Separate names with a comma.
Discussion in 'Mac Apps and Mac App Store' started by dswoodley, Oct 29, 2003.
Interesting comments here on the new security flaws found in Jagwire. read the CNET article
I'd also like to hear what Mac users think of this. I just finished reading it on ZDNet, and the comments there are interesting.
I'm a potential switcher, but I don't want to have to shell out $129 every year to be supported.
This has been covered in other threads, but at this point Apple has not publicly commented on the security isues In fact, the sub title of the article is "...leaving security experts wondering if users will have to pay the $129 upgrade fee to be secure."
In other words, wait and see what Apple says, not the guys who discovered the flaw and are looking for some good press for their firm. Not to take away from them, I'm certainly grateful for their work, but it's helpful to remember that @stake has a business to run.
I'm taking a wait and see approach. If they are not planning to fix Jaguar, I will be pissed off bigtime. I just hope Apple doesn't do a collective "screw you" to us.
So, 10.2 may have some security flaws versus Windows XP which is a security flaw?
I'm not sure why this would deter a switcher...
If the enhancements are inside the Finder, or require some of the new Panther-only libraries Apple has.
Then I wouldn't really expect Apple to spend the money to fix the security issues.
Apple did make a quick transition to putting out update that required the 10.2 last time, and many of the security enhancements Apple made were only offered in 10.2.x and not 10.1.x
Even if they don't update the security, there is little we can do. But it will demonstrate blatant marketing tactics on Apple's part, forcing users into make expensive upgrade. Hopefully this won't be the case.
Panther was only released last weekend! Many are still on Jaguar (me too) so I really do expect Apple to fix this quickly like they used to do. (Apple save your reputation!)
It's really funny to see how people respond to daily computer life.
Like the average person can't see THIS is a loaded statement. I doubt security "experts" lose sleep over Apples patches.
Security risks must be assessed by the severity of the risk and the probability that someone will actually attemtp the risk. Remember folks Hackers and Script Kiddies are using PC's are rarely target Macs.
I still think Apple should patch but I find it ironic the this alert comes from a company that fired a consultant for a negative Microsoft review. Their suspect to me in other words.
I haven't seen another security company even mention these vulnerabilities. So @STAKE could be playing this vulnerability up and in the real world poses little to no risk.
Sorry, but this is pretty abysmal in the tech world and should give a lot of users pause. Microsoft promises they will continue to support and release security patches for an OS for 5 years after it is no longer sold on the shelves. That means that customers running Windows NT have been able to get security patches up until this year (2003, I think they are finally EOLing NT 4.0). 5 years is pretty short. Sun releases Solaris security patches for 10 years after an OS is no longer sold.
A lot of IT managers will refuse to buy a product that has a forced upgrade cycle of anything less than 5 years. The reason for this is that there is much more cost involved in upgrading your OS than just the $129 per user. You also have to re-test all of your applications and make sure they are still compatible. You might have to re-write several applications and these are costs that cannot be absorbed on an annual basis, or whenever Steve Jobs feels like he needs to milk the Mac faithful for more money. If you want to see an example of this, just look at how many EDU organizations are still running OS 9.
If Apple doesn't change this policy quickly they will ensure that Macs stay in the homes where they already are and never penetrate very deep into the corporate world.
Of course Macs are much more secure by default than Windows. I'm not arguing that, but recently there have been several security holes in basic functionality like SSH that allow people to gain root access. Without security patches many vulnerable people could be infected by a Worm similar to anything that MS users get on a regular basis.
Of course, the crux of the matter is this: Steve Jobs wants all users to be on a 1 year upgrade cycle so that Apple makes more money, rather than releasing incremental updates like Service Packs that add functionality. If you're releasing an OS every year you can't afford to back-port all of your security patches to the previous 5 years worth of OS, there's just too much testing time involved.
Bottom line: Apple's greedy and it's costing them a lot of potential corporate customers.
Apple's behavior so far has been disgraceful.
I think Apple should issue an official statement on their OS support policy, and commit to provide security patches and major bug fixes for at least three years after the OS is current (i.e. until at least October 2006 for 10.2).
I am currently using a 10.2 based machine, my machine is very important to my work, and I won't be upgrading until 10.3.1 arrives, and issues such as FW drive corruption are sorted. This leave my machine vunerable.
Sadly, some people will defend Apple, whatever it does, and however wrong its decisions. Fanatical support helps no one. If you want to see a strong Apple, and a secure OS, you should apply pressure to Apple to get this issue fixed.
So...when did an OS company publically state they were supporting a product for 5 years? Microsoft? I sure don't remember that when NT came out (I could be wrong...).
Are you still running a 5 year old OS? i know a few who are...but they are way small fry and know it. The ones who are using MS products do find it hard...not upgrading. Please tell me that you are refusing to upgrade from word 5 because you bought it thinking you wouldn't have to upgrade for years....go on.
Looks like you took their FUD hook line and sinker. Apple hasn't commented on the security issues at all, CNet for some reason takes that to mean that there won't be a patch for 10.2 at all. Here's a tip if any "news" or "reviews" come from a PeeCee dominated source take it with a large grain of salt.
Perhaps you missed http://docs.info.apple.com/article.html?artnum=61798 in which Apple refer to these very security issues?
We can argue how long a product should be supported for, but the point still stands. I don't expect Apple to port the features of 10.3 to 10.2, but what I would expect is continuing support WRT bugs and security issues. Do you think Sun stopped issuing security patches for Solaris 8 when Solaris 9 came out? And while you can argue OS X is more secure than Windows, Microsoft have continued to provide security patches for their older OSs, NT, 2000 etc. Apple should do likewise.
This is a serious issue, and I hope those reading this thread are thinking about it carefully.
Apple even says that all systems come with 90-days of software support, longer with Apple Care. So, they are bound to fix the problems.
Please raed the MacCentral front page. Apple is addressing these issues.
That's excellent news. Apple could have saved a lot of negative publicity and stressed users if they'd made that announcement sooner.
news.com have updated their story too http://news.com.com/2100-7355-5098688.html
Now if only Photoshop 8 would hurry and arrive I'd be really happy
Or maybe if CNET, ZDNET and @Stake would have gotten their FACTS straight before running to press with such speculative nonsense in the first place. This was nothing but FUD from the start...end of story.
I don't mean to be insulting, but your post demonstrates a lack of insight into the enterprise computing environment. Banks and telcos are still running Unix systems from the 70s and 80s, much less mainframes.
I work on Sun servers and I have several customers that are still running Solaris 2.6 which was released in 1997. They might not upgrade for a several more years even.
You might ask what did Sun have to do to win the business of these enterprise customers? They had to promise to support each version of the OS with patches and security updates for 10 years after release. Microsoft only promises 5 years which is why Windows 98's support is lapsing this year (I think it already lapsed).
Sun and Solaris are hardly a holy grail. Sun releases more bugs in one release of Solaris than Apple ever will. Recent Sun happenings even suggest that Java doesn't run well on Solaris because the operating system doesn't cooperate well.
Apple have, in the past, issued security updates for the prior version without a comment and so it should have been noted in the various articles. Of course, we're talking about media responsibility and ZDNet doesn't do that anymore and C|Net never did.
I'm no Apple cheerleader, but I'm certain of Apple's committment to security. One Microsoft-ian slip and they'll be on the run.
in my experience, apple has rarely abandoned an OS verison while it's not secure... they do a good job of finalizing it before moving on. apple has rarely had a final product or version with any problems remaining at all, especially security issues. if someone can point out where i am wrong, please do.
No - you do have a good point...and I was just being a tad generalistic
However, the customers you are dealing with tend to buy/use an os like a 'machine' rather than an evolving tool - they're systems to do a specific job that probably won't change very dramatically over the years. Even though I do expect to upgrade more often than 5 year cycles, I think you're right that Apple should keep addressing security issues as they occur. 5 years does seem pretty reasonable. Apple should publically state things like this to avoid misunderstanding.
We should also consider @Stake's reputation though....recently sacking an employee who helped write a paper criticising MS's products security. General agreement seemes to be that things have changed there a lot since l0pht days...