Some people on here might understand and appreciate receiving your guidance.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
Some people on here might understand and appreciate receiving your guidance.
You aren't paid by Apple. The sig incorrectly implies (whether you agree or not) that you are an Apple employee and it gives that impression on this forum. It's deceptive, and you probably know it.
Microsoft likes anyone who uses their crap to put "Microsoft" (or better yet, "Microsoft MVP") in their job title. It's all part of the plan.
The only way I could see people rationalizing Windows being more secure is by the fact that more Security updates exist for windows machines than for OSX. This does not make them inherently more secure, just more secur"ed."
You have that wrong.
The UAC "OK?" prompt comes from a different process, and will only
accept an [OK] from the keyboard/mouse.
That's integral to the UAC concept - the process requesting the OK
cannot grant itself the OK. It must receive the OK from a trusted
system process.
Google What?
By the way, I had to restore two windows vista systems last week where the kneber virus/worm completely decimated the standard user account and easily circumvented User Account Control by spoofing a windows update screen. It used Windows Live Messenger to access the system.
I don't know why you felt the need to post it again, but again, it's irrelevant. Hacked is hacked. It's just simulating a network environment.
Your password is stored on your system in the keychain. I imagine if a script can hit ok it can also dig up your password. But remember, you have to execute a virus. If that's the case there is no hope for you.
This past year it wasn't a third party app in OSX that was hacked, it was safari. I had read somewhere that they went through quicktime but I can't find that one.
Also, earlier I said OSX fell first 2 years in a row. It's actually 3 years in a row.
Some info from miller:
http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/
http://blogs.computerworld.com/15605/hacker_pwn2own_organizer_windows_7_is_safer_than_snow_leopard
Windows 7 or Snow Leopard, which of these two commercial OS will be harder to hack and why?
Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows.
In Pwn2Own 2010 there is still no trace of Linux as possible target. Is it too harder to find exploits for Linux or a non commercial operating system has no interest for exploit hunters?
No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux you’re talking about. The organizers don’t choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows.
Is that new to windows 7? I did not know that. How come the Kneber worm is still ruining standard user accounts (at least in vista). I had to rebuild the account from the admin account as every piece of user software would not run? The antivirus program even detected it as it was entering the system but it couldn't stop it.
Last edited:
The virus he was refering to which caused the rpc service to shutdown windows was the blaster virus back in 2003. This was a total pita as it affected millions of pcs worldwide.
Why are you letting your users login to admin accounts by default?
This sounds like a systems administrator error, not a Windows
problem.
So because it doesn't happen on your machines then it must not happen on anyone's?
If you ignore that dialog, your machine goes down. If your focused on your work, in an app that's taking up the entire screen (like a game), you'll lose whatever you've been doing.
Here's the article where I got the screen shot from
http://blogs.technet.com/mu/archive/2008/10/02/windows-update-and-automatic-reboots.aspx
So because it doesn't happen on your machines then it must not happen on anyone's?
If you ignore that dialog, your machine goes down. If your focused on your work, in an app that's taking up the entire screen (like a game), you'll lose whatever you've been doing.
Here's the article where I got the screen shot from
http://blogs.technet.com/mu/archive/2008/10/02/windows-update-and-automatic-reboots.aspx
That is not the screen I get.
I've never seen that screen. Ever. Not once. Running 7 since it was in beta.
This is the screen I get:
That article is also from 2008 and refers to vista, not 7.
Shhh, you're just muddying the waters by talking about actual Windows security failures when clearly the discussion here is about theoretical Apple ones.
Great, so now I have to worry about someone crawling in my window at night and connecting a crossover cable to my Mac.
Crossover cable is not real world as in across the web.
Windows is set to autorun by default. Mac does not. That is how viruses are started by autorun.
OSX admin password is stored securely and not accessible via "Keychain Access". If it was there would be more mac and linux viruses. Linux uses the keychain access model developed by apple and released open source.
Interesting ASLR has been compromised. I guess the next step for Windows is ipfw in the system by default.
ASLR can be good thats what helps keeps linux safe along with many other things. Linux just does it better than windows.
The worst thing I have ever seen was the Code Red worm. I spent an hour rebooting webservers until finally breaking down and calling MS support who already was aware of the issue. It only affected IIS web servers across the internet even though we were fully patched. I have never seen anything like it and ever since I cannot bring myself to trust MS.
http://en.wikipedia.org/wiki/Code_Red_(computer_worm))
http://en.wikipedia.org/wiki/Code_Red_(computer_worm))
They don't! I do to fix their computers when their standard user accounts are fried by KNEBER.
Shush.
You don't want LagunaSol's head to explode - he needs to
assume that any comment that doesn't sing hosanna to
the Lord God of Cupertino is due to a direct payment
from Redmond to the poster. In the LagunaSol world view,
only a bribe could prevent someone from heaping praise
on the Lords of Cupertino.
You had no point. You basically said its impossible for my job title to contain anything with the word Apple in it because of some unwritten fanboy rule, but Microsoft its ok because they pimp there name like a 5 dollar hooker.
http://www.simplyhired.com/a/jobs/list/q-apple+certified+technician
Some job titles with the untouchable word Apple in it.
I have yet to read anywhere about a crossover cable. Even if so, the rules would apply to all machines. And still windows/linux did not fall on day 2 like OSX did.
There are apps set to run on startup on OSX. Though viruses get launched by the user running them. Then once installed they can startup automatically but they need the user to first install them.
It's possible to get your secured OSX admin password. It is on your system. Even "secured" it's easy to grab. I think it was num nums who earlier said how to get it.
As far as ASLR how does linux do it better than windows? We know that it's not in leopard and SL only has a partial implementation of it. How is linux better?
That is not the screen I get.
I've never seen that screen. Ever. Not once. Running 7 since it was in beta.
This is the screen I get:
That article is also from 2008 and refers to vista, not 7.
Break out of your bubble and realize your system isn't the same as everyone else.
I wasn't hallucinating when in the middle of my sweet turn around jumper with a recreated digital Michael Jordan, Windows decided it was time to restart. I didn't photoshop the dialog box. Just because the article references Vista doesn't make it irrelevant, Windows 7 isn't a complete rewrite.
You can even edit the behavior with group policy
If your machine is set to automatic updates this can happen.
http://technet.microsoft.com/en-us/library/cc720539(WS.10).aspx
Delay Restart for Scheduled Installations
This policy specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart.
If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the installation is finished.
If the status is set to Disabled or Not Configured, the default wait time is five minutes.
To delay restart for scheduled installations
1.
In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
2.
In the details pane, click Delay restart for scheduled installations, and set the option.
3.
Click OK.
Re-prompt for Restart with Scheduled Installations
This policy specifies the amount of time for Automatic Updates to wait before prompting the user again for a scheduled restart.
If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed.
If the status is set to Disabled or Not Configured, the default interval is 10 minutes.
To re-prompt for restart with scheduled installations
1.
In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
2.
In the details pane, click Re-prompt for restart with scheduled installations, and set the option.
3.
Click OK.
I guess your response is Microsoft's Technet Article is wrong.