Apple patches 22 security holes in Mac OS X

2»

Comments

  • Reply 21 of 30
    Quote:
    Originally Posted by JeffDM


    That doesn't make sense, as x86 instructions often can do more per instruction, vector instructions notwithstanding.



    But I wouldn't know why the x86 version is larger, unless it's also including x86-64 pieces too.



    It's true that you can potentially do more in a single (non-vectored) x86 instruction than you can with a single PPC instruction. But current generations of x86 (and x86-64) instructions can vary in length from 1 byte (NOP) up to 15 bytes.



    All PowerPC (including G5) instructions appear to always be exactly 4 bytes in length all the time.



    I don't know how long the statistically "average" instruction turns out to be for typical x86 code. But maybe it has something to do with the increased size.
  • Reply 22 of 30
    jeffdmjeffdm Posts: 12,951member
    Quote:
    Originally Posted by csimmons


    I'd have to disagree with you there. For the past few years, Apple has been getting very good press regarding OSX (both for Tiger and Panther), therefore making it a high profile target for hackers. Hacking is more ego driven than anything, so I believe that OSX has probably been high on the hackers hit list for a long time, since the person who successfully writes a virus for OSX and put's it in the wild will almost instantly become a legend, at least in the hacker community. Vista has already been hacked, so it's not as interesting as OSX is as a target.



    I don't remember any press on Panther. Apple didn't get to be high profile for their computers until after Tiger was released, and sales were dismal until the Intel units were released. The malicious hackers are now more money driven than anything now. Why worry about ego when they can make money building a botnet? That's the reason there really aren't many truly destructive worms, trojans or viruses because there's more money in using it as a bot than bricking it.
  • Reply 23 of 30
    Quote:
    Originally Posted by lfmorrison


    It's true that you can potentially do more in a single (non-vectored) x86 instruction than you can with a single PPC instruction. But current generations of x86 (and x86-64) instructions can vary in length from 1 byte (NOP) up to 15 bytes.



    All PowerPC (including G5) instructions appear to always be exactly 4 bytes in length all the time.



    I don't know how long the statistically "average" instruction turns out to be for typical x86 code. But maybe it has something to do with the increased size.



    Or maybe it's just that some of the affected code appears in low-level hardware-specific or highly optimized modules that were written differently for the PPC and Intel versions, and certain bugs only appeared in the Intel build.



    [edit: I just noticed that at least one of the updates is actually pretty much PPC-exclusive, since the odds of finding an Intel Macintosh with an original Airport card is just about zilch...]
  • Reply 24 of 30
    melgrossmelgross Posts: 33,355member
    Quote:
    Originally Posted by JupiterOne


    I was thinking the exact same thing when I first heard about this release. My first thought was, "What?, Oh, OK. A security update." But with Windows, you first read/hear about these things in the papers, TV, online, everywhere, except from Microsoft. Then a few days or a week or so later, you get the security patch from Microsoft. It's like Microsoft is always the last to know about their security holes.



    Actually, it's the other way around. Apple is secretive about its security updates. Often the complaint has been made that Apple won't even say what it was for. But they have been getting better about that now.



    MS had also come out with security updates on a monthly schedule, whether there were a lot, or a few. Apple often waited months after a security threat was announced before even acknowledging it, and even longer before coming out with a patch.
  • Reply 25 of 30
    melgrossmelgross Posts: 33,355member
    Quote:
    Originally Posted by Abster2core


    Apple has always taken security seriously. To assume otherwise is absolutely ludicrous.



    Sorry, but Apple had been very lackadaisical about security updates, as I stated in my post above.



    Maybe you haven't been here much, but it's a topic we've discussed often.
  • Reply 26 of 30
    Quote:
    Originally Posted by csimmons


    I think the key word here is "attempts".



    That is one of the fundamental differences between Apple and M$: Apple tends to fix things before they become a problem, whereas M$ only fixes things after the damage has already been done.



    You obviously do not read Microsoft's monthly security releases carefully. The majority of patches are for unexploited vulnerabilities, most discovered internally. Just like Apple's patches.



    Steve
  • Reply 27 of 30
    Quote:
    Originally Posted by JupiterOne


    I was thinking the exact same thing when I first heard about this release. My first thought was, "What?, Oh, OK. A security update." But with Windows, you first read/hear about these things in the papers, TV, online, everywhere, except from Microsoft. Then a few days or a week or so later, you get the security patch from Microsoft. It's like Microsoft is always the last to know about their security holes.



    The second Tuesday of every month is when Microsoft releases their security patches. They used to release them more frequently but companies requested the monthly cycle so they could better plan downtime and deployments.



    Steve
  • Reply 28 of 30
    It seems that the folks over at MacRumors http://www.macrumors.com/pages/2006/...01145647.shtml are discussing several more security issues, to include the first possible adware for the OS. It would appear to me that more of these security issues are coming to light now that more people are using the OS. I would certainly hope that Apple puts greater emphasis on securing the OS in Leopard than they ever have before in past releases, as more and more people will continue to buy Macs and it will become more tempting for people to exploit vulnerabilities. I'd hate to see some exploit in the wild that would bring the OS to its knees because Apple wasn't proactive enough to make sure the vulnerabilities weren't there.
  • Reply 29 of 30
    mr. memr. me Posts: 3,221member
    No, there are not more security issues in MacOS X. What you are getting more of are scare stories from companies whose business is security. These stories have much more to do with the release of Vista than they have to do with heretofore undiscovered vulnerabilities in MacOS X. Why? Vista features a built-in antivirus utility. The likes of Symantec and others fear that Microsoft is about to eat their lunch--and they are probably right. To replace the business they expect to lose on the Windows side, they are trying to drum up new business on the Mac side.



    The sky really is not falling.
  • Reply 30 of 30
    demenasdemenas Posts: 109member
    Quote:
    Originally Posted by Mr. Me


    No, there are not more security issues in MacOS X. What you are getting more of are scare stories from companies whose business is security. These stories have much more to do with the release of Vista than they have to do with heretofore undiscovered vulnerabilities in MacOS X. Why? Vista features a built-in antivirus utility. The likes of Symantec and others fear that Microsoft is about to eat their lunch--and they are probably right. To replace the business they expect to lose on the Windows side, they are trying to drum up new business on the Mac side.



    The sky really is not falling.



    Windows Vista does not include "a built-in antivirus utility". In fact when you install it you will see a Yellow warning symbol in the tray until you do install one.



    Microsoft does have an optional subscription pay service "OneCare" (or something like that) which has anti-virus capabilities. And "Windows Defender" is built in (anti-spyware).



    Steve
Sign In or Register to comment.