is it just me?


Recommended Posts

or have the apple bashing journalists jumped straight out of the wall since panther came out?

apparently now that a flaw in the way osx handles dhcp has come out, everybody has started to compare osx to windows :huh: considering this flaw has been around for years (as it affects panther, jaguar, and probably earlier verions), i can't see how the security of osx is even comparable... if it took somebody that long to figure out how to attack it in the first place.

and even this 'gigantic' hole isn't even that big... someone has to play with a dhcp server to even get halfway there... then the mac has to connect to it.

anyway, i'm just not getting how some people can compare osx and windows on the security level.

then again, i don't understand how spl bashed apple for pricing the g5 at $1999 and saying it was under $2000 like no other company had ever done it before... along with many of his other 'soapbox' articles.

Link to comment
Share on other sites

I don't fully understand what your post is about, it isn't so clear-cut. But here's what I got from it:

The good thing about that hole and that it took so long is the fact that it was quite secure in the first place...it took months (maybe years) to crack into that hole which is a good thing.

I understand how people can judge security between Windows/Mac...but they both have their security advantages & disadvantages, it's all down to personal preference I guess.

Link to comment
Share on other sites

IMHO the DHCP/LDAP issue isn't a flaw - it's a design choice (one I actually understand and might have made myself). Honestly, if someone has already compromised your network, hacked your DHCP server, setup a false LDAP server, and then comes over and reboots your machine I think you have bigger problems with security than the assumption that the authentication server provided by your network configuration server is trustworthy. YMMV.

I assume you're talking about the PC-Mag article that compared the OS X DHCP/LDAP "issue" with the ~3 years of WinNT-codebase holes and exploits. I don't know who he's trying to impress with that reasoning: Mac users know there have been ~10 updates for OS X in the last year (including 10.2.x, security updates, and 10.3.x). Windows users know that there have been so many holes in their OS that microsoft has gone to a once-a-month patch routine so people don't get lost in the confusion. He's comparing one intentional, easily disabled consideration in OS X to the 6 active sevre exploits in MSIE (which you can't disable if you still intend to use Windows Update), blaster, nimda, code-red...yada yada yada. Who cares?

That article is written to get people like you angry so that you'll send it on to me and then I send it on to my friends and we all go and read it and scream and yell - meanwhile PC-Mag sells a few more issues and gets a few more banner impressions.

I'm glad that Apple product problems are front page news; that means it's rare enough that people actually take notice, but still not so sevre that we're taking down major chunks of the internet (see: your favorite windows worm) etc. If we all keep screaming then Apple's products will get better and we all win.

Rather than continuing to rant I'm just going to point out a few errors in logic in his article point-form style.

----

* He takes a swipe at Mac zealots - but what does that have to do with security - and what about x86/Win32 or MIPS/UNIX zealots?

* If OS X had Windows user base it would automagically be as insecure as Window, yet Apache has >= IIS market share and doesn't have the same number of exploits.

* Complaints about OS X complexity - as if windows wasn't.

* One os x issue = a half-decade of WinNT security headaches?!

* /Applications is writeable by anyone in the staff group. When you install os x you create an administrative account which can install software, create users, etc - but it's not root, you'll need to authenticate as root in order to play with stuff in /system. The default behavior for additional accounts is to create even LESS privileged accounts than admin. They're not in the staff group. If you create a new account, promote it to admin/add them to the staff group, why shouldn't it be able to alter files in /Applications? "Standard" users cannot do this, nor can they ever effect /system. Admins can effect /system, but only if they become root to do it (using sudo or the graphical sudo clone os x provides).

* "I have been a windows guy since win 3.1" - 10 years away from mac os. it had different os and ran on a different architecture: you experience means nothing today.

* popularity != a measure of security.

but we already knew all that.

Link to comment
Share on other sites

more than just that article evn show... there was something about it on /. i think. my point is, how can a journalist seriously compare osx security to windows security?

and then there's spl, and everytime that guy writes something, i just feel stupider for having read it.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.