This may hev allready been discussed but....
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: This may hev allready been discussed but....

  1. #1
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810

    This may hev allready been discussed but....

    At a quick glance I didnt see this floating around. I read an article on yahoo just now that kind of bothered me. It can be found HERE Now the reason this article bothers me is that it seems to be putting a band-aid on a bullet wound. For those who dont feel like reading the article I will sum it up. Sophos is now recomending that everybody go out and buy a mac. Thier logic is that because there are so many unsecured windows machines nobody writes mal-ware for macs.

    Now my own personal opinion is that if the world ran on macs like it currently does on windows there would be just as much trouble.
    from the article "So why not switch to a computer which simply cannot be infected by these threats?"
    Since when was mac os invulnerable? Can someone in the name of all things good in this world, tell me when Jesus made an OS? Now Im not slaming macs. But thier OS is no less vulnerable than any other OS. I wonder how much of a kickback sophos is making from these statements.
    Now that I have vented my spleen a little..... what does everybody else think about it? Not what OS is better but about a company basicaly trying to get people to run away from one problem into the unknown. Tis better to fight the enemey that you known than the enemy that you dont.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi ZomBieMann77 it just looks like another resurection of the old "security through obscurity " angle?

    You could argue the same case for machines running Linux and Unix IMO.

    I think that a key statement was:

    Hackers prefer this type of malicious software, Sophos found, because it can be targeted at a particular group of people to increase the likelihood of tricking users into handing over information.
    It is really just a pure statistical argument. Say out of a 1000 users there are 850 using Windows, and 500 of the 1000 are competent and the other 500 are stupid, then it makes sense to target Windows users because you have a potential of 425 hits as opposed to 75?

    Just my thoughts on it

  3. #3
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    I agree with you whole heartedly nihil. It is security through obsucrity and anybody worth a damn isnt going to recomend that type of security. Its a comfort level as well. Most users who arent in the technical field are intimdated by computers. Telling them they should toss what they have allready learned is not going to help them. Its going to intimidate them more. And just because nobody has bothered to write virii and other malicious software for mac doesnt mean that it can not be done. You get a widespread move to mac and see how long it takes before there are floods of malicious software for it.

  4. #4
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Couldn't have said it better, lol.

    I mean, if one day all the windows users woke up and patched their systems, and kept them up-to-date, I'd wager that you'd see a marked increase in attacks on MacOS. Of course, given the gross undereducation of the windows user community in regards to security, as well as the "questionable" tactics and methods that Microsoft has incorporated into its update methods, it's not likely that this will ever happen. There will always be a large, uneducated windows userbase, and this is compounded by a large install base of pirated windows - many of which cannot, or will not update for fear of getting busted.

    Let's not forget that MacOS is based on a *nix kernel, which makes it far from immune to exploitation. In addition, most mac users that I know are not very security-oriented, as they are coddled by the false sense of security that obscurity brings. Personally, I predict a virus or exploit will hit MacOS in the near future, mearly because of the immense advertising campaign Apple has right now, touting MacOS as a virus and exploit free alternative to Windows.

    I could be wrong, but that's my take on it.
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    576869746568617

    OK...so 95% of the worlds computer users switch to MAC OS............you dont think the skiddies\hackers\spyware\virus writers will be on that...........the more macs out there..the more they will be targeted

    ...........cause thats what everyones gonna be using

    There will always be a large, uneducated windows userbase,
    And...there arent gonna a be a large uneducated MAC userbase when all those
    windows users switch to macs....


    But thier OS is no less vulnerable than any other OS. I wonder how much of a kickback sophos is making from these statements.
    ZomBieMann77

    Your right.........its not the fricken OS............


    Nihil..I think be both agree that humans are lazy fluucks.......thats all there is to it..

    doesnt matter what OS.....as long as they can acces the p0rn p0ker sites....they are happy pigs in shite

    As I have stated before...I think the ISPs should really crack down on the traffic they allow on thier little black boxes supplied to home users....that pass all traffic through...like a bridge

    Yeah there maybe whinning.......

    and less wine for me

    MLF

    edit...flucked up the quotes
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    You mean security through obscurity is a bad thing? And here I was going around replacing all my PCs with Commodor Amigas.

    What a stupid comment by Sophos...than again it got them press now didnt it?! In that case what brilliant marketing people they have.

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    You have to take a couple things into account..

    Sophos hasn't been a real company in quite a while.... They are media-whores... I used to avidly read their AV Newsletters... now they just suck... They just wanted attention..

    The other thing is that yes... Macs are more secure... Not to the point that people like to make them out to be... but they are..

    Macs have a lot more security in place on a default install than Windows and in some cases than Linux...

    Some examples:

    With Windows... as long as I'm an Administrator (or possibly a power user??) I can go to Windows Updates and download the patches and install them...
    With Ubuntu... I have to enter my user password in order to see the updates
    With OS X... I can see the updates but then have to enter my password in order to install the updates...

    Ubuntu and OS X Beat Windows on that one...

    Windows XP has telnet and RDP
    Ubuntu has ssh and VNC
    OS X has ssh, Apple Remote Desktop and VNC

    ssh > telnet... and when I enable RDP on Windows.. my user is automatically added... with OS X it isn't... I have no users added and can add a low level account for remote access...

    Windows... File sharing is enabled by default
    Ubuntu... With my selected install file sharing was enabled by default but no users had access because I had to set a separate password
    OS X... File sharing was not enabled by default

    Windows... As Administrator / Power User I can install any software I want (essentially)
    Ubuntu... To install to certain locations I need to enter my password
    OS X... To install a good number of things I need to enter my password..

    Again Windows loses...

    On the browser side... Active X is a huge problem... go away from Windows and you no longer have that problem...

    While you can call it security through obscurity... that's only part of it... Even as people move to macs and more malware is released for Macs... there are fewer vectors of attack (if any) by default... and that's how most people leave their PCs... sure SSH can be vuln.. but I have to enable that... Apple Remote Desktop or VNC could be vuln but again I have to enable that...

    I can even lock down my System Preferences (Control Panel) so that a password is needed to change any settings... You can't do that with Windows...

    Macs are more secure (especially by default)... It really bothers me when people call it security through obscurity and say that's all it is... because it truly isn't... I work wth Linux, OS X and XP on a daily basis... OS X has some definate advantages both involving security and not...

    Peace,
    HT

    PS... If you want more.. or more details on the security in OS X... I'd be more than happy to discuss it.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Don't forget, passwords themselves are mearly security through obscurity. Once someone finds out your password it's no longer secure.


    And as for "Well it's because Windows runs on more computers!"..... OK so why aren't these IIS worms affecting Apache? Apache DOES have more market than Microsoft, yet all the worms seem to affect IIS.

    Or, why aren't there more Linux virii? Linux is starting to boom and a lot of servers run UNIX and Linux. That would include the Stock Market which as I heard, runs Solaris and Oracle.... So why no UNIX virii or worms to try these high end targets?

    What about SCO? They are just as hated, how come the only attacks for them were DDOS? Are yuo honestly going to tell me you believe it to be because no one wants to take them down? Or is it because by default getting a virii to work in Linux takes more effort than most users have?

  9. #9
    Senior Member
    Join Date
    May 2002
    Posts
    344
    hi HTRegz,

    you have very good points, and I completely agree with you, but i think you are caught up in the sys admin mindset. A regular user might not even know what SSH is or does. A lot of cracking is done by confusing the user. Confusing a Mac OS system might be more difficult as you have pointed out (you can also override a static arp table in windows, which makes arp spoofing and man in the middle attacks a breeze), but of course everything can be done. I am a believer that people get caught up in the ideology that Mac OS X is completely uncrackable. Sure it might be a safer OS from certain perspectives, but people who know nothing of network security might believe that OS X is God's gift to man kind. The only thing thats more dangerous than an exposed system is a system where the user believes he/she has filled in all the breaches
    Support your right to arm bears.


    ^^This was the first video game which i played on an old win3.1 box

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by White_Eskimo
    hi HTRegz,

    you have very good points, and I completely agree with you, but i think you are caught up in the sys admin mindset. A regular user might not even know what SSH is or does. A lot of cracking is done by confusing the user. Confusing a Mac OS system might be more difficult as you have pointed out (you can also override a static arp table in windows, which makes arp spoofing and man in the middle attacks a breeze), but of course everything can be done. I am a believer that people get caught up in the ideology that Mac OS X is completely uncrackable. Sure it might be a safer OS from certain perspectives, but people who know nothing of network security might believe that OS X is God's gift to man kind. The only thing thats more dangerous than an exposed system is a system where the user believes he/she has filled in all the breaches
    I agree that SSH is definately a sys admin type thing... However that was added because of the user base that I was addressing... I'm thinking more about the requirement of a password to install something and the ability to lock the control panel... These are things that keep a regular user safer than the Windows environment does...

    You're definately right through.... a user who thinks they are perfectly safe because of their OS is in a lot of trouble... I'm just trying to empahasis for the non-Mac users on AO that OS X is definately more secure and more locked down than it's Windows Equivalents...

    From a parents perspective (although I'm not a parent) the built in parental controls are also a nice touch in a childs security... especially limiting who they can chat with and who they can email... but yeah... I should go to bed

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •