how did this sneak through
kinds wondering what the point here is. Just seems to be an apple wine for no reason at all. A little cheese with your wine sir?
The unveiling of Apple's super-thin MacBook Air promises to expand further the Mac user base. That's troubling news for a platform that, as it enjoys greater uptake, risks the darker side of fandom - stalkers. Or, in this case, hackers and virus writers. Security specialist F-Secure's latest claim to have discovered the first …
kinds wondering what the point here is. Just seems to be an apple wine for no reason at all. A little cheese with your wine sir?
"Apple users are, ahem, traditionally overly confident about their platform's security capabilities and F-Secure's report was dismissed as a cynical ploy to sell security protection."
Yes, traditionally, I suppose Mac users could ignore security warnings because, well, they just didn't exist for the Mac community. Was this because of superior protection programs, better coding, or something of the like?
No, it had nothing to do with any of those things. Mac users never had security warnings because nobody could be bothered to try to make viruses and exploit security flaws for the Macs. And no, it's not because of the superior coding and protection. It's because we figured you suffered enough already just owning the Mac. Yes, you guys couldn't even get negative attention. I'm sure most of you probably cried yourselves to sleep at night over it too.
But I guess you guys are getting popular enough and the air of superiority is growing too strong to ignore. Soon enough Mac will be brought down to the same virus infested, malware coated level that Windows PCs are.
that the structure of OSX is more easily secured than Windows products have been as it was designed originally to be secure not just pasted on as an afterthought that does not mean however that it can't be configured to be easy to get to it's just an operating system it doesn't offer magic perfect security.
"no matter how secure software is, there is always a way to break it". Bollocks!
Some software does not break. The "software breaks, get over it" excuse is a poor one for lazy engineers. A structural engineer saying "bridges break, get over it" would be roasted alive. Not all bridges break (some do) and not all software breaks (though much does).
However, even the most secure software can be rendered vulnerable by suckering users to install a trojan or whatever. The ultimate challenge is social engineering, not software engineering.
Windows' problem isn't the malware as such. The main reason I switched away from Windows is that, even after it's booted up, I then had to wade through a seemingly endless parade of warnings, dialogs, signature file downloads all shrieking messages like: "OMG! Your [INSERT FUDWARE NAME HERE] hasn't been updated for nearly two whole seconds!! You're gonna DIE!!!"
By the time they were dealt with, it was time for me to go shave again.
The FUDware companies are no better than the scum they pretend to keep in check. Their UIs are almost uniformly shite. Their software's instabilities make even Windows itself look like a saint. I would seriously much rather disconnect my computer from the Internet and never see another email or website again than have to install all that dross on my computer.
Anti-virus? Check! Anti-Spyware? Check! Spam killer? Check! The litany goes on and on.
Why the f*ck can't they just squish it all into one blasted app which just downloads all its stuff in the background and gets the hell on with it without trying to make me shit myself in gut-wrenching terror?
ISPs have been begging for a way to add value (and thus improve margins) to their offerings. May I suggest they find a way to run all these security apps at _their_ end instead of relying on their customers to police and maintain this service using outdated, subscription-lapsed copies of Norton Anti-Virus 2003?
(Feel free to charge a bit extra for the service; the rest of the internet-using public will thank you and computers the world over will cost that little bit less to run each day, saving energy, cutting business costs, helping the ecology, and mitigating climate change. Result!)
claim ... it`s a big word, i`ve read this information on a french website 2 days ago. I love my mac and i`m not silly and ready to click everywhere.
With Apple despicable DOCUMENTED HISTORY of Flaky, Buggy and Prematurely Dead MacBooks all the way back to the first piece of shit G3 iBook, it's the BUYERS that are headed to the Slaughter!
Yeah yeah, I know the Apple Kool Aid Drinkers are in denial over the published facts about historically buggy Macs, but facts don't lie .... just the AKADs lie.
Software is designed by humans. No software is perfect. No software is perfectly secure. If it was there wouldn't be thousands of bootleg copies of Windows and Photoshop around the net.
There is always someone smarter, someone better, and someone more capable of breaking your toy then you are at securing it. Facts of life when dealing with data.
As for your bridge analogy, there are usually teams of trained maintainers and techs who go out to ensure the bridge doesn't break after it's built. Examine tension cables for stress, look for signs of stress, cracking, support failure, etc etc etc. There is a lot that goes into maintaining those bridges behind the scenes so they don't fall. Just like, surprise, there's a lot that goes in to ensure that software gets secured. Even if it is after the fact.
This being written on a G4 Powerbook.
"Mac users never had security warnings because nobody could be bothered to try to make viruses and exploit security flaws for the Macs. And no, it's not because of the superior coding and protection. It's because we figured you suffered enough already just owning the Mac."
Tee hee - gotta love that!
"The main reason I switched away from Windows is that, even after it's booted up, I then had to wade through a seemingly endless parade of warnings, dialogs, signature file downloads all shrieking messages like: "OMG! Your (software) hasn't been updated for nearly two whole seconds!! You're gonna DIE!!!"
By the time they were dealt with, it was time for me to go shave again."
Well, I just finished rebooting the Mac because of yet another in the endless and frequent series of updates to iTunes. Why on earth does a music player need to be updated every other week, and why in hell should it require a reboot of the whole system?
Mac updates are no more or less irritating than Windows updates, and by my clock more frequent.
"Why the f*ck can't they just squish it all into one blasted app which just downloads all its stuff in the background and gets the hell on with it without trying to make me shit myself in gut-wrenching terror?"
Most of them do of course offer the option of unattended updates. It's your choice.
ps - Paris is here just cause I never had a post before that seemed suitable...
"A structural engineer saying "bridges break, get over it" would be roasted alive."
Bridges don't magically break, but you don't have every asshole out there trying to break it.
That's just not a good analogy. In fact it's a really, really bad one unless you're implying that bridges can have bombs dropped on them relentlessly without breaking.
You can sit there in your armchair and spout teleologies all you want, it doesn't change the cold hard reality that if people want to destroy something, they can.
Now if you can create a totally invincible, indestructible platform, be my guest. Let us all know once you've done it.
"no matter how secure software is, there is always a way to break it". Bollocks!"
Any software security can be broken if you chose to apply enough effort. It's a basic fact that the only really secure computer is the one that is unplugged, locked in a safe, encased in concrete and dropped to the bottom of the ocean.
As for the modern Mac users, it's not the fact they use macs that is annoying, it's their attitude! I used Macs alongside PCs from System 6 to 10.1, and quite liked them. Despite what a number of the PC enthusiasts say they are nice to use. It'll be interesting the 1st time I get someone ringing me up about their system giving popups and the like, because most Mac users don't bother with Anti-Virus programs. After i've stopped laughing i'll head round and work out how to clear it down.
Despite some issues with first products, my experiece and esp. when watching releases is that when people have hardware issues, they're usually given a brand new machine.
For instance, my buddy, seeing the improvements to the iPhone interface, flashed his phone with the update (un-jailbreaking it) and saw the his vibrate mode still didn't work anymore. Upon taking it to the local Apple store, they gave him a brand-spanking new one, even though he had his since 2 weeks after the launch.
Software updates for problems that arise come out QUICK, especially recently. Bash the products all you want, but I have yet to see anything better in customer support, not to mention interface and software.
The problem with Windows right up until Vista was that it let any program run with admin rights.. sure you could run in 'limited' user mode but that essentially retarded the box.
Unix, BSD, Linux, OSX **ALL** have required a user to type in a password to allow software to modify system files.
THAT is why Windows is/was less secure. Vista is different however but compatibility has been raped because lazy programmers/techniques have allowed their programs to require direct access to system files (hence the bad compatibility in XP SP2 also)
Sadly however because this program supposedly fixed system files it would likely have required people to use their admin password to install and/or use.
It would be so simple to use this code to run on BSD/Linux systems all it would take is one stupid/less informed user with an admin password.
I read that the military contract thinking regards to security was more to do with diversity rather than a platforms actual level of security. More variation in platforms and the total infection or hack of a system become more complicated and more risky. The more complicated the more likely a mistake will be made, therefore easier to deflect and/or track in the after math. Having said that it would require a greater staff to cover (unless they all start studying up on Mac IT) which increases cost and then there is the requirement of better Windows/Mac connectivity. It's getting pretty good but there will still be issues with dealing with data across multiple platforms.
I say this independent of other parts of your article. I'm a Mac user at home and Windows tech at work. About half my friends are either Mac or Windows users and I don't find that many turn their noses up at people who question it's security. In fact I know plenty of Windows users whom seemed just as ignorant and wonder why they have so much garbage happening on their machine, (I tell them of course) they also ask me how to setup their email etc. Most Mac user (that I know) seem quite versed at the increasing risk. I think your absolutely right about the safety felt for so many years has a lot to do with ignorance due to lack of interest from the pot heads out there. But it's not actually a negative unless the ignorant users remain ignorant. What's the alternative, they switch to a Windows platform and dive head first into a cesspool of bad code and badly designed software. They would still need to be educated about that. (Yes that's just my opinion which is based on dealing with endless problems at work!). Fact is there will always be holes to be poked in any platform that contains so many features and I must say I don't get any sense that Apple are ignoring the issue. There are plenty of security implementations going on and yes they are subject to making mistakes also.
Obviously I'm not qualified to comment on just how secure the platform is compared to others, so I wont, I'll leave that to people who actually know what they are talking about. But it's my general feeling that it's not as insecure as your implying. I would concede that it's likly not as secure because Windows has had the need for so long. But I have read that Apple have taken this issue of increased risk onboard as a matter of policy. I can't back that up because I can't find the article.
Blah blah, Linux, blah blah, direct access to system files, blah blah, admin passwords. What a crock of shit.
If you run Windows in, as you call it, "limited" user mode, then nothing can be installed without a password. But are you then one of those Windows users who felt the need to logout, login as admin, install your program, logout, log back in as user? Because as a context menu option there was always "Run as..." allowing you to simply input your admin password during an otherwise-limited session - just like Linux! Gasp! Try learning something before you blindly declare your love tryst with the magical Linux platform.
Wasn't the first "in the wild" virus - or at least the first virus to affect home users on *wait for it* A MAC *dun-dun-durrr!*
Elk Cloner attacked Apple DOS 3.3 - that's what really bugs me about all the holier than thou fanboi's who claim Mac's are fantastic or the advertising about MAC's "virus free" as they make it sound.
Also second poster is that penny arcade you're ripping off - credit where credits due dude.
Is Vista a secure OS? Hell, no! Is Unix (or any of its derivatives) a secure OS? Hell, no! (Although we should give credit to BSD for trying to retrofit security onto an insecure platform)
Has there ever been a secure OS? Not really, Multics was the last significant try. There are, of course, many OS that include fundamental security constraints - e.g. segregating code from data and preventing changes to executable code in memory - but this produces severe issues, for a start it's difficult to get applications written in C (and its derivatives) to run in such an environment.
And therein lies the problem. If I *could* produce a secure OS, it will undoubtedly be slower and less capable (from an end user's perspective) than either Windows- or Unix-based systems and there would be very limited compatibility with existing apps. It might make a good basis for a PhD thesis, but it isn't going to sell. And, as has been pointed out above, social engineering will work just as well on this hypothetical secure platform.
Everyone knows Macs are super special awesome and never have problems ever.
"no matter how secure software is, there is always a way to break it". Bollocks!"
I don't think I've ever read such misinformed rubbish in my life. It's not just wrong it's fundamentally wrong in just about every respect you can think of. If it can be made by man it can also be destroyed by man, it's that basic. No one is comparing it to structural engineering (about the worst analogy you could make) or is saying it's just a fact of life. No one, unless they're the very worst kind of moron, thinks they can write something that can't be broken. Saying failures in software is down to "laziness" speaks well of your sense of superiority over programmers who obviously can't reach your levels of engineering; so unless you are Donald Knuth I suggest you keep this kind of crap to yourself.
Mac users say "it was originally designed to be more secure" and how is that exactly? No one has yet been able to tell me in detail how the OSX OS is anyway more capable through coding to deal with any of the modern threat.
I doubt several thousand professional hackers, malware writers and clever kids with no friencds who will make a determined effort to break OSX on a weekly basis will be stopped by the original coding made over a decade ago. And neither would any OS.
It may seem more secure but don't rest on your laurels please.
Yes, Elk Cloner affected Apple DOS. And how is this significant? There were loads of viruses for "Classic" MacOS, too, probably more per percentage of computer users at the time than for Windows. Those aren't really significant either, as virus writing at the time was targetted completely differently.
As it stands, malware is currently written to further criminal activity - scam mailing, DDOS, you name it. We're talking about creating botnets of thousands or millions of machines.
In that respect, creating an OSX virus would be handy, as there *are* millions of macs out there, and the owners are generally, as has been pointed out, somewhat smug / complacent [delete as appropriate] regarding security. That hasn't happened, which doesn't mean that macs are necessarily impenetrable, but it does show that they aren't the lowest hanging fruit - it's vastly easier to write malware for Windows than OSX.
When you're being chased by a hungry tiger, you don't need to be faster than the tiger, merely faster than the other guy.
"Those who don't learn from history are doomed to repeat it
My personal fave is (trying to remember back now) was is System 6.9 or 6.11? that Apple themselves had a copying "issue" where they shipped all the lovely users with nVirb.
Fine, they had a rewrite (or just a nip out and aquire bsd and slap on a glossy front end) and X is different to some degree. Yet it has always been the case that no matter what you are using, give the malware writers enough incentive and they will find a way. The number of Mac users who have the "I don't need to run updates" is going to come back and kick them...and rightfully so for being so utter arrogant.
Just a huge shame we are yet to find a way to make that organic mess typing on the keyboard more secure, as that is on everything, the biggest security hole. Here's hoping our alien overlords of lizard people will fix that (yes I know its bad, but needed a alien angle).
The only truly secure O/S I've ever used was VMS. It was so secure you couldn't do a damn thing.. bit like vista's security nagging
"Because as a context menu option there was always "Run as..." allowing you to simply input your admin password during an otherwise-limited session"
Yeah, but it's still crap. You can't get into any critical Control Panel applets. They don't prompt for the admin password, they simply don't work.
Also, so many programs have been written that *need* admin access or else they simply won't run. And that's shocking.
I don't know if Apple is any better, but it's certainly not as black-and-white as you make out for Windows.
at least on OS X you can figure out what's running.
Does not mean all the apps are secure but you may see things you're not expecting. Which is not quite true with WhineDoz.
Go figure out off the many svchost.exe the one started with the -bollox-to-you-M$hite-user-t flag
I don't mind an insecure OS as long as I can figure out when something weird is happening. And then the OSX GUI layer is closed but the Darwin stuff is opensource.
@ Mr B
Sysinternals (now owned by Microsoft) provide Process Explorer (for free) which lists which the flags which the svchost.exe processes started with, among many other useful things.
Not having the right tools to do the job does not mean they do not exist.
Has there ever been a secure OS?
Of course a secure OS can be written. Any experienced programmer could do it. It may not be rich in functionality, it may hardly do anything at all, but it can be done.
The problem is that people are more interested in having the latest rather than the most secure, so security is sacrificed for new features. I'm not saying this is necessarily wrong but it is the way of the world.
Look at the Internet, it's plainly stupid for anyone serious about security to connect to the Internet but the banks do it anyway. They're more worried about being left behind by not offering a nice shiny web site than in protecting themselves and my money!
As of MACs,I've never owned one but every MAC user I've spoken to (the majority not being IT people) love it, don't have security problems and tell me things "just work" compared to Windows. Of course they may get a rude awakening!!!
"But it's not actually a negative unless the ignorant users remain ignorant."
True, very true. So why do Mac users still perpetuate the myth that their OS is more secure than any other? (oops, forgot those Linux clowns who spout the same BS).
If the US military adopt the Mac as a platform you will immediately see a huge increase in the number of attacks from some very dangerous sources but not to worry, your platform isn't affected by viruses so you'll be ok.
Any computer system is as secure as any other - i.e. as safe as Jeremy Clarkson's bank account.
Although OS/400 (or i5OS or whatever it is called these days) is fairly secure (mostly through obscurity though) it has its own share of security exposures which has to be propped up by 3rd party applications (just like any other OS).
OK, not claiming it has a perfect record but OpenBSD is hard to beat. And the 'obscurity' argument is bull with this one since the kudos for breaking OpenBSD's security make it worthwhile. One remote root hole in a decade isn't bad.
It's not OSX specific but this in-depth but accessible essay compares security between Windows and Linux and explains how coding (or rather OS planning and development strategies) and other factors can affect security.
Sure trojans and malware will be made, but getting them to run rampant as on Windows is far less likely to happen, since an admin password is required to change system files on all Macs by default, so even if one person on a network has been tricked into downloading a trojan or virus it will not infect other machines unless they too are tricked, nevermind the fact that most network terminals run in a limited access mode, and most users will not have the admin password. Vulnerabilities will appear but they will not be wide-spread
When M$ first started tinkering with operating systems they used DOS, a single-user OS. They used that all the way up to Lose'98 as far as I recall. Building an OS to be used on the web with a hundred processes running is terribly insecure. This is where BSD, MacOS X, GNU/Linux, Solaris, etc. have it all over that other OS, you know, the one from M$. Everything M$ does is slapping another layer of patches on a bad design. They claim they tried to start over for Longhorn, but failed and Vista happened, another coat of paint on NT. Vista has some bugs that were evident in 3.1, back in the days of 640K PCs and no Internet. The UNIX-like operating systems rely on a multi-user structure with security between users, and intruders, that has been around since the 1960s.
We're not all smug, but it is a better overall experience, isn't it? Of course you do pay for the privilege. I suppose those that can afford that bit extra, do. Others just settle with Windows.
I'm joking. Anyway, having read a bit about this on relevant forums, the current conclusion seems to be that there doesn't seem to be a malware released that hasn't required an admin password for it to do some damage.
I remember when i first opted to buy a mac. Golly, the hate that it seemed to bring out in the PC nerds (for want of a better word. I'm a a bit of a nerd myself. But obviously not that nerdy, because i use a mac). It was like being back at school, but with ginger hair
OK point taken there is a piece of software in a remote place, that is not shipped with the OS, but it has a GUI and achieves a wee bit more that the regular TaskMgr I agree.
But how this may be of assistance when you cannot access the download because there is no route to the web or just because you are not supposed to install/copy anything on a bloody "production server" for "security reasons".
"Not having the right tools to do the job does not mean they do not exist", but it does not mean you can have it.
"The UNIX-like operating systems rely on a multi-user structure with security between users, and intruders, that has been around since the 1960s."
Two points -
1. NT 4.0 was designed in a similar way. Fair enough it was pretty lame, but NT has been built with security between users. UNIX has been around decades before MS, but don't confuse the NT based OS's with the DOS based ones.
2. Things such as the WinNT Kernel has overall been overwitten at least twice since NT 4.0. That's according to a good friend of mine who has worked on the Windows Kernel. The differences between early DOS based Windows and Vista are huge. The concept that Windows just keeps getting patched rather than re-written shows your ignorance. (TCP/IP Stack / Memory Management / Search Indexing etc - all brand spanking new in Vista)
I'm not sure why you're confused.
You asked how to tell what flags svchost were sent when svchost was called, and a way to do so was provided. No mention was ever made of "production servers" which had "no route to the web".
If you're not allowed to install useful Microsoft software on windows production servers "for security reasons", then you need to take that up with whoever writes your security policy, which is not my concern.
You should investigate the Sysinternals tools if you're serious about analysing / securing / troubleshooting your Windows machines.
I can live with weekly updates. I'm a developer myself, so I know how this industry works.
What used to really p*ss me off on Windows was how my anti-virus app would pop up an update request *every single day*. And then MS' anti-malware app would also want its pound of bandwidth. And so on... and on...
Worse still, many FUDware apps have an insane love of performing complete system scans at *exactly* the same time when I'm trying to do something resource-intensive. That running such resource-intensive scans daily is actually a _default_ setting just boggles the mind: If they can't even be sure their oh-so-brilliant software will stop the crap hitting my hard drive, what's the bloody point of it all?
And yes, I'm well aware that many "pro" FUDware apps, upon provision of my bank details and permission to siphon lumps of cash from same, will handle their updates more quietly and politely. So what? I'm not in the habit of buying cars that haven't had decent locks fitted. Nor do I expect my new home to come with deadbolts and window latches that stop working after just 90 days unless I pay someone a small fortune to fit some new ones and maintain them to a decent standard.
For fuck's sake people: the problem isn't the OS. The problem isn't the people. The problem is the *Internet*, which was never designed for the uses it's seeing today. (And neither were UNIX, Windows or any other mainstream OS, no matter what the partisans would have us believe. Even the mighty Linux has its share of vulnerabilities.)
The Internet we see today is a 1970s technology designed by naïve lab researchers who probably had a fit when they realised their sweet, innocent lamb of a technology was going to get royally rogered by corporations and the great unwashed the world over.
At present, merely connecting a computer to the Internet is practically a declaration of war as far as users are concerned. It's not just unsafe; it's _ridiculously_ unsafe. Who in Codd's name thought opening it up to the general public was a good idea?
The Internet is broken. Badly. It is impossible to police properly. It scales poorly. It has no security features whatsoever that weren't merely tacked on as afterthoughts. It's seriously unfriendly and unwieldy. It was designed by idealists rather than pragmatists. In short, it needs replacing wholesale. This probably won't stop people trying to abuse the replacement, but at least it should be easier to set up a "superhighway patrol" to keep it reasonably safe to use. Roll on Internet 2. And it'd better be good.
What is next ... Linux?
Macs are just waiting to suffer a super virus crash. EVERONE (all pc users know it) knows it. Macs are so full of holes compared to PCs that as sound as anyone feels like it, they can whip up a virus and every Mac will crash at once and spread to all the contacts in it, all at once.
Just because there are millions and millions of Macs out there with well to do owners, there just is not enough out there to use OS X so that anyone cares.
Bill Gates made sure that Windows is free from viruses, its the , er,,,,, third part software makers that allow viruses to get into VIsta and other PCs. Honest, Steve and Bill told me so.
While it is true that professional and amateur crackers will look to target a more popular platform so that their creation has a better chance of infecting more machines. For the most part security was not the focus of Windows development, compatibility was and then it seems, DRM. A os like OS X should be inferently more secure since security was a concern in it's development as was the BSD os it was derived from/shelled over.
Chris Miller: "...many OS that include fundamental security constraints - e.g. segregating code from data and preventing changes to executable code in memory - but this produces severe issues, for a start it's difficult to get applications written in C (and its derivatives) to run in such an environment."
I've been wondering about that! When I read, over and over and over again, about yet another security hole based on a buffer overflow, I wonder why anybody will put up with a programming environment that even allows this to happen.
Or, to put it another way, if MS can burn off processor cycles en- and decrypting HD video repeatedly, while checking drivers 30 times a second, there's enough processor power to have enforced array bounds checking operating at all times. If you leave it to the programmers, they *will* forget to do it.
Time for some bold soul to dump C and devise a progamming environment that has some built-in safety.
Phreaky, old chap. Good to see you have been granted temporary leave from the place of padded wallpaper & Ritalin.
Love your rants - the web (no pun intended) is lacking in Fawltyesque humour such as yours, & I'm delighted that you've evaded your nurse for long enough to amuse us all again.
Nil carborundum, old boy!