PDA

View Full Version : Apple Updates Mountain Lion Developer Preview With New Security Features




MacRumors
Jun 25, 2012, 03:37 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2012/06/25/apple-updates-mountain-lion-developer-preview-with-new-security-features/)


Apple has issued a new update for Mountain Lion Developer Preview 4 via the Mac App Store. It was first noticed by Twitter user @Lhunar (https://twitter.com/Lhunar/status/217349453227634689/) and introduces the new Mountain Lion Security Update system.

The new system does daily checks for security updates as Apple ramps up its security protocols in the next-generation operating system. Earlier this month, it was noticed that Apple had changed the language (http://www.macrumors.com/2012/06/25/apple-scales-back-marketing-language-on-os-x-security-following-flashback/) on its OS X marketing pages following the Flashback malware attack (http://www.macrumors.com/2012/04/05/600000-macs-worldwide-reportedly-infected-by-flashback-trojan/) earlier this year.

The new security system in Mountain Lion -- including Gatekeeper and other features (http://www.apple.com/osx/what-is/security.html) -- appears to be a significant expansion of the XProtect system (http://www.macrumors.com/2009/08/26/snow-leopard-antimalware-feature-gaining-publicity/) that Apple has used in the past to try to thwart OS X malware.

http://images.macrumors.com/article-new/2012/06/securityupdate.jpg

OS X Security Update Test 1.0 -- Restart Required

This update tests the new Mountain Lion Security Updates system. The new system includes:

- Daily Checks for required security updates
- The ability to install required security updates automatically or after restarting your Mac
- A more secure connection to Apple's update servers.

This update includes general updates and improvements to Mountain Lion Developer Preview 4.The update weighs in at 1.16GB (https://twitter.com/Lhunar/status/217350091277733890) and is available to developers with Mountain Lion DP4 installed via the Mac App Store.

Article Link: Apple Updates Mountain Lion Developer Preview With New Security Features (http://www.macrumors.com/2012/06/25/apple-updates-mountain-lion-developer-preview-with-new-security-features/)



bushido
Jun 25, 2012, 03:40 PM
already installed, lets see if they also fixed the last remaining bugs i had

so far the dev 4 seems almost perfect!

Peace
Jun 25, 2012, 03:41 PM
Pretty cool. It pops up as a notification.

Mad-B-One
Jun 25, 2012, 03:41 PM
That means they try to stay ahead of the game this time. Malware will have it harder if a non-tech-savvy user uses a default protection built in. ;)

jayhawk11
Jun 25, 2012, 03:43 PM
Good to see them taking this seriously. I think Flashback was an eye opener for them. Obviously it wasn't a huge deal overall, and the damage was reversible, but it certainly woke them (and users) up to reality.

Alfred.Woodden
Jun 25, 2012, 03:44 PM
Good. I like that it installs security updates in the background, so we can focus on just using the Mac, and not those horrible "Security Update available. Download now" messages.

Aidan5806
Jun 25, 2012, 03:45 PM
I assume this is the first active version of gatekeeper.

cmChimera
Jun 25, 2012, 03:46 PM
This is awesome. What to do when your operating system is already way more secure than Windows? Double down on security. Props to Apple.

NAG
Jun 25, 2012, 03:46 PM
*Waits for someone to post Artie MacStrawman talking points.*

AR999
Jun 25, 2012, 03:46 PM
Why the heck is this thing over 1gb?

mbh
Jun 25, 2012, 03:47 PM
Please stop saying "weighs in at".

Peace
Jun 25, 2012, 03:48 PM
Why the heck is this thing over 1gb?

Because its not just a security update test. It's also includes bug fixes.

It's a new build.

Previous build was 12A248 and the new build is 12A256

bushido
Jun 25, 2012, 03:49 PM
This is awesome. What to do when your operating system is already way more secure than Windows? Double down on security. Props to Apple.

to be honest, the OS hasnt been secure before AT ALL. no one just seemed to have bothered because OS X was barely a target to those virus makers

edit: apparently 7 people have no clue

leman
Jun 25, 2012, 03:49 PM
Good to see them taking this seriously. I think Flashback was an eye opener for them. Obviously it wasn't a huge deal overall, and the damage was reversible, but it certainly woke them (and users) up to reality.

Second this.

Comeagain?
Jun 25, 2012, 03:49 PM
Please stop saying "weighs in at".

Do you have weight issues? :p:D

marcusj0015
Jun 25, 2012, 03:52 PM
I hope it's background updated, Microsoft's problem is with their constant having to load the app or WU, it's like, if I'm connected to the Internet, download the ****ing thing already.

cmChimera
Jun 25, 2012, 03:54 PM
to be honest, the OS hasnt been secure before AT ALL. no one just seemed to have bothered because OS X was barely a target to those virus dev idiots I disagree that the OS wasn't relatively secure, and definitely better than Windows. It obviously wasn't perfect, but working with Windows and Mac OS X really showed me the difference in levels of security. I also don't really believe in the idea that Mac OS X has been safer from malware simply because no one cared to attack it.

marcusj0015
Jun 25, 2012, 03:54 PM
Why the heck is this thing over 1gb?

Ikr?! That's what I'm wondering too.

Peace
Jun 25, 2012, 03:55 PM
Ikr?! That's what I'm wondering too.

Read my post..

http://forums.macrumors.com/showpost.php?p=15122934&postcount=12

marcusj0015
Jun 25, 2012, 03:55 PM
Read my post..

http://forums.macrumors.com/showpost.php?p=15122934&postcount=12

I did, right after I posted that. lol. :D

mbh
Jun 25, 2012, 03:57 PM
Do you have weight issues? :p:D

No, but that phrase is overused and nonsensical. It's about as hackneyed as "we reached out to X for a comment".

How about "The update is 1.2GB." and "We contacted X for a comment."

Winni
Jun 25, 2012, 03:58 PM
This is awesome. What to do when your operating system is already way more secure than Windows? Double down on security. Props to Apple.

OS X NEVER was more secure than Windows - that's just a stupid myth. It just has an insignificant market share and only recently began to appear on the radar screen of malware authors. But in every hacker contest, OS X usually is the first system that gets hacked.

Since Vista, Windows has an architecture that provides much more security out of the box than most other operating systems on the market.

But that's the amazing thing here: Apple is playing catchup with Microsoft's security features and all of a sudden everything you people have bashed Microsoft for in the past becomes an awesome new feature in OS X.

marcusj0015
Jun 25, 2012, 03:58 PM
No, but that phrase is overused and nonsensical. It's about as hackneyed as "we reached out to X for a comment".

How about "The update is 1.2GB." and "We contacted X for a comment."

Who cares man?!

doobybiggs
Jun 25, 2012, 03:59 PM
so with the security stuff ... will virus / malware devs have to create new programs for Snow Leopard, Lion and Mountain Lion?

Just curious if they all tie together pretty closely or if they will be a lot different on the backend forcing those devs to create all new bad programs ...

iFalcon
Jun 25, 2012, 04:02 PM
Wish I could update to the Preview. When the released the Preview during the conference a few weeks ago I was given the download code in email. Halfway through the download it died and it won't let me re-use the code...grrr.

impierced
Jun 25, 2012, 04:06 PM
MacRumors...

"A more security connection to Apple's update servers."

Apple...

"A more secure connection to Apple's update servers"

:eek: :D :rolleyes:

Mad-B-One
Jun 25, 2012, 04:07 PM
Why the heck is this thing over 1gb?

It includes the Brand New Version of Adobe Flash Ultra Plus! Just click away the warning that Apple does not trust it - because it's Beta and ultra-new - and you can enjoy reading your banking information on a Chinese website! :D

Cougarcat
Jun 25, 2012, 04:10 PM
Apple should add these security features to Lion as well. They probably won't, though.

aardwolf
Jun 25, 2012, 04:13 PM
Is Safari snappier?

dolph0291
Jun 25, 2012, 04:15 PM
Who cares man?!

People like me care, and this guy obviously. I feel his pain. Reading an endless amount of blogs, it does get tiresome to hear the same tired, misused language over and over again, most often because those using it think it makes them sound cool, so we don't figure out they're not some unemployed videogame addicted geek living in their parent's basement, which makes it a, you know dude, an EPIC FAIL. Whoever invented using "fail" as a noun should be shot - along with the person who invented, "my bad."

Phil A.
Jun 25, 2012, 04:16 PM
Wish I could update to the Preview. When the released the Preview during the conference a few weeks ago I was given the download code in email. Halfway through the download it died and it won't let me re-use the code...grrr.

Just go to Purchases in the Mac App Store app and it should be listed there - just click Download to download it again (just make sure you are logged in with the account you used when redeeming the code)
I've got all the DPs still listed in my MAS

jayfehr
Jun 25, 2012, 04:16 PM
Wish I could update to the Preview. When the released the Preview during the conference a few weeks ago I was given the download code in email. Halfway through the download it died and it won't let me re-use the code...grrr.

Open the Mac App Store and hold option as you click on the Purchases button. This should give you the option to download it again.

cmChimera
Jun 25, 2012, 04:17 PM
OS X NEVER was more secure than Windows - that's just a stupid myth. It just has an insignificant market share and only recently began to appear on the radar screen of malware authors. But in every hacker contest, OS X usually is the first system that gets hacked.

Since Vista, Windows has an architecture that provides much more security out of the box than most other operating systems on the market.

But that's the amazing thing here: Apple is playing catchup with Microsoft's security features and all of a sudden everything you people have bashed Microsoft for in the past becomes an awesome new feature in OS X.

The marketshare argument has always seemed faulty and weak.

bogatyr
Jun 25, 2012, 04:22 PM
I hope it's background updated, Microsoft's problem is with their constant having to load the app or WU, it's like, if I'm connected to the Internet, download the ****ing thing already.

Weird, my Windows 7 computers just asked me if I wanted to install updates when I shut off the computer. It already downloaded them in the background without bothering me.

It couldn't be that Windows had options regarding updates - options that it shows you when you first install it so you can forget it. Nah.

NAG
Jun 25, 2012, 04:24 PM
The marketshare argument has always seemed faulty and weak.

All those classic Mac OS viruses (real viruses not just trojans or whatnot) obviously never existed because Classic marketshare < OS X marketshare.

Same thing about all that Android malware. It must not exist because the Android marketshare is about equal to the iOS marketshare (combined) and iOS doesn't really have any malware.

unplugme71
Jun 25, 2012, 04:36 PM
I hope it's background updated, Microsoft's problem is with their constant having to load the app or WU, it's like, if I'm connected to the Internet, download the ****ing thing already.

MSFT won't do automatic updates by default because enterprise usage requires hours/days/months of testing software with a current security update to make sure nothing breaks. Lot of companies are running very old software that if a single update was done, it would break it.

For example, we use one piece of software at work that if a specific update is installed, it breaks the use of one of our software. We are on Win 7 Pro x64 with SP 1. I can't remember the exact kb# of the update, but the company stresses not to use it. And the company isn't some small company either, its Mazak. Go figure.

I see Apple potentionally having problems if this affects third party software.

----------

OS X NEVER was more secure than Windows - that's just a stupid myth. It just has an insignificant market share and only recently began to appear on the radar screen of malware authors. But in every hacker contest, OS X usually is the first system that gets hacked.

Since Vista, Windows has an architecture that provides much more security out of the box than most other operating systems on the market.

But that's the amazing thing here: Apple is playing catchup with Microsoft's security features and all of a sudden everything you people have bashed Microsoft for in the past becomes an awesome new feature in OS X.

Can you prove OS X was less secure? Can you prove Windows was more secure? Where did you get this info? Please list your sources.

And which versions of Windows were you comparing and which version of OS X? With what security updates on Windows did you compare with OS X?

See where I'm going with this?

kikuchiyo
Jun 25, 2012, 04:47 PM
Can you prove OS X was less secure? Can you prove Windows was more secure? Where did you get this info? Please list your sources.

And which versions of Windows were you comparing and which version of OS X? With what security updates on Windows did you compare with OS X?

See where I'm going with this?

Darn right. I switched in 2005, from XP to Tiger and Tiger was MUCH more secure than XP was.

bushido
Jun 25, 2012, 04:47 PM
FML the safari crashing bug is back when you type a certain letter in the address bar

Adamb10
Jun 25, 2012, 04:48 PM
Security is moot point. OS X was significantly more secure back in the Windows XP days but with the improvements that MS has made in Vista and 7 they are on equal footing. Just watch what you download and you'll have a slim chance of getting a virus on either platform.

iFalcon
Jun 25, 2012, 04:48 PM
Just go to Purchases in the Mac App Store app and it should be listed there - just click Download to download it again (just make sure you are logged in with the account you used when redeeming the code)
I've got all the DPs still listed in my MAS

The only one it shows is from May and doesn't give me an option to update to the latest through the Mac store.

andrebrait
Jun 25, 2012, 04:51 PM
The marketshare argument has always seemed faulty and weak.

But it's not.

What the other users said is true. Mac OS X and Linux are mostly virus-proof not because they are really more secure than Windows, but because of the Market Share (altough I think Linux patches security holes faster than Apple does with the OS X, when they find one).

Microsoft is reportedly, by far, the company that invests most in security in their OS.

Imagine you're a malware programmer. Why would you, in the past years, target Mac OS X or Linux if they represent barely 5% of all computers worldwide (10% at that time, in USA). You would code something that would only get, at best, in 10% of the PCs in only ONE country? Nope, I guess.

In the last few years, market share has been improving thanks to the iPhone, iPad etc. Now, malware programmers are beginning to target OS X. But not ONLY because of the market share, but because, since Apple never had to worry about this kind of thing, it's easy to spread the virus. Apple always told users Macs don't have viruses, and so users don't worry about malicious web pages and emails. That makes the virus easier to spread, and more effective.

That's so true that when the last couple OS X malwares were found, they had infected a significant amount of Macs and it took a long time to notice the malware infection AND a long time to write a patch that really worked for it.

With Microsoft's 90%+ Market share, almost every malware developer targets Windows. It's not surprising that, even investing heavily in security since Windows XP, Windows still has some exploitable security holes.

Aple is just now understanding how's to be targeted by malware developers and is trying to fix stuff, but new malwares will appear and, you know, things will be more like Windows...





Wanna security? Run OS/2. No viruses, I guarantee. Or BSD, why not? :D





And the reason there's no virus for iOS and stuff is that iOS is EXTREMELY closed. You can't install anything on it without using the AppStore or jailbreaking it. Android is much more open in this point.

iOS has security flaws, of course, but apparently, none of them are exploitable to make a virus, or Apple is really quick to patch them.

There were a few security holes in the PDF viewing engine last year, if I remember correctly.

JHankwitz
Jun 25, 2012, 04:55 PM
No, but that phrase is overused and nonsensical. It's about as hackneyed as "we reached out to X for a comment".

How about "The update is 1.2GB." and "We contacted X for a comment."
Who cares man?!

We should all care! The language in the USA is becoming so convoluted that it's becoming almost impossible to communicate or understand what's being said. Substituting 'weight' for 'size' when the subject has no weight is confusing and a bastardization of the language.

schlitzz
Jun 25, 2012, 04:58 PM
Is Safari snappier?

Damn right it is!

NAG
Jun 25, 2012, 04:58 PM
We should all care! The language in the USA is becoming so convoluted that it's becoming almost impossible to communicate or understand what's being said. Substituting 'weight' for 'size' when the subject has no weight is confusing and a bastardization of the language.

But you should really be measuring mass instead for measuring the size of a file because it confuses people who live on the moon.

ab345
Jun 25, 2012, 05:03 PM
MSFT won't do automatic updates by default because enterprise usage requires hours/days/months of testing software with a current security update to make sure nothing breaks. Lot of companies are running very old software that if a single update was done, it would break it.

For example, we use one piece of software at work that if a specific update is installed, it breaks the use of one of our software. We are on Win 7 Pro x64 with SP 1. I can't remember the exact kb# of the update, but the company stresses not to use it. And the company isn't some small company either, its Mazak. Go figure.

I see Apple potentionally having problems if this affects third party software.

----------



Can you prove OS X was less secure? Can you prove Windows was more secure? Where did you get this info? Please list your sources.

And which versions of Windows were you comparing and which version of OS X? With what security updates on Windows did you compare with OS X?

See where I'm going with this?

It is truly amazing how some people are so ignorant with regards to Mac security. Apple has been playing catch-up on the security front since the birth of Windows Vista. The tragedy here is Apple's lack of responsibility in pretending that its OS X was secure instead of simply saying that all OS's have vulnerabilities and that proper precautions should be exercised. Windows machines have been serving up daily doses of security patches for years now Apple should be embarrassed rather than touting this as a new security feature.

Read this interview of Dr. Charlie Miller he explains how Macs were quite vulnerable but have improved significantly with the introduction of Lion. Apple may well have caught up but this has only been a more recent occurrence.

http://www.engadget.com/2011/11/18/the-engadget-interview-dr-charlie-miller/

mbh
Jun 25, 2012, 05:04 PM
But you should really be measuring mass instead for measuring the size of a file because it confuses people who live on the moon.

Or even just people in orbit. ;)

NiccolÚ Mineo
Jun 25, 2012, 05:08 PM
Redesigned Safari Developer Tools is fine again, thankfully. The wysiwyg highlighting feature wasn't working anymore in DP4.

olowott
Jun 25, 2012, 05:13 PM
Malware is a B!t@H!! :mad:

Now i can't complete 1 million reason why i love my MBP and the Apple ego system! :(


999,999,999 reason is still good though!!:cool:

dickie001x
Jun 25, 2012, 05:15 PM
The update removed all my Login Items - anyone else?

NAG
Jun 25, 2012, 05:15 PM
But it's not.

Except when it is or isn't. Simple point is that people who bring up marketshare (whether it is importance of a platform or how much malware it is supposed to get) always ignore everything else. Marketshare isn't everything.

What the other users said is true. Mac OS X and Linux are mostly virus-proof not because they are really more secure than Windows, but because of the Market Share (altough I think Linux patches security holes faster than Apple does with the OS X, when they find one).

How can you say this? You're trying to prove the cause of the non-existence of something. This is dubious in most instances but is foolish when you're trying to pin point a single cause.

Microsoft is reportedly, by far, the company that invests most in security in their OS.

Do you mean invests as in money or more like they care the most?

Imagine you're a malware programmer. Why would you, in the past years, target Mac OS X or Linux if they represent barely 5% of all computers worldwide (10% at that time, in USA). You would code something that would only get, at best, in 10% of the PCs in only ONE country? Nope, I guess.

By this logic there would be no malware for the Classic Mac OS yet there was quite a bit. Why were these malware authors coding for Mac OS when the marketshare was even smaller than it is now? Why did they change their mind and why did it happen at the same time as an OS transition?

In the last few years, market share has been improving thanks to the iPhone, iPad etc. Now, malware programmers are beginning to target OS X. But not ONLY because of the market share, but because, since Apple never had to worry about this kind of thing, it's easy to spread the virus. Apple always told users Macs don't have viruses, and so users don't worry about malicious web pages and emails. That makes the virus easier to spread, and more effective.

Do you have any data here or are you just pulling stuff out of your rear? I could just as easily argue that the malware attacks are not accelerating by pointing out the (largely ineffective) malware that took advantage of the Rendezvous protocol in iChat way back when. The only difference between now and then is that they picked a vector that was more likely to actually infect people (that and it didn't screw up when trying to infect someone).

That's so true that when the last couple OS X malwares were found, they had infected a significant amount of Macs and it took a long time to notice the malware infection AND a long time to write a patch that really worked for it.

I don't understand how this point is relevant to the marketshare as the sole deciding factor point. It only seems to suggest that Apple needs to have a better response time for such things. Unless you have inside information I find it unlikely that you'd know why Apple has such a response time.

With Microsoft's 90%+ Market share, almost every malware developer targets Windows. It's not surprising that, even investing heavily in security since Windows XP, Windows still has some exploitable security holes.

Restating your point ≠ proof of your point.

Aple is just now understanding how's to be targeted by malware developers and is trying to fix stuff, but new malwares will appear and, you know, things will be more like Windows...

Wanna security? Run OS/2. No viruses, I guarantee. Or BSD, why not? :D[/quote]

Can you clean up this section? It doesn't seem to argue a coherent thought.

And the reason there's no virus for iOS and stuff is that iOS is EXTREMELY closed. You can't install anything on it without using the AppStore or jailbreaking it. Android is much more open in this point.

But I thought marketshare was the only reason anyone ever gets malware. But you now mean there are other reasons why malware might not exist other than low marketshare? Please keep your logic consistent.

iOS has security flaws, of course, but apparently, none of them are exploitable to make a virus, or Apple is really quick to patch them.

I thought you argued earlier that Apple was slow to patch flaws because they weren't used to security. Again, please keep your argument consistent. You spent most of the post saying marketshare is the only effective measurement with no evidence to support the point only to completely contradict your point at the end with actual evidence.

Or even just people in orbit. ;)

They have to throw the files at the scale to get the weight and then convert to mass which is a whole other problem.

Chupa Chupa
Jun 25, 2012, 05:18 PM
Wish I could update to the Preview. When the released the Preview during the conference a few weeks ago I was given the download code in email. Halfway through the download it died and it won't let me re-use the code...grrr.

It doesn't show up in "Purchases"?

roadbloc
Jun 25, 2012, 05:18 PM
OS X NEVER was more secure than Windows - that's just a stupid myth. It just has an insignificant market share and only recently began to appear on the radar screen of malware authors. But in every hacker contest, OS X usually is the first system that gets hacked.

Since Vista, Windows has an architecture that provides much more security out of the box than most other operating systems on the market.

But that's the amazing thing here: Apple is playing catchup with Microsoft's security features and all of a sudden everything you people have bashed Microsoft for in the past becomes an awesome new feature in OS X.

+1. This guy has it spot on. More security in OS X has been needed for a while and I am glad Apple have finally woken up and are defending against their increasing malware threat.

Malware is a B!t@H!! :mad:

Now i can't complete 1 million reason why i love my MBP and the Apple ego system! :(


999,999,999 reason is still good though!!:cool:

What the **** you on about son?

mazz0
Jun 25, 2012, 05:29 PM
Daily checks? Why not push?

mw360
Jun 25, 2012, 05:32 PM
Please stop saying "weighs in at".

That, and 'screen real estate'. Not clever any more.

Asclepio
Jun 25, 2012, 05:34 PM
umm... thats a windows thing. no good.

bushido
Jun 25, 2012, 05:37 PM
That, and 'screen real estate'. Not clever any more.

i "could" care less :p:cool: lolz

ScottishDuck
Jun 25, 2012, 05:38 PM
But it's not.

What the other users said is true. Mac OS X and Linux are mostly virus-proof not because they are really more secure than Windows, but because of the Market Share (altough I think Linux patches security holes faster than Apple does with the OS X, when they find one).

Microsoft is reportedly, by far, the company that invests most in security in their OS.

Imagine you're a malware programmer. Why would you, in the past years, target Mac OS X or Linux if they represent barely 5% of all computers worldwide (10% at that time, in USA). You would code something that would only get, at best, in 10% of the PCs in only ONE country? Nope, I guess.

In the last few years, market share has been improving thanks to the iPhone, iPad etc. Now, malware programmers are beginning to target OS X. But not ONLY because of the market share, but because, since Apple never had to worry about this kind of thing, it's easy to spread the virus. Apple always told users Macs don't have viruses, and so users don't worry about malicious web pages and emails. That makes the virus easier to spread, and more effective.

That's so true that when the last couple OS X malwares were found, they had infected a significant amount of Macs and it took a long time to notice the malware infection AND a long time to write a patch that really worked for it.

With Microsoft's 90%+ Market share, almost every malware developer targets Windows. It's not surprising that, even investing heavily in security since Windows XP, Windows still has some exploitable security holes.

Aple is just now understanding how's to be targeted by malware developers and is trying to fix stuff, but new malwares will appear and, you know, things will be more like Windows...





Wanna security? Run OS/2. No viruses, I guarantee. Or BSD, why not? :D





And the reason there's no virus for iOS and stuff is that iOS is EXTREMELY closed. You can't install anything on it without using the AppStore or jailbreaking it. Android is much more open in this point.

iOS has security flaws, of course, but apparently, none of them are exploitable to make a virus, or Apple is really quick to patch them.

There were a few security holes in the PDF viewing engine last year, if I remember correctly.

Moronic. Totally moronic.

You have no idea how unix-like systems work and why they are more secure.

Are you aware that Linux powers the vast majority of the worlds servers, which are the MAIN target of black hats.

Windows still does not take security serious enough, it is far too trusting of users and applications. A system that takes security seriously asks for permission every time, windows still doesn't.

Microsoft need to ditch NT and rebuild from the ground up, take more cues from the UNIX spec, redesign their filesystem with proper permissions and create a logical userspace.

finalcut
Jun 25, 2012, 05:39 PM
hmm weird, I didnt get that update

MSlaw
Jun 25, 2012, 06:15 PM
No, but that phrase is overused and nonsensical. It's about as hackneyed as "we reached out to X for a comment".

How about "The update is 1.2GB." and "We contacted X for a comment."

http://www.dailymail.co.uk/sciencetech/article-2057018/Internet-weighs-strawberry.html

Enectic
Jun 25, 2012, 06:19 PM
I hope it's background updated, Microsoft's problem is with their constant having to load the app or WU, it's like, if I'm connected to the Internet, download the ****ing thing already.

Hmmmmm, Windows automatically checks and downloads updates in the background. It's always been that way with me for Windows 7.

pmz
Jun 25, 2012, 06:25 PM
Anyone else's Mac App Store completely hosed after this update?

"Hosed" = unresponsive, beach ball, no access.

Demonofelru
Jun 25, 2012, 06:36 PM
Anyone else's Mac App Store completely hosed after this update?

"Hosed" = unresponsive, beach ball, no access.

Fine here on 2.3 RMBP.

mbh
Jun 25, 2012, 06:43 PM
http://www.dailymail.co.uk/sciencetech/article-2057018/Internet-weighs-strawberry.html

I will concede the point if the original author determined the byte size of the update by weighing his Mac before and after applying the update.

AidenShaw
Jun 25, 2012, 06:46 PM
MSFT won't do automatic updates by default because enterprise usage requires hours/days/months of testing software with a current security update to make sure nothing breaks. Lot of companies are running very old software that if a single update was done, it would break it.

...but the company stresses not to use it. And the company isn't some small company either, its Mazak. Go figure.

You should educate your company IT guys about WSUS (http://en.wikipedia.org/wiki/Windows_Server_Update_Services).

It's a little feature that let's IT define intranet Windows Update servers, and force company clients to look at the local version, not the Microsoft site. IT can test the updates, and move them to the local server after verifying local apps.

MS has seen the problem, and provided the tools for IT to manage updates without "stressing to users not to download an update".

WSUS can also be configured as a proxy for Windows Update - so that the WSUS automatically downloads all of the updates from Microsoft, and the clients get them from the local intranet server instead of over the WAN.


Microsoft need to ditch NT and rebuild from the ground up, take more cues from the UNIX spec, redesign their filesystem with proper permissions and create a logical userspace.

It's definitely a LOL moment when someone says that UNIX-like filesystems have "proper permissions".

NTFS has had rich access control list permissions from day one. *nix systems are struggling with simplistic legacy permissions.

MacAddict2000
Jun 25, 2012, 07:04 PM
Anyone have issues in Finder (specifically with the Home folder)? If I double-click to open Documents, Movies, Music or Pictures, nothing happens. Same for the Finder sidebar. Also, all items in the Sidebar section of Finder preferences are unchecked despite items being present in the Finder sidebar.

ThunderSkunk
Jun 25, 2012, 07:25 PM
Maaaan I just hope this thing's ironed out by the time it ships.

So tired of Lion.

...please tell me they fixed Lions expose/spaces/multi-monitor/full screening mess.

unplugme71
Jun 25, 2012, 07:25 PM
You should educate your company IT guys about WSUS (http://en.wikipedia.org/wiki/Windows_Server_Update_Services).

It's a little feature that let's IT define intranet Windows Update servers, and force company clients to look at the local version, not the Microsoft site. IT can test the updates, and move them to the local server after verifying local apps.

MS has seen the problem, and provided the tools for IT to manage updates without "stressing to users not to download an update".

WSUS can also be configured as a proxy for Windows Update - so that the WSUS automatically downloads all of the updates from Microsoft, and the clients get them from the local intranet server instead of over the WAN.




It's definitely a LOL moment when someone says that UNIX-like filesystems have "proper permissions".

NTFS has had rich access control list permissions from day one. *nix systems are struggling with simplistic legacy permissions.


Our company has WSUS implemented. But that still doesn't mean that security updates are installed immediately. We test software for several days, sometimes weeks before implementing it across the organization. Even then we miss things and have to roll back updates. So during this few days/weeks, the computers can become infected. No matter how secure our firewalls are set, email filters, etc, **** still happens.

snappyfool
Jun 25, 2012, 07:49 PM
Please stop saying "weighs in at".

Never use a metaphor, simile, or other figure of speech which you are used to seeing in print.

andrebrait
Jun 25, 2012, 07:53 PM
Except when it is or isn't. Simple point is that people who bring up marketshare (whether it is importance of a platform or how much malware it is supposed to get) always ignore everything else. Marketshare isn't everything.



How can you say this? You're trying to prove the cause of the non-existence of something. This is dubious in most instances but is foolish when you're trying to pin point a single cause.



Do you mean invests as in money or more like they care the most?



By this logic there would be no malware for the Classic Mac OS yet there was quite a bit. Why were these malware authors coding for Mac OS when the marketshare was even smaller than it is now? Why did they change their mind and why did it happen at the same time as an OS transition?



Do you have any data here or are you just pulling stuff out of your rear? I could just as easily argue that the malware attacks are not accelerating by pointing out the (largely ineffective) malware that took advantage of the Rendezvous protocol in iChat way back when. The only difference between now and then is that they picked a vector that was more likely to actually infect people (that and it didn't screw up when trying to infect someone).



I don't understand how this point is relevant to the marketshare as the sole deciding factor point. It only seems to suggest that Apple needs to have a better response time for such things. Unless you have inside information I find it unlikely that you'd know why Apple has such a response time.



Restating your point ≠ proof of your point.



Wanna security? Run OS/2. No viruses, I guarantee. Or BSD, why not? :D

Can you clean up this section? It doesn't seem to argue a coherent thought.



But I thought marketshare was the only reason anyone ever gets malware. But you now mean there are other reasons why malware might not exist other than low marketshare? Please keep your logic consistent.



I thought you argued earlier that Apple was slow to patch flaws because they weren't used to security. Again, please keep your argument consistent. You spent most of the post saying marketshare is the only effective measurement with no evidence to support the point only to completely contradict your point at the end with actual evidence.



They have to throw the files at the scale to get the weight and then convert to mass which is a whole other problem.


First: "That's so true" wasn't refering to the "Market Share" issue.

Second: I said, THIS WAY (FEEL THE FURY OF CAPS LOCK) that Market Share isn't THE ONLY reason.

Third: I never said there wasn't any virus for Mac OS 9 and earlier nor I said there are no viruses that affect Linux. There'll be always someone, somewhere, who will develop malwares

Fourth: I never said anything about servers. Linux is a faster patcher than Apple is, that' been reported a few times, including by Phoronix, as I remember. Can't find the article, unfortunately...

I never said anything that hadn't come from somewhere I trust (Phoronix, for example). Microsoft IS reportedly the company that invests more money and time in security. Windows IS less secure than OS X and Linux, but not ONLY because it's "not UNIX blah blah blah", but ALSO because of the huge malware developer base targeting it.

I'm talking keyloggers, viruses, trojan horses, not security holes that would allow someone to gain root access, which is the kind of security issue SERVERS care the most (you see, nobody on a SERVER would click the "ENLARGE YOUR P*N*S" link in an email (I mean it's unlikely someone would).

I know I'm not an expert in anything, but you should read ALL the words INCLUDING THE ONES IN UPPER CASE before saying I said something I didn't say. Just because I explained the market Share thing on PERSONAL computers, not servers, doesn't mean I said it's THE ONLY cause. But it's one that SHOULDN'T be thrown away.

I'll never undestand you guys. When someone says "Hey, there's this reason too" you answer like the guy had said "IT'S THE ONLY REASON, I'M MASTER OF TRUTH" and call him moronic and stuff.

As far as I know, one of the most secure systems out there is FreeBSD, also a true UNIX like Darwin. Darwin, with its UNIX roots is secure, too, but has its hols, which were not likely to get explored because #1 It's hard and #2 There were few Macs out there.

AFAIK, OS 9 had a more exploitable base system and therefore, the malware volume was justifiable by the ease of developing one, I guess...






I'll find my sources and show you guys, and as for the guy who called my arguments "moronic", recently I did read an article that explained NTFS is not a bad FS at all, and one of the most secure ones out there. But, of course, a very good FS is worth nothing if the system can be exploited.

seamer
Jun 25, 2012, 07:56 PM
I took the original advertizing as a direct smack against Windows. I don't know anyone that refers to their Mac as a PC. It's always "my mac, my computer".

aggri1
Jun 25, 2012, 08:15 PM
My issue with Auto Update on Win XP was that it would automatically restart the computer. So unbelievably stupid, especially with XP's idiotic behaviour where applications with unsaved data were forced to quit (c.f. on the Mac where you are asked, and the shutdown/logoff is cancelled).

We all learnt to turn off automatic updates, so that our simulations running overnight or for the week wouldn't be nuked by some daft auto update.

Hopefully this sort of thing won't/doesn't happen with more 'modern' or 'mature' operating systems.

Yamcha
Jun 25, 2012, 08:19 PM
Apple is definitely getting there, but some applications/games still do not work for me..

q64ceo
Jun 25, 2012, 08:28 PM
Syncing with my iPhone 4S and iPad (both over WiFi and regular wired) no longer works after installing the update. Anyone else finding the same thing?

extensor
Jun 25, 2012, 08:30 PM
I ran my game companies on Windows since 3.1. I've switched to Mac OS X since 2001. My personal experience is that on Mac OS X I have had zero incidents. On Windows....plenty of virus squashing and reinstalls. I don't give a crap about your "excuses" on why Windows has tons of exploits. When I get hit by a virus on OS X then you can talk. :cool:

AidenShaw
Jun 25, 2012, 08:47 PM
I ran my game companies on Windows since 3.1. I've switched to Mac OS X since 2001. My personal experience is that on Mac OS X I have had zero incidents. On Windows....plenty of virus squashing and reinstalls. I don't give a crap about your "excuses" on why Windows has tons of exploits.

So, if your thesis is that "OSX is more secure than Windows 9X" - I don't think that you'll find any argument here.

On the other hand, you say that you haven't used Windows in the last 11 years. You should be aware that a lot has changed in the last decade.


When I get hit by a virus on OS X then you can talk. :cool:

Congratulations for dodging Flashback, hope your luck is as good with the next OSX malware.

Nermal
Jun 25, 2012, 08:51 PM
The update removed all my Login Items - anyone else?

Mine are gone too.

NAG
Jun 25, 2012, 09:13 PM
Second: I said, THIS WAY (FEEL THE FURY OF CAPS LOCK) that Market Share isn't THE ONLY reason.

Okay then. You seemed to be preaching that marketshare = god or something weird. Glad to know you don't think it is the only metric.

As far as the rest of the stuff. I'm going to assume you're not talking about me since it sort of starts to ramble off into all caps and such and I never called you moronic (seriously, I'm not following half of what you wrote). Perhaps you're talking to someone else and only quoted me, no?

Mine are gone too.

Wouldn't be surprised if this is somehow security related (security feature gone wrong). They do something to limit autolaunching?

andrebrait
Jun 25, 2012, 09:19 PM
Okay then. You seemed to be preaching that marketshare = god or something weird. Glad to know you don't think it isn't the only metric.

As far as the rest of the stuff. I'm going to assume you're not talking about me since it sort of starts to ramble off into all caps and such and I never called you moronic (seriously, I'm not following half of what you wrote). Perhaps you're talking to someone else and only quoted me, no?



Wouldn't be surprised if this is somehow security related (security feature gone wrong). They do something to limit autolaunching?

It wasn't you, man, sorry if you even came close to thinking I said anything about you... It was another user a couple of comments below =) I was on the iPhone and forgot to quote him aswell.

NAG
Jun 25, 2012, 09:28 PM
It wasn't you, man, sorry if you even came close to thinking I said anything about you... It was another user a couple of comments below =) I was on the iPhone and forgot to quote him aswell.

What I thought. Glad we're all not confused anymore! lol

extensor
Jun 25, 2012, 09:40 PM
So, if your thesis is that "OSX is more secure than Windows 9X" - I don't think that you'll find any argument here.

My last Windows machine was XP.

My point is, there is no proof that Mac OS X is not secure, just opinion. Mostly by security vendors who have financial motives...

kustardking
Jun 25, 2012, 09:48 PM
We should all care! The language in the USA is becoming so convoluted that it's becoming almost impossible to communicate or understand what's being said. Substituting 'weight' for 'size' when the subject has no weight is confusing and a bastardization of the language.

"Weighing in at..." is a casual, jocular reference to boxing contestants. Language is rich in that way.

Yamcha
Jun 25, 2012, 10:15 PM
I ran my game companies on Windows since 3.1. I've switched to Mac OS X since 2001. My personal experience is that on Mac OS X I have had zero incidents. On Windows....plenty of virus squashing and reinstalls. I don't give a crap about your "excuses" on why Windows has tons of exploits. When I get hit by a virus on OS X then you can talk. :cool:

I'm a Mac user, and if you think Mac OS doesn't have viruses then your wrong, obviously It's still nothing compared to Windows...

But not sure If you've read up on it, Mac OSX was hacked in under 30 minutes, so while Mac Users are less susceptible to viruses, it still doesn't make it more secure.. But obviously that may change with Mountain Lion..

Another thing to note is, Mac OSX is growing quickly, we've seen it time and time again on Apple keynotes.. The more popular Mac becomes the more viruses & malware we will see..

Just wanted to point that out.. While we as Mac users don't have to deal with the small viruses or malware, that could easily change in the future..

munkery
Jun 25, 2012, 10:40 PM
OS X NEVER was more secure than Windows - that's just a stupid myth.

1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.

Much of the ability to turn these vulnerabilities into exploits is due to the insecurity of the Windows registry. Also, more easily being able to link remote exploits to local privilege escalation exploits in Windows is due to the Windows registry.

Mac OS X does not use an exposed monolithic structure, such as the Windows registry, to store system settings. Also, exposed configuration files in OS X do not exert as much influence over associated processes as the registry does in Windows.

Mac OS X Snow Leopard has contained only 4 elevation of privilege vulnerabilities since it was released; obviously, none of these were used in malware. Lion has contained 2 so far but one of these vulnerabilities doesn't affect all account types because of being due to a permissions error rather than code vulnerability.

The following link shows the number of privilege escalation vulnerabilities in Windows 7 related to just win32k:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k+7

More information about privilege escalation in Windows 7:

http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ -> guide to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities.

https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf -> more complete documentation about Windows kernel exploitation.

http://mista.nu/research/mandt-win32k-paper.pdf -> more complete documentation about alternative methods to exploit the Windows kernel.

http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710 -> article about the TDL-4 botnet which uses a UAC bypass exploit when infecting Windows 7.

2) Windows has the potential to have full ASLR but most software does not fully implement the feature. Most software in Windows has some DLLs (dynamic link libraries = Windows equivalent to dyld) which are not randomized.

http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf -> article overviewing the issues with ASLR and DEP implementation in Windows.

Also, methods have been found to bypass ASLR in Windows 7.

http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf -> article describing bypassing ASLR in Windows 7.

Mac OS X has full ASLR implemented on par with Linux. This includes ASLR with position independent executables (PIE). DLLs in Windows have to be pre-mapped at fixed addresses to avoid conflicts so full PIE is not possible with ASLR in Windows.

Using Linux distros with similar runtime security mitigations as Lion for a model, client-side exploitation is incredibly difficult without some pre-established local access. Of course, this is self defeating if the goal of the exploitation is to achieve that local access in the first place.

See the paper linked below about bypassing the runtime security mitigations in Linux for more details.

http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

The author only manages to do so while already having local access to the OS.

3) Mac OS X Lion has DEP on stack and heap for both 64-bit and 32-bit processes. Third party software that is 32-bit may lack this feature until recompiled in Xcode 4 within Lion. Not much software for OS X is still 32-bit.

But, not all software in Windows uses DEP; this includes 64-bit software. See first article linked in #2.

4) Mac OS X implements canaries using ProPolice, the same mitigation used in Linux. ProPolice is considered the most thorough implementation of canaries. It is known to be much more effective than the similar system used in Windows.

http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf -> article comparing ProPolice to stack canary implementation in Windows.

5) Application sandboxing and mandatory access controls (MAC) in OS X are the same thing. More specifically, applications are sandboxed in OS X via MAC. Mac OS X uses the TrustedBSD MAC framework, which is a derivative of MAC from SE-Linux. This system is mandatory because it does not rely on inherited permissions. Both mandatorily exposed services (mDNSresponder, netbios...) and many client-side apps (Safari, Preview, TextEditÖ) are sandboxed in Lion.

Windows does not have MAC. The system that provides sandboxing in Windows, called mandatory integrity controls (MIC), does not function like MAC because it is not actually mandatory. MIC functions based on inherited permissions so it is essentially an extension of DAC (see #1). If UAC is set with less restrictions or disabled in Windows, then MIC has less restrictions or is disabled.

http://www.exploit-db.com/download_pdf/16031 -> article about Mac sandbox.

http://msdn.microsoft.com/en-us/library/bb648648(v=VS.85).aspx -> MS documentation about MIC.

https://media.blackhat.com/bh-eu-11/Tom_Keetch/BlackHat_EU_2011_Keetch_Sandboxes-Slides.pdf -> researchers have found the MIC in IE is not a security boundary.

6) In relation to DAC and interprocess sandboxing in OS X in comparison with some functionality of MIC in Windows 7 (see #5), the XNU kernel used in OS X has always had more secure interprocess communication (IPC) since the initial release of OS X.

Mac OS X, via being based on Mach and BSD (UNIX foundation), facilitates IPC using mach messages secured using port rights that implement a measure of access controls on that communication. These access controls applied to IPC make it more difficult to migrate injected code from one process to another.

Adding difficulty to transporting injected code across processes reduces the likelihood of linking remote exploits to local exploits to achieve system level access.

As of OS X Lion, the XPC service has also been added to implement MAC (see #5) on IPC in OS X. (http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html)

7) Windows has far more public and/or unpatched vulnerabilities than OS X.

http://www.vupen.com/english/zerodays/ -> list of public 0days.

http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker -> another list of public 0days. (Most if not all of the Apple vulnerabilities in this list were patched in the latest Apple security update -> http://support.apple.com/kb/HT5002)

http://m.prnewswire.com/news-releases/qihoo-360-detects-oldest-vulnerability-in-microsoft-os-110606584.html -> article about 18 year old UAC bypass vulnerability.

8) Password handling in OS X is much more secure than Windows.

The default account created in Windows does not require a password. The protected storage API in Windows incorporates the users password into the encryption key for items located in protected storage. If no password is set, then the encryption algorithm used is not as strong. Also, no access controls are applied to items within protected storage.

In Mac OS X, the system prompts the user to define a password at setup. This password is incorporated into the encryption keys for items stored in keychain. Access controls are implemented for items within keychain.

Also, Mac OS X Lion uses a salted SHA512 hash, which is still considered cryptographically secure. It is more robust than the MD4 NTLMv2 hash used to store passwords in Windows 7.

http://www.windowsecurity.com/articles/How-Cracked-Windows-Password-Part1.html -> article about Windows password hashing.

9) The new runtime security mitigation improvements to be included in Windows 8 have already been defeated.

http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/

To put this into perspective, methods to bypass the new runtime security mitigations in Mac OS X Lion are not yet available.

10)In regards to recent earlier version of Mac OS X:

The following article relates to varying levels of security mitigations in different Linux distros but it is applicable in revealing that the runtime security mitigations in some earlier versions of Mac OS X prior to Lion were far from inadequate.

http://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf

While Mac OS X Leopard/SL lack full ASLR, Windows Vista/7 have stack canaries (aka stack cookies) that are trivial to bypass.

The following link shows the issues with stack canaries in Windows. -> http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-silberman/bh-us-04-silberman-paper.pdf

So:

Windows Vista/7 = NX + ASLR
Mac OS X Leopard/SL = NX + stack cookies

These articles show that NX in combination with stack canaries is more difficult to bypass than a combination of NX and ASLR.

11) Mountain Lion only improves upon the security of Lion.

BTW, Safari on a Mac running Lion was not hacked at the last pwn2own.

Ger Teunis
Jun 26, 2012, 02:48 AM
1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.

...

BTW, Safari on a Mac running Lion was not hacked at the last pwn2own.

What I really hate about posts like the one made by andrebrait: they really have NO technical background at all. Just some guy keep posting lost of posts what he thinks (guesses) what is right. If users disagree: keep posting more long posts with even CAPS so he will be more right. Stop it: get the facts right!

Stop talking about stuff what you THINK, only post when you are technically right.

munkery really gave some technical background what the current state of OS X is currently: real proof and even comparisons to other Operating Systems.

OSX has made a massive amount of progress since Lion. Mountain Lion added even more security measures, even so much that they per-default block apps which are not signed with a developerid certificate. This can be used by apple to remove or block apps which in their eyes break the rules (viruses, spyware etc)

But sadly the truth is not that important anymore, the people who shout the hardest or plan on the person really are right here lately.

marcusj0015
Jun 26, 2012, 02:54 AM
Weird, my Windows 7 computers just asked me if I wanted to install updates when I shut off the computer. It already downloaded them in the background without bothering me.

It couldn't be that Windows had options regarding updates - options that it shows you when you first install it so you can forget it. Nah.

You're talking about security patches, but I'm refering to definition updates for all 14 different anti-xware included, lthat you have to load for it to start updating the definitions, basically, another reason Windows sucks.

theSeb
Jun 26, 2012, 03:42 AM
OS X NEVER was more secure than Windows - that's just a stupid myth. It just has an insignificant market share and only recently began to appear on the radar screen of malware authors. But in every hacker contest, OS X usually is the first system that gets hacked.

Since Vista, Windows has an architecture that provides much more security out of the box than most other operating systems on the market.

But that's the amazing thing here: Apple is playing catchup with Microsoft's security features and all of a sudden everything you people have bashed Microsoft for in the past becomes an awesome new feature in OS X.

Please post facts to back up your statements or gtfo

http://arstechnica.com/apple/2012/04/5-os-x-security-threats-that-fizzled/

http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/
The most important addition is full ASLR. Short for address space layout randomization, the protection makes it much harder for attackers to exploit bugs by regularly changing the memory location where shell code and other system components are loaded. Other improvements include security sandboxes that tightly restrict the way applications can interact with other parts of the operating system and full disk encryption that doesn't interfere with other OS features.


“It's a significant improvement, and the best way that I've described the level of security in Lion is that it's Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker's Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”

It also prompted many to wonder why Apple engineers bothered to put it into the OS in the first place, or didn't properly implement it with the introduction of Snow Leopard. Windows Vista and Ubuntu, by contrast, added much more robust implementations of ASLR years earlier.

“When they went from Leopard to Snow Leopard, as far as I'm concerned, there really wasn't any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker's Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn't any difference. Now, they've made significant changes and it's going to be harder to exploit.”

With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser.

“Now, you end up inside this restricted process that only does the web parsing, and you can't do other things you might want to do as an attacker, such as write files or read a person's documents,” Miller explained. “Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.”

Reality must be brought back in though:

No doubt, Apple deserves kudos for setting a new standard in OS security that Microsoft and Linux distributors would do well to emulate. But it would be a mistake for Mac users to think their OS is invulnerable. As the most recent Jailbreakme exploit made clear, real-world hackers can still find ways to root iPhones and iPads when the devices do nothing more than visit a booby-trapped website.

If iDevices, which contain security protections that go well beyond those found in OS X, can succumb to drive-by downloads, there's no reason Macs aren't also vulnerable.

“Those guys are seriously raising the bar, but no matter how high the bar is, somebody is going to get over it,” said Rich Mogull, CEO of Securosis. “As long as we have even moderately open operating systems, there's always going to be somebody smart enough to get through that stuff.” ģ

I am more inclined to believe people that actually know what they're talking about than some random internet expert that skimmed over the results of a white hat competition, without understanding the context.

mw360
Jun 26, 2012, 03:51 AM
"Weighing in at..." is a casual, jocular reference to boxing contestants. Language is rich in that way.

I think everybody knows that. The point is that it's a cliche. Something that was once clever, or 'jocular', but has been so overused its lost all of its impact and is now, at best, just a bunch of extra words, and at worst irritating or annoying.

Professional writers are supposed to exhibit skill with words. The first guy to used the phrase 'weighs in at' outside of a boxing context probably did that. The first guy to equate screen space with valuable real estate should be proud of himself. But those gags are done and old. 'Weighs in at' has been used over 1000 times in MacRumors articles alone. If you can't think of a clever way to describe the size of a file, stick with 'x is yMB' for the time being, or risk looking like an amateur.

beg_ne
Jun 26, 2012, 04:08 AM
Excellent information and links from munkery.

Thank you very much.

bushido
Jun 26, 2012, 05:14 AM
delete please, wrong topic

jyavenard
Jun 26, 2012, 06:04 AM
4th kernel panic since I updated ....

so beware....

miniroll32
Jun 26, 2012, 07:28 AM
4th kernel panic since I updated ....

so beware....

Can't you just tell it to calm down?

Waxhead138
Jun 26, 2012, 07:55 AM
We should all care! The language in the USA is becoming so convoluted that it's becoming almost impossible to communicate or understand what's being said. Substituting 'weight' for 'size' when the subject has no weight is confusing and a bastardization of the language.

I agree our language is getting butchered daily, between people just not caring and flat out ignorance.

However, there is a difference between a metaphor, or a substitution, and flat out stupidity and the MTV influence on a language.

Things like using "ur" for any of the versions of your kills me....but there is a balance. If we are 100% literal about everything we'll getting very boring, very fast...everything will read like stereo instructions. There does need to be a little bit of color and variation. I do completely agree with the idea that we don't need to use the same old phrases everytime though.

mrbyu
Jun 26, 2012, 08:00 AM
1) Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default.
...
BTW, Safari on a Mac running Lion was not hacked at the last pwn2own.

I saved your comment in PDF to be able to throw it in anybody's face who talks ******** about OS X vs Windows security.

MonkeySee....
Jun 26, 2012, 08:52 AM
OS X NEVER was more secure than Windows - that's just a stupid myth. It just has an insignificant market share and only recently began to appear on the radar screen of malware authors. But in every hacker contest, OS X usually is the first system that gets hacked.

Since Vista, Windows has an architecture that provides much more security out of the box than most other operating systems on the market.

But that's the amazing thing here: Apple is playing catchup with Microsoft's security features and all of a sudden everything you people have bashed Microsoft for in the past becomes an awesome new feature in OS X.

Man, you hate Apple don't you :D

RobertMartens
Jun 26, 2012, 09:44 AM
Please stop saying "weighs in at".

I have been making this request for a couple of months but this is the first time I have seen anyone else join in. Not just you but two or three others agreed with you.

They should write 'is' and stop pretending that something that is not clever is.

polaris20
Jun 26, 2012, 10:07 AM
But not sure If you've read up on it, Mac OSX was hacked in under 30 minutes, so while Mac Users are less susceptible to viruses, it still doesn't make it more secure.. But obviously that may change with Mountain Lion..


You're reading too many headlines. While it may have taken 30 minutes to perform the hack, it didn't take 30 minutes to find the vulnerability and develop the hack. Same goes for any of these hacks for any of the OSes. It's sensationalistic.

You should educate your company IT guys about WSUS (http://en.wikipedia.org/wiki/Windows_Server_Update_Services).

It's a little feature that let's IT define intranet Windows Update servers, and force company clients to look at the local version, not the Microsoft site. IT can test the updates, and move them to the local server after verifying local apps.

MS has seen the problem, and provided the tools for IT to manage updates without "stressing to users not to download an update".


WSUS is great, but it doesn't do you a whole helluva lot of good when two of the main security problems on any platform are Flash and Acrobat Reader. You need a third party tool like Eminent (now owned by Solar Winds) to actually patch manage Windows machines properly.

hamidb83
Jun 26, 2012, 10:17 AM
My mac does not go into sleep anymore since the update. anybody has the same problem?

linux2mac
Jun 26, 2012, 10:27 AM
On the other hand, you say that you haven't used Windows in the last 11 years. You should be aware that a lot has changed in the last decade.


I kept hearing that in these forums and was optimistic. That is until I watched the Surface demo and realized nothing has changed with MS.

Watch Microsoftís Surface Tablet Freeze in the Middle of a Presentation
http://betabeat.com/2012/06/watch-microsofts-surface-tablet-freeze-in-the-middle-of-a-presentation/


Congratulations for dodging Flashback, hope your luck is as good with the next OSX malware.

I doubt it. Been using Macs for three years and I have had zero viruses/malware. Can't say the same for my Windows days. None of my Macs are running any anti-virus software either. Macs saved me money by not having to buy Norton licenses. How do you like having to buy anti-virus software annually?

brdeveloper
Jun 26, 2012, 10:39 AM
People like me care, and this guy obviously. I feel his pain. Reading an endless amount of blogs, it does get tiresome to hear the same tired, misused language over and over again, most often because those using it think it makes them sound cool, so we don't figure out they're not some unemployed videogame addicted geek living in their parent's basement, which makes it a, you know dude, an EPIC FAIL. Whoever invented using "fail" as a noun should be shot - along with the person who invented, "my bad."

This is linguistic prejudice. English is a global language these days and regional biases are common. Particularly, I usually write my sentences with a portuguese-influenced syntax and I probably prefer using nouns inherited from latin rather than saxon ones.

English is a language which tends to simplify syntax and semantics and maybe this is what make english a de-facto worldwide idiom.

For example, in portuguese, conjugating the verb fail in simple present would be:

Eu (I) falho (fail)
Tu (Thou - deprecated) falhas (failest (??) - deprecated)
VocÍ (You) falha (fail)
Ele/Ela (He/She/It) falha (fails)
Nůs (We) falhamos (fail)
Vůs (Ye - deprecated) falhais (failest (??) - deprecated)
VocÍs (You - plural) falham (fail)
Eles/Elas (They) falham (fail)

So, english language does a simplifying work faster than other languages and I find it nice because we have an easy-to-learn protocol for communicating worldwide. English is what Esperanto or French tried to be in the past.

----------


I doubt it. Been using Macs for three years and I have had zero viruses/malware. Can't say the same for my Windows days. None of my Macs are running any anti-virus software either. Macs saved me money by not having to buy Norton licenses. How do you like having to buy anti-virus software annually?

Actually I don't know if my Mac is really malware-free because I don't have any anti-virus software installed :P

polaris20
Jun 26, 2012, 10:43 AM
This is linguistic prejudice. English is a global language these days and regional biases are common. Particularly, I usually write my sentences with a portuguese-influenced syntax and I probably prefer using nouns inherited from latin rather than saxon ones.

English is a language which tends to simplify syntax and semantics and maybe this is what make english a de-facto worldwide idiom.

For example, in portuguese, conjugating the verb fail in simple present would be:

Eu (I) falho (fail)
Tu (Thou - deprecated) falhas (failest (??) - deprecated)
VocÍ (You) falha (fail)
Ele/Ela (He/She/It) falha (fails)
Nůs (We) falhamos (fail)
Vůs (Ye - deprecated) falhais (failest (??) - deprecated)
VocÍs (You - plural) falham (fail)
Eles/Elas (They) falham (fail)

So, english language does a simplifying work faster than other languages and I find it nice because we have an easy-to-learn protocol for communicating worldwide. English is what Esperanto or French tried to be in the past.

----------



Actually I don't know if my Mac is really malware-free because I don't have any anti-virus software installed :P

I know mine is. I run ClamXAV and Intego, non-realtime but weekly scans.

doobybiggs
Jun 26, 2012, 11:10 AM
so with the security stuff ... will virus / malware devs have to create new programs for Snow Leopard, Lion and Mountain Lion?

Just curious if they all tie together pretty closely or if they will be a lot different on the backend forcing those devs to create all new bad programs ...


anything with the above?


I have looked around but cannot seem to find much info since all I ever see people saying is "Nothing can ever happen to MAC" ... which is funny since apple marketing no longer thinks so ;)

gumblecosby
Jun 26, 2012, 02:13 PM
This is linguistic prejudice. English is a global language these days and regional biases are common. Particularly, I usually write my sentences with a portuguese-influenced syntax and I probably prefer using nouns inherited from latin rather than saxon ones.

English is a language which tends to simplify syntax and semantics and maybe this is what make english a de-facto worldwide idiom.

For example, in portuguese, conjugating the verb fail in simple present would be:

Eu (I) falho (fail)
Tu (Thou - deprecated) falhas (failest (??) - deprecated)
VocÍ (You) falha (fail)
Ele/Ela (He/She/It) falha (fails)
Nůs (We) falhamos (fail)
Vůs (Ye - deprecated) falhais (failest (??) - deprecated)
VocÍs (You - plural) falham (fail)
Eles/Elas (They) falham (fail)

So, english language does a simplifying work faster than other languages and I find it nice because we have an easy-to-learn protocol for communicating worldwide. English is what Esperanto or French tried to be in the past.

----------



Actually I don't know if my Mac is really malware-free because I don't have any anti-virus software installed :P

Tu is still used instead of voce in some parts of Brazil. My friend from Porto Alegre still uses it which confused me initially since Id never heard it in a conversation before. My partner (from a different part of Brazil) said it is uncommon to hear it and that is depreciated, as you rightfully said.

MikhailT
Jun 26, 2012, 02:14 PM
Beside the security updates, did anybody notice anything else in the update? Is ML now more optimized and more stable?

Enectic
Jun 26, 2012, 02:18 PM
You're talking about security patches, but I'm refering to definition updates for all 14 different anti-xware included, lthat you have to load for it to start updating the definitions, basically, another reason Windows sucks.

Oh you mean like these?

http://i645.photobucket.com/albums/uu177/Enectic/DefinitionUpdate.jpg

That's a screenshot of my update history with Windows automatic updates. Downloads and installs in the background without having to manually start anything up. When was the last time you used a Windows PC?

marcusj0015
Jun 26, 2012, 02:56 PM
Oh you mean like these?

Image (http://i645.photobucket.com/albums/uu177/Enectic/DefinitionUpdate.jpg)

That's a screenshot of my update history with Windows automatic updates. Downloads and installs in the background without having to manually start anything up. When was the last time you used a Windows PC?

Lol, I have to use one right now, and everytime I go into microsoft security something or other or windows defender. (lmfao) it bitches about having to update.

brdeveloper
Jun 26, 2012, 03:38 PM
Tu is still used instead of voce in some parts of Brazil. My friend from Porto Alegre still uses it which confused me initially since Id never heard it in a conversation before. My partner (from a different part of Brazil) said it is uncommon to hear it and that is depreciated, as you rightfully said.

Hello... maybe I was misunderstood. In truth, "Tu" is still used as opposed to "Thou". "Vůs" (Ye) is widely used in Portugal, but not much in Brazil, perhaps only in formal communication or poetry.

These two forms are frequently conjugated in a wrong way here as if they where interchangeable with "vocÍ" and "vocÍs", that is, it's common hear someone saying "Tu vai?" (Do thou go?) rather than "Tu vais?" (Do thou goest?).

In short, my point was that english evolves faster towards simplicity than other languages, like portuguese.

Blackened Apple
Jun 26, 2012, 07:34 PM
Hello... maybe I was misunderstood. In truth, "Tu" is still used as opposed to "Thou". "Vůs" (Ye) is widely used in Portugal, but not much in Brazil, perhaps only in formal communication or poetry.

These two forms are frequently conjugated in a wrong way here as if they where interchangeable with "vocÍ" and "vocÍs", that is, it's common hear someone saying "Tu vai?" (Do thou go?) rather than "Tu vais?" (Do thou goest?).

In short, my point was that english evolves faster towards simplicity than other languages, like portuguese.

In Portugal, "vůs" is rarely used in conversation, we use "vocÍs" usually. "Tu" is used when you talk to people close to you or of your own age, "vocÍ" is usually used with older people, not-that-close people, and generally to show respect.

BTW, that last conjugation should be "Doest/Dost thou go?", I think.

doobybiggs
Jun 26, 2012, 11:28 PM
Oh you mean like these?

Image (http://i645.photobucket.com/albums/uu177/Enectic/DefinitionUpdate.jpg)

That's a screenshot of my update history with Windows automatic updates. Downloads and installs in the background without having to manually start anything up. When was the last time you used a Windows PC?

buuuuurned! +1 for perfect screen shot to prove point :)

bedifferent
Jun 27, 2012, 12:27 AM
buuuuurned! +1 for perfect screen shot to prove point :)

Ladies, ladies, ladies, you're both pretty. :)

TheMacBookPro
Jun 27, 2012, 07:01 AM
Did anyone else have their computer boot back into the Apple ID/iCloud login screen after installation, and have Mail prompt you to update the database after installing this update?

All of my Gmail/iCloud/etc accounts under Mail, Contacts and Calendar are still logged in though. My login items weren't removed either.

I doubt it. Been using Macs for three years and I have had zero viruses/malware. Can't say the same for my Windows days.

Sounds like you had little common sense on the internet then. I've been using Windows since Win95 and have not had any viruses, period. Mainly because I don't click on the links for free smileys or visit shady websites.

None of my Macs are running any anti-virus software either. Macs saved me money by not having to buy Norton licenses. How do you like having to buy anti-virus software annually?

None of my computers are running any anti-virus and I've never had any problems. In your case I'd say you do need anti-virus though, which leads me to my next point:

Paying for antivirus? You've never heard of Windows Security Essentials, Windows Defender, Avast!, or any number of other free AV programs I presume then? (Macs saving you money... that's hilarious)

I don't like buying AV annually, which is why I don't. Yet I've never had a virus infestation on any of my Windows based PCs.

Honestly, I love my MacBook and iMac, but the stuff some people on here make up just to make their company of choice look better is laughable.

doobybiggs
Jun 27, 2012, 10:11 AM
Ladies, ladies, ladies, you're both pretty. :)

awww you think so ... but who wins the crown?

linux2mac
Jun 27, 2012, 10:25 AM
Sounds like you had little common sense on the internet then. I've been using Windows since Win95 and have not had any viruses, period. Mainly because I don't click on the links for free smileys or visit shady websites.


My former Fortune 100 company here in the great Twin Cities could have used your talents. Back in the early part of 2000 a major virus infiltrated our network (we were on Windows 2000 Professional then). The virus shut us down for a day and many of the 3000 plus employees at corporate headquarters were sent home early. Other local companies fell victim as well and the virus made the evening news. That was a lot of money lost that day and to think that company could have avoided the hit with this sound advice. :rolleyes:

TheMacBookPro
Jun 27, 2012, 10:37 AM
My former Fortune 100 company here in the great Twin Cities could have used your talents. Back in the early part of 2000 a major virus infiltrated our network (we were on Windows 2000 Professional then). The virus shut us down for a day and many of the 3000 plus employees at corporate headquarters were sent home early. Other local companies fell victim as well and the virus made the evening news. That was a lot of money lost that day and to think that company could have avoided the hit with this sound advice. :rolleyes:

And do you know how that major virus infiltrated your network? It didn't just appear without anyone doing anything, I can tell you that much. 3000 plus employees makes it more than likely that somebody did something stupid for that to happen.
Now had you told me that this was your private network that only you had access to, I'd be more inclined to believe your belief that viruses just appear on Windows, but as it stands you're just proving my point.

Your sarcasm is much appreciated, it goes to show what kind of person you are.

I also see that you've decided to reply solely to one part of my post- can you now tell me about the whole 'buying anti-virus annually' thing you mentioned?

MacNewsFix
Jun 27, 2012, 11:00 AM
Until Vista, the admin account in Windows did not implement DAC in a way to prevent malware by default. Also, Windows has a far greater number of privilege escalation vulnerabilities that allow bypassing DAC restrictions even if DAC is enabled in Windows.....

Mountain Lion only improves upon the security of Lion.

BTW, Safari on a Mac running Lion was not hacked at the last pwn2own.

Holy cats. Impressive post!

How did the co-author of the The Mac Hacker's Handbook, co-written by famous Pwn2Own winner, Charlie Miller, describe security on Lion compared to Windows? Oh yeah: "Windows 7 plus plus."


My former Fortune 100 company here in the great Twin Cities could have used your talents. Back in the early part of 2000 a major virus infiltrated our network (we were on Windows 2000 Professional then). The virus shut us down for a day and many of the 3000 plus employees at corporate headquarters were sent home early. Other local companies fell victim as well and the virus made the evening news. That was a lot of money lost that day and to think that company could have avoided the hit with this sound advice. :rolleyes:

Let me guess: The ILOVEYOU worm?


And do you know how that major virus infiltrated your network? It didn't just appear without anyone doing anything, I can tell you that much. 3000 plus employees makes it more than likely that somebody did something stupid for that to happen.
Now had you told me that this was your private network that only you had access to, I'd be more inclined to believe your belief that viruses just appear on Windows, but as it stands you're just proving my point.
....
I also see that you've decided to reply solely to one part of my post- can you now tell me about the whole 'buying anti-virus annually' thing you mentioned?

Clickjacking and zip-bombs are just two means by which hackers infect and take down computers and does not rely on visiting shady sites (example (http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/): Amnesty International UK site this year) or opening an email attachment. No or little interaction is necessary by the end-user.

A study in 2008 showed an unpatched Windows XP machine can be infected in an average of 4 minutes once connected to the Internet. In 2004, it was 20 minutes.

As for anti-virus software, he's probably referring to the software people have been told to buy for years, especially if they use Windows, requiring annual subscriptions to keep them effective at their purpose. They are so popular, hackers use fake anti-virus software to gain access to computers. Here is just a small sample:

Advanced Cleaner
AV Security 2012
AKM Antivirus 2010 Pro
AlfaCleaner
Alpha AntiVirus
ANG Antivirus
Antimalware Doctor
AntiMalware
AntiMalware GO
AntiMalware Go
AntiSpyCheck 2.1
AntiSpyStorm
AntiSpyware 2008
AntiSpyware 2009
Antispyware 2010
AntiSpyware 2011
AntiSpyware Bot from 2Squared Software
AntiSpywareExpert
AntiSpywareMaster
AntiSpyware Shield
AntiSpyware Soft
AntiSpywareSuite
AntiVermins
Antivir Solution Pro
Antivira AV
Antivirii 2011
Antivirus Action
Antivirus Monitor
Antivirus 7 or Antivirus5
Antivirus 8
Antivirus 360
Antivirus 2008
Antivirus 2009
Antivirus 2010
AntiVirus Gold or AntivirusGT
Antivirus IS
Antivirus Live
Antivirus Master
Antivirus .NET
Antivirus Pro 2009
Antivirus Pro 2010
Antivirus Scan
Antivirus Smart Protection
Antivirus Soft
AV Antivirus Suite
Awola
Best Malware Protection
Digital Security
Disk Defrag
Disk Doctor
Doctor Antivirus
Doctor Antivirus 2008
Dr Guard
DriveCleaner
Internet Antivirus 2011
Internet Defender 2011
Malware Defender
Malware Protection Center
MaxAntiSpy
Memory Fixer
MS AntiSpyware 2009
MS Antivirus Microsoft Anti Malware
MS Removal Tool
MS Removal Tool
My Security Engine
My Security Shield
My Security Wall
MxOne Antivirus
Navashield
Netcom3 Cleaner
Paladin Antivirus
PC Antispy
PC AntiSpyWare 2010
PC Clean Pro, PC-Doctor, PC Scan and Sweep
PC Privacy Cleaner
PCPrivacy Tools
PCSecureSystem
PC Antispyware
PSGuard
Quick Defragmenter
Rapid AntiVirus
Real AntiVirus, RegAlilve
Reggenie Antivirus
Registry Great
Registry Patrol
Registry Defender
Registry Winner
Reg tool
Security Shield
Security Solution 2011
Security Suite Platinum
Security Tool
Security Tool
Security Toolbar 7.1
Security Essentials 2010 (not to be confused with Microsoft Security Essentials)
SiteAdware
Smart Anti-Malware Protection
Smart Antivirus 2009
Smart Engine
Smart HDD
Smart Protection 2012
Smart security
Soft Soldier
Spy Away
SpyAxe
SpyCrush
Spydawn
SpyEraser
SpyGuarder
SpyHeal (a.k.a. SpyHeals & VirusHeal)
Spylocked
SpyMarshal
SpySheriff (a.k.a. PestTrap, BraveSentry, SpyTrooper)
SpySpotter
Spy Tool
spyware NO
ThinkPoint
Total Secure 2009
Total Win 7 Security
Total Win Vista Security
Total Win XP Security
VirusMelt
VirusProtectPro (a.k.a. AntiVirGear)
VirusRanger
VirusRemover2008
VirusRemover2009
Virus Response Lab 2009
VirusTrigger
Vista Antimalware 2011
Vista Antispyware 2010
Vista Antispyware 2011
Vista Antispyware 2012
Vista Antivirus 2008
Vista Home Security 2011
Vista Internet Security 2010
Vista Internet Security 2012
Vista Security 2011
Vista Security 2012
Vista Smart Security 2010
Volcano Security Suite
Win7 Antispyware 2011
Win 7 Antivirus 2010
Win Antispyware Center
Win 7 Home Security 2011
WinAntiVirus Pro 2006
WinDefender (not to be confused with the legitimate Windows Defender)
Win Defrag
Windows 7 Recovery
Windows Anticrashes Utility
Windows Antidanger Center
Windows Antivirus Rampart
Windows Attention Utility
Windows Cleaning Tool
XP-Shield
XJR Antivirus
Your Protection
Your PC Protector
Zinaps AntiSpyware 2008
Zentom System Guard
Security solution 2011

linux2mac
Jun 27, 2012, 11:24 AM
Holy cats. Impressive post!

How did the co-author of the The Mac Hacker's Handbook, co-written by famous Pwn2Own winner, Charlie Miller, describe security on Lion compared to Windows? Oh yeah: "Windows 7 plus plus."


Ouch! MS employees on this forum will not like that.


Let me guess: The ILOVEYOU worm?

Good recall.

http://en.wikipedia.org/wiki/ILOVEYOU

Apparently millions of people worldwide "did something stupid" that day. I am glad I don't use Outlook anymore. :D

Its nice to see Apple raising the bar even higher on security with Mountain Lion.

bedifferent
Jun 27, 2012, 01:24 PM
awww you think so ... but who wins the crown?

:p Sorry, couldn't resist a good natured jab :)

On topic, I jokingly asked a while back in a similar thread, who has the time to sit down and code all these viruses and how do they make a living to support them as it [generally] takes a lot of time?

I often wonder who gains the most from viruses. Certainly there are identity thieves, etc. Yet it seems, as a multi-billion dollar industry, don't the anti-virus manufacturers have a lot on the line should there be no need for them? It's like the pharmaceutical industry feeding more R&D into treatments than cures as there is more money for treating diseases which equates to long term investment strategies focusing pushing R&D into new treatments (as a diabetic since 12, but in excellent health, they make bank off test strips, meters, insulin, syringes, medications, etc. than the price of a one time cure or vaccine). Anti-virus manufacturers make quite a bit anytime a virus scare comes along; in annual subscriptions, software licenses, etc.

TheMacBookPro
Jun 28, 2012, 02:24 AM
Clickjacking and zip-bombs are just two means by which hackers infect and take down computers and does not rely on visiting shady sites (example (http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/): Amnesty International UK site this year) or opening an email attachment. No or little interaction is necessary by the end-user.

Thank you for the explanation, without resorting to sarcasm like that guy with the pissing avatar did.

The backdoor was fixed using a security update with Adobe and Oracle pushed out soon afterwards though, correct? The automatic update mechanism in Flash/Java should have prevented the issue before it became even more widespread.

However, I still fail to see why people would open random email attachments from unknown senders. They're just asking to be infected.

A study in 2008 showed an unpatched Windows XP machine can be infected in an average of 4 minutes once connected to the Internet. In 2004, it was 20 minutes.

But isn't that why Windows Update gives users the option to apply updates automatically?

As for anti-virus software, he's probably referring to the software people have been told to buy for years, especially if they use Windows, requiring annual subscriptions to keep them effective at their purpose. They are so popular, hackers use fake anti-virus software to gain access to computers. Here is just a small sample:

I understand what he meant by paid anti-virus, I was just confused about the way he put it. He seemed to imply that it was necessary to purchase anti-virus (every single year, no less), going so far as to say that using a Mac is "saving [him] money".

It's also worth noting that there are a number of fake anti-virus software for Mac OS X as well.

Apparently millions of people worldwide "did something stupid" that day. I am glad I don't use Outlook anymore. :D

Yes- they opened an email attachment from an unknown sender. I'm sorry, but that does qualify as something stupid in my book.

Renzatic
Jun 28, 2012, 02:43 AM
Lol, I have to use one right now, and everytime I go into microsoft security something or other or windows defender. (lmfao) it bitches about having to update.

What? It never bitches about updating. You only ever know if you've got a definition pending for download if you specifically go looking for it. Otherwise it'll download at 6 AM or when you first boot up your computer without saying a word otherwise.

----------


I understand what he meant by paid anti-virus, I was just confused about the way he put it. He seemed to imply that it was necessary to purchase anti-virus (every single year, no less), going so far as to say that using a Mac is "saving [him] money".

...which shows how ignorant he is. Yeah, it's always a good idea to keep a virus scanner going in Windows. But guess what? You don't have to pay for one. Get Avast or MSE. They're both free for life.

The excuse after that is usually "olol why should I have to run a virus scanner? I can't use one without it eating up 95% of my CPU and bogging my computer down", which is equally as dumb. I run MSE, and the most I've ever seen it gobble up resourcewise is 3% of my CPU and 30 meg of ram. I've seen chat clients take up more.

TheMacBookPro
Jun 28, 2012, 02:16 PM
...which shows how ignorant he is. Yeah, it's always a good idea to keep a virus scanner going in Windows. But guess what? You don't have to pay for one. Get Avast or MSE. They're both free for life.

The excuse after that is usually "olol why should I have to run a virus scanner? I can't use one without it eating up 95% of my CPU and bogging my computer down", which is equally as dumb. I run MSE, and the most I've ever seen it gobble up resourcewise is 3% of my CPU and 30 meg of ram. I've seen chat clients take up more.

It's not even 100% necessary to run an AV these days to be completely honest. It's still a good idea to run one though, and like you said most of them aren't as intrusive as, say, Norton is.

I see he's logged in since my & your post but appears to have decided to ignore this thread. I wonder why... :rolleyes:

MacNewsFix
Jun 28, 2012, 10:24 PM
Thank you for the explanation, without resorting to sarcasm like that guy with the pissing avatar did.

The backdoor was fixed using a security update with Adobe and Oracle pushed out soon afterwards though, correct? The automatic update mechanism in Flash/Java should have prevented the issue before it became even more widespread.

However, I still fail to see why people would open random email attachments from unknown senders. They're just asking to be infected.



No problem. I tend to find civility wins out more times than not with most people (exception: see Blu-Ray thread).

As for why people open attachments from strangers, I believe it is due to most people not wanting to learn why or how computers and Internet communication functions. They want it dead simple like a fax machine. Can you blame them? How many other times during the day do we have to worry about our devices turning on us (ok, maybe if one in the mob and starting his car in the morning ;))?


But isn't that why Windows Update gives users the option to apply updates automatically?


That's certainly a step in the right direction and should be on by default. Same as with Apple's "Automatically update see downloads list" is on by default in Security and Privacy in OS X.


I understand what he meant by paid anti-virus, I was just confused about the way he put it. He seemed to imply that it was necessary to purchase anti-virus (every single year, no less), going so far as to say that using a Mac is "saving [him] money".

It's also worth noting that there are a number of fake anti-virus software for Mac OS X as well.



If you don't continue to pay for the annual subscriptions (http://us.norton.com/norton-one/promo) to many of these anti-virus services, they become useless as hackers invent new viruses, etc. I've made enough money from removing viruses from PCs with out-of-date virus defintitions to know it to be fact.

Indeed there are some rogue (bogus) anti-virus software for the Mac. However, the lack of viruses over the years, combined with the typical Mac user usually being more sophisticated*, newer security features (see above for example), and smaller user base means less Mac users will fall prey to this method of being hacked. I think Macs users have more to fear from official-looking requests to update Adobe Flash.

Cheers.

* - [Studies from both 2002 and 2011 show Macs users tend to be better educated than their Windows-using counterparts (both showed ~70% college educated versus ~50% respectively). Don't shoot the messenger!]

TheMacBookPro
Jun 29, 2012, 12:12 AM
No problem. I tend to find civility wins out more times than not with most people (exception: see Blu-Ray thread).

You mean the Steve Jobs saying Blu-ray will never come to the Mac thread? That was a complete mess with insults flying left and right, yikes.

As for why people open attachments from strangers, I believe it is due to most people not wanting to learn why or how computers and Internet communication functions. They want it dead simple like a fax machine. Can you blame them? How many other times during the day do we have to worry about our devices turning on us (ok, maybe if one in the mob and starting his car in the morning ;))?

An antivirus is probably a good idea for people who do open random attachments, even on OS X- who knows if they'll receive one of those Mac trojans one day.

Junk filters and built-in automatic attachment AV scanners that most email services provide helps too.

That's certainly a step in the right direction and should be on by default. Same as with Apple's "Automatically update see downloads list" is on by default in Security and Privacy in OS X.

I was surprised to see that the entire update had already been downloaded when I clicked install for the ML DP4 update, I guess that's the automatic update function at work? I wasn't happy to see that it had eaten through 1GB of my cellular data (I was tethering) without letting me know though.

When you first set up Windows they let you choose how you want the updates, with automatically install being the preselected (and recommended) choice, so it's on by default unless the user purposely chooses not to, at which point a dialog box pops up recommending the user to set it back to automatic updates. That's about as default as it should be imo- give the user the choice at initial setup. If I wasn't on an unlimited data plan that would have been costly!

If you don't continue to pay for the annual subscriptions (http://us.norton.com/norton-one/promo) to many of these anti-virus services, they become useless as hackers invent new viruses, etc. I've made enough money from removing viruses from PCs with out-of-date virus defintitions to know it to be fact.

There are plenty of free anti-virus software which in tests were shown to be just as good as paid AV software- see: Avira, Avast and AVG, all of which provide automatically updated definitions daily without requiring a paid subscription.

Indeed there are some rogue (bogus) anti-virus software for the Mac. However, the lack of viruses over the years, combined with the typical Mac user usually being more sophisticated*, newer security features (see above for example), and smaller user base means less Mac users will fall prey to this method of being hacked. I think Macs users have more to fear from official-looking requests to update Adobe Flash.

They're just trojans, doesn't matter whether it's wrapped in a Flash update package or an anti-virus package. All operating systems are susceptible to this kind of attack. But yes, the Flash one would look more legitimate to the average Mac user.

With that said, both Windows and OS X are getting new security features to prevent exactly this sort of thing from happening.

* - [Studies from both 2002 and 2011 show Macs users tend to be better educated than their Windows-using counterparts (both showed ~70% college educated versus ~50% respectively). Don't shoot the messenger!]

I hate to be "that guy" but college graduates are more likely to be able to afford a $1500 or 2000 computer, so I'm not too surprised. It would be interesting to see the number of $1000+ Windows machines sold vs the number of bargain basement $500 Walmart specials sold.

That might be changing though, as entry prices into a Mac get lower and lower with $999 Airs and more and more people getting into the Apple ecosystem with $200 iOS devices. Time will tell :)

MacNewsFix
Jun 29, 2012, 09:56 AM
You mean the Steve Jobs saying Blu-ray will never come to the Mac thread? That was a complete mess with insults flying left and right, yikes.


Yep, that's the one. While I'd love to say I had no blood on my hands, I have to admit to more than once letting a troll get under my skin.

You bring up some good points with which I agree, especially leaving the options in the OS to give the intermediate or expert users necessary tools. However, out of the box, I believe any device available to the general public should have all security precautions on (just like with car airbags ;) ).



I was surprised to see that the entire update had already been downloaded when I clicked install for the ML DP4 update, I guess that's the automatic update function at work? I wasn't happy to see that it had eaten through 1GB of my cellular data (I was tethering) without letting me know though.



Damn! That bites. I'd stay off cellular when running updates, especially developer previews that tend to be HUGE.



There are plenty of free anti-virus software which in tests were shown to be just as good as paid AV software- see: Avira, Avast and AVG, all of which provide automatically updated definitions daily without requiring a paid subscription.



True. I use ClamXav from the Mac App Store and keep it updated (especially since we do a lot of business with other companies using Windows and occasional get a virus-ridden Word or PDF file we don't want to pass along to another entity in case they, too, use Windows). However, most people either succumb to the siren call of the big security firms that typically get their software included as part of bloatware packages, or novice users get duped by one of these rogue anti-virus programs that are just disguised trojans. Hopefully, more and more free anti-virus software will make its way into OS apps stores for those that are budget conscious and/or more computer savvy.



I hate to be "that guy" but college graduates are more likely to be able to afford a $1500 or 2000 computer, so I'm not too surprised. It would be interesting to see the number of $1000+ Windows machines sold vs the number of bargain basement $500 Walmart specials sold.



True. Last I checked (last year?), Apple owned the $1000+ range with 90% marketshare.



That might be changing though, as entry prices into a Mac get lower and lower with $999 Airs and more and more people getting into the Apple ecosystem with $200 iOS devices. Time will tell :)



I'm all for saving money (as long as quality and service don't get sacrificed)! Have a good weekend. :D

JHankwitz
Jun 29, 2012, 10:29 AM
"Weighing in at..." is a casual, jocular reference to boxing contestants. Language is rich in that way.

When boxing contestants 'weigh in', they are actually talking about their weight in pounds.

TheMacBookPro
Jun 29, 2012, 10:54 AM
Yep, that's the one. While I'd love to say I had no blood on my hands, I have to admit to more than once letting a troll get under my skin.

You bring up some good points with which I agree, especially leaving the options in the OS to give the intermediate or expert users necessary tools. However, out of the box, I believe any device available to the general public should have all security precautions on (just like with car airbags ;) ).

Even car airbags have manual override switches for the passenger seat (...but that's for when there's a baby seat in the front) :p

But yeah, I can see the logic behind Apple's 'automatically update unless you specifically go in and disable it' approach. It's one less thing for the user to think about, and less work for the user to do.

Damn! That bites. I'd stay off cellular when running updates, especially developer previews that tend to be HUGE.

It does, probably explains why the Internet speed was so slow on that day too :p

I would have connected to a regular Wi-Fi network but I had no idea it was even running an update. Probably would have been a good idea to dig through SysPref a bit more to make sure that everything was set to my desires upon first boot, well, that's a lesson learned.

True. I use ClamXav from the Mac App Store and keep it updated (especially since we do a lot of business with other companies using Windows and occasional get a virus-ridden Word or PDF file we don't want to pass along to another entity in case they, too, use Windows). However, most people either succumb to the siren call of the big security firms that typically get their software included as part of bloatware packages, or novice users get duped by one of these rogue anti-virus programs that are just disguised trojans. Hopefully, more and more free anti-virus software will make its way into OS apps stores for those that are budget conscious and/or more computer savvy.

That reminds me, it's probably a good idea to install Clam onto my computer too. You might want to download the package directly from the dev's website though, I notice that the App Store version is missing the quite useful hard drive monitoring function (Sentry), presumably due to Apple's restrictions.

It doesn't really help when the Best Buy salesmen hawk their $200 Norton or McAfee packages to everyone, but it's really up to the consumer to do their own research and make their own educated choice.

True. Last I checked (last year?), Apple owned the $1000+ range with 90% marketshare.

I wouldn't be all that surprised if they still do. The majority of Windows computers I see are fairly low end Dells and HPs. That might be changing with Windows-based PC manufacturers bring up their polish up to the Apple par though.

I'm all for saving money (as long as quality and service don't get sacrificed)! Have a good weekend. :D

I'm not surprised that Apple are slowly lowering prices (see: 1999 -> 1799 for the base 15" Pro, $100 price drop for the Airs, etc) as manufacturers like Samsung (Series 9), Asus (Zenbook) and HP (Envy) start pushing out some really nice and premium feeling notebooks while undercutting Apple slightly on price.

Competition really is good for everyone, no matter what everyone in the iPhone forums say :)

MacNewsFix
Jul 1, 2012, 12:46 PM
That reminds me, it's probably a good idea to install Clam onto my computer too. You might want to download the package directly from the dev's website though, I notice that the App Store version is missing the quite useful hard drive monitoring function (Sentry), presumably due to Apple's restrictions.


Thanks. Believe it or not, I was doing so initially.


It doesn't really help when the Best Buy salesmen hawk their $200 Norton or McAfee packages to everyone, but it's really up to the consumer to do their own research and make their own educated choice.


Gah! I forgot BB sale's people putting pressure on computer novices. You're right about caveat emptor, but I think this needs to be balanced with borderline predatory practices. Hopefully, younger generations will be impervious to such tactics.


That might be changing with Windows-based PC manufacturers bring up their polish up to the Apple par though.


Let's save that debate for another day. ;)


I'm not surprised that Apple are slowly lowering prices (see: 1999 -> 1799 for the base 15" Pro, $100 price drop for the Airs, etc) as manufacturers like Samsung (Series 9), Asus (Zenbook) and HP (Envy) start pushing out some really nice and premium feeling notebooks while undercutting Apple slightly on price.


I completely agree that there is pressure on Window OEMs to undercut Apple (even going so far to ask Intel for help (http://www.acercentral.com/laptops/notebooks/intel-pc-partners-ask-for-cpu-price-drop-amid-push-for-widespread-ultrabook-adoption/)) as their sales decline while Mac sales grow year-over-year. However, I'm not sure how much Apple's price cuts are a reaction to moves by competitors or more the result of the changing market and Apple's ability to buy supplies and unit orders in larger bulks (and thus getting a discount they can pass onto customers without hurting the bottom-line and likely allowing greater unit sales). Meanwhile, 50% of Mac sales at the Apple Stores go to people new to the Mac.


Competition really is good for everyone, no matter what everyone in the iPhone forums say :)

LOL! Touchť. :p

TheMacBookPro
Jul 2, 2012, 04:30 AM
Thanks. Believe it or not, I was doing so initially.

I now have Sentry set up to monitor my Downloads folder. I can't seem to get it to stick to my Login Items list though...

I find it a bit strange that I'm actually running AV on my Mac while not on my Windows computer. Seems like it should be the other way 'round!

Gah! I forgot BB sale's people putting pressure on computer novices. You're right about caveat emptor, but I think this needs to be balanced with borderline predatory practices. Hopefully, younger generations will be impervious to such tactics.

Based on conversations I've had with several teenagers, it looks like the younger generations are indeed rejecting any additional paid software. It seems to me that they just get their anti-virus (and other software) by, uh, 'nefarious' means.

Let's save that debate for another day. ;)

Well, whether or not you like the end result of the Apple-inspired Windows notebooks, you can't deny that they're trying a lot harder than they used to :)

I completely agree that there is pressure on Window OEMs to undercut Apple (even going so far to ask Intel for help (http://www.acercentral.com/laptops/notebooks/intel-pc-partners-ask-for-cpu-price-drop-amid-push-for-widespread-ultrabook-adoption/)) as their sales decline while Mac sales grow year-over-year. However, I'm not sure how much Apple's price cuts are a reaction to moves by competitors or more the result of the changing market and Apple's ability to buy supplies and unit orders in larger bulks (and thus getting a discount they can pass onto customers without hurting the bottom-line and likely allowing greater unit sales). Meanwhile, 50% of Mac sales at the Apple Stores go to people new to the Mac.

IMO the price drops are due to a mix of competition, lower prices from suppliers and more bulk discounts.

While the cost of SSDs are slowly falling, there isn't a massive difference in prices between mid/late 2011 and right now, and there's the additional cost of the faster SSDs in the new Airs which likely minimizes the lower cost of the SSD chips today.

Then there's the processors- if you look at the tray price of the top end Sandy Bridge Core i7 in the 2011 Air (2677M) and compare it to the top end Ivy Bridge Core i7 in the 2012 Air (3667U), you'll find that there's actually been a slight increase in price, from $317 to $346.

While here's no doubt that with they get a lower price due to the massive amount they order, I doubt the price drops were entirely due to the lower supplier costs- Apple saving money on the production side does not usually mean lower prices for their customers, but for some reason it does here.

MacNewsFix
Jul 2, 2012, 09:42 AM
I now have Sentry set up to monitor my Downloads folder. I can't seem to get it to stick to my Login Items list though...

I find it a bit strange that I'm actually running AV on my Mac while not on my Windows computer. Seems like it should be the other way 'round!

That seems a bit cavalier unless you are just running Windows VMs. I wouldn't recommend anyone use Windows with at least some protection, even if it is just Microsoft's free anti-malware tools.


Based on conversations I've had with several teenagers, it looks like the younger generations are indeed rejecting any additional paid software. It seems to me that they just get their anti-virus (and other software) by, uh, 'nefarious' means.


:( Sad. They'll likely feel that way until one day they get ripped off.


Well, whether or not you like the end result of the Apple-inspired Windows notebooks, you can't deny that they're trying a lot harder than they used to :)


I think you misunderstood me if you thought I didn't feel they were a step in the right direction. I think the MBAs' popularity has indeed proven that much of the world is ready to step away from spinning drives in addition to laptops festooned with ports and an optical drive hardly anyone uses. When the MBA was unveiled, many people called it Apple's netbook and "not a serious computer" partially because of it dispensing with the alphabet soup of ports adorning most laptops at the time and no optical drive; we now know that to have been a false assumption for much of the masses. Also, growing adoption of Thunderbolt (will make TB-related merchandise less expensive) and mini DisplayPort is good for everybody, IMHO.


IMO the price drops are due to a mix of competition, lower prices from suppliers and more bulk discounts.

While the cost of SSDs are slowly falling, there isn't a massive difference in prices between mid/late 2011 and right now, and there's the additional cost of the faster SSDs in the new Airs which likely minimizes the lower cost of the SSD chips today.

Then there's the processors- if you look at the tray price of the top end Sandy Bridge Core i7 in the 2011 Air (2677M) and compare it to the top end Ivy Bridge Core i7 in the 2012 Air (3667U), you'll find that there's actually been a slight increase in price, from $317 to $346.

While here's no doubt that with they get a lower price due to the massive amount they order, I doubt the price drops were entirely due to the lower supplier costs- Apple saving money on the production side does not usually mean lower prices for their customers, but for some reason it does here.

SSD prices sure seem to be plummeting. I can buy a 256GB internal drive for what my 120GB cost about 18 months ago.

I have read about the price drops on the MBAs, but it sure seems subtle. The entry level model remains $999, while the more popular 13" dropped $100. Also, the MBAs continue to grow in their share of Apple's laptop sales. While the CPU may be ~$40 more, I suspect (again, pure speculation) much of the motivation for the price drop on 13" is to put more of them in customers' hands (by overcoming a mental barrier on the price tag for some perspective clientele) and thus make up the $100 loss.

I won't fault the PC manufacturers from not wanting to leave money on the table and not go after the +$1000 crowd. Apple is making between $200 and $300 in profit per machine while the PC industry experiences about $50 per unit (the same as they typically pay for each Windows license!). Apple can take their per unit profits and use them to afford call centers where the support specialist are not reading from a script and I don't have to repeat myself three times.

I concede that I don't know the full motivation for the 13" MBA price drop. Whatever the reason, competition is always good for the consumer (again, unless it goes so far as to sacrifice quality control and customer service). The fact remains the PC industry needs to do something to stem the bleeding, and I don't like reading about layoffs.

TheMacBookPro
Jul 2, 2012, 01:21 PM
That seems a bit cavalier unless you are just running Windows VMs. I wouldn't recommend anyone use Windows with at least some protection, even if it is just Microsoft's free anti-malware tools.

It's not a VM, it's actually my previous primary laptop. Might install MSE later though.

I think you misunderstood me if you thought I didn't feel they were a step in the right direction. I think the MBAs' popularity has indeed proven that much of the world is ready to step away from spinning drives in addition to laptops festooned with ports and an optical drive hardly anyone uses. When the MBA was unveiled, many people called it Apple's netbook and "not a serious computer" partially because of it dispensing with the alphabet soup of ports adorning most laptops at the time and no optical drive; we now know that to have been a false assumption for much of the masses. Also, growing adoption of Thunderbolt (will make TB-related merchandise less expensive) and mini DisplayPort is good for everybody, IMHO.

It seemed like you were doubting that PC manufacturers are bringing their products up to Apple's level- I was talking about the look, design and feel :p

There's no doubt that removing the optical drive and moving to solid state memory was the right way to go into the future, much like their decision to remove the floppy disk drive 10+ years prior. I genuinely hope that TB doesn't go the way of FireWire.

SSD prices sure seem to be plummeting. I can buy a 256GB internal drive for what my 120GB cost about 18 months ago.

They were dropping quite a bit in price last year, but since late 2011 to right now the drops have somewhat leveled off.

The faster SSD blades over the 2011 model are likely to be more costly though so I doubt they're saving a lot of money, even factoring in SSD price drops. Just my 2c ofc, I don't know for sure if that's actually the case.

I have read about the price drops on the MBAs, but it sure seems subtle. The entry level model remains $999, while the more popular 13" dropped $100. Also, the MBAs continue to grow in their share of Apple's laptop sales. While the CPU may be ~$40 more, I suspect (again, pure speculation) much of the motivation for the price drop on 13" is to put more of them in customers' hands (by overcoming a mental barrier on the price tag for some perspective clientele) and thus make up the $100 loss.

Don't forget how they added 4GB RAM across the range. RAM is cheap as chips (heh, see what I did there?) now but that's still a minor additional cost over the 2GB they used to put in as stock.

I won't fault the PC manufacturers from not wanting to leave money on the table and not go after the +$1000 crowd. Apple is making between $200 and $300 in profit per machine while the PC industry experiences about $50 per unit (the same as they typically pay for each Windows license!). Apple can take their per unit profits and use them to afford call centers where the support specialist are not reading from a script and I don't have to repeat myself three times.

I guess it depends where you are then! I've had pretty good experiences with Apple call centers, but the ones Dell offer here in Hong Kong are local and they do in-home/office repair services.

I don't know how much money Dell are making off my Alienware laptop but I suspect it's a lot if they can afford to send out a tech!

Like I said before, PC mfgs are actually trying to regain 'premium' sales from Apple which would explain the efforts they go to make their computers lighter and thinner than Apple's. Whether or not they succeed is another story but they're definitely trying to sell more $1000+ machines.

I concede that I don't know the full motivation for the 13" MBA price drop. Whatever the reason, competition is always good for the consumer (again, unless it goes so far as to sacrifice quality control and customer service). The fact remains the PC industry needs to do something to stem the bleeding, and I don't like reading about layoffs.

Well, I guess only Apple's sales team really knows why they did a price drop.

I hate to say it but I think Apple's QC (or at least the factories they contract with) is in fact slipping these days- there was a scuff on the back of my iPad 3rd generation out-of-the-box, my MacBook Pro came without an OS installed, my iPhone had a missing bottom screw (it wasn't even in the box). Maybe Apple's aggressive pricing with the iPad and iPhone are resulting in poorer QC? With the number of iDevices they're pushing out these days I somewhat understand though!
I just hope my experience isn't indicative of others'.

kustardking
Jul 16, 2012, 11:37 AM
I think everybody knows that. The point is that it's a cliche. Something that was once clever, or 'jocular', but has been so overused its lost all of its impact and is now, at best, just a bunch of extra words, and at worst irritating or annoying.

Professional writers are supposed to exhibit skill with words. The first guy to used the phrase 'weighs in at' outside of a boxing context probably did that. The first guy to equate screen space with valuable real estate should be proud of himself. But those gags are done and old. 'Weighs in at' has been used over 1000 times in MacRumors articles alone. If you can't think of a clever way to describe the size of a file, stick with 'x is yMB' for the time being, or risk looking like an amateur.

Yes, I totally agree. Tired cliche. Rather, I was pointing out to JHankowitz that he is being Asperger's literal with the writer's usage.