That might be how it is, in most cases, but it is not how it should be.
I agree, but I can't effect change in more than one idiot at a time. Most of the time, they're resistant to change of any description.
Quote:
Originally posted by Amorph
There is absolutely no excuse, in this day and age, for shipping a system that turns on all the services by default. If the secure thing to do is turn them off, then they should all be turned off out of the box.
You're preaching to the choir. However, with the long history of problems with Windows, there is absolutely no excuse for people not making double-damn sure that the evil parts of the OS are, in fact, turned off.
Quote:
Originally posted by Amorph
In OS X, the firewall is on by default. All services are off by default. All ports run in stealth mode by default. Remote login is disabled by default. Login as root is disabled by default. Daemons run in special accounts that limit their access to the system, so even if they are activated and compromised, the amount of damage they can do is limited. User accounts can't do bad things in /System. Etc. All by design, and by default. That means that far less user education and participation is required, and frankly that's the only way to ship a consumer product.
Don't forget, Unix (and by proxy, it's variants) has been around for many years longer than Windows, and proper security was built into them from the get-go. For Windows, security is an add-on (and a poorly developed on at that). Windows was built around the "convenience" paradigm, and convenience is simply not compatible with "security". Beyond that, security wasn't that big of a deal/problem until computers (with real power) were turned into a home appliance, making them available to legions of morons and evil-doers around the world.
Quote:
Originally posted by Amorph
Cool! Get it. Once she sees it, she'll want one too, and then good luck using logic.
She actually has a G4 iMac on her desk (has had it a year or so) and she's never even turned it on. She says nobody's ever showed her how to use it (and her job honestly does prevent her from playing around with it). I'd personally like to go check it out and see if I can help her out with it, but I'm sure she's not really interested...
As far as home use, she's hooked on weird little games on Windows, and I'm sure she wouldn't give those up. Other than that, she web browses, does email, and a little bit of word processing. The Mac Mini would be perfect for her, if not for the Windows games she plays.
I personally want something more powerful than a Mini (at least a G5 1.8 with 120gb drive and 1gb RAM and a 64mb video card - hello iMac), but honestly, the cost of admission is too high.
I understands Apple's marketing decisions - you want more power, spend more money for the base system - but unfortunately it doesn't quite fit my budget (and that will be true for a lot more people than Apple will admit to). The last time I spent more than $2000 for a computer was for my Apple //e in 1982.
As a PC user, I like the ability to be able to upgrade video, ram, and cpu when I can afford it. With Apple, the PowerMac is the ONLY real option available if you want to future proof the system for a few years.
Since my job is writing apps for Windows, I really can't justify to myself (and more importantly, my wife) the cost of buying the system that meets my minimum requirements, and that truly sucks for me.
I just downloaded a trial of Intego's NetBarrier. It seems pretty simple, but after going to the shileds-up web site, my computer does not test any better. All ports were already stealthed excpet for 113, which had no communication, so I suppose that is good.
I use the file vault, but if it in unencrypted while I am using the computer, it seems like it is defeating the purpose...any thoughts?
Don't forget, Unix (and by proxy, it's variants) has been around for many years longer than Windows, and proper security was built into them from the get-go.
Actually, not true.
Every AT&T UNIX had a cleverly hidden back door so that Ken Thompson (the father of UNIX) could get into any UNIX machine at any time. Typical hacker humor.
The UNIX worm that inflicted so much damage to the early Internet propagated because UNIX used gets()—a C function that's a buffer overflow waiting to happen—to get both user name and password at login, so all the worm had to do was enter 8 characters of an attempt at a password followed by its executable code, and it was in as root.
UNIX became standard long before the 'net went mainstream, and since it was used in a (generally) trusting environment, and heavily in education, it also shipped with all services on by default. This is why Solaris was so vulnerable to hacking, and why Linux frequently is: They honor(ed) the old UNIX way of being essentially trusting. UNIX only became known as secure once the BSD folks sat down and figured out how to really lock it down. Fortunately, UNIX's architectural decisions made a lot of that easy to do, but you still have to do it.
If OS X were identically designed, but shipped with the ports open and the daemons running by default, I can guarantee that it would already have been hacked. This has already happened to every UNIX that can be locked down, but is not by default. The devil is in the details here: If your system is not both designed to be secure and configured by default to be secure, it will be compromised.
Microsoft doesn't want to shut off all those little services in the name of "user friendliness," so their stuff gets hacked. They have no partitioning or security model once you're past the eggshell they're pleased to call security, so once the hackers are in, they have absolute control.
Quote:
For Windows, security is an add-on (and a poorly developed on at that). Windows was built around the "convenience" paradigm, and convenience is simply not compatible with "security". Beyond that, security wasn't that big of a deal/problem until computers (with real power) were turned into a home appliance, making them available to legions of morons and evil-doers around the world.
Oh, I know that all too well. But I don't put the ball in the user's court. If Microsoft is going to sell appliances to "morons" (blame the user!) to hook up to the Internet, they have a responsibility to make the thing actually work, and it's their fault when it doesn't work out of the box. If their machines are getting owned 30 seconds after the ethernet cable goes in, that's not the user's fault. It's Microsoft's. They are responsible for dragging an obsolete design that is simply not compatible with security into a situation that demands security. They are responsible for "balancing" security with the sort of run-everything-everywhere convenience they're fond of, instead of facing reality. Even when they had a chance, building off the NT kernel, which could have been the foundation of a rock-solid, secure OS, they blew it. And they are responsible for that. The fact that people just shrug and assume that they (or everyone else) are just too stupid blows my mind. They aren't stupid. Microsoft is blind and arrogant, and leaving it to people who think they bought an appliance to clean up after their mess.
This, I suppose, is the real danger of a monopoly. People feel helpless and powerless to effect change, blame themselves, and make do with what they're allowed to.
As far as home use, she's hooked on weird little games on Windows, and I'm sure she wouldn't give those up. Other than that, she web browses, does email, and a little bit of word processing. The Mac Mini would be perfect for her, if not for the Windows games she plays.
Freecell and its ilk have Mac versions. That's some addictive shite. What games got her hooked?
No one answered my question. Is have NetBarrier worth the price of it, or does nothing really secure any better than it can already be done without third party software?
Also, what is the advantage of File Vault if it is if everything in decrypted while you are logged in?
No one answered my question. Is have NetBarrier worth the price of it, or does nothing really secure any better than it can already be done without third party software?
I haven't answered it because I don't have any experience with NetBarrier. I haven't needed it.
Quote:
Also, what is the advantage of File Vault if it is if everything in decrypted while you are logged in?
If someone were to, say, steal your laptop, then if they pull out the drive or put it in FireWire Target Disk mode, all they're going to see is a big encrypted file. The only way to get at your data is by hacking your password. So if you use this, choose a good password.
Well, i just stumbled across this article . It might be of interest.
Yeah well my PC doesn't have these problem.
I just needed to install Nortons AV, Spybot, Adaware and ZoneAlarm.
When I upgraded from SP1 and SP2, I only had to install ZoneAlarm and Spybot again cos of problem and everything is still fine.
It only took a couple of hours to install and configure it all and slows the systems down a fair bit but hey my machine is much harder to hack now (unless I click on an e-mail attachment or enable macros or use the internet).
You obviously don't know much about Windows. A restricted user account can not install software. Administrator password is required.
yes and no, most spyware that gets installed can still be installed in windows with users that have very limited rights(even limiting what programs they can run). we have about 5000 pc's where i work, no users except IT has admin rights. yet, depending on what kind of spyware you got, some got installed and still ran fine(this people have accounts where they are not even supposed to run programs that arent entered in the approved list), and others would get installed, but bring up restriction errors(again, these people do not have admin rights, nor poweruser, not even regular user, they are very limited, but go to a few web pages, and active x(this is the big problem causer) does its thing(even if set to high security). the best way to keep this stuff out(even if using firewalls,ect), is to NOT USE IE or OUTLOOK(this has worked on all the pc people I know that i have had to keep cleaning there machines, I 'forced' them to switch to firefox and they have no more problems(going on 6 months now) whereas before, I was cleaning there machines a few hours each saturday...
All of that is fine for PC users, I am only concerned about my Mac. From all of the responces, there aren't any know spywares and such, but it is a good idea to have an anti-virus program installed.
Of the anti-virus apps available, which would (you) suggest? I thought that Norton quit developing for Mac?
All of that is fine for PC users, I am only concerned about my Mac. From all of the responces, there aren't any know spywares and such, but it is a good idea to have an anti-virus program installed.
Of the anti-virus apps available, which would (you) suggest? I thought that Norton quit developing for Mac?
Norton dropped development of Norton Utilities. Norton Antivirus will continue. As for antivirus, Virex comes with your .mac subscription. Norton Antivirus also works fine. (It is Norton Utilites that does nothing useful, but can cause harm.) Whichever antivirus utility you choose, you need to understand that it removes Windows viruses and old System 6, System 7, MacOS 8, and MacOS 9 viruses. There are a few of these. However, there are no MacOS X viruses in the wild. If you run Mac OS X, antivirus software is good citizenship rather than an essential tool for the maintenance of your computer.
I was discussing this very same issue today with a coworker of mine. I forgot how we got on the subject, but I was telling him how Mac OS X currently has no viruses. But then he brought up an interesting point and I couldn't think of anything to counter it with.
He said that while there are NO viruses specifically written just for Mac OS X, there are UNIX viruses available. And since Mac OS X's Darwin is UNIX-based, it is probably affected by these viruses.
Is this true?
I told him that I would have to get back to him on this topic. He is very close to switching and the ability to not have to worry about viruses as much on his computer system would be a big selling point.
As far as I know, any of these UNIX virus's have been stopped by plugging security holes in services. As state previously, Mac OS X has root access (access to the actual operating system files) disabled by default and is not obvious for the average user on how to enable it (which they should never have to). Thus, if a virus can not get root access, it can not infect the operating system files. This is why OS X is much more secure "out of the box".
The problem with windows is that the way the core operating system works, is ALL programs have access to "ring-0" for messaging purposes, even if the user has restricted access right. The core messaging in windows predates Windows NT...rumors have it that there is no one left at microsoft that knows anything about the core messaging code and that it is treated as a "black box". This is one of many problems with the basic assumptions as to how Windows was built. It was built as a desktop operating system, then networking was added to it, then internet. When you design a system without thinking security all the way through where you are exposed to the entire planet, you miss critical decisions. Windows was built as a desktop system. Active X, OLE and the messaging protocols were written to make interoperability between applications and the OS seamless. Thus, all applications by design have access to ring-0 and it makes is much easier to trick an application to do bad things to the OS. UNIX boxes on the other hand were built from the ground up for accessing the world of the internet. UNIX incorporates three levels of security, with root access highly restricted, then there is administrator access, then there is user access. Because of the structure of the underlying operating system and the security model it uses, UNIX systems are basically invulnerable to "drive-by" spyware hacks that infect millions of Windows users.
He said that while there are NO viruses specifically written just for Mac OS X, there are UNIX viruses available. And since Mac OS X's Darwin is UNIX-based, it is probably affected by these viruses.
A virus that affects one varient of UNIX will not automatically affect every different type of UNIX. OS X is based on the BSD varients. There are proof of concept viruses for such system, but they aren't in the wild. To become infected by such a "virus" requires some work, you have to run a script as root.
These scripts are similar to the opener "virus" for OS X that was observed recently - doesn't really come under the usual definition of virus!!!
.... UNIX boxes on the other hand were built from the ground up for accessing the world of the internet....
Before making statements like this, please research your history of operating systems. To help you get started, AT&T Bell Laboratories released UNIX in 1974, a time before personal computers when the Internet was in its infancy.
Before making statements like this, please research your history of operating systems. To help you get started, AT&T Bell Laboratories released UNIX in 1974, a time before personal computers when the Internet was in its infancy.
Perhaps he means that earlier unix's (BSD, System V etc) were created with networking being part of the base system. Opposed to Dos/Windows which added networking much later and was certainly not a default part of the OS. Did the first few Mac OS's have networking enabled by default?
Much of the blame that lies with Windows is that of supposed simplification to the home user. Users that are not computer literate do not like message boxes that come up. If they can click cancel then the box they never asked for goes away and everything is all ok again. Except that box was asking "Do you want to update your antivirus definitions?" But it doesn't matter. All the user saw was a box they didn't ask for.
If users of windows suddenly saw boxes asking for their password each and every time they installed an application they'd soon get annoyed given how keen people are to install every random cover disc application. XP Home ships with a hidden user account called "Administrator" which is not password protected as standard. Great a back door for spware etc to "run as" even as a restricted user.
Windows XP Pro SP2 with Windows 2003 Server is relatively secure, and I have happily prevented the running of non authorised ActiveX controls using group policy. Thus far I haven't had any spyware attacks or adware attacks in two months of this system running.
That's not to say MS don't have plenty of work to do on Windows security, I'd love to see machines ship with their networking turned off until the user configures it. Mac selectively configures the services on first boot if you connect via Ethernet etc etc, Windows should do the same. Once again it goes back to the home user though. They don't know (or care) what DNS and DHCP are, they aren't bothered by what it means to go through and turn services off. They just want it to work. In trying to circumvent this confusing of the user Windows ships in a vulnerable state. Except the Mac is confusing too. It's confusing because a user maybe doesn't understand why they can't install MSN6.2 or Office 2003 or HalfLife2 because the OS isn't Windows. Then what about all those users that try the Mac and just can't adapt to the "non windows" way of doing things?
Windows and Mac excel at different things. For a home user Windows XP Home should curl up and die. Mac OS.X rules there. For power use and device control and where large scale corporate deployment is the name of the game, Windows has the ball. Apple have recognised this and don't (appear) to be going after the corporate market. Apple's strengths lie in single computers, and with the Xserve in large scale number crunching.
Much of the blame that lies with Windows is that of supposed simplification to the home user. Users that are not computer literate do not like message boxes that come up. If they can click cancel then the box they never asked for goes away and everything is all ok again. Except that box was asking "Do you want to update your antivirus definitions?" But it doesn't matter. All the user saw was a box they didn't ask for.
If users of windows suddenly saw boxes asking for their password each and every time they installed an application they'd soon get annoyed given how keen people are to install every random cover disc application. XP Home ships with a hidden user account called "Administrator" which is not password protected as standard. Great a back door for spware etc to "run as" even as a restricted user.
Windows XP Pro SP2 with Windows 2003 Server is relatively secure, and I have happily prevented the running of non authorised ActiveX controls using group policy. Thus far I haven't had any spyware attacks or adware attacks in two months of this system running.
That's not to say MS don't have plenty of work to do on Windows security, I'd love to see machines ship with their networking turned off until the user configures it. Mac selectively configures the services on first boot if you connect via Ethernet etc etc, Windows should do the same. Once again it goes back to the home user though. They don't know (or care) what DNS and DHCP are, they aren't bothered by what it means to go through and turn services off. They just want it to work. In trying to circumvent this confusing of the user Windows ships in a vulnerable state. Except the Mac is confusing too. It's confusing because a user maybe doesn't understand why they can't install MSN6.2 or Office 2003 or HalfLife2 because the OS isn't Windows. Then what about all those users that try the Mac and just can't adapt to the "non windows" way of doing things?
Windows and Mac excel at different things. For a home user Windows XP Home should curl up and die. Mac OS.X rules there. For power use and device control and where large scale corporate deployment is the name of the game, Windows has the ball. Apple have recognised this and don't (appear) to be going after the corporate market. Apple's strengths lie in single computers, and with the Xserve in large scale number crunching.
Just my 2p
Chris
Let me assure you that Win XP Pro SP2 still operates by default with a password-free administrative account. The problem is not the version of Windows, the problem is Windows. Other observations: Many Windows security features are difficult to use and easy to circumvent. Your example of users cancelling antiviral definition updates is in this category. Windows Media 10 DRM fits in a third category. At first blush, Windows Media 10 DRM appears to be an antipiracy feature. However, it quickly becomes clear that this feature is an enabling technology for Trojan horses, just as Visual Basic for Applications is an enabling technology for script kiddies. And speaking of VBA, it was years before I saw a VBA script that was not a virus.
Comments
Originally posted by Amorph
That might be how it is, in most cases, but it is not how it should be.
I agree, but I can't effect change in more than one idiot at a time. Most of the time, they're resistant to change of any description.
Originally posted by Amorph
There is absolutely no excuse, in this day and age, for shipping a system that turns on all the services by default. If the secure thing to do is turn them off, then they should all be turned off out of the box.
You're preaching to the choir. However, with the long history of problems with Windows, there is absolutely no excuse for people not making double-damn sure that the evil parts of the OS are, in fact, turned off.
Originally posted by Amorph
In OS X, the firewall is on by default. All services are off by default. All ports run in stealth mode by default. Remote login is disabled by default. Login as root is disabled by default. Daemons run in special accounts that limit their access to the system, so even if they are activated and compromised, the amount of damage they can do is limited. User accounts can't do bad things in /System. Etc. All by design, and by default. That means that far less user education and participation is required, and frankly that's the only way to ship a consumer product.
Don't forget, Unix (and by proxy, it's variants) has been around for many years longer than Windows, and proper security was built into them from the get-go. For Windows, security is an add-on (and a poorly developed on at that). Windows was built around the "convenience" paradigm, and convenience is simply not compatible with "security". Beyond that, security wasn't that big of a deal/problem until computers (with real power) were turned into a home appliance, making them available to legions of morons and evil-doers around the world.
Originally posted by Amorph
Cool! Get it. Once she sees it, she'll want one too, and then good luck using logic.
She actually has a G4 iMac on her desk (has had it a year or so) and she's never even turned it on. She says nobody's ever showed her how to use it (and her job honestly does prevent her from playing around with it). I'd personally like to go check it out and see if I can help her out with it, but I'm sure she's not really interested...
As far as home use, she's hooked on weird little games on Windows, and I'm sure she wouldn't give those up. Other than that, she web browses, does email, and a little bit of word processing. The Mac Mini would be perfect for her, if not for the Windows games she plays.
I personally want something more powerful than a Mini (at least a G5 1.8 with 120gb drive and 1gb RAM and a 64mb video card - hello iMac), but honestly, the cost of admission is too high.
I understands Apple's marketing decisions - you want more power, spend more money for the base system - but unfortunately it doesn't quite fit my budget (and that will be true for a lot more people than Apple will admit to). The last time I spent more than $2000 for a computer was for my Apple //e in 1982.
As a PC user, I like the ability to be able to upgrade video, ram, and cpu when I can afford it. With Apple, the PowerMac is the ONLY real option available if you want to future proof the system for a few years.
Since my job is writing apps for Windows, I really can't justify to myself (and more importantly, my wife) the cost of buying the system that meets my minimum requirements, and that truly sucks for me.
I use the file vault, but if it in unencrypted while I am using the computer, it seems like it is defeating the purpose...any thoughts?
Originally posted by jsimmons
Don't forget, Unix (and by proxy, it's variants) has been around for many years longer than Windows, and proper security was built into them from the get-go.
Actually, not true.
Every AT&T UNIX had a cleverly hidden back door so that Ken Thompson (the father of UNIX) could get into any UNIX machine at any time. Typical hacker humor.
The UNIX worm that inflicted so much damage to the early Internet propagated because UNIX used gets()—a C function that's a buffer overflow waiting to happen—to get both user name and password at login, so all the worm had to do was enter 8 characters of an attempt at a password followed by its executable code, and it was in as root.
UNIX became standard long before the 'net went mainstream, and since it was used in a (generally) trusting environment, and heavily in education, it also shipped with all services on by default. This is why Solaris was so vulnerable to hacking, and why Linux frequently is: They honor(ed) the old UNIX way of being essentially trusting. UNIX only became known as secure once the BSD folks sat down and figured out how to really lock it down. Fortunately, UNIX's architectural decisions made a lot of that easy to do, but you still have to do it.
If OS X were identically designed, but shipped with the ports open and the daemons running by default, I can guarantee that it would already have been hacked. This has already happened to every UNIX that can be locked down, but is not by default. The devil is in the details here: If your system is not both designed to be secure and configured by default to be secure, it will be compromised.
Microsoft doesn't want to shut off all those little services in the name of "user friendliness," so their stuff gets hacked. They have no partitioning or security model once you're past the eggshell they're pleased to call security, so once the hackers are in, they have absolute control.
For Windows, security is an add-on (and a poorly developed on at that). Windows was built around the "convenience" paradigm, and convenience is simply not compatible with "security". Beyond that, security wasn't that big of a deal/problem until computers (with real power) were turned into a home appliance, making them available to legions of morons and evil-doers around the world.
Oh, I know that all too well. But I don't put the ball in the user's court. If Microsoft is going to sell appliances to "morons" (blame the user!) to hook up to the Internet, they have a responsibility to make the thing actually work, and it's their fault when it doesn't work out of the box. If their machines are getting owned 30 seconds after the ethernet cable goes in, that's not the user's fault. It's Microsoft's. They are responsible for dragging an obsolete design that is simply not compatible with security into a situation that demands security. They are responsible for "balancing" security with the sort of run-everything-everywhere convenience they're fond of, instead of facing reality. Even when they had a chance, building off the NT kernel, which could have been the foundation of a rock-solid, secure OS, they blew it. And they are responsible for that. The fact that people just shrug and assume that they (or everyone else) are just too stupid blows my mind. They aren't stupid. Microsoft is blind and arrogant, and leaving it to people who think they bought an appliance to clean up after their mess.
This, I suppose, is the real danger of a monopoly. People feel helpless and powerless to effect change, blame themselves, and make do with what they're allowed to.
Originally posted by jsimmons
As far as home use, she's hooked on weird little games on Windows, and I'm sure she wouldn't give those up. Other than that, she web browses, does email, and a little bit of word processing. The Mac Mini would be perfect for her, if not for the Windows games she plays.
Freecell and its ilk have Mac versions. That's some addictive shite. What games got her hooked?
--B
Also, what is the advantage of File Vault if it is if everything in decrypted while you are logged in?
Originally posted by pbaker05
No one answered my question. Is have NetBarrier worth the price of it, or does nothing really secure any better than it can already be done without third party software?
I haven't answered it because I don't have any experience with NetBarrier. I haven't needed it.
Also, what is the advantage of File Vault if it is if everything in decrypted while you are logged in?
If someone were to, say, steal your laptop, then if they pull out the drive or put it in FireWire Target Disk mode, all they're going to see is a big encrypted file. The only way to get at your data is by hacking your password. So if you use this, choose a good password.
It's an extra level of security for mobile users.
Originally posted by Vox Barbara
Well, i just stumbled across this article . It might be of interest.
Yeah well my PC doesn't have these problem.
I just needed to install Nortons AV, Spybot, Adaware and ZoneAlarm.
When I upgraded from SP1 and SP2, I only had to install ZoneAlarm and Spybot again cos of problem and everything is still fine.
It only took a couple of hours to install and configure it all and slows the systems down a fair bit but hey my machine is much harder to hack now (unless I click on an e-mail attachment or enable macros or use the internet).
Dobby.
Originally posted by skatman
You obviously don't know much about Windows. A restricted user account can not install software. Administrator password is required.
yes and no, most spyware that gets installed can still be installed in windows with users that have very limited rights(even limiting what programs they can run). we have about 5000 pc's where i work, no users except IT has admin rights. yet, depending on what kind of spyware you got, some got installed and still ran fine(this people have accounts where they are not even supposed to run programs that arent entered in the approved list), and others would get installed, but bring up restriction errors(again, these people do not have admin rights, nor poweruser, not even regular user, they are very limited, but go to a few web pages, and active x(this is the big problem causer) does its thing(even if set to high security). the best way to keep this stuff out(even if using firewalls,ect), is to NOT USE IE or OUTLOOK(this has worked on all the pc people I know that i have had to keep cleaning there machines, I 'forced' them to switch to firefox and they have no more problems(going on 6 months now) whereas before, I was cleaning there machines a few hours each saturday...
Of the anti-virus apps available, which would (you) suggest? I thought that Norton quit developing for Mac?
Originally posted by pbaker05
All of that is fine for PC users, I am only concerned about my Mac. From all of the responces, there aren't any know spywares and such, but it is a good idea to have an anti-virus program installed.
Of the anti-virus apps available, which would (you) suggest? I thought that Norton quit developing for Mac?
Norton dropped development of Norton Utilities. Norton Antivirus will continue. As for antivirus, Virex comes with your .mac subscription. Norton Antivirus also works fine. (It is Norton Utilites that does nothing useful, but can cause harm.) Whichever antivirus utility you choose, you need to understand that it removes Windows viruses and old System 6, System 7, MacOS 8, and MacOS 9 viruses. There are a few of these. However, there are no MacOS X viruses in the wild. If you run Mac OS X, antivirus software is good citizenship rather than an essential tool for the maintenance of your computer.
You can install it and clean up other peoples mess for them.
I suppose it will only be a matter of time before we get a real virus etc.
Dobby.
He said that while there are NO viruses specifically written just for Mac OS X, there are UNIX viruses available. And since Mac OS X's Darwin is UNIX-based, it is probably affected by these viruses.
Is this true?
I told him that I would have to get back to him on this topic. He is very close to switching and the ability to not have to worry about viruses as much on his computer system would be a big selling point.
Mike
The problem with windows is that the way the core operating system works, is ALL programs have access to "ring-0" for messaging purposes, even if the user has restricted access right. The core messaging in windows predates Windows NT...rumors have it that there is no one left at microsoft that knows anything about the core messaging code and that it is treated as a "black box". This is one of many problems with the basic assumptions as to how Windows was built. It was built as a desktop operating system, then networking was added to it, then internet. When you design a system without thinking security all the way through where you are exposed to the entire planet, you miss critical decisions. Windows was built as a desktop system. Active X, OLE and the messaging protocols were written to make interoperability between applications and the OS seamless. Thus, all applications by design have access to ring-0 and it makes is much easier to trick an application to do bad things to the OS. UNIX boxes on the other hand were built from the ground up for accessing the world of the internet. UNIX incorporates three levels of security, with root access highly restricted, then there is administrator access, then there is user access. Because of the structure of the underlying operating system and the security model it uses, UNIX systems are basically invulnerable to "drive-by" spyware hacks that infect millions of Windows users.
YMMV
He said that while there are NO viruses specifically written just for Mac OS X, there are UNIX viruses available. And since Mac OS X's Darwin is UNIX-based, it is probably affected by these viruses.
A virus that affects one varient of UNIX will not automatically affect every different type of UNIX. OS X is based on the BSD varients. There are proof of concept viruses for such system, but they aren't in the wild. To become infected by such a "virus" requires some work, you have to run a script as root.
These scripts are similar to the opener "virus" for OS X that was observed recently - doesn't really come under the usual definition of virus!!!
Originally posted by pubguy
.... UNIX boxes on the other hand were built from the ground up for accessing the world of the internet....
Before making statements like this, please research your history of operating systems. To help you get started, AT&T Bell Laboratories released UNIX in 1974, a time before personal computers when the Internet was in its infancy.
Originally posted by Mr. Me
Before making statements like this, please research your history of operating systems. To help you get started, AT&T Bell Laboratories released UNIX in 1974, a time before personal computers when the Internet was in its infancy.
Perhaps he means that earlier unix's (BSD, System V etc) were created with networking being part of the base system. Opposed to Dos/Windows which added networking much later and was certainly not a default part of the OS. Did the first few Mac OS's have networking enabled by default?
Dobby.
If users of windows suddenly saw boxes asking for their password each and every time they installed an application they'd soon get annoyed given how keen people are to install every random cover disc application. XP Home ships with a hidden user account called "Administrator" which is not password protected as standard. Great a back door for spware etc to "run as" even as a restricted user.
Windows XP Pro SP2 with Windows 2003 Server is relatively secure, and I have happily prevented the running of non authorised ActiveX controls using group policy. Thus far I haven't had any spyware attacks or adware attacks in two months of this system running.
That's not to say MS don't have plenty of work to do on Windows security, I'd love to see machines ship with their networking turned off until the user configures it. Mac selectively configures the services on first boot if you connect via Ethernet etc etc, Windows should do the same. Once again it goes back to the home user though. They don't know (or care) what DNS and DHCP are, they aren't bothered by what it means to go through and turn services off. They just want it to work. In trying to circumvent this confusing of the user Windows ships in a vulnerable state. Except the Mac is confusing too. It's confusing because a user maybe doesn't understand why they can't install MSN6.2 or Office 2003 or HalfLife2 because the OS isn't Windows. Then what about all those users that try the Mac and just can't adapt to the "non windows" way of doing things?
Windows and Mac excel at different things. For a home user Windows XP Home should curl up and die. Mac OS.X rules there. For power use and device control and where large scale corporate deployment is the name of the game, Windows has the ball. Apple have recognised this and don't (appear) to be going after the corporate market. Apple's strengths lie in single computers, and with the Xserve in large scale number crunching.
Just my 2p
Chris
Originally posted by Chris Hinds
Much of the blame that lies with Windows is that of supposed simplification to the home user. Users that are not computer literate do not like message boxes that come up. If they can click cancel then the box they never asked for goes away and everything is all ok again. Except that box was asking "Do you want to update your antivirus definitions?" But it doesn't matter. All the user saw was a box they didn't ask for.
If users of windows suddenly saw boxes asking for their password each and every time they installed an application they'd soon get annoyed given how keen people are to install every random cover disc application. XP Home ships with a hidden user account called "Administrator" which is not password protected as standard. Great a back door for spware etc to "run as" even as a restricted user.
Windows XP Pro SP2 with Windows 2003 Server is relatively secure, and I have happily prevented the running of non authorised ActiveX controls using group policy. Thus far I haven't had any spyware attacks or adware attacks in two months of this system running.
That's not to say MS don't have plenty of work to do on Windows security, I'd love to see machines ship with their networking turned off until the user configures it. Mac selectively configures the services on first boot if you connect via Ethernet etc etc, Windows should do the same. Once again it goes back to the home user though. They don't know (or care) what DNS and DHCP are, they aren't bothered by what it means to go through and turn services off. They just want it to work. In trying to circumvent this confusing of the user Windows ships in a vulnerable state. Except the Mac is confusing too. It's confusing because a user maybe doesn't understand why they can't install MSN6.2 or Office 2003 or HalfLife2 because the OS isn't Windows. Then what about all those users that try the Mac and just can't adapt to the "non windows" way of doing things?
Windows and Mac excel at different things. For a home user Windows XP Home should curl up and die. Mac OS.X rules there. For power use and device control and where large scale corporate deployment is the name of the game, Windows has the ball. Apple have recognised this and don't (appear) to be going after the corporate market. Apple's strengths lie in single computers, and with the Xserve in large scale number crunching.
Just my 2p
Chris
Let me assure you that Win XP Pro SP2 still operates by default with a password-free administrative account. The problem is not the version of Windows, the problem is Windows. Other observations: Many Windows security features are difficult to use and easy to circumvent. Your example of users cancelling antiviral definition updates is in this category. Windows Media 10 DRM fits in a third category. At first blush, Windows Media 10 DRM appears to be an antipiracy feature. However, it quickly becomes clear that this feature is an enabling technology for Trojan horses, just as Visual Basic for Applications is an enabling technology for script kiddies. And speaking of VBA, it was years before I saw a VBA script that was not a virus.