Intel, the end of Mac security? - Page 3
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: Intel, the end of Mac security?

  1. #21
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    I guess by now we are way OT... But this has turned into a semi-productive discussion in spite of itself.

    Okay, I believe you when you say that there is an article in a magazine that says something positive about Windows security. I am a bit jaded about things like the validity of what some tech writer says in a magazine. Magazines tend to spin everything in a very positive light for the 'theme' that the magazine is about. You say 'PC Magazine', and I think 'Pro-Windows'; but maybe I'm wrong.

    It also matters which version we are talking about since there have been 10.1 (Cheetah), 10.2 (Jaguar), 10.3 (Panther), and now 10.4 (Tiger). Don't get me wrong, I am not saying the OS X is perfect; no OS configured to be this easy to use can be truly 'secure'. But comparing Mac OS X to Windows, Solaris, Linux (especially Gentoo), FreeBSD; I'd have to say that it has a pretty good security record so far for being an OS that doesn't 'require' the user to know sh*t about computers.

    XP/2003 is something I have never even used, so any comment about it's security from me is strictly a prepetuation of the ugly rumors about it on sites like this one and others on the internet. Yes, I am guilty of spreading fear, uncertainty, and doubt about an OS I have barely any knowledge of; it's true.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  2. #22
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hey spurious_inode ,

    Haven't heard from you in a while.........everything OK I hope?

    You are right................I guess that at the moment an Apple is more secure than a Windows box

    OFF THE SHELF however, with skill the difference will diminish? Hey, I have an Acorn Archimedes that only has 114 known malwares in the World.......it does run rather slow though (12Mhz)

    That has been my argument about level playing fields and fair comparisons all along?

    I have nothing against Apples.......actually I must find it again(moved house syndrome ) It has a Pentium I 75 Mhz and a RISC (Motorola/IBM?) chip which I guess is about 90Mhz, and DUAL BOOTS Mac OS 7? and Windows 95. I think that it has 48Mb of RAM. Now that was an innovation in its time?

    Cheers

    Johnno
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #23
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    I guess by now we are way OT... But this has turned into a semi-productive discussion in spite of itself.
    Indeed it has .

    Okay, I believe you when you say that there is an article in a magazine that says something positive about Windows security. I am a bit jaded about things like the validity of what some tech writer says in a magazine. Magazines tend to spin everything in a very positive light for the 'theme' that the magazine is about. You say 'PC Magazine', and I think 'Pro-Windows'; but maybe I'm wrong.
    I know exactly what your talking about and I to am often sceptical over how legit articles on this subject actually are. You sound as if you havn't heard of this magazine before, here's a link to there site for more info on them... http://www.pcworld.com

    A big reason why I think this article is legit though is because windows took a bagging from them for their lack of speed when it comes to making patches, and apple got praise from them for their speedy times in making patches. Obviously that is a huge win for Mac against windows and a big loss for windows, but that wasn't the topic of our 'debate'.

    I didn't mean for it to sound as though I was degrading the Mac OS, I was just trying to stick up for windows which often takes a beating here at AO... That and chsh's personal attacks on Nihil and I got me all angry and offensive.

    You are right................I guess that at the moment an Apple is more secure than a Windows box

    OFF THE SHELF however, with skill the difference will diminish
    That's pretty much sums it all up, that and the FACT that windows is more of a target because the OS is on 90% of computers. And we're not pulling it out of our ass's as chsh suggested.

    It was nice to meet you spurious_inode, and again I apolagize if I sounded ignorant, I really didn't mean to sound that way at all ...
    I am the uber duck!!1
    Proxy Tools

  4. #24
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by nihil
    [B]Where did you get that erroneous assumption from? It is actually at SP4 and still tries to run IIS by default (OK IIS has been patched somewhat). My point is that users have been exposed to IIS running by default for a considerable period of time
    Win2K Pro SP4? It's only a major OS release out of date. Perhaps it was rather assumptive to say Service-packless (but then, that brings to my mind the question of whether or not your "built up default install" is actually a default install anymore), however my principal point about comparing like systems still stands.

    My objection to MS is that they release things running by default that are not required neccessarily. The user should be prompted to select or reject these before installation.
    Actually, quite a few other people do this as well. Microsoft is learning too. Does IIS come with XP Pro turned on by default? Judging a piece of software's present by its past is a fruitless effort.

    We are not talking about linux distributions here? so what is the relevance of this comment?
    Your statements were about what OSes do as a default install. For a long time RedHat was a prime example of a corporate linux with a horrid security record because of its on by default policy.

    I would have thought the issue was whether you understood the difference between an "exploit" and a "vulnerability" . A vulnerability is only a problem if:
    1. You actually use that stuff (remember I have noted that you may be doing so unwittingly with MS)
    Again, in OLD operating systems. Let's dredge up NT's problems and claim Microsoft's stuff now is utter crap why don't we? I mean, that's what you are doing. I have a suggestion for you. Try actually using these newer versions of operating systems before you start slagging a company for being shitty security wise.

    Now, let me explain a few realities to you there are in this World, a large number of people who do nothing other than search for vulnerabilities in Microsoft Operating Systems........that is how they earn their living or hope to gain glory. Some even go to the lengths of producing POCs.............so, you have unwittingly produced another flaw in your own argument.......
    These security firms ALSO research vulnerabilities in other operating systems such as Linux, MacOS, etc... The concept that it can't be more secure because it doesn't have as large an audience fails when you compare the facts. Windows is attacked a larger percentage of the time than it has market share, almost to the exclusion of other operating systems. IIS was attacked FAR more (hundreds of times so) than it had market share, and it sits in the minority in webserver market share. Following your flawed line of thinking, Apache should have far more vulnerabilities in it than IIS should, and yet since 2003 (IIS6) both have had decent records. IIS 5 had its issues, and as a result was attacked still far more. If there are already industry examples where your argument fails, how can you reliably say it will apply to another example -- in this case, current MacOS vs current Win2K3?

    I'm sorry, but *that* is called pulling stuff outta your ass.

    I really do wonder what would happen if the same attention was given to another OS?
    You'd probably find the disparity isn't what you assume, and that other operating systems are more secure through design. I think MacOS is perfectly capable of being a decent, hardened desktop operating system.

    A bit like the old military dialogue "very pretty, but can they fight?".....MS have been in the "front line" for years. No-one else has, in terms of being attacked.
    That's entirely debatable.

    If you do not believe me, please take a trip on the "dark side"........they do not leave MAC and *nix alone because they are too difficult they do it because they do not consider it worth the effort........at this moment in time
    Now that's a good laugh.

    Finally, you have chosen not to answer my question as to why you introduced an IIS vs Novell argument into a thread that was patently about OPERATING SYSTEMS ...........you are aware that neither of those are operating systems?
    And yes, I can read, so I do not need to learn.......perhaps you should consider some brushing up of analytical thought processes?
    You know nihil, you are a funny guy. Not sure where the hell you got Novell from, but maybe you should rethink whether you need to learn to read.

    As for why I brought APACHE into this thread, it was for the simple purpose of pointing out there are already industry examples of software that has dominant market share and yet has far fewer vulnerabilities than another smaller contender (IIS). This can translate into quite an obvious commentary on how flawed it is to assume that MacOS has as many or more vulnerabilities simply because it has smaller market share.

    Originally posted here by The Duck
    People running Redhat are not soft users... Most of them know about those services running by default and will turn it off if they don't need it... But let's keep on topic here...
    Sweeping generalizations that are assumed to be 100% true are always good to fall back on eh?
    The fact of the matter is that that was FAR from true at the time. It was actually due to clueless Redhat users that a quasi-infamous linux worm got to spread.

    If you've never heard that windows is attacked more because there is more windows computers... Then you have to get out of that rock your hiding under... You think we're pulling this out of thin air??
    I've heard the concept, and frankly think it's BS. I think you are pulling it out of your ass that MacOS will prove to be as or more vulnerable (as in, not anymore secure) than Windows 2003 or Windows XP (depending on Server or Desktop versions).
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  5. #25
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Sweeping generalizations that are assumed to be 100% true are always good to fall back on eh?
    The fact of the matter is that that was FAR from true at the time. It was actually due to clueless Redhat users that a quasi-infamous linux worm got to spread.
    Yes, I admit, it is an assumption, but it's a damn good assumption if you ask me. And I know YOU KNOW that MOST linux users know what they're doing and don't USUALLY fall into the category of "soft users".

    As for why I brought APACHE into this thread, it was for the simple purpose of pointing out there are already industry examples of software that has dominant market share and yet has far fewer vulnerabilities than another smaller contender (IIS). This can translate into quite an obvious commentary on how flawed it is to assume that MacOS has as many or more vulnerabilities simply because it has smaller market share.
    Earlier in the thread I brought up firefox and what happened with that, so your point with apache and my point with firefox cancel each other out. You really can't compare any other situation with this one because windows has tested time and time again to be more secure then Mac and linux (regardless of what you THINK of like comparisons), which brings up the probable theory that windows is only being attacked more because it owns such a HUGE share of the market therefore making it a bigger target.


    I think you are pulling it out of your ass that MacOS will prove to be as or more vulnerable (as in, not anymore secure) than Windows 2003 or Windows XP (depending on Server or Desktop versions).
    Ok, I'll admit, I suppose it is a theory, but like I said, it's a probable theory. And you have yet to prove that mac will be more secure then windows if or when the time comes that Mac has a big share of the market. So your thoughts on this subject is theory as well, wether you like it or not. With that said, we will have to wait and see what happens...
    I am the uber duck!!1
    Proxy Tools

  6. #26
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Chris if you sat back and thought about it, you would see that we mostly agree?

    Win2K Pro SP4? It's only a major OS release out of date. Perhaps it was rather assumptive to say Service-packless (but then, that brings to my mind the question of whether or not your "built up default install" is actually a default install anymore)
    Well, it is default plus default updates.............I guess you have to follow through?

    Now, "out of date".............OK I will go with that..............but half the World must be using out of date stuff? It is reality we are talking about?



    Judging a piece of software's present by its past is a fruitless effort.
    Now that does mark you as college rather than reality.............the past is the present if the corporation will not pay for the updates? You are quite correct, however

    For a long time RedHat was a prime example of a corporate linux with a horrid security record because of its on by default policy.
    We are two choir boys singing from the same hymn sheet here? Default installation + weak system = big problems?

    These security firms ALSO research vulnerabilities in other operating systems such as Linux, MacOS, etc...
    Chris, please join me on Planet Earth for a moment................these guys do it for MONEY , and as 90% is Microsoft......................please go figure
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #27
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by The Duck
    Yes, I admit, it is an assumption, but it's a damn good assumption if you ask me. And I know YOU KNOW that MOST linux users know what they're doing and don't USUALLY fall into the category of "soft users".
    I'm not foolish enough to say that. Sure, I would like to see the linux crowd as being generally more tech and internet savvy, however, I don't make that assumption. I've run into a lot of people who don't even know how to setup a chroot environment, which I consider kind of an important thing in terms of securing a box.

    Earlier in the thread I brought up firefox and what happened with that, so your point with apache and my point with firefox cancel each other out. You really can't compare any other situation with this one because windows has tested time and time again to be more secure then Mac and linux (regardless of what you THINK of like comparisons), which brings up the probable theory that windows is only being attacked more because it owns such a HUGE share of the market therefore making it a bigger target.
    Umm, time and time again it's been tested and proven to be more secure than MacOS and Linux? Errr, oooookkkayyyyy. Put the pipe down buddy.

    Ok, I'll admit, I suppose it is a theory, but like I said, it's a probable theory. And you have yet to prove that mac will be more secure then windows if or when the time comes that Mac has a big share of the market. So your thoughts on this subject is theory as well, wether you like it or not. With that said, we will have to wait and see what happens...
    My point is not that MacOS will be more secure, but rather that your concept of "it hasn't got the market share so it must be less secure" is completely nonsensical theorycraft. This is why I suggested you go find vulnerabilities, rather than using wild speculation to make your point.

    Originally posted here by nihil Now, "out of date".............OK I will go with that..............but half the World must be using out of date stuff? It is reality we are talking about?
    Right, you still aren't getting the point. You compared Windows of an earlier era to things NOW. All I'm saying is draw proper contemporary comparisons.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  8. #28
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    I have three computers. 1 windows, one linux, and one MAC OSX. All are equally secure. Why?

    none are on the internet and are powered off and burried in ten feet of concrete. See they are all equal. YAY!


    but seriously. this argument will never end. no one will ever prove why one is better than the other without somone else trying to argue (wether they are right or not) Security depends on the user. If you have a mac expert, a nix guru, and a windows expert all with specialties in security they can all make their boxes secure to a point where any better wont matter. It iwll be done in different ways but the end result is the same.

    Windows does not have more exploits soley becasue of its user base. This is a huge factor but its not the only reason. They also push out code before it is ready and set incredible deadlines that they strive to reach and usually cut corners to do so...which sucks. but thats business and the fact of the matter is that it costs them less to cut corners and have an OS a with a few more holes per uer than then the compitition then it would to drag out testing and other QA processes. Aside from that, MAC osX has been around longer (atleast at its core) its had more time to develop, and to work the bugs out. So yes it probably would be more secure out of the box then another OS and it probably would take a little less work to make it fully secure then a windows one would, but now we are not talking about how secure something is, we are discussing the users willingness to work for security.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  9. #29
    Senior Member
    Join Date
    Aug 2002
    Posts
    508
    Hmm a good discussion indeed.. it will be interesting project for those people to do testing exploits on intel (mac osx).

    Btw Mac OSX 10.4 Tiger developer kit ~x86 look sexy..on intel http://img98.echo.cx/img98/1449/dsc93098ce.jpg
    Not an image or image does not exist!
    Not an image or image does not exist!

  10. #30
    Senior Member
    Join Date
    Apr 2002
    Posts
    161
    Hi all,

    First of all thanks for all the feedback.

    I would like to add, are there many ASM based vulnerabilities that are intended for Intel, and therefore Apple's switch means a less secure platform? How will this change affect Macs securitywise? How easy will it be to port malware coded for wintel to this new platform?


    Regarding current malware that affects Macs
    Originally posted by the Duck
    Beleive me... they're out there...
    Please tell me which ones?


    Cheers,

    J

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •