back to article Apple keeps critical security fixes to itself

Apple has released updates for two widely distributed products that harbored a raft of security vulnerabilities, some of which were actively being exploited by miscreants. Unbelievably, the company isn't presenting either as a security fix to mainstream users despite the risk the bugs pose for its millions of users. QuickTime …


This topic is closed for new posts.


Anonymous Coward

something seems to have been missed by a few people

Sheesh, There may well be an element of Mac bashing going on but whats new? Fact is it should be treated no differently to all the M$ bashing that goes on daily. So why do people react so differently?

For one Mac users seem to take everything far too {seriously/personnaly} [delete as appropriate]. How many times have I read the old chestnut "This article is a complete lie written by a paid microsoft lackey"? Answer. Almost as often as I've read articles that dare to highlight an issue with Apple software.

Another thing that is often ignored is the fact that when M$ bashing starts up all the M$ users join in. Why, because crap software needs ridiclue and lots of it. This is certainly not the behaviour of someone whose sole purpose in life is to Mac bash?

Note : It's incredibly rare for comments like "This article is a complete lie written by a paid Apple lackey" to surface.

The cardinal sin here is simply that Apple evangelises itself as a company that writes software that is hack/virus resistant, albeit an accident of statistics an popularity. Still, they go out of their way to promote their brilliant security by comparing themselves against M$ products. This is bound to invite the inevitable crusade to disprove such twadle (that Apple is "any better" at security). So it's not so much Mac bashing as a bunch of people laughing their arse off when it all, inevitably, goes tits up.

Finally, and by no means least. Apple seems to take great pride in bringing consumer unfriendlyness to new heights. Little wonder so many people take great pleasure in knowing their life is better for not buying the latest and greatest Apple must have item.

End of the day most software sucks. It's not [chose your preffered OS] bashing to say something negative about [chose your preffered OS]. It certainly doesn't help matters if you cry [chose your preffered OS] bashing scum and accuse everyone else of being [chose your least favoutite OS] lovers. This just escalates hostilities.

For what it's worth, that's my view.



My Apple is rotten to the core :(

Runs to get coat, mittens and Biggles cap with flaps down....

Before I dash, @James Butler. Ours it a thankless task.

Anonymous Coward


I just noticed on Apple's website that iTunes is no longer an obligatory download to install Quicktime, and now users have the option of just a QT exe or QT+iTunes. Happy to see that.


The reason Apple gets a bashing

Is because anyone making themselves out to be perfect gets it the worst. It's exactly the same reason that the Tories get hammered over sleaze.

A buffer overrun is potentially bad, but not terrible, however this should still be marked as a critical fix. Apple should tell their users when there is a flaw in their software that can result in remote execution of code on their machine (even just theoretically).

@James Butler

Your comments on UAC and the user's responsibility are naive, completely. An operating system is there to run applications. There are plenty of legitimate programs that do need access to the internet and don't send across bogus details, games trap the keyboard and mouse, but don't log your passwords, applications constantly have popups telling you useful information without trying to sell you stuff.

These are all functions that have to be performed constantly for different reasons, and aren't security flaws. Yes, there are plenty of security flaws in Windows, but get it right. If the user chooses to install a piece of software that uses the OS to do something malicious, how does the OS know the difference? It just does what it's told. The only way to prevent against these things is by either scanning for known software and treating them like virii, or preventing the user from installing them in the first place, or notifying them of the danger. Vista not only comes with Windows Defender, but UAC and the Windows Firewall as a sort of last defense "do you really want to do this". Yes, there are Windows flaws that can lead to software being installed, but until those are patched (which happens every week) UAC and Windows Firewall is a good preventative measure, and Defender is pretty damn good as well.

There are only two reasons that you don't get spyware on as many Macs. One, not as many users. Two, no-one wants to have to learn Smalltalk.


Just when I think I'm out ...


First, for your dictionary, it's a "buffer overflow". And it is one of the top attack vectors on any system.

Second, why isn't there a UAC on my Linux systems? I'll tell you why ... it's because the OS core layer is completely separate from the application layer, similar to the BSD clone used in OSX, and there is a strong, well developed security structure (multi-user separation, for one) in place. These factors are also contributors to the paucity of malware for Posix systems, as it is difficult and far more complicated to get a toehold into the OS core layer as a result.

This is very different from the Windows structure where many Microsoft applications are tied into the OS core layer, and where a "buffer overflow" at the Microsoft application layer can often easily compromise the OS core layer and allow for, among other dangerous things, privilege escalation, compromise of the Windows kernel, and on up to the compromise of even the BIOS and CPU.

If Apple is using similar hooks into their OS core layer, then Apple application security issues also present a significant risk.

While your statement about few users does apply to Apple users, if your explanation for fewer pieces of malware and its relation to "not as many users" were to hold up, you would need to explain why so few web servers (apart from Windows servers) are compromised in the OS core layer. Sure there are apps (notably forums, AJAX and sendmail) that show weaknesses and can be compromised to swamp the resources of any server, but the majority of web servers are running Posix (Unix, Linux, etc.)

Your argument would dictate that, because there are many more Posix servers out there, they should be riddled with malware, since they are a much juicier target than a home user's system. And yet, they are not. Because the systems are fundamentally different from Windows, the "come on down" king of malware.

And please don't call me naive. It's so ... belittling, and really not much of an argument for your points. I hope I have not been similarly disrespectful to anyone here.



This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2017