As reported by Techworld, Snow Leopard, Apple's highly anticipated new operating system, lacks basic security features that are found in Windows XP, Windows Vista and Windows 7 says Charlie Miller, a noted security researcher.Address Space Layout Randomization, commonly referred to as ASLR, randomly assigns data to the memory to make it more difficult for hackers to locate the critical operating system functions.
Charlie Miller of Baltimore-based Independent Security Evaluators who many people may remember from when he successfully hacked a fully patched Macbook in seconds, was disappointed upon hearing that Apple did little to improve ASLR from Leopard to Snow Leopard.
"Apple didn't change anything. It's the exact same ASLR as in Leopard, which means it's not very good. I hoped Snow Leopard would do full ASLR, but it doesn't. I don't understand why they didn't. But Apple missed an opportunity with Snow Leopard. Apple did make various moves to improve Mac OS X 10.6's security including a revamp of QuickTime and additions to Data Execution Prevention (DEP), a security feature built in to Windows Vista."
"Having both ASLR and DEP in an operating system makes it much more difficult for attackers to create working code," Miller argued. "If you don't have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it's much, much harder. Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."
In the end, Miller agreed that hackers' disinterest in Mac OS X comes down to numbers rather than the security measures that Apple adds to the operating system. "It's harder to write exploits for Windows than the Mac," Miller said, "but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."
"I still think you're pretty safe [on a Mac]," Miller said. "I wouldn't recommend antivirus on the Mac."
*puts on flame suit*
There have been endless EoP exploits published for the Mac, some completely trivial.
You are correct that for a decade people have said "if Macs get significant marketshare, they'll have more attacks." Those people are clearly right. Why hasn't there been an onslaught of attacks? Because there hasn't been a significant change in their marketshare!
Windows is clearly a more secure operating system, I don't think there's any doubt about that. It may not be safer, because it's a much bigger target. But technologically speaking, it left OS X behind long ago.
And in the end, after so much trouble, effort and money, where did it get Windows? Millions of users probably still find pretty easy ways to render all those advanced additional security measures useless by downloading and installing trojans, mallware etc. themselves.
So you are cool with a virus deleting all your files just as long as the OS doesn't take a hit? Anyway, all those same things could be said about Windows....in both cases the systems are vulnerable to stupid users choosing to run something and flaws in the code where the system does not work as designed (things that need to be patched) Apple has released its share of patches that fix major flaws too, the only difference is that no one has ever really exploited them in a big way like the Blaster over 6 years ago for example (which by the way was the last virus to be able to spread without user intervention, and even then only if someone had a computer over a month out dated).
Mac have never automatically run stuff from USB sticks. Macs don't execute code from email so easily. Macs don't hide the type of a file. Macs don't have such a tightly integreated browser to the OS. ALL of these have been Windows decisions... yeah, they take security seriously.
Yes, Macs would be more secure with ASLR. They don't need it, because they have a range of security measures already. In fact the only OS in the world that does need this, is Windows, because it is so full of holes. Yes, Microsoft have been plugging these holes, and they have done a great job, but they wouldn't need to if they took security seriously in the first place.
ASLR was first invented in BSD, and then moved to Linux, and then moved to Microsoft, and one day soon, it will have moved to Mac OS X.
Or maybe, just maybe, the operating system is extremely secure as a result of continuously patching crappy code.
Say what you want about UNIX's security and how Mac is secure because it's based on that. Mac was made by humans, and probably has just as many holes. It'll only be truly tested when a million hackers are interested in breaking it open.
Mac have never automatically run stuff from USB sticks. Macs don't execute code from email so easily. Macs don't hide the type of a file. Macs don't have such a tightly integreated browser to the OS. ALL of these have been Windows decisions... yeah, they take security seriously.
Yes, Macs would be more secure with ASLR. They don't need it, because they have a range of security measures already. In fact the only OS in the world that does need this, is Windows, because it is so full of holes. Yes, Microsoft have been plugging these holes, and they have done a great job, but they wouldn't need to if they took security seriously in the first place.
ASLR was first invented in BSD, and then moved to Linux, and then moved to Microsoft, and one day soon, it will have moved to Mac OS X.
Wow...your spin gland is in overdrive.
Look...the guy that -hacked- a Mac, two years in a row, within seconds, might...just might, know a bit more about this subject than...you. So, ASLR was invented on BSD, then moved to Linux...but the only OS that actually *needs* it...is Windows? If a Mac can be hacked in seconds, without it..?
Do you really believe all this crap you spew? Man, you even make LTD look good.
Your claims are false. Windows has fewer vulnerabilities, and less severe ones, and they're patched more quickly.
Microsoft has always taken security seriously, the design of Windows NT makes this very clear. However, the desktop ecosystem and exposure to internet-based attacks led to the need for a new approach to security that Microsoft began nearly a decade ago. Since then Microsoft has pioneered new technologies and practices, and is highly regarded as the industry leader in this area.
Windows hasn't either... it provides a nice UI to let you know that a new drive was attached and lets you quickly access the most common tasks you're likely to perform. The Mac's lack of this functionality is often cited as a user experience failing. AutoRun allowed drives to add an application to the list of tasks, but users had to choose to run it. That functionality has since been removed (or rather, restricted to optical media) to avoid confusion and social engineering attacks.
ASLR was first invented in BSD, and then moved to Linux, and then moved to Microsoft, and one day soon, it will have moved to Mac OS X.
Full of holes? Did you even read the article? Or pay attention to anything said at any of the security conferences over the last few years? The Mac absolutely needs better security technology. How can you say that Windows is the only OS that needs ASLR if Macs are so vastly easier to attack? Are you saying Macs don't need it because nobody targets them? That could change at any time, and really isn't comforting to me as a user.
Others experience AutoRun windows like that as additional nagware to an OS that by default already floods the user with constant messages, dialogue windows, pop-up balloons and banners. Granted Micrsoft finally improved this in Windows 7.
Hasn't either? Never?
Come on, until recently autorun did exactly that: autorun. You just needed an exe and an autorun.inf.
You don't see so many infected pendrives (with hidden autorun files) for no reason.
I've even seen pendrives that come out of the box with an app that adds a tray icon (for no apparent reason) as soon as you plug it.
Come on, until recently autorun did exactly that: autorun. You just needed an exe and an autorun.inf.
You don't see so many infected pendrives (with hidden autorun files) for no reason.
I've even seen pendrives that come out of the box with an app that adds a tray icon (for no apparent reason) as soon as you plug it.
If by recently, you mean November of 2006, then sure, that's recent. Vista has always popped up the little dialog.
Compared to "never" yeah, that's recent.
I'm not aware of any time when Windows automatically ran the autorun executable from a USB drive, but it's been a very long time since I used XP. Are you sure you aren't thinking of CD drives?
Come on, until recently autorun did exactly that: autorun. You just needed an exe and an autorun.inf.
Not on USB mass storage. Only on Optical storage. Only before Vista.
Think a bit. Look at those autorun.inf files. Look at its icon (icon section or .exe icon). Think! The icon is most probably a folder icon and the description is domething like "Open folder to view files". The file is not run automatically. It's user who clicks on the malware's icon in the Auto Play dialog. That's why autorun item was completely removed from the Auto Play dialog in Windows 7.
Please READ my reply!
1) CD-Rom with autorun.inf: Before Vista it was run automatically. Now they show a dialog boxes with option to run the file.
2) USB Mass Storage with autorun.inf: It was never run automatically. Before 7 they showed a dialog boxes with an option to run the file. Now there is no such option.
But
What if you had a USB hub with USB flash drive and USB DVD-Rom plugged into it? Now if you plug this hub into PC with Windows XP the autorun.inf from the Flash drive is not executed automatically, but the one from DVD-rom is.
Get the idea? Flash = no-run, DVD = run, Flash + DVD = run. But why do you heed a real USB DVD-Rom when you can emulate one?
Flash drives manufacturers got this idea and created so-called U3 flash drives ( http://en.wikipedia.org/wiki/U3 ) that were basically a USB hub with flash storage and emulated DVD-rom attached. And yes, the autorun.inf from its "DVD-Rom part" was executed automatically.
But then Vista was released...
I had to hold shift when pluging a friend's pendrive on a winxp laptop I had back then, because otherwise it would automatically launch some app that placed an icon in the tray. I don't know what that app was supposed to do (it came from the vendor so it was probably safe, but still) and that guy didn't want to delete it (maybe he thought the pendrive wouldn't work without it).
So yes, I'm pretty sure it was a usb, not a cd.
All of these security issues with the OSes mentioned in this thread haven't detoured all of their users yet.
And at the end of the day, as people have mentioned already, users can easily infect themselves no matter how many security warnings e.t.c. are in place in an OS.
So yes, I'm pretty sure it was a usb, not a cd.
There are a small number of USB sticks that include virtual CD-ROM devices. I believe these always contain data that is not accessible or changeable by the user, but they're used to cause AutoRun software to load (usually for encryption/decryption sort of programs). That's probably what you were seeing. As far as Windows is concerned, it's a CD, not a USB stick.
March 24, 2009 -
quote:Internet Explorer 8 "critical" flaw in final version
Microsoft confirmed that the vulnerability exists in the official release, said Terri Forslof, a researcher at TippingPoint, which sponsored the Pwn2Own contest that challenged competitors to find bugs in either web browsers or mobile devices
"This is a single-click-and-you're-owned exploit," she told SCMagazineUS.com on Tuesday. "You click a link in an email or simply browse to a website, and your machine is compromised. This meets Microsoft's 'critical' bar [in its vulnerabilities and rating system]."
The exploit apparently defies Microsoft's DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) technologies -- two features added to IE8 to prevent memory corruption vulnerabilities.
"Once the browser was compromised, we handed over the exploit to Microsoft immediately, on site," Forslof said. "They went back and reproduced it and called to verify that the vulnerability was present. We retested again on the released version of IE8 that went live on the following morning and verified that the vulnerability was in it as well."
http://www.dslreports.com/forum/r22125670-...8-Vulnerability
Further, on Vista before it was fixed, it still didn't get you passed the Protected Mode sandbox... so you couldn't really do any damage to the user since your code would have read-only access to the filesystem and no ability to access anything outside of the IE tab.
Last edited by Brandon Live on 19 Sep 2009 - 00:07
Security is only as good as it's weakest point.... in this case the moron hehe
true... but as the article said, it's purely because almost no one uses mac's so it's not worth their time to attempt hacking a mac when damn near everyone has a Windows PC.
but if suddenly tomorrow mac's had half the market share or more then odds are there would be many issues and mac's security would be history and then we would say that Windows is actually more secure.
but i did like how you worded the stuff i quoted from you as that's a good way of putting it.
So, the guy that exploited a Mac within seconds, two years in a row, is a Microsoft drone now? Not to mention the guy that hacked Windows 7 was also able to exploit a Mac in seconds as well.
The Mac isn't exploited because it's simply not worth the effort to the hackers to BOTHER. You can't build much of a botnet with such a miniscule market. :p
Yeah but unless you are running an 8+ year old version of Windows, chances are you haven't been exploited either. I haven't seen a virus on one of my machines since maybe 2002 or so. Even that was just stupid browser hijacker stuff. Since upgrading to Vista I don't know a single person who has gotten a virus. I'm sure they exist but chances are it's because they are running old OSes or doing stupid things like running strange executables from p2p without the digital prophylactic of a free antivirus.
I asked 10000000 people if they want $100 or $900. Strangely not a single one said he wanted $100.
Hence why Mac's don't have many viruses. Hackers want $900, not $100.
Apple to oranges comparison. Of course _no_ hacker would be interested in being _the_ guy who blew apart OSX security and pwned millions of machines.
OSX was not exploited, Safari was. Safari is not part of the OS like IE is. Sorry, you fail.
Safari is just as much as part of the OS as IE is. 100%, undeniably so.
Which is to say, they're both applications included with the OS (and both include reuseable components for HTML rendering, such as the Safari engine used by iTunes).
Night everyone!
Because it makes them feel better about their own platform.
Because it makes some of the annoying Mac fanboys stop yelling about secure their OS is.
I'm not denying that macs have so far be void of any cruel virus's and kudos for them but, you know, deep down inside my mind......
Windows XP has been out for nearly a decade... and in some ways... OS X is LESS secure. Fail.
You shouldn't wish bad things on anyone. Just sayin'.
Exactly.
Except in the real world, were you get blaster infecting your windows machine within a minute of adding it to the internet. No such problems for Mac.
You guys are so smug, and you really have no reason to be. How can anyone say Windows is more secure, when there are so many exploits for it. Sure, it has more security measures, but that doesn't make it more secure.
You shouldn't wish bad things on anyone. Just sayin'.
What I want to see gone is not their files or data, just the smug attitude and the, "MY computer can't get a virus! Your PC sucks." I swear I've had someone say this to me, when my hardware FAR out-classed his. I just laughed and smiled and told him I play games. "Oh well... yeah... games... PC."
If you're into PC gaming, that is the end-all-be-all way to stop someone preaching Mac. There is no retort.
You guys are so smug, and you really have no reason to be. How can anyone say Windows is more secure, when there are so many exploits for it. Sure, it has more security measures, but that doesn't make it more secure.
The Windows OS is more secure, you just have a greater chance of being attacked. It would be analogous to driving an unmarked hummer vs. driving a humvee with a US Flag on it around Fallujah. I think anyone would say that the humvee is more secure, but you are going to get blown up eventually. You're less likely to get blown up in your hummer because no one's paying attention to you while the stars and stripes are being paraded around, even though it would be much easier to take you out.
You shouldn't wish bad things on anyone. Just sayin'.
Exactly. Karma's a female dog... best one doesn't wish harm on others. This goes for both camps, PC and Mac.
You guys are so smug, and you really have no reason to be. How can anyone say Windows is more secure, when there are so many exploits for it. Sure, it has more security measures, but that doesn't make it more secure.
As Brandon said, Windows is not SAFER, but it is more SECURE from an engineering standpoint. That means it is technically harder to exploit Windows, and in order to do so you really have to know your code. Not so much for Mac. This should really concern Mac users, because there may be a time when Mac is not a niche.
Their market share hasn't increased all that much in 10 years either. Why waste time on a relatively insignificant number of users?
You guys are so smug, and you really have no reason to be. How can anyone say Windows is more secure, when there are so many exploits for it. Sure, it has more security measures, but that doesn't make it more secure.
yeah, don't know, never had blaster. Maybe another thing that you are pulling out of your ass?
Absolutely, yes.
It would be their own fault for not using an anti-virus programme.
You could probably port some of the early windows viruses over to Mac with very little change to them because they're so far behind on the security side of things.
It just takes a guy as bitter as those posting above + the expertise to fulfil his wetdream.
But as noted above, it hasn't happened (yet).
Maybe sore feelings and computer proficiency are not compatible.
Yep, there are none. XP continues to get pwned. Vista continues to get pwned. The softies continue to live in their fantasy world regurgitating the same old Microsoft propaganda.
Speaking of propaganda...
What are you referring to? When has there been a substantial attack against Vista machines (or even XP SP2 for that matter)?
You shouldn't wish bad things on anyone. Just sayin'.
I don't necessarily want people to lose data I just want to see OSX get exploited in a serious way.
I'm not denying that macs have so far be void of any cruel virus's and kudos for them but, you know, deep down inside my mind......
The thing is.. there already Mac botnets. Thousands active trojan infested Mac being controlled by hackers. But Apple users have some device implanted in thir heads that restricts any thoughts about Apple flaws.
What are you referring to? When has there been a substantial attack against Vista machines (or even XP SP2 for that matter)?
LOL. Why speak if you have no idea what you are talking about? Hint: google "vista security flaws"
What are you referring to? When has there been a substantial attack against Vista machines (or even XP SP2 for that matter)?
LOL. Why speak if you have no idea what you are talking about? Hint: google "vista security flaws"
That search yields no results referring to attacks against Vista machines. It only points to patched vulnerabilities and such, the exact same sort of content you get if you search for "OS X security flaws" on Google.
I knew this from the start. I still remember Mac being the easiest to hack in that competition and Vista being the last. They are drifting too much towards marketing rather than more improvement, never settle for "good enough" and this is also a life lesson imo. Why race with a Toyota when you got Nissan? Why have a Pentium Dual Core when you can get Core 2 Duo for a little more. Big differences between "good enough" and worthy.
In this case Macs have gotten the message out to people and this guy is saying its "good enough", wait for more to adopt Macs and like others have said it will go down unless Apple kicks it up a notch.
I knew this from the start. I still remember Mac being the easiest to hack in that competition and Vista being the last. They are drifting too much towards marketing rather than more improvement, never settle for "good enough" and this is also a life lesson imo. Why race with a Toyota when you got Nissan? Why have a Pentium Dual Core when you can get Core 2 Duo for a little more. Big differences between "good enough" and worthy.
In this case Macs have gotten the message out to people and this guy is saying its "good enough", wait for more to adopt Macs and like others have said it will go down unless Apple kicks it up a notch.
hmm this is what I have been telling mr supposed it boy for a long time, but he wouldnt listen, apple merely doesnt get viruses due to the fact of its anemic market share, windows is much more secure, yet due to its immense popularity makes sense for hackers to try to target it, of course it always come down to how smart the user is, and what they decide to do =)
Anyways, this is also why I don't keep antivirus on my machines as that is just a waste of resources and for peace of mind. User stupidity will always cause problems, thanks for reminding me Master#1, you're not my master
There is only one sort of person, who makes the claims that Mac would be more vulnerable if it had more market share, and it ain't real security researchers (oh, maybe the ones being paid by a certain company in redmond).
When does the F$F cut their checks?
Umm or, you know, every security researcher ever.
So when do you get your ca$h from $teve job$ then?
Oh look, I can use that tactic too!
and then my girlfriend cooked for 100 people in the last ten years, and 95 of them said they loved it, but 5 went down with food poisoning because of a bad ingredient she used that one time ...
does that make me a better cook? No. It means there's not been enough chance to get food poisoning from my cooking (and believe me you'd get it!
Same with Apple. The virus coders simply can't be bothered to do malware because there's just not enough people's system's to infect. hence the lack of viruses. Give it a few more percentage market share, and Apple will get a serious kick in the teeth.
Should macs have ASLR. Sure. Do they need it? No.
Should macs have ASLR. Sure. Do they need it? No.
Hahaha...somebody is deeply hurt apparently!
The nice thing is mac still have a crap % and its never really increasing much at all, even with all the windows blah blah blah people still choose it over running a mac, NOW THAT IS A FAIL!
Should macs have ASLR. Sure. Do they need it? No.
Sort of like the way you keep repeating the same rubbish with a counter-argument of "no it's wrong derp", not matter how much you wish it were true, OS X IS less secure than Windows. You mererly hide behind market share, nothing more, nothing less.
There is countless amounts of evidence proving this from people with exponentially more experience and knowledge than you. You just seem to be in some sort of trauma denial-stage about this.
No one "needs" ASLR. No one "needs" to not get hacked.
Sure, there might be some losses in businesses or sad people from losing information, but they'll survive. They don't "need" it.
So, the "should" is all that matters.
Should macs have ASLR. Sure. Do they need it? No.
At Pwn2Own Macs ALWAYS get exploited first, and the people when asked why they always target the mac replied with "Because it is the easiest to exploit"
There we go, I think we just showed who really talks crap here
To be fair, Macs are also probably the piece of hardware most people would choose to take home from a pwn2own.
I think they mean Windows XP SP2 which was a few years before Vista.
but if i'm not mistaken it was there but not actually turned on until vista.
yes?
*edit: woops meant to be a reply for #14.1*
"but all you see are Windows exploits. That's because if [the hacker] can hit 90% of the machines out there, that's all he's gonna do. It's not worth him nearly doubling his work just to get that last 10%."
Since OS X isn't widely used, i think Apple hasn't worried much about full security on their OS. They include this new security feature and that one, but they're not worried about getting attacked yet i guess.
Maybe that's some of the new features in 10.7, since Snow Leopard seems to be the last transition to 64bit. I'm pretty sure they now have a pretty stable OS release so they just need to tune it up a little more and include new security features
at least, that's what i think.
The thing that makes me laugh is the fact that people rabbit on about how insecure windows is but mac % has not *really* increased/changed that much on the desktop market even though the stupid ads try to shove this fact.
The truth is even if macs have less viruses/blah blah/etc/design blah blah people would rather have viruses and use windows then be stuck with mac prices/osx, yeh thats success, FAIL!
And whats makes me laugh further is the fact most mac users install windows on vm/bootcamp anyway as they need windows too! and thats a feature of the mac osx, yeh go out and buy windows anyway as we know you really need/want it. is it windows users that are delusional?
Last edited by ZeroHour on 17 Sep 2009 - 02:35
I have seen way too many bad things online to be so ignorant to think that I am safe with ANY browser or OS.
I have seen way too many bad things online to be so ignorant to think that I am safe with ANY browser or OS.
A winner is you
I have seen way too many bad things online to be so ignorant to think that I am safe with ANY browser or OS.
That was the best answer/decision I have ever read from a Mac user!
Funny though whenever something does hit the mac world it tends to be a epidemic.
See?
If you can get 90% with one piece of code, will you write another piece for another 10%? It's double the work and not worth the gain.
In the real world when you buy a new PC with windows (xp,vista win7), If you connect your shiny box to the Internet out-of-the-box without a router with firewall well configured, a software firewall in addition, anti-virus, anti-maleware, anti-spyware, anti-rootkit, anti-keylogger, anti-botnet, anti-fishing... a keyboard encryption program, email encryption program... your new windows machine will be taken in less then 5 minutes. Now, tell this to the MAC or Linux/Unix users.
These are the facts. The why is irrelevant.
In the real world when you buy a new PC with windows (xp,vista win7), If you connect your shiny box to the Internet out-of-the-box without a router with firewall well configured, a software firewall in addition, anti-virus, anti-maleware, anti-spyware, anti-rootkit, anti-keylogger, anti-botnet, anti-fishing... a keyboard encryption program, email encryption program... your new windows machine will be taken in less then 5 minutes. Now, tell this to the MAC or Linux/Unix users.
These are the facts. The why is irrelevant.
I'm glad you use a Mac. You would be a danger to yourself through ignorance otherwise.
In the real world when you buy a new PC with windows (xp,vista win7), If you connect your shiny box to the Internet out-of-the-box without a router with firewall well configured, a software firewall in addition, anti-virus, anti-maleware, anti-spyware, anti-rootkit, anti-keylogger, anti-botnet, anti-fishing... a keyboard encryption program, email encryption program... your new windows machine will be taken in less then 5 minutes. Now, tell this to the MAC or Linux/Unix users.
These are the facts. The why is irrelevant.
I'm glad you use a Mac. You would be a danger to yourself through ignorance otherwise.
I use XP, and I am windowsinternet security professional
In the real world when you buy a new PC with windows (xp,vista win7), If you connect your shiny box to the Internet out-of-the-box without a router with firewall well configured, a software firewall in addition, anti-virus, anti-maleware, anti-spyware, anti-rootkit, anti-keylogger, anti-botnet, anti-fishing... a keyboard encryption program, email encryption program... your new windows machine will be taken in less then 5 minutes. Now, tell this to the MAC or Linux/Unix users.
These are the facts. The why is irrelevant.
I'm glad you use a Mac. You would be a danger to yourself through ignorance otherwise.
I use XP, and I am windowsinternet security professional
If you need all that, you're not a very good one.
In the real world when you buy a new PC with windows (xp,vista win7), If you connect your shiny box to the Internet out-of-the-box without a router with firewall well configured, a software firewall in addition, anti-virus, anti-maleware, anti-spyware, anti-rootkit, anti-keylogger, anti-botnet, anti-fishing... a keyboard encryption program, email encryption program... your new windows machine will be taken in less then 5 minutes. Now, tell this to the MAC or Linux/Unix users.
These are the facts. The why is irrelevant.
I don't see how you need all that crap? I run Windows 7, and Vista before that. I use the built in Windows firewall and AVG free antivirus and that is it for security other than my router, which I simply enabled WPA2 encryption on for the wireless network. I've never had one of my machines pick up a virus and crash, or loose data, or anything of the sort, and I'm not even a "windowsinternet security professional", which isn't a Microsoft certification that I've ever heard of.
You're "facts" are lies, or at the very least misguided dilusions. Either way you're wrong. Maybe you should try NOT opening the attachements in the spam you get.
As a Switched from PC to Mac user, I can say:
Yes windows maybe more secure because its often attacked. its a relative issue.
But at the moment if Mac is less secure than windows, I Don'T Care!! as long as i have the peace of mind!
and probably Apple knows that too and knows that their market share is not that big to be concerned..
So be sure that when the market share increases and calls for it, Apple will improve security according to the threats available, and maybe smarter than microsoft too, and maybe not!
So for me, I am pretty happy using OSX and I know Apple is doing the right think not wasting their time on this issue and focusing more on Innovation!
So don't worry for us... we are happy with our "little" market share and current security level.
And I have to thank all the trolls here: you have been amusing me every night i check here before going to bed with a good smile on my face for seeing you that much pi*ss*ed off to be able to keep up trolling while updating your anti-viruses!.
good night
Last edited by Pink Waters on 17 Sep 2009 - 07:34
People like you are the bread and butter of Apple. Ignorance truly is bliss.
I'm glad that I've changed platform because it gave me the chance to try OSX, and I liked it better than windows.
Yeah. Like getting the best bl****b in your life from a w***e with AIDS.
Yeah I like it too, but it's getting boring. Seeing those Apple zombies behaving like Scientologists trying to defend their Master from some news article about a new multithousand Mac botnet...
Actually the correct way of saying it would be:
Like getting the best bl****b in your life from a woman with weak immunity to AIDS who does not have sex that much!
We are apple fanboys and you're microsoft fanboys too, and I don't have a problem with that to be honest. but what the problem for me is the usual scenario act that keeps played and how boring it has become:
certain specific news gets posted here that has the potential to start a flame war and windows users staying here waiting for the moment it gets posted to be the first to start pushing the rather "Stereotyped" buttons!..
And the only thing the proves my point is that question:
why the latest apple ad hasn't been posted here yet ?
So to sum my points up... the only boring thing here is: "Bias and Attitude" !
why not? Not exactly a cat fight, but it is still quite fun!
Yes, but I think I've had enough of those.
That's not an argument, it's a response (to explain why macs get less viruses, which is the argument that the mac fans still hide behind).
It sounds like you're not even seeing the argument in this article.
It sounds like you're not even seeing the argument in this article.
But it's an argument/response with nothing to support it but conjecture. You can't really use the marketshare point as your only leg to stand on when people were attacking FireFox when it had far fewer users. There are millions of Macs in use, and if I follow the classic logic that Mac users are stupid and have too much money, then we make the best targets for exploits. I'm not saying he Mac is impervious, but clearly it's hardened enough to keep most threats out and it must be just difficult enough to exploit that it is cost prohobiitive.
So as I said, these kind of threads are hilarious, made up moslty of home users/enthusiast trying to sound knowledable and IT guys clinging to their current platform. I've been in IT for 13+ years and there is nothing funnier than someone posting how Windows is clearly the most secure OS. Like I said... hilarious.
Every few months the security experts come along and say the Mac is at risk, and as the market grows so does the risk. But the market has grown steadily for the last several years and we still aren't seeing rampant exploits. I see what this article is, a so called security "expert" grabbing some headlines and hit count, nothing more.
Not as hilarious as your inability to read the article;
So, the guy that famously trashed an Apple in seconds, two years running, uses the same argument. You gonna tell him he's wrong too, Mr. Random Forum Fanboy?
Or do you have to dismiss any neagtive claim against Apple because you have a bias against Microsoft? That hasn't become painfully obvious in your postings at all.
I asked 10000000 people if they want to get $100 or $900. Strangely all 10000000 said they want $900.
The guy owns and works on a mac! So he prepared the exploit months before the event LOL + the price was good cash + macbook...
PC is safer than Mac
One thing I don’t see anyone talking about when arguments over which OS is more secure, stable, faster, etc is “Is the OS more or less secure by itself, or after you have installed 10 or more applications on it?”
An article came out a few years ago which made a claim that Windows Server was more stable and had more uptime that a Linux Server. This article was obviously attacked due to the fact that Windows critical updates alone cause more downtime than Linux requires. The humorous statement alone that “if you install Windows and no other applications, and put that box in a corner and leave it alone for a whole year and perform NO patches and so on….Then yes, Windows would be better”…..But lets be real….Who is going to use that Windows box in that way….No one…..This “independent” article from a while back was later found to be sponsored by…..Microsoft.
To my point of this argument…..Windows installed by itself, with no applications installed and all critical updates applied and completely left alone…Yes, it could be more secure than MAC OSX….or hell, even Linux or UNIX flavors….BUT……Who is going to build a computer/server that has no application purpose.
So then we are forced to look at how well an OS can maintain its security when applications are installed and what happens when you put that OS in a REAL WORLD scenario…..OSX has for years kept the entire OS system files in a read only mode…Applications do not have write access to any system files…Windows cannot say this….Ever herd the “Registry or Windows system file sharing”. Microsoft themselves said back when Vista was being developed…
”We tried to get rid of the registry and lock down the system files to a more “READ ONLY” like security structure…However, due to the thousands of applications made for the Windows platform we are forced to conclude that this is simply not possible as it would require every Windows application to be re-written which would bankrupt the software world”.
Case and point….When you start to install Windows applications that REQUIRE access to the system32 and system folder and the dllcache directory and the system registry, etc, etc, etc….You will degrade Windows security and be at the mercy of the developer who created your application, which is why 99 percent of Windows apps require admin level control of Windows. OSX does not have this problem and NO apps run as root. Steve Jobs is a Software Nazi (Joking) who has so much control over OSX applications…And no OSX application will ever be allowed to have a dependency on OSX system files….The application must be able to run from its own home directory, so if it tanks….it affects only itself….I can copy the Office 2008 folder or any other app folder from my mac to another mac and it will run with no install….everything it needs is in that folder….Let’s see Windows do that….
RSA Security and Symantec attacked Microsoft at the same time asking about UAC (User Access Control, some called it User authentication Control). The question was asked….
”IF UAC will be Windows only way to control access to the system files and has the ability to be turned off by the user, after authenticating….What would stop an application from being installed with a virus and disabling UAC”
Microsoft’s response…
”Nothing”
And how many people get tired of UAC and just disable it? So then what do you have….the same old Windows 2000 and XP security that will be degraded after each application you install.….
OSX Security (like it or not) will not change unless you tamper with the READ ONLY system files. Maybe that’s why Snow Leopard has no changes…????
To people that say “When mac has more market share it will have the same Windows problems”……Umm….Maybe you should look under the hood before saying that….
”We tried to get rid of the registry and lock down the system files to a more “READ ONLY” like security structure…However, due to the thousands of applications made for the Windows platform we are forced to conclude that this is simply not possible as it would require every Windows application to be re-written which would bankrupt the software world”.
Case and point….When you start to install Windows applications that REQUIRE access to the system32 and system folder and the dllcache directory and the system registry, etc, etc, etc….You will degrade Windows security and be at the mercy of the developer who created your application, which is why 99 percent of Windows apps require admin level control of Windows.
This is where I have to stop your stupidity...
First OS X system files are not Read Only.
Second, giving an application 'permission' to install on your system does not allow them to change or mess with most of the Windows core.
This is where knowledge is lost on a lot of people.
In Vista specifically, when an applications tries to modify files in the System folders or tries to modify parts of the registry, the OS does not allow this.
Instead Vista virtualizes the application, so it lets the developer 'pretend' he is putting crap in the system folder or modifying crap, and then the application when ran in the future uses the virtualized settings and files that are not 'actually' modify on the system or registry in a virtualization cache.
Try it, write a program or installer that messes with Vista or Win7 System files, and you will find your application changes in a virtualized folder set aside safe from the system and other applications.
This is just ONE security technology in Vista that people apparently don't have a clue is even there because it works so well. It is also a technology that OS X and other OSes have no equivalent, and on OS X if given root access the installing application can do far more damage to the system itself.
If you want to really argue security, how about 'code quality' and Since 2004, pretty much everything Microsoft has been putting out has been through a massive shift in security consideration and new compiler technologies beyond just things like ASLR and DEP.
In contrast Apple just released Snow Lepoard and within a week had a few hundred MB of updates, over 35 - many of the MAJOR security holes. This type of 'code' couldn't have been even compiled or got to a shipping product at Microsoft due to the development security policies.
Win7, RTMed at the end of July, there is still no security updates for it, and no known security flaws, just to contrast Snow Leopard...
Really, fact check your reality or rants, there is a lot of things you don't understand.
One thing I don’t see anyone talking about when arguments over which OS is more secure, stable, faster, etc is “Is the OS more or less secure by itself, or after you have installed 10 or more applications on it?”
An article came out a few years ago which made a claim that Windows Server was more stable and had more uptime that a Linux Server. This article was obviously attacked due to the fact that Windows critical updates alone cause more downtime than Linux requires. The humorous statement alone that “if you install Windows and no other applications, and put that box in a corner and leave it alone for a whole year and perform NO patches and so on….Then yes, Windows would be better”…..But lets be real….Who is going to use that Windows box in that way….No one…..
Ah, the "I know you are but what am I" defense. You have this backward. It's the Linux folks that always say "vulnerabilities in applications or runtimes (Apache, PHP, MySQL, etc) don't count as Linux vulnerabilities." On the other hand, the top server applications for Windows Server (IIS, SQL Server) have way, way better security track records than their Linux equivalents.
http://secunia.com/advisories/product/17543/?task=advisories
http://secunia.com/advisories/product/9633/?task=advisories
Source?
This is a straw man. Nobody ever suggested that Windows should be used without applications, nor was this configuration ever used to tout the security of Windows servers.
You just made that up. Nothing in that paragraph is true. Users do not have write access to system directories on Windows. They never did. Even Administrators don't have write access by default on Vista or Win7 without elevating.
One of the key advantages of the registry is its security model. Users have read/write access only to their per-user hive, and have only read access to the system hive. It has always been this way. Unlike, say, Linux - Windows was built to be a multi-user operating system from the very beginning.
Apps on Windows do not run as root. Most installers require admin privileges because this is how managed environments control who can and can't install software, and because admin privileges are required to register per-machine shared libraries, per-machine association handlers (like file extension / MIME type handlers, etc), and so on. But lots of applications can install per-user as well, or only install per-user (like Google Chrome) and don't ever require admin privileges to install.
Every OS X application ever has dependencies on system files. You clearly have no clue what you're talking about since that statement makes no sense at all. Further, applications on OS X frequently requires root privileges in order to install (like, say, Firefox, VMWare, Quicksilver, etc). In fact, one big gap in the OS X security model is that every installation asks the user for their password without a Secure Attention Sequence, meaning that it's trivial to steal a Mac user's password.
”IF UAC will be Windows only way to control access to the system files and has the ability to be turned off by the user, after authenticating….What would stop an application from being installed with a virus and disabling UAC”
Microsoft’s response…
”Nothing”
Ugh. Wrong again.
UAC = User Account Control.
UAC doesn't control access to system files. ACLs do that.
Applications can't turn off UAC without already having admin privileges.
Wrong again. UAC is one of many security technologies introduced in Vista. Besides that, very few users disable it.
Security on Snow Leopard is a joke. There's no ASLR, no SAS or UIPI. NX support still isn't as good as Windows. BOTH systems grant read-only access to system files by default.
Umm, they have. They've seen that Windows is constantly attacked despite the far greater barrier to entry for attackers. Every security researcher says that Macs are trivial to exploit. So the explanation for the relative lack of attacks against Macs clearly isn't a matter of difficulty, but rather a lack of incentive.
You are clearly a Windows bias person and will stand by your man “Windows” just like a women who gets beat by her man and is too afraid to accept reality that its time to leave him…..
I like OSX very much….I have VMware running a Windows 7 for the hundreds of apps I can't use in OSX…All OS’s have their pro’s and cons, but if we are really going to focus on security….then Windows is and has been at the back of the the line for some time…
OH…..And that comment you made about IIS being far better than non-Microsoft Web Services…..DUDE….You just confirmed you have no idea what you are talking about…..the only reason IIS is still used on the “INTRANET” of corp networks is due to .Net Framework apps…Its cool, people like the functionality and so on…..However….I will gamble with you right now and challenge you to call the fortune 100 corps of America and ask them what web servers are sitting on their DMZ’s (that’s for public facing servers if you didn’t know)….IIS is NOT ALLOWED in the DMZ for MOST of these corps….It has been hacked too many times and has proven to be non-trust-worthy for public facing sites. America Express was de-faced about 5-6 years ago….running IIS…..AMEX does not allow IIS in their DMZ anymore…its all “something else”…The same can be said for most of the banking and semi-conductor corps that I have personally worked for and other large corps that have SOME of the best and smartest people working for them.
You need to go read some books before you respond again.....
I am a developer on the Windows shell team. I am intimately familiar with the Windows application model, and have released several applications independently of my work at MS (including Start++ among others).
Applications on Windows don't write to system file locations. If needed, shared libraries are installed by the Fusion APIs into the Side-By-Side assembly cache (WinSxS) or the GAC (for .NET stuff).
I'm quite confused about your "enterprise experience." Enterprise admins deploy software to managed desktops, they don't have users install them. Nobody should ever be changing registry ACLs or system file ACLs. Basically, none of what you said makes any sense at all.
Umm, what?
No, it's an industry leader. Software development firms around the world look to Windows in defining their secure development practices. The "Secure Development Lifecycle" that originated from Microsoft has been adopted by a lot of ISVs, and I'd be surprised if several competitors (possibly including Apple) haven't integrated at least part of it into their process. They'd be very unwise to ignore it.
IIS has little or nothing to do with any .NET technology. It's a web server, and by far the most trusted one, given its impeccable track record.
IIS had 8 vulnerabilities since 2003, ZERO of which were rated "highly" or "extremely" critical, and only four rated at "moderate" which means they're at worst DoS attacks, all of which were in optional off-by-default components.
Apache has had 26 in the same time period, including 2 "highly critical" (remote code execution) and 10 "moderate" vulnerabilities.
How do you explain that? Not a SINGLE reported remote code execution vulnerability against IIS. Not even one. In 6+ years. Seriously, how are you arguing against that?
American Express is using IIS on at least three of their websites:
http://searchdns.netcraft.com/?position=li...icanexpress.com
Although those are just public facing sites. Their on-premise extranets are much more likely to be IIS.
Intel and AMD both use IIS:
http://searchdns.netcraft.com/?position=li...&host=intel.com
http://searchdns.netcraft.com/?restriction...osition=limited
Look at the top uptimes for webservers tracked by netcraft:
http://uptime.netcraft.com/up/today/top.avg.html
Out of the top 50, only ONE is running Apache! All of the rest are Windows Servers!
Somehow, I don't think that's necessary...
The thing that scares me with a lot of these *factual* posts are that these mac users will just click blindly on installs etc because they believe they are secure. Because so little run AV there will be little chance for them to find out they have a problem. Once a mac virus gets out its going to be very hard to change the idealogies and beliefs of the faithfull.
The user is always the weakest point in ANY os and if you dont expect a virus its the last thing you will check out when you experience issues. Windows users know they can get viruses etc and due to that are more dillegant when they experience issues on windows instantly checking for viruses etc just in case but a mac believer would not.
Please mac users wake up before you all get caught out which WILL happen eventually, just ask yourself if your prepared for it...
Social engineering for virsus and malware is one of the EASIEST ways get the crud installed/ran but at least windows users might expect it.
Also I do run a large network and the users NEVER install software, they simply are blocked doing it. We centrally deploy it after testing/licensing etc and because users never have admin rights (XP clients btw) it helps reduce the risk viruses can pose via the social engineering approach for malware etc.
Also my earlier thoughts still apply:
The thing that makes me laugh is the fact that people rabbit on about how insecure windows is but mac % has not *really* increased/changed that much on the desktop market even though the stupid ads try to shove this fact.
The truth is even if macs have less viruses/blah blah/etc/design blah blah people would rather have viruses and use windows then be stuck with mac prices/osx, yeh thats success, FAIL!
And whats makes me laugh further is the fact most mac users install windows on vm/bootcamp anyway as they need windows too! and thats a feature of the mac osx, yeh go out and buy windows anyway as we know you really need/want it.
Uhh... what?
I'm pretty sure Linux was originally a single-user OS (though I can't find a reputable reference at the moment). Windows NT was multi-user from the very first release.
Last edited by Brandon Live on 22 Sep 2009 - 17:39
There is 1 bank that hold 50 billion dollars and another bank that holds 100 dollars. Which one will get more attempted robberies?
Market share plays a huge roll in viruses.
Those who say windows is unsafe, its only as unsafe as the user who uses it. If youre stupid enough to run a virus, doesn't matter what system you are on, it will get you.
Sadly, Windows NT 3.x to 4.0 in the mid/early 90s was on the same level, as it wasn't affect by Win 3.x or Win9x viruses. People only ran Anti-Virus software on NT 4.0 Servers for the Win9X clients, not the NT 4.0 server itself.
And when NT went mainstream with Windows XP, this notion fell and fell hard, to where MS stopped all development to focus on security and security policies resulting in Server 2003 and SP2 of XP.
(NT in theory has a much more complex security OS model, as even trusted kernel processes still must obtain security permission and get a token allowing the thread to run. Add in the full Object nature of the security system and the ACLs and other features that have been in NT from the begining gave it security advantages over even OS models like OpenBSD. That still didn't stop the XP fall when it went mainstream replacing Win9X.)
@Brandon: Seriously man, leave them alone. If you're really dignified as you say you are you'd let these people say whatever they want, your position at Microsoft was enough to give you strong credibility. I find it a privilege to see someone who worked on such component on the infamous operating system speak, but I find it condescending that someone of your caliber would argue with these buffoons. I myself have been developing for years as a hobby and never by trade in comparison to you, but I felt that it was natural to me to give advice to a fellow developer when they are unnecessarily infuriating themselves.
BTW for this few seconds break in OSX, he spent at least a month searching on how to... before the event...
This article is just a hit counter...
I agree, Apple are infuriating and need to stop being complacent and get their act together but the MS platform, thanks to some of its users and abusers in the family unit, feels vastly less safe.
In a little research one of the first virii back in the 70's & 80's was on a Apple Computer. Now I know OS X did not exist back then but still. Mac's can get virii. 2nd point. lets shift our focus away from Mac OS X for a moment and take a look at other iCrap such as the iPod & iPhone. These devices have vast popularity and a huge marketshare among it's field. If I remember correctly there was for a while a couple different ways to completly pwn a iPhone by just sending it a SMS (txt) msg. And all the iPhone had to do was receive it to be the ****** adopted device of a cracker. Now if the security that is behind the operating system/firmware of a iPhone is the same stuff that OS X is built on then that shows me there are mass amounts of potential exploits to be found. I am not saying by any means that Mac OS X is safer/more secure than Windows or vice versa. What I'm saying is all computer systems & OS's have their potential and guaranteed flaws. I have used every single version of Microsoft Windows operating systems all the way back from Windows 3.1 to Windows 7. Microsoft has always improved their security and general usability of the successor to the current OS with exception to Windows Me which was a half assed slap together job to shut up the impatient people when Windows 2000 wasn't ready. I know many will talk of how Windows Vista "Sucks" and yes it has its flaws but it is one of the first of a new genre of NT OS. So it is bound to make its mistakes much like Me. I have never had a single Virus or piece of malware on my Vista machine or my Windows 7 Machine. The few Virii & Malware I have had back in my days of using Windows XP were rare at best and mostly due to Luser error. (Friends or my own sheer stupidity at the time) I have not had the pleasure of destroying a Mac personally yet just because I do not have the cash to go buy one. I would rather scavage hardware from web sites an build a completely custom PC and slap on my own copy of Windows than spend $2,000 on the Mediocre version of a Macintosh computer. More so someone mentioned earlier that there are quite a few Botnets on the Mac. I laughed at this because they are right. OS X makes just as good as a zombie as a Windows XP machine. Heres something to think about. Maybe someone can answer this. If Windows is so insecure and such a crappy OS then why is it Mac users have built in the functionality to run the OS via bootcamp on their machines? I know they want all the juicy software that people develop for Microsoft OS's (A good perk to having a majority marketshare) But are they willing to get themselves all the infections and worms/virii/malware/spyware/scareware that they are allegedly trying to stay away from hence their use of the Mac just to be able to play a PC game? Why hasn't Mac found a way to run Windows software natively on its own? Why include the alleged insecure unsafe OS that is Windows? Why not just figure out a way to execute the same code on a OS X machine instead of having to include the nasty bugger Windows XP??? I wonder this alot. Because if Mac's are so secure and can't allegedly get virii and malware then they should be able to have the potential to run all the software that PCs cane run via a pretty complex emulator or something of that nature without having to worry about their OS dying. I'm just thinking that Apple should have found a way to do this by now. Yes I understand the architecture of the Windows software and OS X are way different. But I know with the use of WINE on Linux machines you can emulate a environment to run windows based apps, and with the mass amounts of cash that Apple pulles in from iTunes sales, iPods, iPhones, iMacs & Macbooks all combines that they would be able to put their software engineers to work and come up with something far better than WINE. Well I'm tired and done and going back to cleaning the mess that is my room. And for the record I do not have any AV installed on any of my machines. Good AV programs usually take a small hit to computer performance that I do not want. Once in a while I'll install something and do a scan and find that my computer is squeaky clean. Then I get rid of the crap and go about my ways. So look I can be just as Naive as a Mac user with the whole don't need AV piece..........maybe this means I should switch to Apple products............ If only they were within my price range........ and only if they weren't so fruity lookin
[/RANT]
But "paragraph" is.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.