We've all been hoping, for many years now.
Unfortunately it seems ignorance has a long shelf life.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Microsoft Posts 'PC vs. Mac' Section to Windows 7 Website
- Thread starter MacRumors
- Start date
- Sort by reaction score
We've all been hoping, for many years now.
Unfortunately it seems ignorance has a long shelf life.
I don't get it either. Could you imagine if Mac users went to windows forums defending OSX and Apple?
We've all been hoping, for many years now.
Unfortunately it seems ignorance has a long shelf life.
One can say the same about inertia.
Everything has a tipping point, and things have been tipping slowly, all the same.
What a bizarre thought, waste of time, and counter-productive endeavor.
That explains it, to some degree.
Boredom. They need something to do while their virus scans run.
Not at all far from the truth.
I find it comical that people think the Largest Corporation in america(The US Gov) will switch completely to, or partially, or even 10% of there computers and servers to UNIX or OSX. LMAO...
Are you kidding me... it would take YEAR, upon YEARS to make that switch.. The government like wasting money, but the would be the Biggest Waste EVER. There is no reason to move over to another OS.. you are talking in house developed software and such running on multimillion dollar plane, jet, tanks, robots etc... that is using windows..
Until the government moves over to OSX... the popualtion as a whole will not move over to OSX, sorry to burst you and everyone else bubble.
That being said, I like my Mac, but if i need to have the upmost compatibility and just get things done.. Windows it is for me!
Boredom. They need something to do while their virus scans run.
Hey LagunaSol - your Avatar is awesome! LOL!! Like the adage, "a picture is worth a thousand words."
It didn't seem to stop Google.
Google Drops Windows in Aftermath of Hacker Attack
Security concerns may be an incentive for even our spend-happy US government.
Go figure - not that it's happening on a large scale.
Yet it has been pointed out before and in some rating Apple is by far worse than Microsoft in security.
One of the biggest rating factors of how good security of a OS is based on Zero day exploints and how long those holes stay open. Apple tends to get more Zero day exploits found and on top of that they stay open for months before a patch is put out. That is months that it can be used.
Also Microsoft tends to get exploited on previously patch holes. For example Google was hack threw IE6. Something that had already been replaced by IE7 and IE8. The holes had been patch.
Another one from the past was MSBlaster. The exploit Blaster had used had been patch MONTHS before hand yet people did not update.
If you are out dated by more than 1 month you have only yourself to blame.
In those contest set up year in and year out Apple is always the first and often the ONLY one of the OS's to fall. That should tell you a lot.
I figured it out - they are microsoft employees. Remember, the Whole Foods CEO scandal where the CEO hid under an anonymous name "to attack and shame the company's competitors and nay-sayers?" Hmmmm..........
Whole Foods CEO sorry for message board trolling
http://www.theregister.co.uk/2007/07/18/mackey_apologizes_for_posting/
You're 95% correct. The Federal Acquisition Regulation (FAR) does allow Sole Source procurements, but the checks & balances that are in place includes a requirement for what's known as a Justification & Authorization (J&A). This package is written, reviewed, staffed and signed at an authority level appropriate to its dollar value: the higher the $$, the higher the authority:
6.304 Approval of the justification.
(a) Except for paragraph (b) of this section, the justification for other than full and open competition shall be approved in writing
(1) For a proposed contract not exceeding $550,000, the contracting officers certification required by 6.3032(a)(12) will serve as approval unless a higher approving level is established in agency procedures.
(2) For a proposed contract over $550,000 but not exceeding $11.5 million, by the competition advocate for the procuring activity designated pursuant to 6.501 or an official described in paragraph (a)(3) or (a)(4) of this section. This authority is not delegable.
(3) For a proposed contract over $11.5 million, but not exceeding $57 million, or, for DoD, NASA, and the Coast Guard, not exceeding $78.5 million, by the head of the procuring activity, or a designee who
(i) If a member of the armed forces, is a general or flag officer; or
(ii) If a civilian, is serving in a position in a grade above GS-15 under the General Schedule (or in a comparable or higher position under another schedule).
(4) For a proposed contract over $57 million or, for DoD, NASA, and the Coast Guard, over $78.5 million, by the senior procurement executive of the agency designated pursuant to the OFPP Act (41 U.S.C. 414(3)) in accordance with agency procedures.This authority is not delegable except in the case of the Under Secretary of Defense for Acquisition, Technology, and Logistics, acting as the senior procurement executive for the Department of Defense.
(b) Any justification for a contract awarded under the authority of 6.302-7, regardless of dollar amount, shall be considered approved when the determination required by 6.302-7(c)(1) is made.
(c) A class justification for other than full and open competition shall be approved in writing in accordance with agency procedures. The approval level shall be determined by the estimated total value of the class.
(d) The estimated dollar value of all options shall be included in determining the approval level of a justification.
Golly, you're right. I've openly suggested for years that some interested third party should submit a FOIA (Freedom of Information Act) Request for a copy of the the J&A that as per FAR must exist. If they can't produce it, they're in violation of the FAR:
6.305 Availability of the justification.
(a) The agency shall make publicly available the justification required by 6.303-1 as required by 10 U.S.C. 2304(l) and 41 U.S.C. 253(j). Except for the circumstances in paragraphs (b) and (c) of this section, the justification shall be made publicly available within 14 days after contract award.
(b) In the case of a contract award permitted under 6.302-2, the justification shall be posted within 30 days after contract award.
(c) In the case of a brand name justification under 6.302-1(c), the justification shall be posted with the solicitation (see 5.102(a)(6))
Agreed. The entire MS monopoly issue could have had a very different outcome had the Justice Dept merely ...and simply... issued a ruling that prohibited all sole source buys of MS products just by all Federal Agencies ... the Federal Government alone would have been a large enough marketplace to have promptly created a viable, open & competitive marketplace.
Of course, having written just a few RFPs over the years, I also know exactly how the system can be jerrymandered for a facade of openness while still being effectively single-source. One old example was to get 3+ retail firms to each provide "competitive" bids for MS-Office...even though this is still a sole-source to Microsoft, the additional layer makes it not appear that way.
-hh
LOL, go on...
Uh huh.... how many of these alleged "exploints" have actually been, well, even remotely close to being "explointed?"
Yeah, knowing this oughta' restore everyones faith.
Zonkers!
One failed patching attempt after another.
Great points, so far, BTY.
I'll be sure to remember this next time I file for an extension.
Now your silliness has fallen off the charts.
Charlie Miller, who later admitted that he knew about the exploits he used at Pwn2Own far in advance of the contest, setting up a user account and password prior to it, rigged it from the start.
Yeah, cheating in an artificial contest tells us quite a lot.
Now your silliness has fallen off the charts.
Charlie Miller, who later admitted that he knew about the exploits he used at Pwn2Own far in advance of the contest, setting up a user account and password prior to it, rigged it from the start.
Yeah, cheating in an artificial contest tells us quite a lot.
And how relevant is this? The simple truth is that there was a vulnerability to exploit in OS X. And it was easier to use than anything in Windows OS. Nobody is claiming that it takes just 30 minutes to find a new vulnerability in OS X.
MS and Google trolling has been going on in full force for some time now.
Too bad they suck so badly at it.
Sure, an exploit which requires you to have set up a user account and password, in front of the owner's computer - that's realistic.
Meanwhile, in the real world.............
MS and Google trolling has been going on in full force for some time now.
Too bad they suck so badly at it.
Sure, an exploit which requires you to have set up a user account and password, in front of the owner's computer - that's realistic.
Meanwhile, in the real world.............
Here is the description of how it worked. There is no mentioning of user account or password. All the Mac user had to do to get owned was to navigate to Web page set up by Charlie Miller. How more vulnerable can it get? You are not suggesting that Windows computers get infected when they are disconnected from Internet, right? Or do you only visit Web Sites approved by Steve Jobs? Even then, it is well known that hackers sometimes can get access even to well known web sites and plant malicious stuff there.
"...Charlie Miller has hacked into a MacBook by exploiting a critical Safari browser vulnerability."
Not an OS, but a Safari vulnerability you say?
Good news for Firefox users then.
Meanwhile....
Hacker exploits IE8 on Windows 7 to win Pwn2Own
...
Charlie Miller, who later admitted that he knew about the exploits he used at Pwn2Own far in advance of the contest, setting up a user account and password prior to it, rigged it from the start.
Yeah, cheating in an artificial contest tells us quite a lot.
Even if its not a cheat, there's really more than this going on at this sort of contest...
Pray tell: how is claim that it was easier able to be proven? Because Miller happened to go first, and he happened to choose OS X?
Sorry, but that's not adequate proof.
This is a contest and, in simplest terms, whichever hacker who first is able to compromise a Mac OS X system ... receives fame & recognition. Oh, and they also snare the best prize at the contest too: the Mac hardware.
As such, no matter who wins the coin toss to go first, the first target is going to be the same: the Mac.
And while it would be nice for Mac Advocates if OS X didn't fall, the reality is that these guys have been working for days/weeks/longer to find applicable vulnerabilities to exploit on all of the systems...to win the prize.
...and does not each year's record show that pretty much all of the computers have fallen, year in and year out?
As such, all that has been proven is that there's vulnerabilities in all systems, and that motivationally, there is greater { recognitions / reward / prestige } for being the first to tackle OS X.
- - - - - - - - - - - - - - - - - -
In the meantime, real world exploits for OS X remain extremely rare (some people will argue that its effectively zero). When combined with other risk-benefit ratio factors, it strongly infers that OS X isn't "easy" at all.
On this factor, its the numbers that tell the story: contemporary estimates for how many viruses exist in the wild vary, as do the number of new ones per day, so pick whatever you want: I'll go with the very low values of 114,000 with +500 new/day to illustrate.
So.....if Malware writers are divided on an "equal share" basis (ie, they neither target nor ignore an OS), then per the Mac's ~10% marketshare, the malware should be roughly 10% of the total, which would be 11,400 in the wild, and with +50 new each day.
Well, that's obviously wrong. Way, way wrong.
Okay, so lets adjust downwards, by assuming that 9 out of 10 Malware writers who would normally target the Mac doesn't believe its worth their time ("Market too small" paradigm). Thus, we move up from 90% to 99% focus on Windows, thereby ignoring the Mac: by this metric, there should still be 1,140 in the wild and +5 new per day.
Hmmm...we're still way too high.
So adjusting again. Say that its still 99% on ignore, but of the 1% that try, they discover that OS X is 10x harder to crack, which we'll model by saying that it takes them 10x longer (ie, the productivity is 1/10th). Thus, there should be 0.1% of the original, which 114 in the wild and +0.5 new per day (ie, 1 new every 2 days).
Dang, that's still too high. Now what, Batman?
Last go:
99% ignore, and of the 1% that try, its still 10x longer before they're successful, but because of this higher difficulty, 90% give up before getting there (fail to find an exploit). Under this scenario (0.01% of original), we would expect to find 11.4 exploits in the wild, and a new one every 20 days, which is roughly 18 new per year.
Based upon this, it would appear that this contest is bringing to light (so that it can be patched) roughly half of the annual number of total worldwide exploits that are out there...and all for the cost of a couple of laptops. Not at all a bad trade-off from Apple's perspective.
-hh
I nearly fell out of my chair laughing when I got to this part.
The MacRumors King of FUD attempting to admonish someone else for trying to take his crown? The horror!
I agree to some extent however there is some way to evaluate how difficult/easy it is to break the system. Modern flaws are not as simple as they used to be. The hacker needs to run special code that tries different combinations of data to exploit buffer overruns and such. It may take quite a lot of time actually. This year, it took 10 seconds to break Safari. It took 2 minutes to break IE 8.
Obviously the time may depend not only on the nature of the vulnerability but also on sheer luck (state of the program/system etc.). One reason why breaking IE 8 took so "long" was because the exploit had to overcome Windows 7's ASLR (address space layout randomization). This is a technique implemented specifically to improve the security (which BTW OS X still lacks).
Dono't you think its a bit odd that a cracker could just guess the right code and attack in 10 seconds? Not even chinese crackers could work that fast. That's a time that takes pre-emptive action and planning.
If you're going to bash Mac OSX you might as well bash Linux at the same time for both of them only implementing a weak version of ASLR that involves only library offsetting. A fix is already avaliable for *Nix systems in the form of PaX and an App Shield like program, which are free to implement.
Linux along wont mean you have secure Data, Only a fool thinks that. Hell, thats something RedHat push constantly onto its engineers.
You misunderstand how the hacks work. The vulnerability is discovered well in advance, the code to attack it is developed in advance too. When the hack code gets executed (for example, a JavaScript on a web page), it tries to create a condition that breaks something in OS (like corrupt memory and use it to its advantage). It is not a straightforward thing. The code may need to try millions of combinations of data/input. This is where the time gets spent. The easier the hack the less time it takes to break the system.
Ive been following this and its hopeless to try to communicate differing POV's to those in this thread. I would just drop it unless you want to be asked more unrelated rhetorical questions.
