A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.
But your wrong, even good network hygiene won't save you if your unlucky (see my other post).
no... I tried to retain a thread. I was agreeing with TS (my editting sucked today... bad network performance and mental timeslicing).
As for me being wrong... I never said you were 100% safe... I just indicated that your risk was lower than 100%. and that patching your system didn't fix any problems if you're 'luck' was bad.
In any 'defense in depth' risk management scheme, human action is the first level, but there are several other levels... frequent changing of repeating secrets (passwords), monitoring of transactions, vulnerability management, hardening systems, etc.. focusing on the one level (VM) without the others is like focusing your toothpaste brand, and but not caring how often you brush your teeth, avoiding sugar and acid foods, go to the dentist, flossing, or wearing a mouthguard when you play contact sports.
and back to the point... no amount of patching will 'undo' the impact. Due to the length of time this flaw was in the wild, and the potential that it was discovered by at least one 'grey/black' hat entity (e.g. NSA's inclusion of iOS in PRISM at the same time the code seems to have been introduced... if they found, we must assume someone else could have [unless we are into conspiracy theories of code planting]), the wise thing is to suck it up, and start changing passwords, and being vigilant on monitoring financial/credit transactions.
PC Guy: "Actually there are 114,000 known viruses for PC's"
Mac Guy: "PC's, not Macs"
Right. 114,000 PC viruses for the PC; not for the Mac.
What's your beef? That they didn't site the half dozen viruses that were written for an old Mac operating system that doesn't even exist on modern Macintosh computers anymore? (OS 9)
As for malicious ware on 21st century Macintoshes; Well, you would be talking about "trojans", not viruses.
And if someone has my info, why bother waiting for me to change my passwords?
Why would someone wait for you to change your password before trying to steal your data?
Why not use that info right away before I know what's happened?
Who says they haven't been using it? You being unaware of something doesn't mean it hasn't happening?
Also, why assume they necessarily had access to read your data before now? As I stated, I have GiBs of data I pulled for testing but I couldn't read because it was encrypted… or so I thought. Now I can go back to all those packets I've pulled in the last 18 months and read every little bit of them. Now imagine if someone was grabbing data for dubious reasons in hopes of finding a hole. Do you want to be able to read all the data you thought you had sent securely? Do you want to have your login credentials going forward?
You et al. seem to be coming at this like it's out of some cheesy hacker movie and anything less just isn't worth entertaining. That's foolish.
Just in case there were others out there that have had issues with unread counts not showing, I found a solution that seems to work for me. Basically it requires you to remove your mail accounts, rename some system folders (to force new ones to get created) and then re-create your mail accounts. My mail is still syncing, but my unread counts are back again and accurate:
Hold down the option key and go to Go > Library > Mail and rename the Mail folder Mail.old
Again, hold down the option key and go to Go > Library > Containers > com.apple.mail and rename that folder com.apple.mail.old
And again, hold down the option key and go to Go > Library > Containers > com.apple.MailServiceAgent and rename that folder com.apple.MailServiceAgent.old
If his speakers worked it would interfere with the NSA listening through his microphone.
Actually... I guess I am safe there too, as my bloody microphone and headphones DON'T WORK EITHER! After @ 4hrs of online chat with Apple Support and an extended phone call w/ them, they have finally, reluctantly come to the conclusion that the problem most likely is a matter of the new 10.9.2 update conflicting with the Sound drivers/firmware of my Late '08 MacBookPro. Their "solution" is to wait until some undetermined future date when a newer OS update will come along and magically undo the damage done by this update. Reinstalling Mavericks, zapping PRAM, resetting the Power manager, etc, etc, none of that did a bit of good.
Oddly enough, I DO get sound out through Bluetooth when I pair it to the earbud I use with my iPhone. Different channel?
Not holding my breath on the magic update's arrival...
-eb
Actually... I guess I am safe there too, as my bloody microphone and headphones DON'T WORK EITHER! After @ 4hrs of online chat with Apple Support and an extended phone call w/ them, they have finally, reluctantly come to the conclusion that the problem most likely is a matter of the new 10.9.2 update conflicting with the Sound drivers/firmware of my Late '08 MacBookPro. Their "solution" is to wait until some undetermined future date when a newer OS update will come along and magically undo the damage done by this update. Reinstalling Mavericks, zapping PRAM, resetting the Power manager, etc, etc, none of that did a bit of good.
Oddly enough, I DO get sound out through Bluetooth when I pair it to the earbud I use with my iPhone. Different channel?
Not holding my breath on the magic update's arrival…
-eb
Wow! I see you're in either California or Canada. Any chance you can make it to an Apple Store to get assistance that is better than a call center and potentially get 10.9.1 installed?
Yeah, thought about that - it would mean having them wipe the drive, ( a 1 -T, w/ 2 partitions) and then reloading it all over again... + being gone a week. Probably what I will have to do though, since it will likely be a long time before a fix comes through for such an old machine. Although, I see on the Apple Support board that a 2011 Mac Mini and a 2013 MacBookAir are also complaining of the same issue tonight... maybe more widespread than they think. -eb
Not a single word of what you have written disproves his statement in any respect.
Correct - not a single word taken by itself disproves his statement. Rather, it is a group of words that states in very clear language: "It doesn't get PC viruses", further stating directly under that text that a Mac has "built-in defenses in OS X that keep you safe, without any work on your part" Very black and white. One cannot successfully make the argument that Apple is stating the Mac isn't susceptible to "PC viruses" simply because it's not running Windows. They call out the fact that the Mac will "keep you safe, without any work on your part". Just read the next column in the ad: "Safeguard your data. By doing nothing"
If they weren't (incorrectly) promoting the fact that Macs don't get viruses, then why did they change the ad later, leaving themselves lots of wiggle room with new wording that doesn't use the word "virus" and clarifies that a Mac will "help keep you safe"? There is a very large difference between:
"It doesn’t get PC viruses."
"A Mac isn't susceptible to the the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."
I do wish you'd stop being such an a**hole TS. Its boring. Its offensive.
hm 180 post taniwha to 31580 something posts for TS, SO taniwha, what gives you the right to sit judgement on TS?... TS has almost 180 posts to everyone of yours...
um, proof Taniwha... And not just ad hominem attacks... explain how TS is boring, and Explain how TS is offensive.
This is very basic and it calls into question not just the coding style which lead to this ( not just the gotos but the way it would succeed, ie actually just clean up when sopposedly "failing") and lack of code reviews and proper compiler warnings - I mean that's true but people are human - but the testing. The sad truth is nobody in Apple tested a site with a bad cert, nobody wrote those test scripts. That's the fundamental test for ssl security. The goto fail website produced a test in 10 minutes. What is going on?
My thoughts exactly. This could be an incident, but even that is worrisome.
Comments
Again, Apple never said Mac OS was incapable of getting any viruses or malware.
Uhhhhhhh.
PC Guy: "You'd better stay back, this one's a doozy"
Mac Guy: "That's OK, I'll be fine"
PC Guy: "Actually there are 114,000 known viruses for PC's"
Mac Guy: "PC's, not Macs"
Screenshots from the old "Why you'll love a Mac" (showing the flip flop):
http://www.wired.com/wiredenterprise/wp-content/uploads//2012/06/sophos.jpg
And here's the web page via the Internet Archive:
http://web.archive.org/web/20120329193342/http://www.apple.com/why-mac/better-os/
And I quote the page:
It doesn’t get PC viruses.
A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.
You seem to confuse two persons.
But your wrong, even good network hygiene won't save you if your unlucky (see my other post).
no... I tried to retain a thread. I was agreeing with TS (my editting sucked today... bad network performance and mental timeslicing).
As for me being wrong... I never said you were 100% safe... I just indicated that your risk was lower than 100%. and that patching your system didn't fix any problems if you're 'luck' was bad.
In any 'defense in depth' risk management scheme, human action is the first level, but there are several other levels... frequent changing of repeating secrets (passwords), monitoring of transactions, vulnerability management, hardening systems, etc.. focusing on the one level (VM) without the others is like focusing your toothpaste brand, and but not caring how often you brush your teeth, avoiding sugar and acid foods, go to the dentist, flossing, or wearing a mouthguard when you play contact sports.
and back to the point... no amount of patching will 'undo' the impact. Due to the length of time this flaw was in the wild, and the potential that it was discovered by at least one 'grey/black' hat entity (e.g. NSA's inclusion of iOS in PRISM at the same time the code seems to have been introduced... if they found, we must assume someone else could have [unless we are into conspiracy theories of code planting]), the wise thing is to suck it up, and start changing passwords, and being vigilant on monitoring financial/credit transactions.
Again, Apple never said Mac OS was incapable of getting any viruses or malware.
Uhhhhhhh.
PC Guy: "You'd better stay back, this one's a doozy"
Mac Guy: "That's OK, I'll be fine"
PC Guy: "Actually there are 114,000 known viruses for PC's"
Mac Guy: "PC's, not Macs"
Screenshots from the old "Why you'll love a Mac" (showing the flip flop):
http://www.wired.com/wiredenterprise/wp-content/uploads//2012/06/sophos.jpg
PC Guy: "Actually there are 114,000 known viruses for PC's"
Mac Guy: "PC's, not Macs"
Right. 114,000 PC viruses for the PC; not for the Mac.
What's your beef? That they didn't site the half dozen viruses that were written for an old Mac operating system that doesn't even exist on modern Macintosh computers anymore? (OS 9)
As for malicious ware on 21st century Macintoshes; Well, you would be talking about "trojans", not viruses.
(lookitup)
Not a single word of what you have written disproves his statement in any respect.
Why would someone wait for you to change your password before trying to steal your data?
Who says they haven't been using it? You being unaware of something doesn't mean it hasn't happening?
Also, why assume they necessarily had access to read your data before now? As I stated, I have GiBs of data I pulled for testing but I couldn't read because it was encrypted… or so I thought. Now I can go back to all those packets I've pulled in the last 18 months and read every little bit of them. Now imagine if someone was grabbing data for dubious reasons in hopes of finding a hole. Do you want to be able to read all the data you thought you had sent securely? Do you want to have your login credentials going forward?
You et al. seem to be coming at this like it's out of some cheesy hacker movie and anything less just isn't worth entertaining. That's foolish.
I hate to interrupt all the snark, but can someone post a build number for 10.9.2?
13C64
Why not ditch gmail? It's crap! Don't blame Mail for crappy email service from Google.
BS. Gmail is one of the most reliable services out there.
Just in case there were others out there that have had issues with unread counts not showing, I found a solution that seems to work for me. Basically it requires you to remove your mail accounts, rename some system folders (to force new ones to get created) and then re-create your mail accounts. My mail is still syncing, but my unread counts are back again and accurate:
Hold down the option key and go to Go > Library > Mail and rename the Mail folder Mail.old
Again, hold down the option key and go to Go > Library > Containers > com.apple.mail and rename that folder com.apple.mail.old
And again, hold down the option key and go to Go > Library > Containers > com.apple.MailServiceAgent and rename that folder com.apple.MailServiceAgent.old
In Mail, recreate your email account.
Actually... I guess I am safe there too, as my bloody microphone and headphones DON'T WORK EITHER! After @ 4hrs of online chat with Apple Support and an extended phone call w/ them, they have finally, reluctantly come to the conclusion that the problem most likely is a matter of the new 10.9.2 update conflicting with the Sound drivers/firmware of my Late '08 MacBookPro. Their "solution" is to wait until some undetermined future date when a newer OS update will come along and magically undo the damage done by this update. Reinstalling Mavericks, zapping PRAM, resetting the Power manager, etc, etc, none of that did a bit of good.
Oddly enough, I DO get sound out through Bluetooth when I pair it to the earbud I use with my iPhone. Different channel?
Not holding my breath on the magic update's arrival...
-eb
Wow! I see you're in either California or Canada. Any chance you can make it to an Apple Store to get assistance that is better than a call center and potentially get 10.9.1 installed?
-eb
Can you post link to at least one of those ads?
I know that right now they suggest that with Mac OS, "Security was the first thought. Not an afterthought."
http://www.apple.com/osx/what-is/
Some people might have a heyday with that one.
Not a single word of what you have written disproves his statement in any respect.
Correct - not a single word taken by itself disproves his statement. Rather, it is a group of words that states in very clear language: "It doesn't get PC viruses", further stating directly under that text that a Mac has "built-in defenses in OS X that keep you safe, without any work on your part" Very black and white. One cannot successfully make the argument that Apple is stating the Mac isn't susceptible to "PC viruses" simply because it's not running Windows. They call out the fact that the Mac will "keep you safe, without any work on your part". Just read the next column in the ad: "Safeguard your data. By doing nothing"
If they weren't (incorrectly) promoting the fact that Macs don't get viruses, then why did they change the ad later, leaving themselves lots of wiggle room with new wording that doesn't use the word "virus" and clarifies that a Mac will "help keep you safe"? There is a very large difference between:
"It doesn’t get PC viruses."
"A Mac isn't susceptible to the the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."
(the first ad at http://web.archive.org/web/20120329193342/http://www.apple.com/why-mac/better-os/)
and
"It helps keep you safe"
"Built-in defenses in OS X help keep you safe from unknowingly downloading malicious software on your Mac"
(the later ad which can be seen at http://web.archive.org/web/20120811220303/http://www.apple.com/why-mac/better-os/)
Obviously Apple doesn't take OS X seriously anymore.
To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.
I was wondering about that too.
The only thing I can think of is that 2 releases in a short span of time is to much hassle.
Why not ditch gmail? It's crap! Don't blame Mail for crappy email service from Google.
Your right, but some of us have gmail at work.
um, proof Taniwha... And not just ad hominem attacks... explain how TS is boring, and Explain how TS is offensive.
This is very basic and it calls into question not just the coding style which lead to this ( not just the gotos but the way it would succeed, ie actually just clean up when sopposedly "failing") and lack of code reviews and proper compiler warnings - I mean that's true but people are human - but the testing. The sad truth is nobody in Apple tested a site with a bad cert, nobody wrote those test scripts. That's the fundamental test for ssl security. The goto fail website produced a test in 10 minutes. What is going on?
My thoughts exactly. This could be an incident, but even that is worrisome.
I'd like to subscribe to your newsletter.