A lot of them are laptops, which don't make good botnet nodes due to connectivity flaps, battery life, wifi bandwidth
There is a pool of experienced blackhat coders who know the insides of Windows very well, and are willing to write crapware for $$$. There is a much smaller pool of people like that for MacOS. In particular a lot of it comes out of Russia, China, Eastern Europe... all places where Apple doesn't have a good hold in the market. This is just a time/market thing. If Macs became more popular, especially in these regions, the number of people willing to hack it for profit would increase.
Growing a botnet relies on spamming huge numbers of people with a potential exploit and then hoping that some fraction of them work. For drive-by downloads that's especially important because you typically have limited time until you are discovered and kicked off the websites you hijacked. The bigger and more complicated your exploit code is, the more likely it is to be discovered. Why would anybody significantly increase their costs for a very small return? Fact is, market share is an issue.
Others have already replied about Apple's intrinsically superior security based on its BSD roots and more sensible user permissions. There's no need to go into that agaiin.
No, UNIX style security cannot ever work on the desktop. It's a system that is doomed to fail by design because it has insufficient layering and a confusing setup for the end user. Do I really need to point you at the usability studies done on user-based DAC security? Or will you take it on my word that the vast majority of users will type in their root password whenever they are asked to?
There are much more robust designs for desktop security systems around. Read the security paper for Singularity (a Microsoft OS, in fact) - that's how it should be done. BitFrost is another interesting design.
One thing we do know, though, is that the UNIX design doesn't work. How long has MacOS X had this 1-line ARD privilege escalation vulnerability in it? You realise that one vulnerability like that wipes out the entire security system permenantly, until you reinstall it, because you never know if a program you ran used it to rootkit your kernel?
it doesn't seem to have occurred to crackers to even probe Debian's SSL implementation for vulnerabilities.
How do you know? The nature of such vulnerabilities is that they're worth a lot of money, and are traded on the black market. The details of the vulnerabilities are kept closely guarded because when they are known publically, the exploit becomes much less commercially valuable. That's why there was such an uproar about it - people could have been silently getting owned for months or even over a year... and they'd never have known.
From what I understand, there are two basic ways: Drive by downloads and host programs that carry spyware with their installation.
These days it's almost exclusively the former. Very little malware gets onto systems via other host programs, and when it does it's usually in things like copy protection cracks rather than "smiley face" programs.
Safari has had a pretty damn poor track record of being a secure browser, for what it's worth. You would have thought that after years of IE setting an example of how not to do things, given the chance to write a new codebase they'd have made extra extra sure that Safari was built like a rock. Apparently not though.
So I don't understand how you have concluded that "the major ways to distribute spyware don't exist on the Mac and probably never will". They exist today and aren't being widely exploited because most of the truly evil sofware being written today is written for profit, and there isn't much profit in exploiting a platform as small as MacOS. It's really that simple.
MacOS, as far as I can tell, has very little inherent security. It inherited a security model that was deeply flawed and inappropriate for the desktop from UNIX, and then proceeded to blow holes in it with a series of trivial privilege escalation vulnerabilities. A single escalation hole reduces the security model of a UNIX system to that of Windows 95, ie, none whatsoever. Although it's true that most malware functions don't require root, they can and will exploit root to embed themselves deeper within the system (eg, using rootkits) making it hard or impossible to remove without a reinstall.
Really, Microsoft learned a lot of lessons from the experiences of the XP era. It might not seem like it at times, but they now have extremely thorough security training for all their employees working on the platform, they use external and internal penetration testing, they have security improvements built into their compiler toolchain and so on. Apple unfortunately doesn't seem to have learned the same lessons yet.
Well if you RTFA you'll see that they are trying to get it right:
As a sweetener to the deal, material produced in France will be available free of copyright protection devices, which means music and video files will be able to be more easily transferred between different computers and portable media players.
Seems like a fair deal to me. Instead of pro-actively punishing everybody on the assumption that they're going to steal, only actually punish the ones that do.
The points about coffee shop wireless etc are all valid - presumably either the law won't apply to communal wireless (gaping loophole) or cafes/airports/etc will simply bite the IPv4 bullet and buy more addresses so they can associate a C&D notice with an actual (cc verified) customer.
Anyway. I think Sarkozy is talking sense here. Do law enforcement the old fashioned way - by finding and punishing the people actually breaking the law.
Well, because it's a really good game. If the PC DRM bothers you, buy an XBox. It's got tighter DRM but is a lot more convenient and likely to actually work. I played Mass Effect straight through and loved it. It's a shame they are using annoying DRM on the PC version but entirely predictable, the PC just has far worse problems with mass piracy than console platforms do.
I dunno, for it to be ironic Wine would have to have shared some of those characteristics, but it really doesn't.
In particular, the key problem with FUBAR project appeared to be Mr Bob Winsom, whoever he is, who was clearly not technical or competent but believed he was. Wine is led by Alexandre Julliard, who is every bit as competent and skilled as Linus Torvalds himself, if not moreso, the primary difference being that Linus quite a loud person and AJ is not.
Wine has taken a long time to reach 1.0 (a rather arbitrary line in the sand) because Windows is a huge codebase, which is very difficult to match exactly to the expectations of the apps running on it. At its peak Windows had over 5000 engineers working full time on it, something Wine has never had.
You can already buy phones that don't use DRM or sim locking. You just have to pay the full manufacturing cost. As it turns out a lot of people like to get the handsets subsidised and deal with the DRM. I guess I don't see the issue here.
Well, a giant amount of traffic on the backbone is spam, viruses, and illegal copying, so I can't really blame the telcos for not wanting their networks to turn into that...
Why isn't that in a GUI, or even automatic? I mean, wow, I like to bash Linux for requiring weird incantations from time to time, but what are Apple doing walking the same path?
What, more or less vicious and manipulative than people who are emotionally invested in free software, anti DRM, Microsoft hatred, Apple love.... ?
I totally agree that Slashcode should be used more widely for hosting debates. Wordpress really doesn't cut it, it just can't scale as well as Slashcode can.
That said, there are a couple of things to be wary of. One is that Slashcode has a few problems that for whatever reason have never been fixed. One is that the overrated/underrated mods shouldn't exist. Firstly because they don't have a precise reason attached to them so people find it easy to use them to mod down views they disagree with. Secondly because they aren't meta-moderated (or at least, weren't historically). I'd just scrap them entirely - if you can't figure out a precise reason why a comment should be suppressed, it probably should be left alone.
The other issue that'd concern me is that the slashcode UI is just damn complicated. It's well known in usability circles that a lot of people, especially older people, have problems conceptualising trees and a slashdot discussion is a giant tree. Tree widgets in particular pose problems - a lot of people simply don't use file management effectively because either they never use folders, or they only use them one level deep. It's that realisation that led to an uptick in the number of local search engines in recent years.
Slashdot UI has, as far as I know, never been usability tested thoroughly. It's remarkably clear (to me) despite that, but then we're all fairly technical here and the idea of seeing a post that isn't obviously replying to anything because it was modded up and the parent wasn't, well it probably doesn't faze us. I'd want to make sure any such political debate site was accessible to people of all levels of experience.
Unfortunately, it also seems to lead to a rather nasty strain of eliteism. Check out this indictment of referendums. Yeah, I kid you not, the guy thinks referendums are on principle a bad idea because the result can depend on how you phrase the question.
To support this he uses the one of the weakest arguments I've seen for a long time - that based on "surveys" (uncited) if you ask people whether they want an elected second house, they say yes, and if you ask people if you want an expert and independent second house they say yes, so whether you have an elected second house depends on how you phrase the question. The implication is clear - people are sheep and are subject to the whims of a clever question phraser. Why the proles would abolish us if only they were asked in the wrong way!
In other words, if you ask people two unrelated questions that are not correlated (what arrogance, to assume that being elected implies not being expert or independent), people might say yes to both of them. Oh noes!
It's pretty sad that I see sharper and more solid arguments on Slashdot of all places. If this is the quality of argument they make then maybe they should be scrapped!
Well, sure, either there's some anti-competitive behavior going on in which case there should be an investigation. Or, more likely, NetFlix doesn't peer with Comcasts network directly whereas Comcasts own video service does?
Actually airlines routinely overcommit baggage space. If they lose the bet it comes across on the next flight. Or, what, did you really think airlines "lose" luggage as frequently as they claim?
If that were true we'd see amazingly innovative ISAs that everybody lusts after but can't use. We don't. There's been very little change in ISA design over the years, and when it's happened it's as often as not been driven by Intel themselves (look at their research into having tons of cores on the same chip with a super-fast grid bus between them).
And this DOES have something to do with their video site, you're launching a bandwidth intensive application which will be used during prime "congestion" hours. Disgraceful.
Look, if you're calling the guy a liar, just say it and be done with it. You think he's a liar. Fine. I don't, because I don't see anywhere in the article where he says it's the last mile connections which are congested. In reality it's most likely the peering or internal long haul links that are congested. Bandwidth intensive apps that co-operate with ISPs are typically run off CDNs that serve within their networks, so they don't load the peering or transit links. And in fact, he explicitly says in TFA that CDNs don't concern Bell, it's P2P apps and the way they work that is the problem.
That's not how traffic shaping works, it's an instantaneous decision. If you have a link that can do 10 Gbit/sec, and 12Gbit/sec is trying to get through, you can't just deprioritize the bulk transfer stuff and have it all somehow get through. You have to drop 2Gbit/sec of traffic on the floor. Dropping the bulk transfers that are insensitive to packet loss is exactly what they're doing, if I understand the article correctly.
A whole lot of people are whacking Bell Canada and ISPs in general for traffic shaping, but it's not justified. The reality is that it's far, far, simpler and easier for the majority of users to buy/be sold an "unlimited" internet connection for $X/month. It's vastly more complicated to sell somebody "flat rate up until Y Mbit/sec or Z GB/month" because non-geeks have absolutely no conception of how much bandwidth any given application might use. If you charge people for what they actually use, you implicitly require people to make a judgement call every time they browse a website, buy a movie off iTunes, or play a multiplayer game. Can I afford this? Can I not? How big is an XBox update anyway?
The right way to sell internet access is as "unlimited" and then specifically exclude certain classes of apps that are known to be bandwidth hogs, like P2P apps. It's much simpler for Joe Schmoe to understand "I am on flat rate as long as I don't use BitTorrent" than it is to understand arbitrary numbers in an alien unit of measurement. This makes the 90% of users who are not geeks happy (or at least, less confused) and still lets the people who want to sit online and do illegal downloads all day do so, as long as they pay for it.
Other than license, how does this compare to ZeroCs Iceï¼Y Does anybody know? I've played with Ice before and it's very well done, although I remain to be convinced of the value of remote object references in a distributed system.
It reduces the load on their upstream peering/transit links if you use an intelligently designed protocol that understands subnet affinity. That does, in fact, make that ISPs internet faster and more reliable for everyone.
BitTorrent is really an awful way to distribute data, from a network engineering perspective. A CDN or mirror network works much better, but is also more accountable and takes some effort to set up, so it's not suitable for mass infringement, pirate bay style.
Windows does this as well. In fact it has a vastly more sophisticated system than LD_PRELOAD in the form of an API shimming framework. Windows ships with a database of hacks (search your registry for AppGoo) which tells it things like, if you run a program called FOOBAR.EXE then make GetVersionEx report itself as Windows 95 instead of Windows XP, or change the heap behavior, etc. It's more automatic, more precise and better supported than LD_PRELOAD.
There are some things though which can't be fixed with shims. One example that comes to mind from Chens blog is a shell extension that plugged into Explorer. Apparently it was quite popular.... perhaps some common utility or part of a driver for a common device. Given the choice of doing things the right way or the stupid way, they opted for the latter.
The extension took a parameter to a callback, added 0x60 to the value and then dereferenced a pointer it found at that location. In other words it reached several frames up the stack and directly poked at crap inside Windows private code. Unsurprisingly, as the Explorer codebase evolved, computers with this extension installed began crashing (you crash explorer, it restarts just fine but you see some annoying flickering on screen as it reloads). Their solution was to place a fake equivalent of that structure in the "right place" on the stack to make the app happy. And another bajillion people got a smooth upgrade.
I used to think like you, incidentally, but over time I changed my mind. A lot of that was reading the rational, well thought out explanations of various weird Windows behaviors on Raymond Chens blog, I definitely recommend it to anybody interested in systems programming. The fact is, the value of backwards compatibility is vast compared to the effort that it requires.
Slashdot Mirror
Because:
No, UNIX style security cannot ever work on the desktop. It's a system that is doomed to fail by design because it has insufficient layering and a confusing setup for the end user. Do I really need to point you at the usability studies done on user-based DAC security? Or will you take it on my word that the vast majority of users will type in their root password whenever they are asked to?
There are much more robust designs for desktop security systems around. Read the security paper for Singularity (a Microsoft OS, in fact) - that's how it should be done. BitFrost is another interesting design.
One thing we do know, though, is that the UNIX design doesn't work. How long has MacOS X had this 1-line ARD privilege escalation vulnerability in it? You realise that one vulnerability like that wipes out the entire security system permenantly, until you reinstall it, because you never know if a program you ran used it to rootkit your kernel?
How do you know? The nature of such vulnerabilities is that they're worth a lot of money, and are traded on the black market. The details of the vulnerabilities are kept closely guarded because when they are known publically, the exploit becomes much less commercially valuable. That's why there was such an uproar about it - people could have been silently getting owned for months or even over a year ... and they'd never have known.
These days it's almost exclusively the former. Very little malware gets onto systems via other host programs, and when it does it's usually in things like copy protection cracks rather than "smiley face" programs.
Safari has had a pretty damn poor track record of being a secure browser, for what it's worth. You would have thought that after years of IE setting an example of how not to do things, given the chance to write a new codebase they'd have made extra extra sure that Safari was built like a rock. Apparently not though.
So I don't understand how you have concluded that "the major ways to distribute spyware don't exist on the Mac and probably never will". They exist today and aren't being widely exploited because most of the truly evil sofware being written today is written for profit, and there isn't much profit in exploiting a platform as small as MacOS. It's really that simple.
MacOS, as far as I can tell, has very little inherent security. It inherited a security model that was deeply flawed and inappropriate for the desktop from UNIX, and then proceeded to blow holes in it with a series of trivial privilege escalation vulnerabilities. A single escalation hole reduces the security model of a UNIX system to that of Windows 95, ie, none whatsoever. Although it's true that most malware functions don't require root, they can and will exploit root to embed themselves deeper within the system (eg, using rootkits) making it hard or impossible to remove without a reinstall.
Really, Microsoft learned a lot of lessons from the experiences of the XP era. It might not seem like it at times, but they now have extremely thorough security training for all their employees working on the platform, they use external and internal penetration testing, they have security improvements built into their compiler toolchain and so on. Apple unfortunately doesn't seem to have learned the same lessons yet.
Funny? That's exactly what happens ... speed too many times and you lose your license.
Well if you RTFA you'll see that they are trying to get it right:
Seems like a fair deal to me. Instead of pro-actively punishing everybody on the assumption that they're going to steal, only actually punish the ones that do.
The points about coffee shop wireless etc are all valid - presumably either the law won't apply to communal wireless (gaping loophole) or cafes/airports/etc will simply bite the IPv4 bullet and buy more addresses so they can associate a C&D notice with an actual (cc verified) customer.
Anyway. I think Sarkozy is talking sense here. Do law enforcement the old fashioned way - by finding and punishing the people actually breaking the law.
Well, because it's a really good game. If the PC DRM bothers you, buy an XBox. It's got tighter DRM but is a lot more convenient and likely to actually work. I played Mass Effect straight through and loved it. It's a shame they are using annoying DRM on the PC version but entirely predictable, the PC just has far worse problems with mass piracy than console platforms do.
It's sort of interesting, in a vague way, but you can read much more dire and funny stories on (the highly recommended) the daily WTF. My favourites would have to be the hotel reservation system from hell, the story of VirtuDyne and the digital donkey and a case of the MUMPS.
I dunno, for it to be ironic Wine would have to have shared some of those characteristics, but it really doesn't.
In particular, the key problem with FUBAR project appeared to be Mr Bob Winsom, whoever he is, who was clearly not technical or competent but believed he was. Wine is led by Alexandre Julliard, who is every bit as competent and skilled as Linus Torvalds himself, if not moreso, the primary difference being that Linus quite a loud person and AJ is not.
Wine has taken a long time to reach 1.0 (a rather arbitrary line in the sand) because Windows is a huge codebase, which is very difficult to match exactly to the expectations of the apps running on it. At its peak Windows had over 5000 engineers working full time on it, something Wine has never had.
IP multicast doesn't actually work on todays internet - most networks don't support it as it's hard to figure out how to manage billing.
You can already buy phones that don't use DRM or sim locking. You just have to pay the full manufacturing cost. As it turns out a lot of people like to get the handsets subsidised and deal with the DRM. I guess I don't see the issue here.
Well, a giant amount of traffic on the backbone is spam, viruses, and illegal copying, so I can't really blame the telcos for not wanting their networks to turn into that ...
Why isn't that in a GUI, or even automatic? I mean, wow, I like to bash Linux for requiring weird incantations from time to time, but what are Apple doing walking the same path?
What, more or less vicious and manipulative than people who are emotionally invested in free software, anti DRM, Microsoft hatred, Apple love .... ?
I totally agree that Slashcode should be used more widely for hosting debates. Wordpress really doesn't cut it, it just can't scale as well as Slashcode can.
That said, there are a couple of things to be wary of. One is that Slashcode has a few problems that for whatever reason have never been fixed. One is that the overrated/underrated mods shouldn't exist. Firstly because they don't have a precise reason attached to them so people find it easy to use them to mod down views they disagree with. Secondly because they aren't meta-moderated (or at least, weren't historically). I'd just scrap them entirely - if you can't figure out a precise reason why a comment should be suppressed, it probably should be left alone.
The other issue that'd concern me is that the slashcode UI is just damn complicated. It's well known in usability circles that a lot of people, especially older people, have problems conceptualising trees and a slashdot discussion is a giant tree. Tree widgets in particular pose problems - a lot of people simply don't use file management effectively because either they never use folders, or they only use them one level deep. It's that realisation that led to an uptick in the number of local search engines in recent years.
Slashdot UI has, as far as I know, never been usability tested thoroughly. It's remarkably clear (to me) despite that, but then we're all fairly technical here and the idea of seeing a post that isn't obviously replying to anything because it was modded up and the parent wasn't, well it probably doesn't faze us. I'd want to make sure any such political debate site was accessible to people of all levels of experience.
Unfortunately, it also seems to lead to a rather nasty strain of eliteism. Check out this indictment of referendums. Yeah, I kid you not, the guy thinks referendums are on principle a bad idea because the result can depend on how you phrase the question.
To support this he uses the one of the weakest arguments I've seen for a long time - that based on "surveys" (uncited) if you ask people whether they want an elected second house, they say yes, and if you ask people if you want an expert and independent second house they say yes, so whether you have an elected second house depends on how you phrase the question. The implication is clear - people are sheep and are subject to the whims of a clever question phraser. Why the proles would abolish us if only they were asked in the wrong way!
In other words, if you ask people two unrelated questions that are not correlated (what arrogance, to assume that being elected implies not being expert or independent), people might say yes to both of them. Oh noes!
It's pretty sad that I see sharper and more solid arguments on Slashdot of all places. If this is the quality of argument they make then maybe they should be scrapped!
To whoever modded this "overrated" - go reread the moderator guidelines.
How are SIM locks anti-competitive? You knew the phone would be locked when you got it on the cheap (subsidised by the network).
Well, sure, either there's some anti-competitive behavior going on in which case there should be an investigation. Or, more likely, NetFlix doesn't peer with Comcasts network directly whereas Comcasts own video service does?
Actually airlines routinely overcommit baggage space. If they lose the bet it comes across on the next flight. Or, what, did you really think airlines "lose" luggage as frequently as they claim?
If that were true we'd see amazingly innovative ISAs that everybody lusts after but can't use. We don't. There's been very little change in ISA design over the years, and when it's happened it's as often as not been driven by Intel themselves (look at their research into having tons of cores on the same chip with a super-fast grid bus between them).
Look, if you're calling the guy a liar, just say it and be done with it. You think he's a liar. Fine. I don't, because I don't see anywhere in the article where he says it's the last mile connections which are congested. In reality it's most likely the peering or internal long haul links that are congested. Bandwidth intensive apps that co-operate with ISPs are typically run off CDNs that serve within their networks, so they don't load the peering or transit links. And in fact, he explicitly says in TFA that CDNs don't concern Bell, it's P2P apps and the way they work that is the problem.
That's not how traffic shaping works, it's an instantaneous decision. If you have a link that can do 10 Gbit/sec, and 12Gbit/sec is trying to get through, you can't just deprioritize the bulk transfer stuff and have it all somehow get through. You have to drop 2Gbit/sec of traffic on the floor. Dropping the bulk transfers that are insensitive to packet loss is exactly what they're doing, if I understand the article correctly.
A whole lot of people are whacking Bell Canada and ISPs in general for traffic shaping, but it's not justified. The reality is that it's far, far, simpler and easier for the majority of users to buy/be sold an "unlimited" internet connection for $X/month. It's vastly more complicated to sell somebody "flat rate up until Y Mbit/sec or Z GB/month" because non-geeks have absolutely no conception of how much bandwidth any given application might use. If you charge people for what they actually use, you implicitly require people to make a judgement call every time they browse a website, buy a movie off iTunes, or play a multiplayer game. Can I afford this? Can I not? How big is an XBox update anyway?
The right way to sell internet access is as "unlimited" and then specifically exclude certain classes of apps that are known to be bandwidth hogs, like P2P apps. It's much simpler for Joe Schmoe to understand "I am on flat rate as long as I don't use BitTorrent" than it is to understand arbitrary numbers in an alien unit of measurement. This makes the 90% of users who are not geeks happy (or at least, less confused) and still lets the people who want to sit online and do illegal downloads all day do so, as long as they pay for it.
Other than license, how does this compare to ZeroCs Iceï¼Y Does anybody know? I've played with Ice before and it's very well done, although I remain to be convinced of the value of remote object references in a distributed system.
I loved that game, and I didn't even have the voice edition (6 floppies baby! yeah!)
It reduces the load on their upstream peering/transit links if you use an intelligently designed protocol that understands subnet affinity. That does, in fact, make that ISPs internet faster and more reliable for everyone.
BitTorrent is really an awful way to distribute data, from a network engineering perspective. A CDN or mirror network works much better, but is also more accountable and takes some effort to set up, so it's not suitable for mass infringement, pirate bay style.
Windows does this as well. In fact it has a vastly more sophisticated system than LD_PRELOAD in the form of an API shimming framework. Windows ships with a database of hacks (search your registry for AppGoo) which tells it things like, if you run a program called FOOBAR.EXE then make GetVersionEx report itself as Windows 95 instead of Windows XP, or change the heap behavior, etc. It's more automatic, more precise and better supported than LD_PRELOAD.
There are some things though which can't be fixed with shims. One example that comes to mind from Chens blog is a shell extension that plugged into Explorer. Apparently it was quite popular .... perhaps some common utility or part of a driver for a common device. Given the choice of doing things the right way or the stupid way, they opted for the latter.
The extension took a parameter to a callback, added 0x60 to the value and then dereferenced a pointer it found at that location. In other words it reached several frames up the stack and directly poked at crap inside Windows private code. Unsurprisingly, as the Explorer codebase evolved, computers with this extension installed began crashing (you crash explorer, it restarts just fine but you see some annoying flickering on screen as it reloads). Their solution was to place a fake equivalent of that structure in the "right place" on the stack to make the app happy. And another bajillion people got a smooth upgrade.
I used to think like you, incidentally, but over time I changed my mind. A lot of that was reading the rational, well thought out explanations of various weird Windows behaviors on Raymond Chens blog, I definitely recommend it to anybody interested in systems programming. The fact is, the value of backwards compatibility is vast compared to the effort that it requires.