In a repeat performance from last week/last month Daniel Eran Dilger of Roughly Drafted posts another maniacal diatribe under the pseudonym Prince McLean and once again drives the staunchest of fanboys running for the exits. AI: you're going to have to learn that this isn't doing your street cred any good.
Yeah, its a good article, without all of the bits trying to discredit the report. Mac's aren't magically super secure, nor are they completely insecure. Taking the report a bit less personally would make for better reporting.
Quote:
Originally Posted by talksense101
The article starts off as announcing the results of a hacking contest. It then discusses Windows and Macintosh patches. It then proceeds to discredit the contest. What are we trying to say here? Mac rules, Windows sux? The Mac was hacked, but the contest sucks?
In a repeat performance from last week/last month Daniel Eran Dilger of Roughly Drafted posts another maniacal diatribe under the pseudonym Prince McLean and once again drives the staunchest of fanboys running for the exits. AI: you're going to have to learn that this isn't doing your street cred any good.
Wow. I guess someone is feeling very threatened. Maybe what he said hit close to home???
While I would have liked to see more detail from both Prince Mclean and from the original author of the ConWest article, its nice to see more than one side to these "Macs are all bad, oK?" hit pieces.
The real world security problems that affect today's Windows users relate to the fact that there are not only more discovered flaws on Windows, but that these flaws are being actively exploited to develop viruses, spyware, adware, and other malware. Further, there are vast numbers of machines that are not promptly updated with the patches that do exist, resulting in fleets of vulnerable botnets that actively distribute new attacks to other systems. These two problems aggravate each other to create the Windows security crisis.
While pundits like to talk about numbers of discovered vulnerabilities, often failing to correctly compare similar code on each side (with Mac OS X inheriting the vulnerability counts in optional open source server programs, Java, and other components that are not considered on the Windows side), the real problem is active exploits. Mac OS X continues to have no real viruses, while Windows users continue to be plagued by viruses, adware, and other security problems.
At the same time however, the tech media is promoting the CanSecWest event as a "security shootout," with at least one report noting that browsers on the Windows box were "still standing" after Miller successfully applied his exploit attack to the Mac, as if the Windows box had somehow successfully dodged Miller's exploit rather than simply never having been aimed at by his open source attack. Internet Explorer 8 on the Windows machine was exploited shortly afterward by a different researcher calling himself Nil, followed by his demonstration of a successful crack of the Firefox browser.
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. Anybody that believes that their Mac is immune to exploits from security issues is living with their head in the sand. Everyone still needs to practice safe computing, i.e. staying away from potentially malicious web sites, not installing software that shouldn't be trusted, keeping our systems up to date with security patches, using a good quality router/firewall, etc. Just because there aren't any significant exploits in the wild today does NOT mean that the platform is immune. Windows didn't have significant security exploits in the wild once upon a time as well. It's really only a matter of time before someone decides that they want to create a Mac virus/worm. And anyone who believes that their computer is inherently immune is in for a very rude awakening at that point.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. ....
No one is saying that Mac OS-X is immune from viruses so most of your argument in regards that is a waste of time. The part highlighted above, that you started out with (security through obscurity) has been dis-proven many times over. When deciding between Windows and Mac, the Mac system *is* inherently more secure (not perfectly secure), than Windows, by design.
Also, while you are correct that a computer can be attacked without a user's password, to imply anything other than the fact that the majority of attacks are "socially" based is to ignore the truth. Most problems (on both systems), come from a user clicking on something they shouldn't.
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. Anybody that believes that their Mac is immune to exploits from security issues is living with their head in the sand. Everyone still needs to practice safe computing, i.e. staying away from potentially malicious web sites, not installing software that shouldn't be trusted, keeping our systems up to date with security patches, using a good quality router/firewall, etc. Just because there aren't any significant exploits in the wild today does NOT mean that the platform is immune. Windows didn't have significant security exploits in the wild once upon a time as well. It's really only a matter of time before someone decides that they want to create a Mac virus/worm. And anyone who believes that their computer is inherently immune is in for a very rude awakening at that point.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
the Mac isn't currently targeted for attacks,
It hasn't been for over 7 YEARS now. How long will it take? Another 3 years? Maybe another 5? We're still waiting. Hopefully we'll still be alive when something happens. And with that upside-down, ass-backwards clone-attempt of OS X (Windows 7), it looks like yet another iteration of the worst OS on the planet will keep hackers and malware writers happy for some time to come.
Until OS X *is* "targeted" (whatever that means), we'll stay quite smug, thank you.
Complete, utter mess. All it did was get worse. It's so bad, that lame MS is offering a reward.
And OS X remains unaffected. Again.
People think that just because there is a windows virus out there that windows automatically gets infected. Not true at all.
Just like with OSX it's up to the user to allow a virus in. I don't think there is a single case of Vista getting infected with a virus with UAC left on unless the user allowed it through.
Security is less about the OS and more about the person behind the keyboard. Just because you have an OS that is touted as more secure doesn't mean it is. Hell you just have to visit a certain website with OSX and safari to get hacked.
Trojans can masquerade in apps and when you authorize the app to install you inadvertently install the trojan.
Most people are stupid. And on other platforms and a false sense of security anything can happen. One must always remain vigilant.
The problem with this particular test is they used a beta OS and a beta browser. And considering it's beta it still outlasted OSX. I'm curious as to which beta release of 7 they were using.
No one is saying that Mac OS-X is immune from viruses so most of your argument in regards that is a waste of time. The part highlighted above, that you started out with (security through obscurity) has been dis-proven many times over. When deciding between Windows and Mac, the Mac system *is* inherently more secure (not perfectly secure), than Windows, by design.
Also, while you are correct that a computer can be attacked without a user's password, to imply anything other than the fact that the majority of attacks are "socially" based is to ignore the truth. Most problems (on both systems), come from a user clicking on something they shouldn't.
Ok, how is it more secure by design?
I have yet to see security through obscurity disproven. Do you have any links?
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target...
No one is arguing that point, once Macs attain a larger user base they will face more viruses.
However, viruses on a Windows platform, especially when using IE, can download and install immediately without the user's intervention, and sometimes the window that is performing these tasks will be working behind your main browser window, and sometimes it will be happening right in front of you and there would be nothing you can do about it. Although all that can be minimized by delving into the arduous tasks of setting up Internet securities and ActiveX.
BTW: Windows UAC is the most annoying security "feature" I've ever run into.
On the Mac, a virus can force an automatic file download and if it was professionally crafted, it can also launch the file; however, you'll get an alert stating the the file you're about to decompress or launch is from the internet and that it has never been launched before. Even if you mistakingly clicked "Open" you'll have to insert your password to actually initiate the installation process.
This even applies to installing updates through Apple's own "Software Update".
Snow Leopard will have even a safer way of isolating downloads by sandboxing apps.
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. Anybody that believes that their Mac is immune to exploits from security issues is living with their head in the sand. Everyone still needs to practice safe computing, i.e. staying away from potentially malicious web sites, not installing software that shouldn't be trusted, keeping our systems up to date with security patches, using a good quality router/firewall, etc. Just because there aren't any significant exploits in the wild today does NOT mean that the platform is immune. Windows didn't have significant security exploits in the wild once upon a time as well. It's really only a matter of time before someone decides that they want to create a Mac virus/worm. And anyone who believes that their computer is inherently immune is in for a very rude awakening at that point.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
A little quick to judge don't you think? I don't think Mac fans are saying we're 100% immune, we're just saying that we're "more secure". It is a fact and you can't deny it. The code is more stable and privs are in place that minimize the risk of malware, etc to the Mac OS.
I chose to switch because I wanted to spend my time and money on my computer, not updating my virus, malware, phishing software every day to shield myself from the enemy. I chose a system that allows me to use it with a more clear mind, not a fearful one. Do Apple haters really want to wait years and years for hackers to "catch up" and make Apple their "target"...or do you just want to live a web based life a lot more relaxed and safe until they do?
If it ever happens.
The average consumer is starting to see my side. When will you?
I'll never understand how buffer overflow attacks even get started.
Back when I was programming regularly in C, I'd use strlen() or strncpy() to check whether strings were within a limit and truncate it to a safe length, if necessary.
Are programmers these days too lazy to check string length before using it to execute potentially dangerous code? Or do they think that performance would suffer if they wasted clock cycles for safety?
It seems like such a simple and obvious solution to the often-used hacker strategy of the buffer overflow.
Would you call a hacker who uses such trite, cliche and unoriginal techniques a "hack?" I would.
No one is arguing that point, once Macs attain a larger user base they will face more viruses.
However, viruses on a Windows platform, especially when using IE, can download and install immediately without the user's intervention, and sometimes the window that is performing these tasks will be working behind your main browser window, and sometimes it will be happening right in front of you and there would be nothing you can do about it. Although all that can be minimized by delving into the arduous tasks of setting up Internet securities and the highly annoying ActiveX.
Snow Leopard will have even a safer way of isolating downloads by sandboxing apps.
I believe that only applies to XP and IE6
I believe IE7 and IE8 run in a sandbox. And in Vista and Windows 7 the code couldn't execute without the users permission.
Security always goes back on the user. And let's face it, most users, no matter the platform, are stupid.
Quote:
Originally Posted by 2blindforyou2
I chose to switch because I wanted to spend my time and money on my computer, not updating my virus, malware, phishing software every day to shield myself from the enemy. I chose a system that allows me to use it with a more clear mind, not a fearful one.
My head is held up high...far away from the sand.
You don't have to spend time and money and update virus and malware apps daily. For one those apps update themselves and it's not something you have to spend time on. Second, if you aren't a moron you don't even need them. I run without antivirus and malware protection and have never had a problem.
Phishing has nothing to do with the OS at all. And it will affect people no matter the OS.
Your head is buried deep in the sand as it is with the majority of computer users.
Don't be so fast to shrug it off. Users need stories like this as a reality check: Your computer isn't safe from your other personality.
The logic of this argument is seriously flawed.
1) these report breed false fears & misconceptions, which can actually contribute to a user being deceived. Spreading false information can not lead to educating users.
2) The word has long been out to end users that they can be their own worst enemy. There is absolutely nothing Microsoft or Apple can do about users allowing admin rights on a machine except continue to warn them not to do it. Users will still click through the warning prompts or even authenticate with username & password in the face of these warnings. There are unfortunately just some really naive & technology stupid people out there.
Many Apple folks already recommend that you should use a non admin account for your personal use & just authenticate when needed. The beauty of OS X is that you can actually function as a standard user in almost any aspect of the system, vs Windows that has major issues with this even when you are a power user.
The article starts off as announcing the results of a hacking contest. It then discusses Windows and Macintosh patches. It then proceeds to discredit the contest. What are we trying to say here? Mac rules, Windows sux? The Mac was hacked, but the contest sucks?
Hey, I love Apple. But I don't need these spin pieces by Apple Insider to tell me that Apple is better than Microsoft on security.
And this is pure spin. We are supposed to be happy because Apple issued more patches? If they had issued fewer patches, we would be told it was proof they had fewer flaws.
The fact is, both Apple and Microsoft have vulnerable systems. Apple is safer because it's such a small percentage of the installed base that hackers don't stand to profit much from it. Also, a lot of malware comes from countries where Macs are very expensive and thus rare.
Another reason is that Mac users tend to update their software more. You can find Windows boxes with Windows 95, 98, or Me in many homes even today.
In a repeat performance from last week/last month Daniel Eran Dilger of Roughly Drafted posts another maniacal diatribe under the pseudonym Prince McLean and once again drives the staunchest of fanboys running for the exits. AI: you're going to have to learn that this isn't doing your street cred any good.
In a repeat performance from last week/last month Daniel Eran Dilger of Roughly Drafted posts another maniacal diatribe under the pseudonym Prince McLean and once again drives the staunchest of fanboys running for the exits. AI: you're going to have to learn that this isn't doing your street cred any good.
Sorry to disagree, but your street cred is what's at stake.
Daniel's cred is he does wonderful honets reporting on all things Apple technical. It's a shame he has to put up with the hounds of hell. (That'd be you, Fairly.)
I have yet to see security through obscurity disproven. Do you have any links?
Sorry, security through obscurity has been disproven years ago. Just because you haven't read about it doesn't mean it doesn't exist. It just means you are ill-informed.
There have been several articles. Some are no longer posted. An article from three months ago can be found here;
Sorry, security through obscurity has been disproven years ago. Just because you haven't read about it doesn't mean it doesn't exist. It just means you are ill-informed.
There have been several articles. Some are no longer posted. An article from three months ago can be found here;
None of those articles disprove anything. They are just opinion pieces.
There are trojans for OSX. Bundled with software the user would very well give authorization for the software and thus get infected. Granted a user has to authorize this. But that is also true of Vista or 7.
I have heard from many OSX users that they got keylogged and their WoW accounts hacked.
OSX has been hacked twice now, two years in a row. In a matter of minutes. That sort of speaks for itself. It's not as secure as you think and there are vulnerabilities that can be exploited.
You can't disprove security through obscurity until the OS is no longer obscure. And you certainly can't do it with opinion pieces.
I also have yet to read about Vista with UAC on getting a virus unless the user authorizes it. But if the user authorizes anything they would be no safer on any other OS.
That said, I do like OSX. I can boot into it right now as a matter of fact. But there is no substitute for smart computing. The person on the other side of that keyboard is the biggest security threat no matter the OS.
Comments
Yeah, its a good article, without all of the bits trying to discredit the report. Mac's aren't magically super secure, nor are they completely insecure. Taking the report a bit less personally would make for better reporting.
The article starts off as announcing the results of a hacking contest. It then discusses Windows and Macintosh patches. It then proceeds to discredit the contest. What are we trying to say here? Mac rules, Windows sux? The Mac was hacked, but the contest sucks?
Dilger has personal issues.
In a repeat performance from last week/last month Daniel Eran Dilger of Roughly Drafted posts another maniacal diatribe under the pseudonym Prince McLean and once again drives the staunchest of fanboys running for the exits. AI: you're going to have to learn that this isn't doing your street cred any good.
Wow. I guess someone is feeling very threatened. Maybe what he said hit close to home???
While I would have liked to see more detail from both Prince Mclean and from the original author of the ConWest article, its nice to see more than one side to these "Macs are all bad, oK?" hit pieces.
OH, and you post just proves my point. LOL
Just a thought.
en
While pundits like to talk about numbers of discovered vulnerabilities, often failing to correctly compare similar code on each side (with Mac OS X inheriting the vulnerability counts in optional open source server programs, Java, and other components that are not considered on the Windows side), the real problem is active exploits. Mac OS X continues to have no real viruses, while Windows users continue to be plagued by viruses, adware, and other security problems.
At the same time however, the tech media is promoting the CanSecWest event as a "security shootout," with at least one report noting that browsers on the Windows box were "still standing" after Miller successfully applied his exploit attack to the Mac, as if the Windows box had somehow successfully dodged Miller's exploit rather than simply never having been aimed at by his open source attack. Internet Explorer 8 on the Windows machine was exploited shortly afterward by a different researcher calling himself Nil, followed by his demonstration of a successful crack of the Firefox browser.
Seems reasonable to me.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. ....
No one is saying that Mac OS-X is immune from viruses so most of your argument in regards that is a waste of time. The part highlighted above, that you started out with (security through obscurity) has been dis-proven many times over. When deciding between Windows and Mac, the Mac system *is* inherently more secure (not perfectly secure), than Windows, by design.
Also, while you are correct that a computer can be attacked without a user's password, to imply anything other than the fact that the majority of attacks are "socially" based is to ignore the truth. Most problems (on both systems), come from a user clicking on something they shouldn't.
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. Anybody that believes that their Mac is immune to exploits from security issues is living with their head in the sand. Everyone still needs to practice safe computing, i.e. staying away from potentially malicious web sites, not installing software that shouldn't be trusted, keeping our systems up to date with security patches, using a good quality router/firewall, etc. Just because there aren't any significant exploits in the wild today does NOT mean that the platform is immune. Windows didn't have significant security exploits in the wild once upon a time as well. It's really only a matter of time before someone decides that they want to create a Mac virus/worm. And anyone who believes that their computer is inherently immune is in for a very rude awakening at that point.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
the Mac isn't currently targeted for attacks,
It hasn't been for over 7 YEARS now. How long will it take? Another 3 years? Maybe another 5? We're still waiting. Hopefully we'll still be alive when something happens. And with that upside-down, ass-backwards clone-attempt of OS X (Windows 7), it looks like yet another iteration of the worst OS on the planet will keep hackers and malware writers happy for some time to come.
Until OS X *is* "targeted" (whatever that means), we'll stay quite smug, thank you.
Oh yes, there's so much more! I won't post because I don't want to overload AI.
But anyway, here's the latest:
http://news.cnet.com/8301-1009_3-10196122-83.html
Complete, utter mess. All it did was get worse. It's so bad, that lame MS is offering a reward.
And OS X remains unaffected. Again.
People think that just because there is a windows virus out there that windows automatically gets infected. Not true at all.
Just like with OSX it's up to the user to allow a virus in. I don't think there is a single case of Vista getting infected with a virus with UAC left on unless the user allowed it through.
Security is less about the OS and more about the person behind the keyboard. Just because you have an OS that is touted as more secure doesn't mean it is. Hell you just have to visit a certain website with OSX and safari to get hacked.
Trojans can masquerade in apps and when you authorize the app to install you inadvertently install the trojan.
Most people are stupid. And on other platforms and a false sense of security anything can happen. One must always remain vigilant.
The problem with this particular test is they used a beta OS and a beta browser. And considering it's beta it still outlasted OSX. I'm curious as to which beta release of 7 they were using.
No one is saying that Mac OS-X is immune from viruses so most of your argument in regards that is a waste of time. The part highlighted above, that you started out with (security through obscurity) has been dis-proven many times over. When deciding between Windows and Mac, the Mac system *is* inherently more secure (not perfectly secure), than Windows, by design.
Also, while you are correct that a computer can be attacked without a user's password, to imply anything other than the fact that the majority of attacks are "socially" based is to ignore the truth. Most problems (on both systems), come from a user clicking on something they shouldn't.
Ok, how is it more secure by design?
I have yet to see security through obscurity disproven. Do you have any links?
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target...
No one is arguing that point, once Macs attain a larger user base they will face more viruses.
However, viruses on a Windows platform, especially when using IE, can download and install immediately without the user's intervention, and sometimes the window that is performing these tasks will be working behind your main browser window, and sometimes it will be happening right in front of you and there would be nothing you can do about it. Although all that can be minimized by delving into the arduous tasks of setting up Internet securities and ActiveX.
BTW: Windows UAC is the most annoying security "feature" I've ever run into.
On the Mac, a virus can force an automatic file download and if it was professionally crafted, it can also launch the file; however, you'll get an alert stating the the file you're about to decompress or launch is from the internet and that it has never been launched before. Even if you mistakingly clicked "Open" you'll have to insert your password to actually initiate the installation process.
This even applies to installing updates through Apple's own "Software Update".
Snow Leopard will have even a safer way of isolating downloads by sandboxing apps.
Until OS X *is* "targeted" (whatever that means), we'll stay quite smug, thank you.
Yep, smug as a bug in a rug.
That's really all we need to know.
Exactly
This article perfectly demonstrates what I consider to be a disappointingly smug attitude of many Apple users. Truth is that the Mac isn't currently targeted for attacks, not because it is inherently more secure than other operating systems, but because it isn't as large of a target and the potential payoff therefore isn't as great. Anybody that believes that their Mac is immune to exploits from security issues is living with their head in the sand. Everyone still needs to practice safe computing, i.e. staying away from potentially malicious web sites, not installing software that shouldn't be trusted, keeping our systems up to date with security patches, using a good quality router/firewall, etc. Just because there aren't any significant exploits in the wild today does NOT mean that the platform is immune. Windows didn't have significant security exploits in the wild once upon a time as well. It's really only a matter of time before someone decides that they want to create a Mac virus/worm. And anyone who believes that their computer is inherently immune is in for a very rude awakening at that point.
There also seems to be a fundamental misunderstanding of security here too. Posts like "you need a password to gain access to the machine" make this pretty clear. Security holes aren't security holes because you intentionally grant access to your machine (that's called social engineering, not an exploit), they're security holes because there is a fundamental coding problem in the underlying application/operating system. Most viruses and worms on Windows never asked for permission to be installed; they took advantage of flaws in a browser, application, or in Windows itself, even while users are logged on with non-administrative privileges. Requiring a username/password, or running as a non-admin user (while they may make exploits harder to find) grant a false sense of security; a computer is only as secure as its weakest link, and that link could be anywhere in the chain from browser plugin to operating system to device drivers and the kernel, or even the BIOS/EMI itself. The fact is that there are a lot of links in that chain that inherently have (and require) low level access to your computer, and an exploit in any one of those can potentially turn access to your entire machine over to whatever code happens to be attempting to run. Only the top few layers are protected by the user login. Just because you are logged on with a normal user account doesn't mean that there isn't code running on your computer that has access to everything, because the truth is that there is, and a heck of a lot of it. And an exploit in any of that code can grant access to everything. Just because you don't let someone through the front door of your home doesn't mean they can't come in another way.
So while it seems the majority of the people posting on this forum are dismissing this as insignficant, I believe it is a bit naive to do so. The fact remains that there are indeed exploitable security issues on every computing platform, and OS X is NOT immune. Just because it isn't actively being targeted, it doesn't mean that it is 100% safe. I certainly wouldn't be caught dead (pun intended) putting a Mac connected to the internet in control of launching nuclear weapons, anyway. This test demonstrates that all computing platforms have issues, whether Mac users choose to bury their heads in the sand or not.
A little quick to judge don't you think? I don't think Mac fans are saying we're 100% immune, we're just saying that we're "more secure". It is a fact and you can't deny it. The code is more stable and privs are in place that minimize the risk of malware, etc to the Mac OS.
I chose to switch because I wanted to spend my time and money on my computer, not updating my virus, malware, phishing software every day to shield myself from the enemy. I chose a system that allows me to use it with a more clear mind, not a fearful one. Do Apple haters really want to wait years and years for hackers to "catch up" and make Apple their "target"...or do you just want to live a web based life a lot more relaxed and safe until they do?
If it ever happens.
The average consumer is starting to see my side. When will you?
My head is held up high...far away from the sand.
Back when I was programming regularly in C, I'd use strlen() or strncpy() to check whether strings were within a limit and truncate it to a safe length, if necessary.
Are programmers these days too lazy to check string length before using it to execute potentially dangerous code? Or do they think that performance would suffer if they wasted clock cycles for safety?
It seems like such a simple and obvious solution to the often-used hacker strategy of the buffer overflow.
Would you call a hacker who uses such trite, cliche and unoriginal techniques a "hack?" I would.
No one is arguing that point, once Macs attain a larger user base they will face more viruses.
However, viruses on a Windows platform, especially when using IE, can download and install immediately without the user's intervention, and sometimes the window that is performing these tasks will be working behind your main browser window, and sometimes it will be happening right in front of you and there would be nothing you can do about it. Although all that can be minimized by delving into the arduous tasks of setting up Internet securities and the highly annoying ActiveX.
Snow Leopard will have even a safer way of isolating downloads by sandboxing apps.
I believe that only applies to XP and IE6
I believe IE7 and IE8 run in a sandbox. And in Vista and Windows 7 the code couldn't execute without the users permission.
Security always goes back on the user. And let's face it, most users, no matter the platform, are stupid.
I chose to switch because I wanted to spend my time and money on my computer, not updating my virus, malware, phishing software every day to shield myself from the enemy. I chose a system that allows me to use it with a more clear mind, not a fearful one.
My head is held up high...far away from the sand.
You don't have to spend time and money and update virus and malware apps daily. For one those apps update themselves and it's not something you have to spend time on. Second, if you aren't a moron you don't even need them. I run without antivirus and malware protection and have never had a problem.
Phishing has nothing to do with the OS at all. And it will affect people no matter the OS.
Your head is buried deep in the sand as it is with the majority of computer users.
Don't be so fast to shrug it off. Users need stories like this as a reality check: Your computer isn't safe from your other personality.
The logic of this argument is seriously flawed.
1) these report breed false fears & misconceptions, which can actually contribute to a user being deceived. Spreading false information can not lead to educating users.
2) The word has long been out to end users that they can be their own worst enemy. There is absolutely nothing Microsoft or Apple can do about users allowing admin rights on a machine except continue to warn them not to do it. Users will still click through the warning prompts or even authenticate with username & password in the face of these warnings. There are unfortunately just some really naive & technology stupid people out there.
Many Apple folks already recommend that you should use a non admin account for your personal use & just authenticate when needed. The beauty of OS X is that you can actually function as a standard user in almost any aspect of the system, vs Windows that has major issues with this even when you are a power user.
The article starts off as announcing the results of a hacking contest. It then discusses Windows and Macintosh patches. It then proceeds to discredit the contest. What are we trying to say here? Mac rules, Windows sux? The Mac was hacked, but the contest sucks?
Hey, I love Apple. But I don't need these spin pieces by Apple Insider to tell me that Apple is better than Microsoft on security.
And this is pure spin. We are supposed to be happy because Apple issued more patches? If they had issued fewer patches, we would be told it was proof they had fewer flaws.
The fact is, both Apple and Microsoft have vulnerable systems. Apple is safer because it's such a small percentage of the installed base that hackers don't stand to profit much from it. Also, a lot of malware comes from countries where Macs are very expensive and thus rare.
Another reason is that Mac users tend to update their software more. You can find Windows boxes with Windows 95, 98, or Me in many homes even today.
In a repeat performance from last week/last month Daniel Eran Dilger of Roughly Drafted posts another maniacal diatribe under the pseudonym Prince McLean and once again drives the staunchest of fanboys running for the exits. AI: you're going to have to learn that this isn't doing your street cred any good.
QFT
filter fodder
In a repeat performance from last week/last month Daniel Eran Dilger of Roughly Drafted posts another maniacal diatribe under the pseudonym Prince McLean and once again drives the staunchest of fanboys running for the exits. AI: you're going to have to learn that this isn't doing your street cred any good.
Sorry to disagree, but your street cred is what's at stake.
Daniel's cred is he does wonderful honets reporting on all things Apple technical. It's a shame he has to put up with the hounds of hell. (That'd be you, Fairly.)
Ok, how is it more secure by design?
I have yet to see security through obscurity disproven. Do you have any links?
Sorry, security through obscurity has been disproven years ago. Just because you haven't read about it doesn't mean it doesn't exist. It just means you are ill-informed.
There have been several articles. Some are no longer posted. An article from three months ago can be found here;
http://www.roughlydrafted.com/2009/0...-malware-myth/
A minor article here;
http://blog.wired.com/gadgets/2008/1...-x-isnt-v.html
Another here;
http://aplawrence.com/MacOSX/securit...obscurity.html
A very detail article from five years ago here;
http://www.macdailynews.com/index.ph...bscurity_myth/
Sorry, security through obscurity has been disproven years ago. Just because you haven't read about it doesn't mean it doesn't exist. It just means you are ill-informed.
There have been several articles. Some are no longer posted. An article from three months ago can be found here;
http://www.roughlydrafted.com/2009/0...-malware-myth/
A minor article here;
http://blog.wired.com/gadgets/2008/1...-x-isnt-v.html
Another here;
http://aplawrence.com/MacOSX/securit...obscurity.html
A very detail article from five years ago here;
http://www.macdailynews.com/index.ph...bscurity_myth/
None of those articles disprove anything. They are just opinion pieces.
There are trojans for OSX. Bundled with software the user would very well give authorization for the software and thus get infected. Granted a user has to authorize this. But that is also true of Vista or 7.
I have heard from many OSX users that they got keylogged and their WoW accounts hacked.
OSX has been hacked twice now, two years in a row. In a matter of minutes. That sort of speaks for itself. It's not as secure as you think and there are vulnerabilities that can be exploited.
You can't disprove security through obscurity until the OS is no longer obscure. And you certainly can't do it with opinion pieces.
I also have yet to read about Vista with UAC on getting a virus unless the user authorizes it. But if the user authorizes anything they would be no safer on any other OS.
That said, I do like OSX. I can boot into it right now as a matter of fact. But there is no substitute for smart computing. The person on the other side of that keyboard is the biggest security threat no matter the OS.