This is surely all lies?
There are no vulnerabilities on the Mac, that's what the adverts told me.
Apple patches 13 bugs in OS X
Apple has punched out a security update for some major bugs found in its Mac OS X operating system. The Jobsian outfit released the update yesterday afternoon, which patches 13 vulns located in OS X components such as CFNetwork and Apple Type Service. Apple has also fixed issues found in open source components including PHP, …
-
-
Wednesday 25th August 2010 13:53 GMT Peter Mount
Obviously Linux & OSX are vulnerable
its just that 99% of Linux & the majority of OSX users (can't really say 99% here) have the common sense not to enter their password whenever it just prompts for it, hence where this old misconception tends to come from.
It's simply a different demographic of the users.
Disclaimer: I use both Linux & OSX, but I couldn't say 99% OSX because a lot of OSX users are not of the same expertise as those who tend to use Linux - but even then, the do tend to have more knowledge than those using that other evil OS :-)
Now where's my flame proof underwear ;-)
-
Wednesday 25th August 2010 15:27 GMT InsaneGeek
Allways have that argument without merit
As a person who's been around some version of unix (workstation to server) for over 2x decades, the argument that unix workstations are safer because people *have* to escalate their privileges for a number of tasks is without merit. (Note the word workstation)
If I download some app off the web that wipes all of my personal photos, do I really care that much that /bin/sh was not able to be modified? Do I care if the browser has a malware addon giving out my bank information to someone else that only gives out information for when I login but not when the the root user does. If my doctoral thesis I've been working on for the past 5 years gets blown away, I really care about it and having to type a password to become root doesn't protect me.
I find the often used argument that a user on a workstation can operate a lower level "protects us" completely devoid of reality. It sounds blasphemous but I don't really care about protecting my workstation OS, that's the last thing I really care about, it's pretty much a throwaway (I have no love for the version of /bin/bash and require keeping it); but I do care a whole hell of a lot about protecting all the things I've done with the OS: i.e. not having files deleted, not having personal files copied, not having my browser leak information, etc. Running as a non-privileged user will not protect you against that. The ability to break into root on a workstation might get headlines but for the most part who cares if all your user data is gone?
-
Thursday 26th August 2010 00:23 GMT James O'Shea
argument without merit
1 I don't run around blindly downloading stuff
2 I don't just install stuff blindly
3 I have a proper backup system in place (Time Machine every hour, Carbon Copy Cloner every night) which means that if I _did_ download something silly the worst that would happen is that I'd lose whatever hadn't been backed up by TM and/or whatever CCC hadn't got. Note that the CCC backup is an updatable clone of the system, so that I can immediately boot from it and be where things were as of when CCC ran last night (early this morning, rather, as it's set to run at 01:00 every morning) and that I'd then need merely dig out the TM backups for anything changed/added since then.
However, I have backups set up not to avoid problems with malware, as the last, the very last, significant malware for Macs was the autostart worm from back in 1998, and even that one was easily dealt with _without_ using AV software (hint: it created several invisible files. Make 'em visible, kill them. Reboot. Problem over. Detailed instructions at <http://www.macintouch.com/hkvirus.html#desc>, though it should be noted that, as usual, the boyz at MacInTouch got far too overwrought and really need to take a chill pill.)
There has been no significant malware since then. I repeat: NO SIGNIFICANT MALWARE SINCE THEN. The best there has been are a few Trojans and the odd pitiful attempt at spyware, all totaling under two dozen attempts. That's less than 24 attempts at malware that somehow managed to attract even minimal attention in _12 years_. (There may well have been other attempts which failed so utterly that no-one noticed they were there...)
Over on the Linux side, there haven't been even that level of malware. No-one running Macs or Linux boxes takes significant precautions against malware because THERE IS NO MALWARE TO DEFEND AGAINST. There hasn't been a significant attack since 1998. (Of course, one reason why is that Apple patches potential problems every now and again. Perhaps not as quickly as some would like, but given that the last serious attack was in 1998...)
I've got ClamXah stored in a ZIP archive somewhere on the server; if there's ever a real threat, I can unZIP it and install it in a few moments. But I'm not holding my breath waiting.
If this be smug, by all means make the best of it.
Just don't yap utter bullshit about vulnerabilities which would evaporate if only you avoided downloading strange software or if you merely had an adequate backup. Come ON, man, you've been working on a 'doctoral thesis' for _FIVE YEARS_ and haven't backed up once in all that time? What the _HELL_ are you thinking? What are you gonna do _when_ that hard drive croaks? Remember always, there are two, and only two, kinds of hard drives: the ones which have failed, and the ones which haven't failed... yet. I keep _multiple_ copies of important documents. At least one copy would be on an optical disc, and so totally immune to malware problems.
Again, if this be smug...
-
This post has been deleted by its author
-
-
-
Thursday 26th August 2010 15:36 GMT Anonymous Coward
@JDX
Others have said it in other ways but HOW would you go about protecting against an essentially non-existent threat. There are some failed viruses for Linux but otherwise what would a virus vendor have to sell ?.
Most anti-virus programs for Linux seem to be for detecting WINDOWS viruses. As for other threats good firewalls/ regular updates and caution.
-
-
Wednesday 25th August 2010 13:32 GMT PushF12
Tiger is now really unsupported
These vulnerabilities would apply to Mac OS X 10.4, so it means that the Tiger server has actually fallen out of support.
Apple had been providing Tiger updates for things like Safari and iTunes beyond the end-of-life date.
I wish that Apple had included the Classic environment in Leopard. That would have made the retirement of their PPC computers perfect and graceful.
-
Wednesday 25th August 2010 16:02 GMT David Edwards
Escalate Priv's to move Apps
As a recent MAC user I was surprised to have to enter my password every time I moved some of the apple pre installed apps like Garrage band, into a different fodler.
You only have to get this kind of thing every now and again to become blase about entering it (I know I did, I know its bad, I am ashamed)
Just Like with rogue android apps where users diddnt ask "Why does this wall paper App need access to my phonebook"
Simply saying ARE YOU SURE, does not equal secuirty.
-
Thursday 26th August 2010 00:08 GMT Stuart Duel
David Edwards speaks crap
"As a recent MAC user I was surprised to have to enter my password every time I moved some of the apple pre installed apps like Garrage band, into a different fodler."
That is complete rubbish. To test your assertion, I did exactly as you claimed and moved Garage Band from the Applications folder to the Desktop - and no password was required. I then moved it back to the Applications folder - still no password required for this simple and safe action.
Since you call a Mac a MAC, I find it unlikely you are a user - regular, recent or otherwise.
-
Thursday 26th August 2010 09:10 GMT Anonymous Coward
RE: David Edwards speaks crap
You do practice safe computing, don't you?
It sounds like David Edwards has two accounts set up: A limited user account and a password protected administrator account, and regularly uses the limited user account instead. Most OSes (XP, Vi$ta, Linux and OS X) will prompt for a password when you're signed in as limited user and try to do something that requires admin rights. Sad thing is, some OSes (Window$, Mac OS X) allows Admin accounts with no passwords. And also, sad thing is, a typical Joe Sixpack finds password protection irritating and normally and logs in as admin without any password. Guess what happens next (hint: A typical Joe Sixpack will also open attachments without thinking, especially if it promises pr0n or interesting clips).
-
-
This topic is closed for new posts.
Biting the hand that feeds IT
