The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
That's just the highest score. I'm not sure why you think OS X does not have any scores above 2. There are large numbers of CVEs above 2.
Wow! you are exactly right! I don't know what I was doing; but I was obviously not "filtering" the CVE Results correctly, sorry!
However, and again I might be looking at the list incorrectly; but when I went to check on the (frankly eye-popping) list of OS X Vulnerabilities for 2015, I couldn't find any that were UNRESOLVED. Is there a way to find a list of Vulnerabilities on the CVE List that you can Filter on whether there was a Solution? Because as it stands, it looks like Apple has cleared up everything as of OS X 10.11.1, iOS 9.0.1 (IIRC) and WatchOS 2.01, and that there are no "outstanding Vulnerabilities".
the problem is even if you are right (and i agree with you) the first response shouldnt be defense against non apple people. it should simply be explained and if it is a problem shared and corrected
you arent getting voted down for being wrong (you are not wrong IMO) you are being down voted for being smug and offputting
I agree with you (especially the part about my not being wrong!); but after being repeatedly bludgeoned and downmodded by certain factions on Slashdot, and noticing a continuing and continuous pattern of almost exclusively ACs that bend over backwards to cast every single thing that Apple is or does (or doesn't do) as "Teh Evilz", I'm sorry; but I have just become a litlle "hair triggered" when it comes to Apple-Bashing ACs.
Well, the AC isn't *entirely* wrong. At least you're open about your fanhood. (No, spell check, that is a word because I say it is a word.) I say, so long as it works for you and you don't mind the price then, by all means, go for it. The number of desktops that use my chosen OS probably increases an order of magnitude when I turn my machines on so, yeah, I don't really have the whole popularity thing down pat.
LOL! I TRULY like that statement!!!
Anyhow, as I'm sure you know, I don't dislike Apple or anything. I dare say that I've probably bought more Apple devices than anyone here - if we want to be technical and only count spending our own money and not that of an employee or government.
From what you have told me privately, I would say you have pretty much everyone on Slashdot beat on that point!
I've used the OS and it seems fine to me. I'd probably use it more if I could try it on varied hardware. I've never taken the time to actually learn the ins-and-outs but it's stable and reasonably secure. Nothing is, truly, secure but OS X seems to have greater security baked in, for now.
Meh... To the point, well, you are a bit passionate about the Mac. They're not entirely wrong. That's pretty good, for an AC.
In my defense, I think you would agree that I am no more (and likely quite a bit less) "passionate" about my Platform of Choice than a lot of the F/OSS zealots, er, fanhoods (;-) ) that post on these Pages...
Two wrongs don't make a right, but they do tend to obscure each other.
Nice straw man you have there. The OP was describing the number of naive Mac users who have heard - and believe/repeat - the message that Macs aren't affected by malware. (Even if OP used the word "virus.") Which you seem to also acknowledge is BS. Those of us who aren't fanbois have heard this story time and again from uneducated Mac users, and Apple itself intentionally clouded with the "Macs don't get PC viruses" marketing bullshit.
I think that at this point, most users, even "naive" Mac users, are aware that Trojans exist, and that no amount of AV can protect you from being click-happy.
However, OS X's FIFTEEN-YEAR unblemished record stands: No Malware that did not require User Intervention to perform the initial infection, period. That isn't fanboiism. That isn't naivety. That's a fact.
And it is not "marketing bullshit" to state that Macs don't get Windows viruses. It is an important marketing distinction, especially when used under the auspices of their "Mac vs. PC" campaign.
And what you disingenuously don't point out is that Apple was careful to add the disclaimer (small, and at the bottom, like all disclaimers) that no computer was completely immune from attack. I can't find a copy of the original webpages; but the disclaimer was much like this one from the "OS X Security" Page, that states:
"While no system can be 100 percent immune from every threat, OS X lets you do even more to keep your information as safe as possible."
You must have missed all of the Pwn2Own contests. Mac OS has fallen first in every one due to insecure software.
You must've missed at least the last two.
Windows (IE) fell first in both years. OS X itself never did fall. Safari fell on the second day during both years, due to two exploits.
In the early Pwn2Own contests, OS X (or rather some apps running under OS X) fell first due to three factors:
1. Everyone wanted to OWN (that is "Win") the MacBook Pro being given away.
2. Flash
3. Adobe Reader
But you will note that Flash and Adobe Reader have not been included as part of an OS X standard build for several years now.
So, if Apple can simply tighten-up Safari a bit (and in 2014, only one team was even able to exploit anything on OS X (that being Safari)), they might even survive the next Pwn2Own.
What about third party, binary-only libraries, which some devs use?
That is admittedly a detail that would have to be worked-out; although, considering the "price" of getting caught peddling malware in the Apple App Store(s), and how trivial it is for Apple to cut off distribution (and future contributions) by those Applicants, I think that the attack surface would end up being just not worth the development effort, cost and hassle.
And yet Linux just got it's first malware target also. And how big is that desktop market compared to OS X?
Actually, not to pick on poor ol' Linux (it means well, afterall!); but there are quite a few ACTUAL Viruses (rather than Trojans, which any OS is vulnerable to) listed for Linux, as opposed to, um ZERO (EVER!) for OS X. To be fair, most of these have been rendered ineffective by Updates; but...
And OS X has been out nearly as long as Linux, and has TEN TIMES the marketshare (especially on the Desktop).
Don't expect Apple to be able to catch it with a signature scanner. There are billions of virus variants out there, and polymorphing code is a solved problem by malware writers, so a logic scanner, even with heuristics, isn't going to catch it. If it does, the bad guys will see it get pulled and write something else.
It's one thing to catch malware in an Object file; it is QUITE another when you have the Source. I think that most Open Source advocates would agree, code obsfucation notwithstanding.
As soon as Apple listens to me (ha!) and has App Store submitters send Apple their XCode Project Files, so that APPLE can inspect the SOURCE, AND so APPLE can do the final Build with a "blessed" version of XCode, then it will be HIGHLY unlikely that code large and complex enough to do anything nefarious will be able to get by the Approval process, even with some sophisticated obsfucation (which tends to make code even larger and more complex).
And one good thing about the App Store: If/when something like that DOES slip through, Apple can instantly revoke the Developer's key, and they will have to start all over again under a new name, Apple ID, Credit Card, etc.
That gets old real fast for the malware developers, when all you accomplished was to infect a few dozen (or even a few hundred) Macs each time, before you were caught.
And I have oceanfront property in Arizona I can sell you.
The college I went to all the mac were like 2 dollar hookers that never used protection. As soon as you took out your usb device you would run to the 4 Windows cleaning stations to hopefully kill what the mac just gave to them. You didn't have to do anything just plug in the usb device and then eject it.
I know according to the Apple fans this is not true and never happen. They say it was the Windows systems doing this and then cleaning. But you can take the usb to another system and still find the same as the cleaning systems.
Where did I say that Macs could not be CARRIERS for WINDOWS viruses?!?
In fact, in the instance of Macs being used in an application like a "Computer Lab", I would most heartily recommend running something like ClamAV, SPECIFICALLY to avoid being a "vector" for Windows malware.
But you are just changing the subject if you think that means that the MACS were being affected by the WINDOWS viruses.
So, the blame goes to the IT Staff that was running the Lab; not the Macs, sorry...
ZFS != backups, just like RAID != backups. It provides no protection against ransomware or someone doing a "rm-rf/".
[snip]
You basically have two choices: An enterprise level backup utility, or cobble together a solution and pray it works. If budget prevents a proven solution, I'll go with the amateur night stuff... but I'll make sure to have at least two different ways of backing up machines, so when (not if) one fails, I still am OK... and I also run test restores on a monthly basis just to check for hidden corruption of stuff.
I wholeheartedly agree with your statement that ZFS != backups (and even more so with RAID, in my bitter experience!)
However, I worry (probably too much) about bit-rot, and the problem of overwriting a good Backup with a bit-rotted Original. I was hoping that ZFS would at least help prevent the bit-rot from spoiling the Original.
I also agree with you that it's NOT the "Backup" that's critical, it's the RESTORE. That's why I won't mess with ANY Backup software that creates Proprietary backup "packages". IIRC, that's what turned me off to Retrospect, way back when it was a Mac-Only product. You're right: They ARE fragile, and NOTHING is as disheartening as a Backup that won't Restore!
In fact, that's one of the things that is off-putting about ZFS: If something goes wrong, where are the tools to try and pull something/anything out of the data-soup?
recent versions of Preview are actually getting better than Reader for most things
I've never found Reader to be better than Preview. I don't use OS X anymore, and Preview for PDFs is one of my majorly missed applications.
You must've come along after say, Tiger. In Tiger and before, Preview was ok; but lacked stuff like Highlighting and Annotations. It started to get better in Leopard (10.5), and by Snow Leopard, was getting pretty good.
So, begging the question: Why don't you use OS X "anymore"?
I said "will not" not "never have". However, I could have said never have with the caveat of being a customer and rather than consumer. The GS was a gift from my parents and while I did personally buy one, it was at a flea market years later (and it was an original "Woz Edition" GS).
While I agree wholeheartedly with your "Apple ][ Forever!" sentiment (and BTW, it was JOBS that urged Woz to include EIGHT peripheral Slots in the original Apple ][ Design; not that I'm a big "Jobs" fan, mind you), I take exception to your characterization of the Lightning Connector and Apple's Curated App Store.
The Lightning Connector solved a lot of design and packaging problems for Apple, and is one pretty cool piece of engineering. I do wish the Male end was a little more robust; but it is still much better for the User than the abomination that is Micro (or is it Mini?) USB...
As for the Curated App Store, you need look no farther than the Android mess to show that, on balance, what Apple is doing is FAR better for the VAST MAJORITY of Users than the "Wild West" approach that Android employs. And now that iOS 9 and XCode have teamed-up to allow those who are savvy-enough to do "sideload" Apps, (which are, coincidentally, also the group of Users that are savvy-enough to be a little more careful (one would hope!)), there really isn't a "Walled Garden" issue, anyway. But people like you will continue to live in the past, and pine for the good ol' days of the Apple ][.
Don't get me wrong: I LOVED my Apple ][, too, and have VERY fond memories of working with same (the first Apple ][ I worked on was Serial Number 0013, back in 1977. It didn't even have the "cooling slots" along the sides. I wrote tens of thousands of lines of code, and built several peripheral cards for same (including a multifunction I/O card that was big enough to require a FOOT to hold up the back of the card!); but I haven't fired up either of my Apple ][s (nor my ][gs), nor my Pinecom ][ Clone, since about 1995. it was just a different time...
When I used to use a Mac, security updates came in via Software Update every week or two. There obviously were security holes galore in the operating system (and don't get me started on early versions of Safari automatically downloading and opening files without asking permission first...), it's just nobody bothered exploiting them.
I agree that that was a boneheaded Default, and it amazed me even more that it persisted even after the weakness was pointed-out. However, as you know, the fix was simple: Uncheck the checkbox.
However, I believe you would agree that we are LONG-past the "Security Through Obscurity" point with OS X (and really never were there with iOS); and now are FAR into the "Look at Me! I actually Infected a Mac!" bragging-rights territory (e.g. TFA). So, it is pretty clear that OS X really DOES have some serious Security chops, and really DOESN'T have any "Serious" Vulnerabilties.
Look at the CVE List. On OS X, NOTHING rises above a 2.x on their "Severity" Scale. Nothing.
You realize these "hacked" developers installed a different version of the tools... so it really doesn't matter what any company does since it's been modified? They could easily just replace the tools with their own look-a-likes (though, most likely...
Actually, you're right.
As long as Apple allows the Devs. to do the final "for-Publication" Build, this is a potential problem.
However, when the Article on the tainted XCode came out, I proposed an elegant and simple solution:
Upon Submission, Devs send Apple their XCode Projects, and APPLE does the "For Publication" Build with THEIR (likely non-tainted) copy of XCode. Done!
Even better, since this means that Apple has the Source, they can take a MUCH closer look with both manual and automated methods, and so are that much more likely to ferret-out obsfucated malware.
Apple just has to add a paragraph to their Dev. Agreement, stating they won't divulge, etc., and change their Submission Procedures to require the XCode Projects.
Since anyone developing for Apple Products uses XCode, this is a true no-brainer.
Well, there is the new problem of programmers compiling their software with an infected, not-downloaded-from-Apple version of XCode. I'm not quite sure if Apple can catch 100% of those that get sent to the App Store, but that's one major security risk IMHO. And I say that as an OS X user.
That version of XCode was downloaded from a Chinese non-Apple source. I would imagine that Apple is going to modify XCode fairly soon so that it makes sure it is not modified before allowing a Build Application to happen, or maybe even a Launch of XCode.
Safari > Preferences > Advanced > Show Develop menu in menu bar
You only need to do that once to enable the new menu. After that, if a website gives you "Flash is required to view the video", try the following:
Develop > User Agent > Safari iOS X.X - iPad
If the website does support iOS/iPad, it'll be sending your browser HTML5 code linked to a standard H.264 video file that will play without any problem.
We already know that the typical Mac users is naive "there are no viruses for Mac!" and we also know there's a whole niche market of Apple users with more money than brains. I expect these people to haul in more money than the Windows ransomeware guys.
It is not "naive" to be aware that there are currently no "No user intervention required" viruses for OS X or iOS. It is the truth.
It IS "naive" to NOT be aware that there ARE a few (very few!) pieces of Malware that require a Social Engineering component and User Intervention to install. HOWEVER, Mac users are (justifiably) secure in the knowledge that, before these can infect more than a few dozen Macs, Apple will push out a detector-blocker into XProtect (which runs on every OS X machine running Snow Leopard or above, and gets updated automatically every 24 hours), and that will be that. And the interesting thing is that, the malware-writers know that, too; which makes Macs a FAR less tempting target than they would otherwise be.
Setting your User-Agent to something that looks iThing-ish is sometimes enough to get sites to serve their mobile versions with MP4 based video instead of flash.
Too much work to get around someone else's sloppy coding; but thanks for the tip!
You have to actually download it, choose to run it, close the warning box that is popping up to warn you exactly of this sort of software.
So, IOW, nothing to see here, move along.
Nice Try, Dice/Slashdot. I'm sure you'll get a lot of clicks from mouth-foaming Apple-Haters, though; so good job!
See? Watch as the Apple-Haters Downmod my Post into oblivion, even though I speak the absolute truth: There IS nothing to see here. This is NOT a reasonable "Proof of Concept"; it is merely CLICKBAIT.
Sorry to burst your hate-bubble; but OS X has not had a non-Social-Engineered piece of Malware, EVER. And this is since OS X 10.0.0 debuted in 2000.
Prove me wrong. I double-dog dare you. The last person who tried proudly trotted out a list of MacOS (Classic) Viruses (all SEVEN of them!), all from BEFORE OS X even existed...
Based on your username, I suspect you're just a Mac cult fanboy, so I expect that these "apple-haters" are just reality-based people. Try being less obvious.
These people are like some creepy guy walking around your house rattling windows and doors looking for a way in. Then, when they find it, they want a prize.
At what point can we just shoot them?
Just ignore them. That's the surest way to get them to go away.
Great! You can encrypt some files. You're amazing!
Show me a zero-click network infection vector, then I'll be a little worried. Yes, I've already removed Flash and never installed Adobe Reader. No, getting me to execute an email attachment (after disabling Gatekeeper) doesn't count.
I'm with you.
I've been Flash-Free on my MBP since I bought it in 2013, and same with Adobe Reader.
I've only missed Flash a couple of times, but not enough to make me want to install it; as as for Adobe Reader, I think that recent versions of Preview are actually getting better than Reader for most things.
What really pisses me off are the sites that won't play a video without Flash on OS X; but if I visit the same site with my iPad, it happily plays the video (without using Flash, of course)! WTF is up with THAT?!? Is there some secret Flash Cabal, or what?
Slashdot Mirror
CVE-2015-6988 - CVSS score 10.0 https://web.nvd.nist.gov/view/...
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
That's just the highest score. I'm not sure why you think OS X does not have any scores above 2. There are large numbers of CVEs above 2.
Wow! you are exactly right! I don't know what I was doing; but I was obviously not "filtering" the CVE Results correctly, sorry!
However, and again I might be looking at the list incorrectly; but when I went to check on the (frankly eye-popping) list of OS X Vulnerabilities for 2015, I couldn't find any that were UNRESOLVED. Is there a way to find a list of Vulnerabilities on the CVE List that you can Filter on whether there was a Solution? Because as it stands, it looks like Apple has cleared up everything as of OS X 10.11.1, iOS 9.0.1 (IIRC) and WatchOS 2.01, and that there are no "outstanding Vulnerabilities".
Is that true?
the problem is even if you are right (and i agree with you) the first response shouldnt be defense against non apple people. it should simply be explained and if it is a problem shared and corrected you arent getting voted down for being wrong (you are not wrong IMO) you are being down voted for being smug and offputting
I agree with you (especially the part about my not being wrong!); but after being repeatedly bludgeoned and downmodded by certain factions on Slashdot, and noticing a continuing and continuous pattern of almost exclusively ACs that bend over backwards to cast every single thing that Apple is or does (or doesn't do) as "Teh Evilz", I'm sorry; but I have just become a litlle "hair triggered" when it comes to Apple-Bashing ACs.
Well, the AC isn't *entirely* wrong. At least you're open about your fanhood. (No, spell check, that is a word because I say it is a word.) I say, so long as it works for you and you don't mind the price then, by all means, go for it. The number of desktops that use my chosen OS probably increases an order of magnitude when I turn my machines on so, yeah, I don't really have the whole popularity thing down pat.
LOL! I TRULY like that statement!!!
Anyhow, as I'm sure you know, I don't dislike Apple or anything. I dare say that I've probably bought more Apple devices than anyone here - if we want to be technical and only count spending our own money and not that of an employee or government.
From what you have told me privately, I would say you have pretty much everyone on Slashdot beat on that point!
I've used the OS and it seems fine to me. I'd probably use it more if I could try it on varied hardware. I've never taken the time to actually learn the ins-and-outs but it's stable and reasonably secure. Nothing is, truly, secure but OS X seems to have greater security baked in, for now.
Meh... To the point, well, you are a bit passionate about the Mac. They're not entirely wrong. That's pretty good, for an AC.
In my defense, I think you would agree that I am no more (and likely quite a bit less) "passionate" about my Platform of Choice than a lot of the F/OSS zealots, er, fanhoods ( ;-) ) that post on these Pages...
Two wrongs don't make a right, but they do tend to obscure each other.
Nice straw man you have there. The OP was describing the number of naive Mac users who have heard - and believe/repeat - the message that Macs aren't affected by malware. (Even if OP used the word "virus.") Which you seem to also acknowledge is BS. Those of us who aren't fanbois have heard this story time and again from uneducated Mac users, and Apple itself intentionally clouded with the "Macs don't get PC viruses" marketing bullshit.
I think that at this point, most users, even "naive" Mac users, are aware that Trojans exist, and that no amount of AV can protect you from being click-happy.
However, OS X's FIFTEEN-YEAR unblemished record stands: No Malware that did not require User Intervention to perform the initial infection, period. That isn't fanboiism. That isn't naivety. That's a fact.
And it is not "marketing bullshit" to state that Macs don't get Windows viruses. It is an important marketing distinction, especially when used under the auspices of their "Mac vs. PC" campaign.
And what you disingenuously don't point out is that Apple was careful to add the disclaimer (small, and at the bottom, like all disclaimers) that no computer was completely immune from attack. I can't find a copy of the original webpages; but the disclaimer was much like this one from the "OS X Security" Page, that states:
"While no system can be 100 percent immune from every threat, OS X lets you do even more to keep your information as safe as possible."
You must have missed all of the Pwn2Own contests. Mac OS has fallen first in every one due to insecure software.
You must've missed at least the last two.
Windows (IE) fell first in both years. OS X itself never did fall. Safari fell on the second day during both years, due to two exploits.
In the early Pwn2Own contests, OS X (or rather some apps running under OS X) fell first due to three factors:
1. Everyone wanted to OWN (that is "Win") the MacBook Pro being given away.
2. Flash
3. Adobe Reader
But you will note that Flash and Adobe Reader have not been included as part of an OS X standard build for several years now.
So, if Apple can simply tighten-up Safari a bit (and in 2014, only one team was even able to exploit anything on OS X (that being Safari)), they might even survive the next Pwn2Own.
Is iOS simply more profitable? Is Android harder to program or support? Is code easily portable? Do iOS devices have more hardware resources?
In Order:
Yes.
Yes
Depends
Not necessarily "more"; but certainly "more predictable"
What about third party, binary-only libraries, which some devs use?
That is admittedly a detail that would have to be worked-out; although, considering the "price" of getting caught peddling malware in the Apple App Store(s), and how trivial it is for Apple to cut off distribution (and future contributions) by those Applicants, I think that the attack surface would end up being just not worth the development effort, cost and hassle.
And yet Linux just got it's first malware target also. And how big is that desktop market compared to OS X?
Actually, not to pick on poor ol' Linux (it means well, afterall!); but there are quite a few ACTUAL Viruses (rather than Trojans, which any OS is vulnerable to) listed for Linux, as opposed to, um ZERO (EVER!) for OS X. To be fair, most of these have been rendered ineffective by Updates; but...
And OS X has been out nearly as long as Linux, and has TEN TIMES the marketshare (especially on the Desktop).
Don't expect Apple to be able to catch it with a signature scanner. There are billions of virus variants out there, and polymorphing code is a solved problem by malware writers, so a logic scanner, even with heuristics, isn't going to catch it. If it does, the bad guys will see it get pulled and write something else.
It's one thing to catch malware in an Object file; it is QUITE another when you have the Source. I think that most Open Source advocates would agree, code obsfucation notwithstanding.
As soon as Apple listens to me (ha!) and has App Store submitters send Apple their XCode Project Files, so that APPLE can inspect the SOURCE, AND so APPLE can do the final Build with a "blessed" version of XCode, then it will be HIGHLY unlikely that code large and complex enough to do anything nefarious will be able to get by the Approval process, even with some sophisticated obsfucation (which tends to make code even larger and more complex).
And one good thing about the App Store: If/when something like that DOES slip through, Apple can instantly revoke the Developer's key, and they will have to start all over again under a new name, Apple ID, Credit Card, etc.
That gets old real fast for the malware developers, when all you accomplished was to infect a few dozen (or even a few hundred) Macs each time, before you were caught.
And I have oceanfront property in Arizona I can sell you.
The college I went to all the mac were like 2 dollar hookers that never used protection. As soon as you took out your usb device you would run to the 4 Windows cleaning stations to hopefully kill what the mac just gave to them. You didn't have to do anything just plug in the usb device and then eject it.
I know according to the Apple fans this is not true and never happen. They say it was the Windows systems doing this and then cleaning. But you can take the usb to another system and still find the same as the cleaning systems.
Where did I say that Macs could not be CARRIERS for WINDOWS viruses?!?
In fact, in the instance of Macs being used in an application like a "Computer Lab", I would most heartily recommend running something like ClamAV, SPECIFICALLY to avoid being a "vector" for Windows malware.
But you are just changing the subject if you think that means that the MACS were being affected by the WINDOWS viruses.
So, the blame goes to the IT Staff that was running the Lab; not the Macs, sorry...
ZFS != backups, just like RAID != backups. It provides no protection against ransomware or someone doing a "rm-rf /".
[snip]
You basically have two choices: An enterprise level backup utility, or cobble together a solution and pray it works. If budget prevents a proven solution, I'll go with the amateur night stuff... but I'll make sure to have at least two different ways of backing up machines, so when (not if) one fails, I still am OK... and I also run test restores on a monthly basis just to check for hidden corruption of stuff.
I wholeheartedly agree with your statement that ZFS != backups (and even more so with RAID, in my bitter experience!)
However, I worry (probably too much) about bit-rot, and the problem of overwriting a good Backup with a bit-rotted Original. I was hoping that ZFS would at least help prevent the bit-rot from spoiling the Original.
I also agree with you that it's NOT the "Backup" that's critical, it's the RESTORE. That's why I won't mess with ANY Backup software that creates Proprietary backup "packages". IIRC, that's what turned me off to Retrospect, way back when it was a Mac-Only product. You're right: They ARE fragile, and NOTHING is as disheartening as a Backup that won't Restore!
In fact, that's one of the things that is off-putting about ZFS: If something goes wrong, where are the tools to try and pull something/anything out of the data-soup?
recent versions of Preview are actually getting better than Reader for most things
I've never found Reader to be better than Preview. I don't use OS X anymore, and Preview for PDFs is one of my majorly missed applications.
You must've come along after say, Tiger. In Tiger and before, Preview was ok; but lacked stuff like Highlighting and Annotations. It started to get better in Leopard (10.5), and by Snow Leopard, was getting pretty good.
So, begging the question: Why don't you use OS X "anymore"?
Based on your username, you won't sign even a screen name to your trollish opinion.
WTF are you even talking about?
I said "will not" not "never have". However, I could have said never have with the caveat of being a customer and rather than consumer. The GS was a gift from my parents and while I did personally buy one, it was at a flea market years later (and it was an original "Woz Edition" GS).
While I agree wholeheartedly with your "Apple ][ Forever!" sentiment (and BTW, it was JOBS that urged Woz to include EIGHT peripheral Slots in the original Apple ][ Design; not that I'm a big "Jobs" fan, mind you), I take exception to your characterization of the Lightning Connector and Apple's Curated App Store.
The Lightning Connector solved a lot of design and packaging problems for Apple, and is one pretty cool piece of engineering. I do wish the Male end was a little more robust; but it is still much better for the User than the abomination that is Micro (or is it Mini?) USB...
As for the Curated App Store, you need look no farther than the Android mess to show that, on balance, what Apple is doing is FAR better for the VAST MAJORITY of Users than the "Wild West" approach that Android employs. And now that iOS 9 and XCode have teamed-up to allow those who are savvy-enough to do "sideload" Apps, (which are, coincidentally, also the group of Users that are savvy-enough to be a little more careful (one would hope!)), there really isn't a "Walled Garden" issue, anyway. But people like you will continue to live in the past, and pine for the good ol' days of the Apple ][.
Don't get me wrong: I LOVED my Apple ][, too, and have VERY fond memories of working with same (the first Apple ][ I worked on was Serial Number 0013, back in 1977. It didn't even have the "cooling slots" along the sides. I wrote tens of thousands of lines of code, and built several peripheral cards for same (including a multifunction I/O card that was big enough to require a FOOT to hold up the back of the card!); but I haven't fired up either of my Apple ][s (nor my ][gs), nor my Pinecom ][ Clone, since about 1995. it was just a different time...
When I used to use a Mac, security updates came in via Software Update every week or two. There obviously were security holes galore in the operating system (and don't get me started on early versions of Safari automatically downloading and opening files without asking permission first...), it's just nobody bothered exploiting them.
I agree that that was a boneheaded Default, and it amazed me even more that it persisted even after the weakness was pointed-out. However, as you know, the fix was simple: Uncheck the checkbox.
However, I believe you would agree that we are LONG-past the "Security Through Obscurity" point with OS X (and really never were there with iOS); and now are FAR into the "Look at Me! I actually Infected a Mac!" bragging-rights territory (e.g. TFA). So, it is pretty clear that OS X really DOES have some serious Security chops, and really DOESN'T have any "Serious" Vulnerabilties.
Look at the CVE List. On OS X, NOTHING rises above a 2.x on their "Severity" Scale. Nothing.
Now compare that to Windows. Even Windows 10...
That's not "Obscurity". It's good Design.
You realize these "hacked" developers installed a different version of the tools... so it really doesn't matter what any company does since it's been modified? They could easily just replace the tools with their own look-a-likes (though, most likely ...
Actually, you're right.
As long as Apple allows the Devs. to do the final "for-Publication" Build, this is a potential problem.
However, when the Article on the tainted XCode came out, I proposed an elegant and simple solution:
Upon Submission, Devs send Apple their XCode Projects, and APPLE does the "For Publication" Build with THEIR (likely non-tainted) copy of XCode. Done!
Even better, since this means that Apple has the Source, they can take a MUCH closer look with both manual and automated methods, and so are that much more likely to ferret-out obsfucated malware.
Apple just has to add a paragraph to their Dev. Agreement, stating they won't divulge, etc., and change their Submission Procedures to require the XCode Projects.
Since anyone developing for Apple Products uses XCode, this is a true no-brainer.
and I still hate apple and wont buy any of their products.
But you already did.
Well, there is the new problem of programmers compiling their software with an infected, not-downloaded-from-Apple version of XCode. I'm not quite sure if Apple can catch 100% of those that get sent to the App Store, but that's one major security risk IMHO. And I say that as an OS X user.
Fight for your bitcoins!
That version of XCode was downloaded from a Chinese non-Apple source. I would imagine that Apple is going to modify XCode fairly soon so that it makes sure it is not modified before allowing a Build Application to happen, or maybe even a Launch of XCode.
Safari > Preferences > Advanced > Show Develop menu in menu bar
You only need to do that once to enable the new menu. After that, if a website gives you "Flash is required to view the video", try the following:
Develop > User Agent > Safari iOS X.X - iPad
If the website does support iOS/iPad, it'll be sending your browser HTML5 code linked to a standard H.264 video file that will play without any problem.
Fight for your bitcoins!
Cool, thanks! Maybe I'll give that a try. I have to admit, I do far more web-browsing on the iPad than my MBP anyway, though.
We already know that the typical Mac users is naive "there are no viruses for Mac!" and we also know there's a whole niche market of Apple users with more money than brains. I expect these people to haul in more money than the Windows ransomeware guys.
It is not "naive" to be aware that there are currently no "No user intervention required" viruses for OS X or iOS. It is the truth.
It IS "naive" to NOT be aware that there ARE a few (very few!) pieces of Malware that require a Social Engineering component and User Intervention to install. HOWEVER, Mac users are (justifiably) secure in the knowledge that, before these can infect more than a few dozen Macs, Apple will push out a detector-blocker into XProtect (which runs on every OS X machine running Snow Leopard or above, and gets updated automatically every 24 hours), and that will be that. And the interesting thing is that, the malware-writers know that, too; which makes Macs a FAR less tempting target than they would otherwise be.
Setting your User-Agent to something that looks iThing-ish is sometimes enough to get sites to serve their mobile versions with MP4 based video instead of flash.
Too much work to get around someone else's sloppy coding; but thanks for the tip!
You have to actually download it, choose to run it, close the warning box that is popping up to warn you exactly of this sort of software.
So, IOW, nothing to see here, move along. Nice Try, Dice/Slashdot. I'm sure you'll get a lot of clicks from mouth-foaming Apple-Haters, though; so good job!
See? Watch as the Apple-Haters Downmod my Post into oblivion, even though I speak the absolute truth: There IS nothing to see here. This is NOT a reasonable "Proof of Concept"; it is merely CLICKBAIT.
Sorry to burst your hate-bubble; but OS X has not had a non-Social-Engineered piece of Malware, EVER. And this is since OS X 10.0.0 debuted in 2000.
Prove me wrong. I double-dog dare you. The last person who tried proudly trotted out a list of MacOS (Classic) Viruses (all SEVEN of them!), all from BEFORE OS X even existed...
Based on your username, I suspect you're just a Mac cult fanboy, so I expect that these "apple-haters" are just reality-based people. Try being less obvious.
Try being less of an ANONYMOUS COWARD, COWARD.
These people are like some creepy guy walking around your house rattling windows and doors looking for a way in. Then, when they find it, they want a prize.
At what point can we just shoot them?
Just ignore them. That's the surest way to get them to go away.
Great! You can encrypt some files. You're amazing!
Show me a zero-click network infection vector, then I'll be a little worried. Yes, I've already removed Flash and never installed Adobe Reader. No, getting me to execute an email attachment (after disabling Gatekeeper) doesn't count.
I'm with you.
I've been Flash-Free on my MBP since I bought it in 2013, and same with Adobe Reader.
I've only missed Flash a couple of times, but not enough to make me want to install it; as as for Adobe Reader, I think that recent versions of Preview are actually getting better than Reader for most things.
What really pisses me off are the sites that won't play a video without Flash on OS X; but if I visit the same site with my iPad, it happily plays the video (without using Flash, of course)! WTF is up with THAT?!? Is there some secret Flash Cabal, or what?