Given the Java Runtime Engine non-update, I was worried they weren't even trying.

I thought Apple's were impervious to attacks, malware and viruses?? Why would they bother to have a security division if the mac os is perfect??

Are you saying I have been lied to all these years??

" "To address this lack, Apple should integrate secure software development into all internal development efforts." "

Ah - I thought that that was the point of dropping the old OS.

Apple will release a very beautifull little white plastic box costing no more than your left arm. The Box will be called iSecure and gets plugged in inbetween computer and router. The Isecure will look really nice and you can show it to all your friends who will also thing it looks nice. The box will in addition to looking really nice and sexy, give you a misplaced feeling that your computer is protected by magic Mac dust scraped from the ass cracp of God son Steve.

Back when they were running all PPC systems and used Intel builds to discover bugs, there were far more on top of the situation than now PPC is just an afterthought . Apple would improve its security if they brought out a Power 6 or Power & based system but I don't think Steve's ego would let them.

You owe me 1 monitor & keyboard, quick, you better get a patent on that idea before apple do.

Come on, we all know that any *nix based computer is totally impervious to attack, it's only windows machines that have no security.

Nope... FreeBSD 5.2.something, I do believe. Not the finest version of FreeBSD ever released, as it marked a major change from the way things were done in 4.x.

But even were it the most secure operating system in the world, lousy application software is still going to allow user-level exploits, and OSX is certainly not the most secure. Apple have a positive attitude to security only where it regards people trying to use their products in ways Apple does not want them to: jailbreak for example. Everywhere else they seem to be slow and uncommunicative at best; lazy and incompetent at worst. Even if they threw everything away and made a whole new hardware and OS platform running OpenBSD on Sparc or SELinux on Power6 or whatever, they'd only be buying themselves a limited period of security before their terrible attitude catches up with them and suddenly they're a popular, non-obscure platform full of gaping holes, again.

Unless there's a bit of a sea-change in their corporate culture, we're going to end up in the bizarre situation where Microsoft is releasing more polished, more stable and significantly more secure products than a competitor.

It's almost as boring as the Gordon "hopelessly out of his depth" Brown fiasco. Why is it that EVERY comments section about Apple or one of it's products begin with some clever-dick smart-arsed comment that seem to have been copied and pasted from a previous post! It's even more annoying when these same people whinge with their Reg/commenter is anti-Microsoft and hasn't "got a clue" chip-on-the-shoulder attitude! YAWN. Don't like Apples kit? Don't read the articles. As if Windows is secure!!! People in glass houses and all that...

This "well-know security consultant" has obviously timed this release to co-inside with the WWDC, and has conveniently neglected to mention the appointment of Ivan Krstic - the chap responsible for the excellent BitFrost system for the OLPC - and the obvious steps that Apple are taking to improve security. I'd like to know which Redmond based company is paying for this "well-know security consultant" to conduct his research?

"Microsoft was among the first companies to integrate an SDL into its internal development routine. Under the program, products are built from the ground up with security in mind..."

Among the first? Christ, I hope that no-one else copied their idea, it seems to have failed quite appallingly.

Can anyone give us a list of the products that have been built with "security in mind"?

It wouldn't be too hard to supply a list of the products that are as secure as a wet paper bag.

Microsoft don't really have a good reputation when it comes to security, do they?

"Can anyone give us a list of the products that have been built with "security in mind"?"

Razor wire, barbed wire, tazers, shotguns, machine pistols, ICBM's, prisons, Guantanamo bay.....

Your all fooked.... MUHAHAHAHAHA!!

*\. Fist, Air, Revolution!

... is an Oxymoron.

Honestly, the total lack of worms, viruses, porn popups, clandestine spambots, etc. is just terrible.

"Can anyone give us a list of the products that have been built with "security in mind"?"

Yes. Most everything Windows from 2000 upwards has been built with an eye toward security. The fact of the matter is that Windows, by dint of its shallow learning curve and lack of anything remotely considerable as complex to the outside, coupled with every damned service including IIS running by default or by mistake, bound to every single bloody interface, attracts the lowest common denominator *user* who is, in security circles, the most gaping, easy to exploit vulnerability of all. That includes those who go by the acronym "Must Consult Someone Experienced" as a server with a GUI that any old munchkin can go and click to get what looks like the intended result just encourages stupid mistakes. "Yesterday I couldn't spell sysadmin, now I are one."

WARNING: Foobar.exe is trying to modify the filesystem. [Allow] [Block]

What's your average luser gonna click? Not you, him. It's only your job to clean up after the thick bugger, bearing in mind that he's also a Power User (sic) meaning he has root on his own box, a legacy from the last MCSE that touched that domain controller and got fed up with the moron forever asking him to install a screen saver instead of growing a pair and cattleprodding the bastard for even asking, regardless of whether he's the Senior VP of Staff Toilets or not. Don't forget any network shares he has access to, will you? Should have used that group policy editor sooner and cleared the Power Users group of fuckwits, shouldn't you?

Jocular rant aside, the bottom line with Windows is that the lunatics have taken over the asylum. Nothing to do with the code, everything to do with the intended audience.

It's funny how any mention of Windows and security gets the mactards/freeetards jumping up and down on their soap-boxed about how the only Pc they have touched (in 1995) was swamped in viruses within 2 seconds of touching the internet.

Well my house contains one 10 tear old boy who has absolutedly no regard or concept of computer security and a very inquisitive mind (some results duly bookmarked, others blocked) yet the PCs he uses have never once been infected. All it took was a tiny bit of effort to make his login a limited user, tweak the router to pass all DNS queries through OpenDNS and add a couple of firefox addins and a copy of AVG (just in case). Not exactly rocket science.

If MS fell down with XP, it was that the default user mode is administrator. Unfortunately, familiarity with the GUI encourages ignorance and laziness, and human nature is that people will do the absolute minimum to get the result they want just like people who only ever get their cars serviced when an MOT failure gives them no option.

"Microsoft ... products are built from the ground up with security in mind, so that poorly written sections of older code are replaced with code that can better withstand attack."

So how come their OS is such a pile of steaming shit? Or did Microsoft 'build-in' the worms, viruses, porn popups, spambots and spyware?

Sorry, old son. Mustn't pretend to be superior without criticising Windows. I'll make a note of that on this here Post-It with my password on it (as if) and I've used the Evil Bill icon just for you. Doesn't that make you feel just dandy?

Any fairly modern (>NT5) Windows box is able to arrive at a state approaching the impregnability of any other OS given the right TLC. Disabling unused services making the possible malware ingress vector surface smaller, accepting sensible defaults and overriding those that aren't, removing admin privileges from ordinary users, paying attention to updates and security mailing lists (yes, ElReg can be useful, too), limiting the software installed or installable by users to a subset of well-tested and trusted applications, use of group policies and access controls, auditing third-party software packages for published flaws, ingress and egress filtering on the gateway and so on.

There are no design flaws in Windows that cannot be mitigated with best practice, just as there are no safeguards in *any* operating system that can mitigate poor administration, lack of maintenance and user fallibility. What has killed Windows' reputation with regard to security is a combination of a massive install base to target, the *vast* majority of Windows instances being run as Administrator by users sans clue at home (UAC is no substitute for the user having to beg someone with nous to install the latest BonziBuddy clone or crappy browser toolbar) with various crapware (Dell, I'm looking in your direction), spyware and P2P applications installed and, finally but most prevalent where Windows is troublesome in a corporate setting, incompetent "systems administrators" and clueless users. Those saying otherwise have never studied and used the Windows OS in the depth required to arrive at this relatively secure state which is the crux of the issue, unless you want to include those who think that for [insert OS here] to win, Windows has to lose (was it Jobs who said that about Apple fanboys criticising Windows for perceived but false issues? I forget).

Please, do remind me which was the first OS to fall in the last "Pwn2Own" contest, too. You would think that, with all the "fundamentally flawed" design decisions in Windows, it would be Windows and they wouldn't require user intervention, a browser or Adobe swiss cheese-ware to accomplish it. Perhaps they just didn't want a Sony Vaio and five grand? As it was, Safari failed epically, maybe because the MacBook was a more desirable prize. Yet again, a user-space application combined with user activity compromising the operating system, which was exactly the same way the Vista box was compromised in the next slot. Same shit, different OS.

Are we done with this debate now or, as the French would say, shall I taunt you a second time?