eWeek: Leopard has more Holes than Spots

Discussion in 'macOS' started by aceducy, Nov 2, 2007.

  1. aceducy macrumors member

    Sep 28, 2007
    eWeek: Leopard has more Holes than Spots

    http://www.eweek.com/article2/0,1759,2209676,00.asp?kc=EWKNLENT110207FEA1 [if that link doesn't work just search eweek.com for Leopard security flaws]

    These guys haven't even scratched the surface of Leopard security issues. Bottom line: There hasn't been a patch/update since 11 days before its release. Inexcusable.

    If we try real hard, we can catch up to the MSWindows security level
  2. skunk macrumors G4


    Jun 29, 2002
    Republic of Ukistan
    The article seems to contradict itself pretty comprehensively.
  3. Sky Blue Guest

    Sky Blue

    Jan 8, 2005

    Nonsense. Leopard was released a week ago. An update by mid-November is reasonable. Same thing happened with 10.4 and 10.3..
  4. aceducy thread starter macrumors member

    Sep 28, 2007
    Get a grip, oh 7000 post wonder. It was frozen for production on Oct 17th. Pout, toss a fit if you like, but it's already almost a month old.

    And don't compare the complexity of 10.5 with 10.x - this is a totally different animal. It requires itself to be handled quite differently. This behemoth MUST be patched daily - and no whinning about update server overloads like on the 26th.

    Everything in that article was right on - and they only mentioned about 15% of the security issues
  5. kresh macrumors 6502a


    You would be hard pressed to find a bigger Apple hater than eWeek

    Why is it that only the publications and analysts that have a vested interest in keeping users on Windows are the one who are bashing Leopard?

    Some of eWeeks diatribe is purely opinion:

    I welcome this change, it has replaced my need for Little Snitch.

    I am not swallowing the whole "Leopard is full of holes" just because some Apple haters say it.

    In regards to OS X. I like it, I use it, and I've never been hit with malware, and if the only malware that pops up is socially engineered stuff, I will always be safe.
  6. Sky Blue Guest

    Sky Blue

    Jan 8, 2005
    Ummm, I have 1200 posts over 3 years, but thanks for playing.
    I'm not 'pouting', merely suggesting that with previous OSs Apple has posted a .1 update a couple of weeks after release...they do have to test it after all. i did like the 'behemoth' bit though, very funny.

    Please do explain how 10.5.0 is different to 10.4.0. You might also like to point out the security holes in 10.4.0 (I'm sure goggle will help you out there) and how quickly Apple fixed them.

    Also, I'd be interested in these "server overloads". You might want to make your trolling a little less obvious.
  7. Celeron macrumors 6502a

    Mar 11, 2004
    I read said article. Unless I missed it all it complains about is deficiencies in the OS X Firewall. Is this really that big of a deal? I personally don't trust workstation firewalls anyway and protect all of my machines using my Cisco router. For devices inside my network that are untrusted I have these seperate into individual VLANs with ACLs preventing access to anything but the Internet.

    In any case, I don't think the complaints here are really cause for "immediate patching" or any other sort of immediate action. Assuming the firewall is off, are there any services on OS X that are even exploitable at this point?
  8. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    This is a fair point, but at the same time, it does seem that the firewall does not behave in the way a reasonable person would expect. The firewall is there for security -- it doesn't do anything else except its stated purpose. So saying that whether or not it does what it says it does is unimportant because you don't trust software firewalls anyways is nice for you, but absurd for everyone else. My Mac sits behind a completely closed airport base station also. So of course I can just turn my firewall off. But things like networked games are sold for Macs quite commonly (and require port access), and just because I don't play them doesn't make those users' needs irrelevant.

    What if Cisco had sold you a router whose firewall functioned in the way that Leopard's appears to? Would you simply write it off, or would it suddenly be important to the world because it fits your usage profile? Right?

Share This Page