IlluminatingBikr
Flashlight Enthusiast
- Joined
- Feb 26, 2003
- Messages
- 2,320
Mac OS X not as secure as you think. /ubbthreads/images/graemlins/evilgrin07.gif
Hey Saaby and Mac Lovers
- Thread starter IlluminatingBikr
- Start date
Help Support Candle Power Flashlight Forum
IlluminatingBikr
Flashlight Enthusiast
- Joined
- Feb 26, 2003
- Messages
- 2,320
BTW Mac guys, I don't mean any offense by this.
It's just that I'm always hearing how superior Macs are, so it's nice to have the tables turned, even if just for a minute.
It's just that I'm always hearing how superior Macs are, so it's nice to have the tables turned, even if just for a minute.
idleprocess
Flashaholic
MacOS will likely be vulnerable most BSD-specific as well as unix/linux exploits.
There are two large self-reinforcing vulnerabilities in unix - default configurations using default passwords, and the fact that almost any process can spawn a shell. If you have some process running and haven't changed any of the configs or passwords outside of default, it's an easy way in for the unscrupulous. If a process with root permissions spawns a shell, think the shell will have root permissions?
Now, J. Random Script-Kiddie could care less about h4><0ring the random MacOS X box because they're A) a tiny percentage of the machines out there and B) there probably aren't readily-available scripts to hack them with.
If a real hacker is out to get you - think a code-monkey blackhat that writes his own tools and knows about buffer overruns and other "features" - that's what firewalls and layered security are for. Assuming our opportunistic blackhat is looking for something useful - such as credit card info, servers to compromise for phantom hosting, etc - you need to make it inconvenient or difficult enough that they tire of the fruitless struggle and look for easier prey.
If a group of blackhats are after you because they have some major beef with you... unplug your machine, because they'll wear down your defenses unless you fight back with your own skilled blackhats.
Computer security for most of us is like home security - it's an inconvenience to keep the honest people honest.
There are two large self-reinforcing vulnerabilities in unix - default configurations using default passwords, and the fact that almost any process can spawn a shell. If you have some process running and haven't changed any of the configs or passwords outside of default, it's an easy way in for the unscrupulous. If a process with root permissions spawns a shell, think the shell will have root permissions?
Now, J. Random Script-Kiddie could care less about h4><0ring the random MacOS X box because they're A) a tiny percentage of the machines out there and B) there probably aren't readily-available scripts to hack them with.
If a real hacker is out to get you - think a code-monkey blackhat that writes his own tools and knows about buffer overruns and other "features" - that's what firewalls and layered security are for. Assuming our opportunistic blackhat is looking for something useful - such as credit card info, servers to compromise for phantom hosting, etc - you need to make it inconvenient or difficult enough that they tire of the fruitless struggle and look for easier prey.
If a group of blackhats are after you because they have some major beef with you... unplug your machine, because they'll wear down your defenses unless you fight back with your own skilled blackhats.
Computer security for most of us is like home security - it's an inconvenience to keep the honest people honest.
Icebreak
Flashlight Enthusiast
idleprocess -
You continue to amaze me with your ability to take formidable knowledge, submit it to a strong deductive process and then express easily understandable conclusions.
No bull. That was good.
You continue to amaze me with your ability to take formidable knowledge, submit it to a strong deductive process and then express easily understandable conclusions.
No bull. That was good.
idleprocess
Flashaholic
Here I thought you were going to call me on something. A heck of a lot of what I know about this was picked up listening to others (potentially talk out of their arses).
Thanks.
Thanks.
James S
Flashlight Enthusiast
Nobody cares to hear me mouth off about this /ubbthreads/images/graemlins/smile.gif But in case anybody IS still interesting I'll fill you in. I might have something valid to add since I maintain servers running windows, MacOS as well as linux.
There are several security exploits against OSX. However, the most dangerous of the last year have been things like a buffer overflow in the screen saver could have allowed someone sitting at your machine to get around the password protection there. I don't consider this a problem for a home machine connected to the internet at all. That is typical of the problems OSx has. If you don't already have an account on the machine you cannot access the machine. There were some exploits where an ssh account holder could increase his access, but again, the person already has to have, or have stolen an account on the machine to get to this point. So unless you're running a shell account hosting company this isn't a concern to the average internet user. And OSX is nice enough to ship with that whole remote shell system turned off by default, so your mom setting up a new one won't have to go in and be smart enough to turn off the things she doesn't need that distract from security.
The point being that simply looking at the fact that they show 33 advisories for OSX and 46 for windows XP home addition doesn't really tell the whole story. I've spent less than an hour in the last YEAR applying security patches to my MacOS machines here at home. I have spent somewhat more time with the colocated machines as they are not behind firewalls and I monitor them closely for any problems, but there haven't been any.
On the other hand a single windows box will use an order of magnitude more time than that to keep up to date and you're still going to get hit by things no matter how careful you are to keep everything up to date.
The fact that there are fewer MacOS machines and thats a big reason why there are fewer exploits is besides the point. There are still fewer exploits, and there are likely to continue to be fewer exploits for the foreseeable future. You can't ignore it, you still have to practice good internet hygiene. Somebody can still send you an application or a script that deletes your system and try to convince you to run it by making the name annakorikova.jpg.app or something.
But at this moment in time, and for the next few years at least, there will never be as many Mac virus (there are none at the moment, only a few historic BSD things, but nothing actively being sent around) or worms or anything else as there are for windows. If that situation changes in the next 10 years, I'll still have saved however many months of man hours by not having to patch windows every 3 days around the house and that is magnified a considerable amount more with the offsite server machines.
I don't need windows, I don't spec out windows machines to clients anymore. I haven't had a project in the last 2 or 3 years that I haven't been able to do cheaper on MacOSX. Suggesting that there are fewer virus only because there are fewer macs, doesn't change the fact that there are fewer viruses /ubbthreads/images/graemlins/smile.gif
There are several security exploits against OSX. However, the most dangerous of the last year have been things like a buffer overflow in the screen saver could have allowed someone sitting at your machine to get around the password protection there. I don't consider this a problem for a home machine connected to the internet at all. That is typical of the problems OSx has. If you don't already have an account on the machine you cannot access the machine. There were some exploits where an ssh account holder could increase his access, but again, the person already has to have, or have stolen an account on the machine to get to this point. So unless you're running a shell account hosting company this isn't a concern to the average internet user. And OSX is nice enough to ship with that whole remote shell system turned off by default, so your mom setting up a new one won't have to go in and be smart enough to turn off the things she doesn't need that distract from security.
The point being that simply looking at the fact that they show 33 advisories for OSX and 46 for windows XP home addition doesn't really tell the whole story. I've spent less than an hour in the last YEAR applying security patches to my MacOS machines here at home. I have spent somewhat more time with the colocated machines as they are not behind firewalls and I monitor them closely for any problems, but there haven't been any.
On the other hand a single windows box will use an order of magnitude more time than that to keep up to date and you're still going to get hit by things no matter how careful you are to keep everything up to date.
The fact that there are fewer MacOS machines and thats a big reason why there are fewer exploits is besides the point. There are still fewer exploits, and there are likely to continue to be fewer exploits for the foreseeable future. You can't ignore it, you still have to practice good internet hygiene. Somebody can still send you an application or a script that deletes your system and try to convince you to run it by making the name annakorikova.jpg.app or something.
But at this moment in time, and for the next few years at least, there will never be as many Mac virus (there are none at the moment, only a few historic BSD things, but nothing actively being sent around) or worms or anything else as there are for windows. If that situation changes in the next 10 years, I'll still have saved however many months of man hours by not having to patch windows every 3 days around the house and that is magnified a considerable amount more with the offsite server machines.
I don't need windows, I don't spec out windows machines to clients anymore. I haven't had a project in the last 2 or 3 years that I haven't been able to do cheaper on MacOSX. Suggesting that there are fewer virus only because there are fewer macs, doesn't change the fact that there are fewer viruses /ubbthreads/images/graemlins/smile.gif
Meh, Old News
AtAT does some investigation into the story, but don't click and read unless you have a sense of humor--because they like to pile the sarcasm on 9 layers deep.
For those who don't have a sense of humor, or simply refuse to believe that an article from an Apple news site is unbiased (Becaue it's not..)
-They go clear back into 2002 for the Mac number but if you go back as far as 2002 for WinXP it actually has 68 flaws, not 46.
-At the time of the article, even if you did only go to 2002 for WinXP there were 45 flaws, not 46. 2 more have come out since the article for XP, 0 for X
-Even if you compare the 45 in XP to the 36 in OS X, that's still 24% less...
-Secunia also includes, for OS X, reports it generated to show that Apple fixed a bunch of things. They're penalizing Apple for fixing things that were fixed so fast Secunia never had time to report the flaw in the first place--until it was fixed. Granted the 3.5 people out there that run their system unpatched are still vulnerable...
-Secunia talks about how 61% could be accessed over the internet and 32% could let somebody take over the system, but never mentions how many of those can be accessed over the internet TO allow somebody to take over the system. As James mentioned, and as AtAT touches on, if somebody has broken into my house just to use my PowerBook I've got bigger problems than the safety of my files /ubbthreads/images/graemlins/wink.gif
But when it comes right down to it I guess you're right. I didn't get a Mac because of the beautiful hardware and excellent software (To quote my uncle: "Isn't it nice to see them trying to make things better, not cheaper?") I was duped into buying a Mac just because I thought it was secure, but it looks like it has the potential to be just as virus-laden, spyware-infested, worm propagating as Win XP. Guess I'll sell my PowerBook and buy an EMachine.
AtAT does some investigation into the story, but don't click and read unless you have a sense of humor--because they like to pile the sarcasm on 9 layers deep.
For those who don't have a sense of humor, or simply refuse to believe that an article from an Apple news site is unbiased (Becaue it's not..)
-They go clear back into 2002 for the Mac number but if you go back as far as 2002 for WinXP it actually has 68 flaws, not 46.
-At the time of the article, even if you did only go to 2002 for WinXP there were 45 flaws, not 46. 2 more have come out since the article for XP, 0 for X
-Even if you compare the 45 in XP to the 36 in OS X, that's still 24% less...
-Secunia also includes, for OS X, reports it generated to show that Apple fixed a bunch of things. They're penalizing Apple for fixing things that were fixed so fast Secunia never had time to report the flaw in the first place--until it was fixed. Granted the 3.5 people out there that run their system unpatched are still vulnerable...
-Secunia talks about how 61% could be accessed over the internet and 32% could let somebody take over the system, but never mentions how many of those can be accessed over the internet TO allow somebody to take over the system. As James mentioned, and as AtAT touches on, if somebody has broken into my house just to use my PowerBook I've got bigger problems than the safety of my files /ubbthreads/images/graemlins/wink.gif
But when it comes right down to it I guess you're right. I didn't get a Mac because of the beautiful hardware and excellent software (To quote my uncle: "Isn't it nice to see them trying to make things better, not cheaper?") I was duped into buying a Mac just because I thought it was secure, but it looks like it has the potential to be just as virus-laden, spyware-infested, worm propagating as Win XP. Guess I'll sell my PowerBook and buy an EMachine.
IlluminatingBikr
Flashlight Enthusiast
- Joined
- Feb 26, 2003
- Messages
- 2,320
[ QUOTE ]
Saaby said:
Guess I'll sell my PowerBook and buy an EMachine.
[/ QUOTE ]
Lol, that'll be the day. /ubbthreads/images/graemlins/yellowlaugh.gif
Saaby said:
Guess I'll sell my PowerBook and buy an EMachine.
[/ QUOTE ]
Lol, that'll be the day. /ubbthreads/images/graemlins/yellowlaugh.gif
idleprocess
Flashaholic
The Mac vs PC wars were tiresome when they started 20 years ago and just get more boring with each passing year.
Although I confess I have a sick fascination with watching Mac enthusiasts respond to every silly allegation of Mac inferiority /ubbthreads/images/graemlins/evilgrin07.gif
Although I confess I have a sick fascination with watching Mac enthusiasts respond to every silly allegation of Mac inferiority /ubbthreads/images/graemlins/evilgrin07.gif
Negeltu
Enlightened
Actually an E-machine is not a bad system for the common home user. I take it you were being sarcastic. I think this whole mac pc war is childish. They both have their flaws.
James S
Flashlight Enthusiast
[ QUOTE ]
They both have their flaws
[/ QUOTE ]
LOL, yes it's true /ubbthreads/images/graemlins/grin.gif Definitely.
So then what you are saying is that since neither perfect then they are equivalent in their flaws. And this is demonstrably not true /ubbthreads/images/graemlins/smile.gif
They both have their flaws
[/ QUOTE ]
LOL, yes it's true /ubbthreads/images/graemlins/grin.gif Definitely.
So then what you are saying is that since neither perfect then they are equivalent in their flaws. And this is demonstrably not true /ubbthreads/images/graemlins/smile.gif
Negeltu
Enlightened
Actually, I wasn't saying that. :-D Though I can see where YOU see that implication. PC all the way for me... I never liked Macs... Just my preference.
