Awesome. Very true. That's the best analogy I've heard yet.dukeblue91 said:For most PC users Windows is like being in a abusive relationship
that you know you need to get away from but you are to scared to actually do it.
Awesome. Very true. That's the best analogy I've heard yet.dukeblue91 said:For most PC users Windows is like being in a abusive relationship
that you know you need to get away from but you are to scared to actually do it.
iSaint said:According to the Computer Science grad in my education classes this summer, Macs don't get viruses because there's such a small user base no one wants to mess with it. But he could make a Mac virus easily, he says.
Aside from his arrogance and idiocy, I understood (and he doesn't) the Unix base of OS X makes it much more difficult to create a workable virus on a Mac.
Is this right?
That article was dumb. The idea that linux accounts for more security breaches than windows is simply ridiculous. Security aside, there simply aren't enough linux boxes out there. They could all be breached 5 times and there still wouldn't be as many as windows.VanNess said:Ask the expertsiSaint said:According to the Computer Science grad in my education classes this summer, Macs don't get viruses because there's such a small user base no one wants to mess with it. But he could make a Mac virus easily, he says.
Aside from his arrogance and idiocy, I understood (and he doesn't) the Unix base of OS X makes it much more difficult to create a workable virus on a Mac.
Is this right?
berkleeboy210 said:This worm supposedly hit computers in Disney World, and actually shut down rides.
patrick0brien said:-berkleeboy210
Oh dear GOD!
"It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world..."
patrick0brien said:-berkleeboy210
Oh dear GOD!
"It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world after all...It's a small world..."
Crikey said:Etch-A-Sketch, probably.
Crikey
dotdotdot said:Of course, everyone is forgetting this is Windows 2000 being affected - not XP, the most recent release.
zflauaus said:Well, I'm glad I switched. Now, to start working on the rest of the family. Hee hee hee....
kamper said:That article was dumb. The idea that linux accounts for more security breaches than windows is simply ridiculous. Security aside, there simply aren't enough linux boxes out there. They could all be breached 5 times and there still wouldn't be as many as windows.
That said, macs do benefit very much from security by obscurity. Not only is there little benefit in targetting the platform because there aren't many users, a worm could never spread itself over the internet because there isn't a critical mass of machines to target (as was just pointed out).
Claiming that "the Unix base of OS X" gives you an automatic shield from all harm is silly. The name "UNIX" (as Apple marketing likes to throw around so much) isn't some magic wand that gives you perfect reliability and security. Sure, it's a better model than windows where the average user is running with admin privileges all the time, but if someone is determined they can hack just about anything. Again, it's just not worth anybody's time to hack os x when there are plenty of windows vulnerabilities with free exploit code.
The attraction to hacking something is not glory, as you're all supposing. There is a very serious industry based on delivering adware and spyware to the desktops of computer illiterate people. Again, security by obscurity: crack every mac out there and you have a few million victims, crack a small percentage of windows machines and you have many more which = more profit.
It's all fine and good to gloat that we're sitting safe behind our macs (because we are very safe, comparatively speaking), but please don't claim that the differences in engineering between mac osx and windows are the only (or even primary) reason. A reasonably savvy windows user who uses a good firewall and applies patches when they are supposed to and doesn't use IE will be just as safe as us.
Well yeah, consider the source. mi2g are well known for sensationalism and, at times, outright fabrication.kamper said:That article was dumb.
kamper said:A reasonably savvy windows user who uses a good firewall and applies patches when they are supposed to and doesn't use IE will be just as safe as us.
I don't normally post mere 'dittos' but after reading Xapplimatic's post I thought I'd go against the grain.dmw007 said:Very well said Xapplimatic!
I ditto your dittoSavage Henry said:I don't normally post mere 'dittos' but after reading Xapplimatic's post I thought I'd go against the grain.
Good read.
emw said:We were down on and off for most of the day, so having a Mac helped in that I didn't have to install any patches, but I still couldn't get much work done.
The vast majority of microsoft software holes have patches available before any kind of significant exploit is actually released to the public. Besides having the holes in the first place, microsoft's biggest security challenge is simply getting users to apply the patches that are available. If you put up a decent hardware firewall (eg. NAT, and very few computers using any operating system should ever be exposed without such a firewall), apply patches when they come out and exercise common sense while browsing you will be perfectly fine. Of course, decent antivirus and antispyware are important too, but that's cure, not prevention. Yes, this is far more work than you usually have to do with os x, but my point was, it's possible.Xapplimatic said:That couldn't be farther from the truth.kamper said:A reasonably savvy windows user who uses a good firewall and applies patches when they are supposed to and doesn't use IE will be just as safe as us.
Why am I anti-Apple, just because I think security by obscurity is real? It's not a bad thing, and even if it was, is it against the rules to criticize Apple in any way, shape or form? Again, I'm not criticizing Apple here at all.Wether or not it's "security through obscurity" is irrelevant. That phrase shouldn't even be used in an honest forum because it smacks of anti-Apple bias since there's nothing "obscure" about the Macintosh platform, Mac OS, or Apple... As much as Microsoft has traditionally tried to pretend that Apple is obscure, it isn't anymore obscure than the press decides it is.. Mac usership hasn't changed that much, but has remained relatively stable over the long haul now on the increase. The iPod decided for the press that Apple was nolonger "obscure". How quaint.
What does Intel have to do with this? And yes, it does matter if you run IE or firefox or opera. Non-IE browsers don't have the gaping hole known as ActiveX for starters. Non-IE browsers sit at a fairly high level above the system, whereas IE is laced inextricably into windows. If you want to use numbers, compare the number of flaws in IE vs. non-IE that have actually been exploited. IE in it's current state is simply a hazard. Non-IE browsers benefit partly from better engineering and partly from obscurity.As you know, there are no true viruses on Mac OS X. The only purported trojan horse was a stunt by a security firm ("Integro" if memory serves) to sell Mac users their anti-malware which basically only focuses on keeping Windows viruses out of emails sent from Macs to Windows machines. That exploit was fixed within less than a month by Apple itself. Compare that to literally several new real viruses every day on Windows.. over 100,000 known viruses in the wild, do the math. Obscurity if valid couldn't even begin to account for that stark of a contrast. Truth be told: It doesn't matter if you use Internet Exploiter or FireFox, it's still Intel code under a sketchy Windows OS.
Independant security firms can get their hands on Microsoft's code too. For a proprietary software company, they're actually not all that bad at sharing source code. More on Apple and proprietary code in a bit...Pure engineering explanation. Windows has already exploited flaws that still exist unpatched. Some things go unpatched for months, even years on Windows. Mac OS X's only known exploits aren't generally known pretty much until the patches are already released for them detailing what the exploits were.
Good engineering deploys high levels of public scrutiny to find flaws and provide feedback for corrections. Microsoft lacks this step in product development. Their code review is all inhouse, closed door. So from a purely engineering point of view, UNIX is always going to be more secure and less bug-plagued than Windows anything until Microsoft changes their closed-source practices.. Any *nix is going to be more secure than Windows because anybody (including all the independent security firms) out there can review the collective sourcecode of all the various apps that comprise the system and report flaws/potential exploits privately to the parties concerned to generate a patch before a hacker finds out about it on some website.
Au contraire, crackers rarely find exploits by reading source code. Unless you are actively developing or bug-fixing, reading code is mind-numbingly boring and not particular conducive to understanding. Having code in the open is not a serious benefit to crackers until after they are aware of the general location of a hole they want to exploit.While its true that hackers also have more access to find things too to exploit, the reality is that it rarely works this way. Usually if a hacker spots a problem for malicious exploit, by the time they see it, someone with more well-meaning intent has also found it and reported it for prompt patching. WIth Windows, only hackers will have the source code for it because genuine security firms aren't legally allowed to use copies of "stolen Windows source code". That's not a good situation at all.
Of course engineering is the primary reason for the existence of holes. It is not necessarily the primary reason for exploits of those holes.Windows users must wait 100% on Redmonds to do everything for them. Redmonds has to become aware of the flaw, decide that it's worth fixing, and then handle generating the patch code 100% on their own since their OS isn't based upon open source projects at any level. Apple on the other hand may find most of its OS flaws are already corrected for them by the open source community by the time management becomes aware of the need for a patch. They simply incorporate the new versions of code into their code tree for OS X and voila, patches are in place without much effort on Apple's part. The advantage of that is obvious. The open source community and all its resources and millions of eyes and brains are a resource shut off from Redmonds.. Microsoft will shun the favor of public review while Apple welcomes it. Smart move for Apple.
Windows will never have the advantage of peer review because Redmonds forbids access to nearly everyone outside to review their source code (save for court order that is). Furthermore, they don't even let any one department examine the entire source tree for Windows (Bill Gates is ultra paranoid didn't you know), as each department manages its own segment of Win code. That way (Gates thinks) no one engineer can be paid off by an outside company to steal the source code for Windows because nobody save a priveleged few have access to all of it.. geeeez.. and people wonder why Windows still has so many security holes, bugs, and why Longhorn is taking years to complete.. It's because its like the tower of Babel over there! How is a setup like that ever going to agree on anything or effectively create a cohesive, coherent product? Please.. don't ever tell me that engineering doesn't have a primary role in this problem, because buzz words and "obscurity" side-show distractions aside, engineering still plays the major role in this disastor or there would have been at least one good success at targetting Macs by now.
Links to articles please? Anyways, how many banks do you know that run os x? How many actually run windows in vulnerable places? I'm not sure if this argument is relevant.Obviously advertising dollars does not dictate why Macs aren't targetted. This is also a really off-base assessment of the issue at center because not all hackers hack for money. In fact, most of the ones hacking for money, contrary to your implication about advertising, are in fact getting paid by means of EXTORTION.. Banks have been handing over millions of dollars every month, black mailed by hackers to keep quiet about the credit and account information stolen from them. (Bank of America comes to mind).
I never said that os x wasn't harder to crack than windows. That would be kinda silly Regardless, for all the situations that either of us have stated that a cracker might target a particular system, windows still has a much higher market share than os x. Higher market share = easier to exploit and more potential gains (whatever those gains may be). There's simply no way you can claim that these factors have no bearing on where crackers spend their time.Many hackers hack systems just because they can. For some it is a form of art to prove their own sophistication. Some do it to take revenge on their ex-employers. Others may have more terrorist ideas in mind. There are lots of reasons why there are hackers. Targetted economics as a defacto reason is an extreme oversimplification and an attempt to support the obscurity argument with blinders when in fact that argument itself obscures the deeper truth that engineering really is the core of the security issue (and ultimately therefore the management which decided to deploy that failed system of engineering). Always has been. Always will be. Dollar bills can't blow holes through cement.. Engineer a tough enough OS and no amount of hacker-for-hire employment can change the fact that it is tougher to hack.
You have an opportunity to educate me I know nothing about pre-osx Apple software or the existence of viruses.If you still don't believe that engineering is the key issue.. do you remember OS 9 and before? Let's take a trip down memory lane! The Mac had viruses before System X came around.. it had hundreds! They weren't nearly of the class and caliber of what Windows users suffer, but they did exist. What was the only difference between OS 9 and OS X? Wasn't obscurity! It was engineering!
No it doesn't. We're arguing about two different things here. Just because os x is more secure now than it was before, doesn't mean it doesn't benefit from obscurity. If pre-osx mac os had the market share that windows has now, perhaps it would have been exploited to a similar degree (who knows?). If os x had that market share it would, in all likelyhood, suffer much less problems but it would still be more than it has now.One (System 9) was closed source 100% just like Windows. Now with that in mind, it kind of takes the air out of the sales of the "obscurity" argument now doesn't it?
Please stop calling it unix source code. Unix, as you are referring to it, is merely a set of standards with many very diverse implementations. Apple, so far as I'm aware, has only adopted significant portions of code from the bsd and gnu communities, neither of which are really unix. Calling it bsd source code or unix principles makes much more sense.Obscure would be deploying some has-been like STOS, Amiga OS or BeOS.. Otherwise you are calling Unix as a whole obscure, because Mac OS is based upon unix source code. The parts that aren't (like the user interface) don't matter much because they usually have little to do with security.
And kudos to apple for making this move.There were a few reasons why Apple dropped its closed-source OS for a new OS based upon open-source BSD. One of them was security. Clearly open-source stimulates faster discovery, reporting, and patching of exploitable code problems. Open source gives any company smart enough to use it a much larger virtual engineering department to work with than any one private company would ever have the resources to employ on its own. This makes their OS more secure, and bolsters their bottom line. Open source is cheaper after-all. It makes financial sense and engineering sense to use it. Why do you think "little ol' Apple" was able to maintain a seperate source code for OS X on Intel the entire time since OS 10.0.0? Because it doesn't take as many resources when a large portion of the OS is already written for you by the open source community for nearly every processor type imaginable..
The idea of microsoft tossing out their kernel and adopting a *nix base is silly. There are plenty of customers who respect microsoft and benefit tremendously from their products. Granted, few of them travel in *nix circles . There are also plenty of things that microsoft is doing right from a security perspective. They are adopting a virtual-machine based environment as their primary 3rd party software platform (which, afaik, apple has no plans on doing). This will have (and is having) great benefit for server applications and will benefit the desktop more as more of microsoft's software gets done in .NET. They are making it much easier for users to run as non-privileged users (which is the only really fundamental idea that they need to borrow from *nix). They are putting IE in a tight sandbox. They are adopting a more serious fundamental attitude towards security (albeit, very slowly). It's not like unix is the only possible way to implement a secure platform.Microsoft (and its supporters) still just don't get it. Even now after the disappointing Dell Downturn and Harrowing Prediction at HP, Microsoft tries to blame its lackluster XP upgrade sales on piracy.. whatever. How about people don't want to shell out money for a half-broken product. If Microsoft had something respectable to offer the public, more people would be willing to pay for it. Perhaps they (like take a queue from Apple eh?) should worry less about piracy and more about product security and performance.. Microsoft will spend untold amounts upon engineering complicated and cumbersome validation and activation schemes that are nearly instantly hacked the second they are put out and don't deter anyone except potential customers who don't want to be bothered with such nonsense, but just isn't putting out significant effort to solve security problems with Windows.
I will lay it out like this.. the only way for Microsoft to end its security problems is to do exactly what they don't want to, and that is to rebuild Windows as a Microsoft GUI on top of a Unix base much like OS X.. Doing that they could gain respect, retain customers, improve their product, and solve the security morass they are stuck in. Nothing else they can do will ever lead to all of that.. Even if they open-sourced Windows itself, the code is probably in such a mess from segmentation between departments that most people won't even be able follow it, which is probably precisely the reason they won't open source it because they couldn't stand the public ridicule that would ensue when such dirty laundry is aired. It would be quite an event.. and even then, would anyone be able to write effective patches (other than Microsoft) for such a spaghetti mess? HMm...
News link #2:Law enforcement officials have arrested two men suspected of unleashing of a pair of computer worms, including last week's Zotob, which hit servers at American Express, The New York Times and elsewhere.
Local police have arrested several people in Turkey and Morocco under suspicion of involvement in last weeks spate of computer worms, according to Microsoft Corp. The worms known as Zotob, Rbot and Mytob, targeted the software giants Windows 2000 operating system.
Doctor Q said: