View Full Version : The Mac Landscape: Full of Empty Threats?
Nov 20, 2006, 08:59 PM
Link: The Mac Landscape: Full of Empty Threats? (http://www.macbytes.com/link.php?sid=20061120215947)
Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug
Nov 21, 2006, 09:47 AM
I'm glad this was listed under opinion because that's exactly what it is. The author is loathe to find anything more than speculatory evidence or tired rhetoric to bolster his point. This article is just another shining example of E|Week's unfathomable anti-Mac bias, making me wonder if E|Week is run by Microsoft, and just another reason why E|Week can go blow itself.
Nov 21, 2006, 10:01 AM
I've always thought the reason why Windows gets attacked so much is down to Microsoft. They aren't a nice company, so people want to take a piece off them.
However, the author's assertion that nobody cares about Macs is off, especially since he compares OSX to Solaris, a purely server OS. Sun systems tend to be attacked more because there are a lot of Solaris boxes out there that are never patched against announced vulnerabilities. Same with the older Linux installations.
In comparison OSX by default tells you that you are missing patches and what those patches are, so before the hackers have a chance to exploit the hole, people are already patching against it. It's one of the reasons Apple don't pre-announce their security updates like Microsoft. Exploits against Windows rise just after Redmond release their monthly patches, because the hackers know that either Microsoft stay quiet or inconvenience their customers with yet another patch. Apple keep the black-hat brigade guessing. What's the point of putting all your effort into an exploit if two hours before you release it into the wild Software Update starts alerting Mac users to update their systems.
Nov 21, 2006, 12:08 PM
I also thought that OSX's "holes" or security breaches were just that, but only on a certain level. *struggles to figure out how to explain this*
I has been explained to me that OSX can be thought of as multi level system (outside of the unix idea) and that a security "hole" no matter how major it is would be extremely hard to take advantage of because it sits between two (or more) other layers that don't have holes in them. Like finding the chink in the armor, and all the armor layers below that.
So Theoretically if the only thing a hacker had to deal with was that one hole, they could do it, but they don't, they have to (in most cases) tackle multiple different layers many of which don't have security flaws (that we're aware of) or at least not ones that can be linked to create one good effective attack.
And I still don't believe this claim that no one cares about OSX. I'm a CS major,and I've come into contact with some very bright (albeit probably law abiding) kids that would love to see Mac OSX get a virus. So more people are familiar with "Windows". Pah. C++ is the same on both systems for the most part (especially if you strip the need for graphics or a GUI), and if you get into unix the security holes are the same. All you have to do is tear down OSX and understand it and it's flaw. Not an overnight job, but the same work I'd have to do to create something nasty for windows. Though it's not as if learning a new programming language is all that hard either :rolleyes:
Nov 21, 2006, 01:55 PM
It's obvious to the reader that this writer doesn't have any reasonable theories for why OSX isn't successfully exploited when even the less-popular Linux and Solaris are regularly. At least in the end he admits that he hasn't got a clue. Maybe that should have been a sign to him that his speculation can't be taken very seriously. I get the sense that he's a bit annoyed by his inability to explain this situation so he felt compelled to ascribe it in the end to "luck." That theory is as inoperative as any of the others. Nobody can remain lucky for long in the OS business -- somebody will always be trying to crack you. Next theory, please... this one sucks.
Nov 22, 2006, 08:51 AM
Bah. This guy is relying on "security" companies like Symantec for information about OS X vulnerabilities. The problem is, Symantec and the others have a vested interest in making the Mac look vulnerable.
Many of the vulnerabilities these companies report can only be exploited if one or more other vulnerabilities exist. It's like saying Fort Knox is insecure because one of the guards has narcolepsy. Less secure? Sure, but not insecure. Real security is built in layers so that if one layer fails, the next will likely make the stop. Market share has nothing to do with it.