No, of course not but I don't remember the "com.apple.quarantine" being there in Tiger, did it? I'm talking about the quarantine prompts Apple supposedly placed there to stop any trojans on OS X. Many people using OS X thinks they're more annoying than useful, me included. Google gives you an overflowed number of results about people who want's to know how to disable it.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
More Evidence of Apple's Massive Marketshare Growth in Higher Education
- Thread starter MacRumors
- Start date
- Sort by reaction score
No, of course not but I don't remember the "com.apple.quarantine" being there in Tiger, did it? I'm talking about the quarantine prompts Apple supposedly placed there to stop any trojans on OS X. Many people using OS X thinks they're more annoying than useful, me included. Google gives you an overflowed number of results about people who want's to know how to disable it.
LOL, are you serious?? OS X user prompts are in no way, shape, or form as intrusive as Vista's. And doing away with user prompts in general (the backbone of Unix security for years) is just ludicrous. The whole point is to alert the user when something new wants to run. In fact, I hardly even notice the prompts, but I exepct and want them to be there.
They're implemented correctly in Unix. Always have been. Just the right level of notification. There have been no complaints. And your gripe not only makes no sense, it's also encourages a fundamentally dangerous way of doing things. Yikes!
UPDATE:
As to your comment just above mine . . . I haven't noticed any difference. And I havdn't seen anyone complaining about this species of prompting on OS X.
You mean the prompting that occurs right before you run any new program? "This was downloaded from . . . " etc?
Why would they? Who would want to hack a Mac just to get access to someone's latest photos of their baby or their latest vacation? Where's the money in that?
Don't get me wrong I'm just happy they don't but with Apple leaving the doors open I know, I'm not feeling safe nor secure should anyone actually bother to write one. I don't see the "no-one has written a virus yet" as an excuse for Apple to start getting lax about security. To me, that's just daft.
In Unix, yes. Again, I'm not referring to Unix, I'm referring to the OS X GUI and not file permissions. It's the whole "com.apple.quarantine"/xattr bit.
And if it's working so well, why does it keep asking me about applications that I've already answered? I know they haven't changed, it's like something get's corrupted in an "infallible" OS. Or why does OS X keep asking me about allowing iTunes net access every time I start it because the firewall is turned on?
No complaints? Why don't you leave your compiler there for a bit and do a search on Google. There is a large number of articles and blogs talking about this and it's annoyance vs. security. It's nothing new I'm pointing out or wishing for.
If we're going to continue debating this, at least read up on the information available before claiming "it's always been good back then, so it's just as good now".
And if you're not going to at least read my posts then there's hardly any point discussing this further.
I suppose. You'd think someone or a group, over a weekend, etc. LOL, but that's just speculation.
Do you mean this:
I suppose. You'd think someone or a group, over a weekend, etc. LOL, but that's just speculation.
Do you mean this:
Finally, yes! Apple in their infallible wisdom 'forgot' to put in the option for me to turn that off in an easy way. I know what I download (mostly) and besides I've yet to see it stop a trojan of the like.
Actually it's because of Vista that the difference is now marginal. XP was far less secure than OS X.
Why would you want that off? Why would you really care? It's barely noticeable. You only click on it once, the first time you run something. It doesn't appear afterward for the same program, unless it's a different version of the same one that you haven't run yet. I barely notice it. If you download a lot of apps regularly, you might. You might know it's safe, but it's also designed for the inexperienced user. It's hardly even noticeable, much less an annoyance. It's always functioned as it should for me.
Are there users actually complaining about this??
And as to your iTunes issue . . like I and others have said on the other thread, we can't replicate your problem. I've got Leopard's Firewall enabled, with Stealth Mode. I don't have iTunes on the exceptions list, even. It runs fine, I can purchase songs, etc. It doesn't make sense anyway that iTunes wouldn't function behind a firewall. Why wouldn't it? Seems fine for everyone else. Looks like you've got something else going on there. Did you try de-authorizing your computer and then re-authorizing it?
I've never heard of this issue.
Are you installing the apps as a user with admin privileges, and then running the app for the first time with a non-admin user?
If so, the non-admin user doesn't have permission to set the flag to say the app is ok. Run the newly installed app as your admin user first.
By the way, this is different than installing as a non-admin user and authenticating as an admin, which means that the non-admin user retains ownership of the package.
The money is in spamming/botnets, identity theft, (DDOS) extortion/protection, etc. It hardly excludes Macs. The truth is, however, that no one knows why osx doesn't have any viruses. You have very little evidence that it is due to security through obscurity. Likewise, there is no conclusive evidence that osx is inherently more secure than Vista, and there is some evidence to the contrary. My own feeling is that it is a combination of several factors. Two aspects that rarely get talked about are (1) the Mac community is more tight-knit than most of the Windows users and (2) every little piece of mac malware makes major news outlets. When was the last time a Windows trojan, that is only spread by installing pirated software, made major news outlets?
crackpip
Back when there were proper viruses for Mac OS was before malware was written for profit, and before the internet became big.
Please point out how OS X is more secure than Vista/7 by any other means than simply lack of malware written for it.
And please read up on something you chose to ignore:
ASLR
NX
Again, I'm anything but a Windows fanboy; I pretty much use all 3 major OSes and love my MBP. But it's absolutely crucial that Apple implement these pieces for SL 10.6 in order to compete with MS on the security level.
Given that there are a few of us that have, as you say, misread your posts, I'd say you may just want to word them a bit more clearly.
You're simply pointing out things that irritate you personally but have proven to be safety features, hence the reason why they're implemented by Apple. Not every user can be as brilliant as you that they don't need prompts when they install apps - I'm used to them, and like having that extra precaution - as are millions of other people.
Just a few quick thoughts...
Without a doubt, Microsoft's armor is developing quite a few chinks in it vis a vis marketshare and -- what's even more important -- mindshare. I won't say "totally gone" but mostly gone are the days where someone mentions the name of an OS not made by Microsoft, or computer hardware made by Apple, and the other person is like "What's that?" Also not totally gone but largely gone are the days where general people-out-in-the-world are unable conceive of either an OS not being made by Microsoft, or the possible viability of running such an OS.
Understand that Microsoft has long since forgotten how to actually "compete," and that the above factors have become the underpinnings of Microsoft's overall business strategy. Now that people, agencies, organizations and governments the world over are "waking up to" the fact that both Apple and F/OSS produce OS and software solutions which are credible and viable, we have a fighting chance of taking on Microsoft. However, equally well understand this is still a battle that isn't won yet -- not by a long shot -- and that it is, fundamentally, a battle for the hearts and minds of the computer-using public.
Without a doubt, Microsoft's armor is developing quite a few chinks in it vis a vis marketshare and -- what's even more important -- mindshare. I won't say "totally gone" but mostly gone are the days where someone mentions the name of an OS not made by Microsoft, or computer hardware made by Apple, and the other person is like "What's that?" Also not totally gone but largely gone are the days where general people-out-in-the-world are unable conceive of either an OS not being made by Microsoft, or the possible viability of running such an OS.
Understand that Microsoft has long since forgotten how to actually "compete," and that the above factors have become the underpinnings of Microsoft's overall business strategy. Now that people, agencies, organizations and governments the world over are "waking up to" the fact that both Apple and F/OSS produce OS and software solutions which are credible and viable, we have a fighting chance of taking on Microsoft. However, equally well understand this is still a battle that isn't won yet -- not by a long shot -- and that it is, fundamentally, a battle for the hearts and minds of the computer-using public.
http://www.appleinsider.com/articles/09/01/16/road_to_mac_os_x_snow_leopard_64_bit_security.html
"The move to 64-bits in Mac OS X 10.6 Snow Leopard will enhance Apple's efforts to secure its operating system," Prince McLean reports for AppleInsider.
"In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple's 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments," McLean reports.
"This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes," McLean reports. "Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions."
"The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X's dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR," McLean reports. "With the much larger address space available to 64-bit binaries, Snow Leopard's ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory."
Agreed.
To be honest, IMHO, Apple doesn't really need to "take on" anyone else. Apple already commands most of the Premium end of the market, so if you mean that they should attract even more from that end, I agree. Apple doesn't really cater to or appeal to the lower end of the market, as far as its Mac business is concerned. The point is really to keep and attract people with enough disposable income to buy Macs, and to eventually attract those who will at some point in the future be entering that income bracket, i.e., young professionals of the future.
For Apple to truly impress, it only needs ot cut in a little bit into MS' share. Most people already know that MS is riding their licensing wave, started over 20 years ago. Their market share has already dropped from 96%+ to about 88.9% in about 3 years. That doesn't seem like much (well, it's huge from an investor confidence point of view), but in light of the R&D budget they enjoy, their channels and partners, that's a huge embarrassment. Their browser share is tanking steadily. It doesn't mean much for their OS business, but continued rejection of a key Windows selling point (the browser!) also doesn't bode too well. And MS stock has been sliding steadily, while Apple's since 2001 has risen several thousand percent overall. Almost unprecedented gains. Apple continues to make history.
So all in all, it's a slow bleed. There is no such thing as a truly rapid decline with MS. IT departments the world over depend on Windows being broken or near-broken. Security software lives and dies by MS. The corporate world is entrenched in MS, because by now, it has to be. The changes start small, but they're happening. The trends are all there: a slow, steady bleed.
Thanks for links. Obviously all OS's have vulnerabilities, hence even Apple are regularly patching theirs with security updates. In fact, one was released even for Tiger just a few weeks ago. However, there's a significant difference between general malware & viruses.
If you're saying OS X is less secure because of more theoretical "proof of concept" malware, trojans, worms or hacks, well even if that's true, to me that's an academic point. I think of far greater importance to most Mac users is what we see in the real world: no known virus yet for OS X.
One reason why OS X is generally more secure in the real world is that proper self-propagating viruses - the ones that do the most damage & cost the PC industry the most money to fix - are very difficult to write & implement on OS X. Some expert virus coders who've tried to have admitted as much (just Google).
So long as the original data is objectively valid (which this appears to be), it is not 'propaganda'.
And ditto for your data too.
What this is simply an example of is another instance of data clustering which allows it to be noticed. In this case, the cluster is in the market demographic of College Students.
So the question becomes if your website tools are sufficiently sophisticated to be able to identify specific sub-population demographic groups so that they can be counted. If the answer is "No", then all you've done is to illustrate that this group of college students (SAMPLE) isn't representative of the overall total (POPULATION).
YMMV, but I'd consider this disparity to be a reasonably healthy "hint" that any assumption of marketplace homogeneity is probably not a valid assumption anymore.
Or perhaps that back in 2007, Princeton University's Student Computer Initiative sold more Macs than PCs (60% Mac), as locally reported by their school newspaper, The Daily Princetonian, and that the campus (combined total of all students & faculty) was at that point in time 40% Mac.
And let's recall that these are the so-called "Future Leaders of Industry". The bottom line summary to all of this is that success in this 'youthful' market segment has a higher potential of payoffs for years to follow ... and it is arguably precisely why it is the target demographic of the "Laptop Hunter" marketing campaign by Microsoft.
I used to think the same thing. Good luck on your journey.
-hh
Why would you want that off? Why would you really care? It's barely noticeable. You only click on it once, the first time you run something. It doesn't appear afterward for the same program, unless it's a different version of the same one that you haven't run yet. I barely notice it. If you download a lot of apps regularly, you might. You might know it's safe, but it's also designed for the inexperienced user. It's hardly even noticeable, much less an annoyance. It's always functioned as it should for me.
Are there users actually complaining about this??
Then why can't I, the experienced user turn it off and have it totally seamless, as is the Apple way? Is one option box in security preferences really too much? It can't even be turned off with 'defaults' or anything the like. Leave it on by default, just make it possible to turn it off.
We all bitch about something there's no denial about that.
Then for the love of god, if you have a solution let me know. Every time I remove iTunes from the exception list, it puts itself right back on the next time I'm starting it. It happens with other programs as well without any apparent reason.
More people have issues with this. Check Google if you don't believe me. It's a bug in the firewall and Apple claimed to be "working on it".
Have you tried playing through an Airport Express? It can be an equal hassle if it doesn't work the first time you try.
OK, I'll have it drawn in pictures for you then...
But OS X is already safe/secure enough or so you claim so why then is there really a need to have it there at all? And again, if there is, why not have it optional? I can turn off UAC, why not the Leopard quarantine? With the Java incident in mind the security approach as is, in OS X, rather undecided.
This is my point, I strongly dislike the whole 'Apple knows best'-attitude and not listening to their users. They have the same deafness to have an option for making the mouse acceleration curve more like the Windows one. What's wrong in making both of these things an option?
Microsoft is at least to some extent, listening.
Installed as admin, ran as admin. Then one day it decides to try my temper out of the blue!
I think you're still confusing "truly secure" with "not targeted". Of course it's great that there aren't malware and viruses out in the wild for OS X (with the exception of the iWork trojan). It's why I happily use it as my main OS, and why even after cracking OS X two years in a row Charlie Miller still prefers OS X. See what he says here when asked what OS he prefers:
Charlie Miller said:
For some light reading, check out this page:
http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-4.html
It explains what Charlie thinks of the NX bit and ASLR.
*LTD*: already read that article. Let's hope it is indeed there completely utilized and is effective. I would love both security by obscurity as well as truly secured in SL10.6. I'm definitely upgrading.