Microsofties weigh in on Apple security news

Discussion in 'macOS' started by Play4keeps, Mar 30, 2008.

  1. Play4keeps macrumors regular

    Apr 20, 2006

    It might not rise to the level of gloating, but in light of the beating that Windows Vista is taking in Apple's TV ads, it's clear that some members of Microsoft's security team are, ahem, taking note of some recent news items about Mac OS X security issues.

    In this post from yesterday, for example, Microsoft's Jeff Jones starts by saying that he doesn't put a lot of stock in hacking contests such as the one this week at a CanSecWest conference. Then he continues:

    "Okay, having said that, given how obnoxious and misleading I find those Mac OS X ads and how they've spent millions of dollars publicly criticizing Windows Vista security improvements, I find it ironic and apropos that Mac OS X was the first machine to be owned in the PWN 2 OWN contest at CanSecWest today."

    On his blog, Microsoft's Robert Hensing notes that the Mac was hacked within 10 minutes of the start of the contest's second day. "Wonder what took so long? :)" Hensing writes.

    On a related note, Jones also offers his take this week on reports comparing Microsoft vs. Apple vulnerability patching.

    As documented by Jones himself, there have been signs of improvement in Windows Vista's security, but given Microsoft's history of security problems, it will be interesting to see how people react to their posts.:eek:

    What do some of you think about this.
  2. clevin macrumors G3


    Aug 6, 2006
    Im not surprised, M$ is being kind since they didn't throw our a windows vs. osx ads to exaggerate the whole thing.

    Still, M$ has larger marketshare, same security problem will be amplified 19 times in their case. So they'd better taking care of their own business first.

    Eventually, I hope Apple take its head out of sand and put users' safety at a higher position in their priority list, above those items about how they can make more money.
  3. Eraserhead macrumors G4


    Nov 3, 2005
    Really they should both know better than to criticize security, taking the higher ground and all that.

    Now all it is is two pots, calling each other black.
  4. Much Ado macrumors 68000

    Much Ado

    Sep 7, 2006
    And Linux, the kettle, watches smugly from the corner.
  5. Queso Suspended

    Mar 4, 2006
    Haven't Microsoft learned by now that the moment they start going on about security the black hats start writing worms to knock them back down a peg or two? Redmond need to just keep their mouths shut and keep working on closing vulnerabilities quietly. The public will get the message soon enough.
  6. chagla macrumors 6502a


    Mar 21, 2008
    if most people on earth were using mac os x instead of windows, there would be just as many malicious programs as there are for windows today. it is simply correlated with market share. same goes for linux. nothing extra ordinary about any of these operating systems, people are smart. they will figure something out.

    the only way to protect a machine 100% is not going on the network.
  7. Sky Blue Guest

    Sky Blue

    Jan 8, 2005
  8. chagla macrumors 6502a


    Mar 21, 2008
  9. Agathon macrumors 6502a


    Jan 19, 2004
    And your evidence is... not there.

    I know people like saying this, but there is absolutely no proof of it, and considerable reason to doubt it (i.e. we should have had some small amount of malware by now. Even the Classic OS had that. But no...).
  10. clevin macrumors G3


    Aug 6, 2006
    i put it in the middle

    I used from mozilla to firefox before and after the popular spread of firefox, I would say that technologically maybe gecko and Unix are better than trident and windows. but small marketshare is also a significant factor.

    Firefox has more than expect security problem once it got popular. If history means anything to you.

    This contest, altho doesn't change the whole picture, also serves as a proof.

    The good thing about firefox and Unix/Linux, is that, IMHO, they patch very quickly, so users don't get exposed to security risks.

    And that, should be where apple heading. Empty slogan of security won't hold very long, a procedure need to be established by apple to taking care of their customers in such situation.
  11. Tallest Skil macrumors P6

    Tallest Skil

    Aug 13, 2006
    1 Geostationary Tower Plaza
    You lose either way with that statement.

    You're saying that his comment will only be valid when OS X is the marketshare leader, but you say that will never happen. It is not the marketshare leader now, and is widely agreed that his comment is currently valid.
  12. cohibadad macrumors 6502a


    Jul 21, 2007
    It is interesting the Microsoft guys find the Apple ads offensive. It's all marketing marketing marketing. I wish Apple could just put out informative ads that show how their systems may meet the needs of users but they would undoubtedly flop. A short ad showing some colorized dancer with an ipod hanging out of their ear listening to a catchy song sells ipods. And a Mac ad banging away at something like security/viruses (which every PC owner who runs anti-virus/adware/malware can relate to) sells Macs.
  13. jonbravo77 macrumors 6502a


    Feb 20, 2008
    Phoenix, AZ
    You are absolutely correct. And to be honest those Mac Vs. PC ads is what turned me to buy a mac. They had a sense of truth about them that hit home with all the pc's I've had.

    I've said this before in another post. My belief is that Macs are more secure because the people writing the viruses and malware use macs, why screw up the platform they use...

  14. pastrychef macrumors 601


    Sep 15, 2006
    New York City, NY
  15. kuwisdelu macrumors 65816

    Jan 13, 2008
    I think most virus writers use Linux.
  16. Eraserhead macrumors G4


    Nov 3, 2005
    Used .NET recently then? Unfortunately I have and its so much worse than Cocoa its not even funny, the difference is considerably larger than between OS X and Vista in quality.

    Additionally as Apple is consistently targetting the top end of the market (very successfully too), based on the Pareto Principle within 5 years they are practically guaranteed to have a larger dollar share of the software market than Windows, even if they only have around a 15% share of the computer market in Europe, the US, Japan and the Asian Tigers.

    Given that their frameworks are also far better, means that within 5 years a lot of the interesting software will be Mac only.
  17. Play4keeps thread starter macrumors regular

    Apr 20, 2006
    Im gonna go with this theory Linux/UNIX=MAC/tiny unix

    "At any time linux users can unleash troubles"

    Mostly if not all Linux users HATE windows;) if they do chance is they build/repair them and happily use Linux.

    OSX/LINUX is a love hate relationship with:D

    But with OSX fame comes Linux Pain:eek:Ima rapper
    By the way they never got into the Linux box:rolleyes:
  18. robert05au macrumors regular


    May 19, 2005
    Dubbo, NSW
    The wankers at microshaft show there true colors yet again and how jealous they really are.

    The safari thing was a bad site which could allow any hacker access via pretty much any browser if the owner/user goes to that site.

    Microshaft are forgetting one rather large thing IE has more problems than safari will ever have.
  19. scaredpoet macrumors 604


    Apr 6, 2007
    I thik the proof is in the pudding:

    The moral of the story? The weakest leak remains the carbon-based lifrform in front of the keyboard.

    No computer, no matter how "secure," is completely safe from an authorized user who has been tricked into compromising the security of their system.
  20. mstens macrumors member

    Mar 13, 2008
    Funny, in my professional life I've seen more hacked linux servers than I'd like to really think about. Truly hacked that is. Not a browser exploit. Linux is another pot, that has no justification in being smug.
  21. heatmiser macrumors 68020

    Dec 6, 2007
    I'm amused at how many folks are taking this personally. Do half of you own Apple stock? :D
  22. scaredpoet macrumors 604


    Apr 6, 2007
    I think the MS folks took the situation more personally than anyone on this thread. :)

    I DO wish these industry people would stop sniping about who has the more secure OS. Quite frankly, both OS X and Vista have problems they need to address. One can argue that Apple has had less time to address these issues, and has enjoyed obscurity but can no longer, but that just isn't the point.

    Apple needs to understand that as its products approach wider acceptance (and perhaps even commoditization?), they will be under greater scrutiny. And smugness isn't going to cut it when it comes to addressing security weaknesses.

    Microsoft... well, they just haven't learned, period. Countless criticisms have been made. It's a waste of energy to repeat them. And as other players (Linux, OS X) become less-than-niche, those lessons are only going to get harder.

    And EVERYONE needs to realize that when you put a gullible bafoon in front of a computer, all bets are off. Unless you take away the mouse and keyboard, and cover up the ports with spackle.
  23. Eraserhead macrumors G4


    Nov 3, 2005
    But Linux hasn't to my knowledge said that other OS's are insecure, therefore its a kettle. Don't worry its still just as black as the pot.
  24. ThirteenXIII macrumors 6502a

    Mar 8, 2008
    what kind of security exploits do theyt alk about specifically?

    wiht a little verbose scripting you could gain access to any level user you wanted to, to me thats pretty crazy.

    anyone with some knowledge could create a executable script on a machine that could tkae advantage of that im assuming.

    but since i dont write exploits or things of that nature...its out of my league.
  25. jokarak macrumors newbie

    Oct 21, 2007
    I don't think the Jones quote was a sign of jealously. At least the bit that was quoted by the original poster seemed to indicate that Jones was irritated by the nature of the ads (which are obviously exaggerated and made to look MS in a bad light), and that although these hacking contests don't mean much to him personally, it was fitting that the Mac got hacked first due to what he perceives to be overstated security claims from Apple.

    The second quote is more unkind, but then, it is just a snippet, and the smiley face seems to indicate a more humorous approach.

    In any event, the hack used by the man that broke into the MB Air seems to have been a problem with Safari, and it might be an overstatement to say that the same hack would have worked with pretty much any other browser. I guess my question is a) could the original hacker use the same method on the the other two machines, or the rules only allow one "winner" per box? b) Is the hack known by other people who could try to exploit it (I know that the original hacker had to sign a non-disclosure agreement, just wondering whether other people could have come to the same idea independently) on the other machines, but failed?

    Finally, to all those saying that the exploit used is a fault of the user, I would say that is another oversimplification. First, direct web attacks can be achieved by hacking into the ad servers of legit sites, and secondly, I can guarantee that 100% of us have gone to at least one or two sites that we weren't sure was safe and that we had never visited before (be it during research, random browsing or whatever, you are bound to find some interesting link to an unknown website - that is simply the nature of the web). The exploit was not a "Nigerian money transfer" scam, it was simply directing the person at the keyboard to go to a specific website and then have the Mac be attacked. It could have happened to anyone using Safari (at least we assume it is Safari).

Share This Page