than they are in an SUV, *unless they hit an SUV*.
In other words, if the majority of people are driving around in regular cars, the net safety level is higher.
SUVs are popular because they're relatively cheap, despite being the worst at just about everything. Take away the massive tax concessions that make these vehicles economical and their usage would disappear nearly overnight.
I always enjoying watching those (Sydney) north-shorers spending $100+ filling up their X5s. It's nearly as entertaining as watching them gets the kids out of the car to guide them into the parking space.
So I can infer from your question that being ignorant of Windows does not make one an IT professional?
No. You can infer that I wouldn't consider anyone proud to be ignorant of anything IT-related an "IT professional".
[...] outright theft (see Stac), [...]
Since when is a patent violation "theft" ?
Besides, I thought we'd all agreed that software patents were bad, mmkay ?
About ten approvals after installation of zonealarm, you never get bugged again, until some virus tries to do something nasty, at which point you're REALLY HAPPY you have this information coming your way.
I think you meant to say "at which point you just click allow like you did the ten times beforehand so the damn thing will work".
The vast majority of end users lack the necessary fundamental knowledge to make educated decisions about whether or not to do things like "allow $PROGRAM to make an outbound network connection".
How odd. I'm logged into an administrative account right now (on another machine) and it is not a root account.
You are one misplaced password prompt away from code elevating itself to root. Which is likely not a big issue for you, personally, but is a significant risk for the generic "you".
You know, repeating unsupported assertions over and over again doesn't actually lend them any more credibility.
Something I keep telling people all the time. Never seems to sink in, though.
You actually have to present support for them, like facts.
Are you suggesting that Linux doesn't have a relatively tiny number of ignorant users ? Or that OS X doesn't have a relatively tiny market share ?
Or are you arguing these two aspects of "security" are not significant ?
Failing to contain trojans is what happens when you let the users that exist use Windows.
Neither OS X, nor the vast majority of Linux installations, "contain trojans" in any meaningful way.
You can argue that the user has failed, but it doesn't matter because so has the OS by not being designed to work properly for said user.
Being that psychic OSes are still a ways off, I daresay you'll be waiting a while for the OS that "works properly for said user".
An Operating System does not - and can not - know what the user *wants to do*. It only knows what the user has *told it to do*. An OS can make *guesses* about what the user wants it to do, but these guesses are equally as likely to be wrong (eg: running a trojan that deletes important data) as it is right (eg: running some program).
No, I'm not saying that. I'm saying they ported TrustedBSD's MAC system and combined it in some unspecified way with application signing trust levels. It would be stupid to try to stop users from running unsigned code. It makes a lot of sense to restrict the access of unsigned code by default.
So are Apple going to break all those old, unsigned legacy applications by stopping unsigned code from doing anything interesting, or are programs still going to be able to do pretty much anything they want ? Because if it's the latter, the net benefit - at least in the short-, and probably in the medium- term is going to be basically zero.
Here's the problem with going down the path of signed apps and strict controls (which is probably the closest thing to a real, workable "security improvement" I think I've ever seen you suggest): to be effective, it must lock out pretty much any software that doesn't originate from high profile, professional, commercial software developers, released after those strict controlers were implemented.
I would have thought that Windows has demonstrated quite convincingly that good technology on its own is not enough to keep a platform from being compromised, when that technology is poorly used (if it is used at all) and utilisation of legacy software incompatible with its advantages is common.
On the other hand, Apple does have the advantage of a) a tiny, very loyal userbase and b) a ruthless approach to dropping legacy support when it becomes inconvenient. Linux, meanwhile, has the advantage of a userbase made up almost entirely of technically-proficient users and a miniscule presence on the unmanaged desktop (on the downside, it's got a large collection of advocates who make my "most security breaches are the human's fault" attitude look positively wishy-washy). So Apple might actually be able to pull off a migration to the sort of security model you're talking about in a ~5 year timeframe, rather than the ~10 - 15 it will take Windows. Linux.... Well, Linux will probably have all the infrastructure there, but it still won't be used by any meaningful proportion of the market because (like most things that come out of the OSS community) it's just so much freaking work to make it usable.
Personally, I think could help security a lot. So do Microsoft, obviously, because they've been working towards
Windows was designed to be a single user system (like pre-OS X versions of Mac OS), and has just had supposed "multi-user" capability grafted on to it over the years.
Windows NT was designed and build from day one to be a multiuser OS. Back when Apple were working with System 6 and 7.
I could be wrong, because I really know jack crap about Windows.
You're hiding it well.
I have Parallels/XP on my MacBook for testing, and that's about it. Any Windows zealots (are there *any* here?) please feel free to correct me if I'm wrong about this pseudo-grafted multi-user security thing.
Happy to help. You're wrong.
I'm proud to be an IT pro who can honestly say "I don't do Windows."
Proud of being ignorant ? How "IT Pros" have changed...
Guess I've gone off topic somewhat, but someone please at least mod me Interesting because the main point is security in Windows vs. security in *nix is just two entirely different ballparks.
Indeed. The security in Windows is vastly more capable than the security in traditional unix.
Any piece of software attempting to open an outbound connection, particularly to common port like SMTP, needs to flag the fact to the user and explain, in English, what's going on.
That's gonna make using a modern computer a pretty painful experience. Heck, if I was prompted about (and had to subsequently approve) every outbound network connection on my PC, my productivity would probably halve, (if not more).
Not to mention it's pretty much guaranteed to make the prompts utterly ineffectual, as users will just be conditioned to clicking "Allow" all the time. It would be like your car prompting you every time you turned the steering wheel.
Since Apple bought the remains of Next, it's incorrect to think that none of the Next technology exists in today's Mac OS.
In fact, one of the best ways to describe OS X to someone who time-warped in from the early '90s would be "Next (or Open) STEP 5.x".
Why would any malware writer target an unexploited segment of several million households that have an above average amount of disposable income?
Because the ROI is higher targeting several hundred million other households.
* There are many fewer open ports and services by default.
Current versions of Windows have no open ports by default.
* OS X security updates are installed in a timely manner by a simple but effective dedicated application
As they are in Windows.
Every program on your Mac is "insecure enough to install kernel updates" if you run it with the appropriate permissions (just like Windows).
All current versions of Windows do.
When they are set to automatically check for updates, either the notification can go unnoticed in the system tray, or the pop-to-front notification can cause inadvertent reboots (by stealing the focus and defaulting to reboot).
No, it can't, because the pop up notification doesn't have any buttons highlighted by default.
How about this instead: Your computer shouldn't self destruct doing normal user activies.
What's "normal" ? How do you propose "normal" is defined in a way that is both flexible enough for real-world usage, but strict enough to be defined programmatically ?
If someone is standing on the corner going 'neener neener you can't hit me' someone out of spite regardless of any reward is going to do it.
Of course. But if this happens in a bar with a brawl between 90 other people, do you think anyone is even going to notice that one guy got smacked ?
The fact that they've been touting they can't be hacked for several years now and they still haven't been hacked says to me that it's not easy to do/not able to be done as easily as it is on Windows.
They've been hacked numerous times. There have been several "proof of concept viruses" for OS X. The difference is none of them have even hit critical mass.
Plus a lot of the 'security' problems don't focus on the exploits of IE and simple browsing hijacking your system with crap. That's the largest problem facing most IT departments that I've run across in the last year or two, not the OS itself being hacked but something stupid the browser does destroying the system.
If the browser destroys the system, the person managing that system isn't doing their job properly.
Despite the statistics from the article, my department (which has 500 computers, with a mix of windowsXP, OSX and Linux) has had not a single security breach of a Linux or OSX system, but lots of breaches of Windows systems.
So how are these "breaches" occurring ? You firewall your machines, run users with reduced privileges and restrict IE usage, and if the machines allow people to run their own code, you have an active virus scanner running, right ? What's the vector ?