Born Free, Now $129.00, Part 2...
Among all the posts in this thread, one of the most interesting is the one by MorganX
showing the basic disparity between reality and the Apple Spin Machine. Security holes have obviously been an ongoing issue. And, for those of you who said "I shouldn't have said anything! Now the virus hackers are going to find us. Ahhh!! flag-waving, mutant script kiddies from Mars! blah, blah, blah..." you're kidding, RIGHT?
Besides the myth that OSX is secure, what Apple has also done a good job of spinning is the notion that, somehow, after the Apple Pope of Software Integration has blessed the code with the Holy Sheen of Aqua User Interface, APIs, and Hardware Abstraction Layers, OSX is
just one piece of software.
That's a very good trick, considering it contains a myriad of software components/libraries/applications that are part of the core unix distribution (+ many add-ons) that have little to do with Apple and have all of the same security vulnerabilities shared by every other unix distribution using similar code. Apple didn't write it and can only assess the vulnerabilities of the huge codebase based on relatively limited in-house testing, the squealing of a world full of guinea pig testers desperately relying on the integrity of the OS, and the *nix community of developers and users which constantly finds new security issues in the distribution code. But, because it's Apple, flaws which exist in the same distribution everywhere else in the world magically don't exist in OSX and MacLand, right? La, la, laaaa... *fingers in ears.*
The sobering thing about the current Safari security issue is that it seems to be in code that Apple actually wrote. So, if they can't find serious flaws like this in their own code with in-house engineering and testing, what happens with code they didn't write? You could argue that it doesn't make a difference, but theoretically, if you're writing and testing the code yourself, you should be able to have an optimal result. And...where's the quick fix or the official security bulletin?
The Talking Moose desk accessory just leapt out of the graveyard and asked Apple "Hey - Why aren't you doing anything?" Part of the comedy is that the user community has actually fixed the problem before Apple has even admitted to it.
OS foundations aside, the Mac OS in all its incarnations has ALWAYS been susceptible to viruses (nVIR, for example). But, for the current OS, even if there are BSD vulnerabilities, you're still safe from the Windows script kiddies, because they're too dumb to figure out the esoterica of a new OS to create a plague of annoyances, right? Wrong. The *nix userbase is huge, and to make matters worse, the *nix users are actually the smart, usually academic ones, who can certainly figure out how to cause much more trouble than the average script kiddie. Luckily, it's the academic and open source communities, among others, that actually help Apple by constantly increasing the robustness of the underlying distribution code.
So, the question is not *if* there will be a serious Mac security issue, but *when* the
next of many will occur. OSX is not a bastion against hacking, and the best thing Apple could do is set
standard, realistic OS security expectations for its users and respond to real problems quickly, rather than spin a web of supposed imperviousness, superiority, concealment, and inaction. Beyond that, as others have repeatedly pointed out, it's up to users of
any OS to be responsible in the use of the Internet and any other resources external (or introduced) to a particular host computer.
There are dumb things you can do on every OS. But, hang tough, the talking, plastic, firewire port army men are coming to protect you, and they will keep you safe from VMD's.
If only they could save users and large computer manufacturers from themselves...but for that, there's "CAT PATROL!" Tune in next week for an exciting new episode where Panther gets a flea dip!
