Apple won't fix security flaws

Discussion in 'Mac Apps and Mac App Store' started by dswoodley, Oct 29, 2003.

  1. dswoodley macrumors 6502a

    Jul 18, 2002
    Interesting comments here on the new security flaws found in Jagwire. read the CNET article
  2. Toreador93 macrumors regular

    Sep 14, 2003
    I'd also like to hear what Mac users think of this. I just finished reading it on ZDNet, and the comments there are interesting.

    I'm a potential switcher, but I don't want to have to shell out $129 every year to be supported.
  3. fraeone macrumors regular


    Sep 26, 2003
    Seattle, WA
    This has been covered in other threads, but at this point Apple has not publicly commented on the security isues In fact, the sub title of the article is "...leaving security experts wondering if users will have to pay the $129 upgrade fee to be secure."

    In other words, wait and see what Apple says, not the guys who discovered the flaw and are looking for some good press for their firm. Not to take away from them, I'm certainly grateful for their work, but it's helpful to remember that @stake has a business to run.
  4. iShater macrumors 604


    Aug 13, 2002
    I'm taking a wait and see approach. If they are not planning to fix Jaguar, I will be pissed off bigtime. I just hope Apple doesn't do a collective "screw you" to us. :rolleyes:
  5. jayscheuerle macrumors 68020


    So, 10.2 may have some security flaws versus Windows XP which is a security flaw?

    I'm not sure why this would deter a switcher...:confused:
  6. Sun Baked macrumors G5

    Sun Baked

    May 19, 2002
    If the enhancements are inside the Finder, or require some of the new Panther-only libraries Apple has.

    Then I wouldn't really expect Apple to spend the money to fix the security issues.

    Apple did make a quick transition to putting out update that required the 10.2 last time, and many of the security enhancements Apple made were only offered in 10.2.x and not 10.1.x
  7. macphoria macrumors 6502a


    Nov 29, 2002
    Even if they don't update the security, there is little we can do. But it will demonstrate blatant marketing tactics on Apple's part, forcing users into make expensive upgrade. Hopefully this won't be the case.
  8. matthew24 macrumors 6502


    May 30, 2002
    Panther was only released last weekend! Many are still on Jaguar (me too) so I really do expect Apple to fix this quickly like they used to do. (Apple save your reputation!)
  9. nuckinfutz macrumors 603


    Jul 3, 2002
    Middle Earth
    :rolleyes: :rolleyes: :rolleyes: :rolleyes:

    It's really funny to see how people respond to daily computer life.

    Like the average person can't see THIS is a loaded statement. I doubt security "experts" lose sleep over Apples patches.

    Security risks must be assessed by the severity of the risk and the probability that someone will actually attemtp the risk. Remember folks Hackers and Script Kiddies are using PC's are rarely target Macs.

    I still think Apple should patch but I find it ironic the this alert comes from a company that fired a consultant for a negative Microsoft review. Their suspect to me in other words.
  10. Lanbrown macrumors 6502a

    Mar 20, 2003
    I haven't seen another security company even mention these vulnerabilities. So @STAKE could be playing this vulnerability up and in the real world poses little to no risk.
  11. illumin8 macrumors 6502

    Apr 20, 2003
    East Coast, US
    Sorry, but this is pretty abysmal in the tech world and should give a lot of users pause. Microsoft promises they will continue to support and release security patches for an OS for 5 years after it is no longer sold on the shelves. That means that customers running Windows NT have been able to get security patches up until this year (2003, I think they are finally EOLing NT 4.0). 5 years is pretty short. Sun releases Solaris security patches for 10 years after an OS is no longer sold.

    A lot of IT managers will refuse to buy a product that has a forced upgrade cycle of anything less than 5 years. The reason for this is that there is much more cost involved in upgrading your OS than just the $129 per user. You also have to re-test all of your applications and make sure they are still compatible. You might have to re-write several applications and these are costs that cannot be absorbed on an annual basis, or whenever Steve Jobs feels like he needs to milk the Mac faithful for more money. If you want to see an example of this, just look at how many EDU organizations are still running OS 9.

    If Apple doesn't change this policy quickly they will ensure that Macs stay in the homes where they already are and never penetrate very deep into the corporate world.

    Of course Macs are much more secure by default than Windows. I'm not arguing that, but recently there have been several security holes in basic functionality like SSH that allow people to gain root access. Without security patches many vulnerable people could be infected by a Worm similar to anything that MS users get on a regular basis.

    Of course, the crux of the matter is this: Steve Jobs wants all users to be on a 1 year upgrade cycle so that Apple makes more money, rather than releasing incremental updates like Service Packs that add functionality. If you're releasing an OS every year you can't afford to back-port all of your security patches to the previous 5 years worth of OS, there's just too much testing time involved.

    Bottom line: Apple's greedy and it's costing them a lot of potential corporate customers.
  12. will macrumors regular

    Aug 29, 2002
    Apple's behavior so far has been disgraceful.

    I think Apple should issue an official statement on their OS support policy, and commit to provide security patches and major bug fixes for at least three years after the OS is current (i.e. until at least October 2006 for 10.2).

    I am currently using a 10.2 based machine, my machine is very important to my work, and I won't be upgrading until 10.3.1 arrives, and issues such as FW drive corruption are sorted. This leave my machine vunerable.

    Sadly, some people will defend Apple, whatever it does, and however wrong its decisions. Fanatical support helps no one. If you want to see a strong Apple, and a secure OS, you should apply pressure to Apple to get this issue fixed.
  13. mim macrumors 6502

    Apr 24, 2003
    flesh, melbourne.... heart, london

    So...when did an OS company publically state they were supporting a product for 5 years? Microsoft? I sure don't remember that when NT came out (I could be wrong...).

    Are you still running a 5 year old OS? i know a few who are...but they are way small fry and know it. The ones who are using MS products do find it hard...not upgrading. Please tell me that you are refusing to upgrade from word 5 because you bought it thinking you wouldn't have to upgrade for years....go on. :rolleyes:
  14. beg_ne macrumors 6502

    Jul 3, 2003
    Looks like you took their FUD hook line and sinker. Apple hasn't commented on the security issues at all, CNet for some reason takes that to mean that there won't be a patch for 10.2 at all. Here's a tip if any "news" or "reviews" come from a PeeCee dominated source take it with a large grain of salt.
  15. Dale Sorel macrumors 6502a

    Dale Sorel

    Jan 12, 2003
    LOL :p
  16. will macrumors regular

    Aug 29, 2002
    Perhaps you missed in which Apple refer to these very security issues?
  17. will macrumors regular

    Aug 29, 2002
    We can argue how long a product should be supported for, but the point still stands. I don't expect Apple to port the features of 10.3 to 10.2, but what I would expect is continuing support WRT bugs and security issues. Do you think Sun stopped issuing security patches for Solaris 8 when Solaris 9 came out? And while you can argue OS X is more secure than Windows, Microsoft have continued to provide security patches for their older OSs, NT, 2000 etc. Apple should do likewise.

    This is a serious issue, and I hope those reading this thread are thinking about it carefully.
  18. Lanbrown macrumors 6502a

    Mar 20, 2003
    Apple even says that all systems come with 90-days of software support, longer with Apple Care. So, they are bound to fix the problems.
  19. primalman macrumors 6502a

    Jul 23, 2002
    at the end of the hall
    Please raed the MacCentral front page. Apple is addressing these issues.

    Move on.
  20. will macrumors regular

    Aug 29, 2002
    That's excellent news. Apple could have saved a lot of negative publicity and stressed users if they'd made that announcement sooner. have updated their story too

    Now if only Photoshop 8 would hurry and arrive I'd be really happy ;)
  21. Lancetx macrumors 68000


    Aug 11, 2003
    Or maybe if CNET, ZDNET and @Stake would have gotten their FACTS straight before running to press with such speculative nonsense in the first place. This was nothing but FUD from the start...end of story.
  22. illumin8 macrumors 6502

    Apr 20, 2003
    East Coast, US
    I don't mean to be insulting, but your post demonstrates a lack of insight into the enterprise computing environment. Banks and telcos are still running Unix systems from the 70s and 80s, much less mainframes.

    I work on Sun servers and I have several customers that are still running Solaris 2.6 which was released in 1997. They might not upgrade for a several more years even.

    You might ask what did Sun have to do to win the business of these enterprise customers? They had to promise to support each version of the OS with patches and security updates for 10 years after release. Microsoft only promises 5 years which is why Windows 98's support is lapsing this year (I think it already lapsed).
  23. bousozoku Moderator emeritus

    Jun 25, 2002
    Gone but not forgotten.
    Sun and Solaris are hardly a holy grail. Sun releases more bugs in one release of Solaris than Apple ever will. Recent Sun happenings even suggest that Java doesn't run well on Solaris because the operating system doesn't cooperate well.

    Apple have, in the past, issued security updates for the prior version without a comment and so it should have been noted in the various articles. Of course, we're talking about media responsibility and ZDNet doesn't do that anymore and C|Net never did.

    I'm no Apple cheerleader, but I'm certain of Apple's committment to security. One Microsoft-ian slip and they'll be on the run.
  24. rainman::|:| macrumors 603


    Feb 2, 2002
    in my experience, apple has rarely abandoned an OS verison while it's not secure... they do a good job of finalizing it before moving on. apple has rarely had a final product or version with any problems remaining at all, especially security issues. if someone can point out where i am wrong, please do.

  25. mim macrumors 6502

    Apr 24, 2003
    flesh, melbourne.... heart, london
    No - you do have a good point...and I was just being a tad generalistic ;)

    However, the customers you are dealing with tend to buy/use an os like a 'machine' rather than an evolving tool - they're systems to do a specific job that probably won't change very dramatically over the years. Even though I do expect to upgrade more often than 5 year cycles, I think you're right that Apple should keep addressing security issues as they occur. 5 years does seem pretty reasonable. Apple should publically state things like this to avoid misunderstanding.

    We should also consider @Stake's reputation though....recently sacking an employee who helped write a paper criticising MS's products security. General agreement seemes to be that things have changed there a lot since l0pht days...

Share This Page