Announcement

Collapse
No announcement yet.

The myth that software popularity doesn't affect number of vulnerabilities is a myth

Collapse
X
Collapse
 
  • Page of 6
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 template Next
  • #31
    Originally posted by Asher
    Believe what myth?

    What is the point in investing time and energy into writing a virus to target something with 2% marketshare when you can hit something with 95%+ marketshare?

    It's a psychological question more than anything else. People who write viruses are out for fame or have an appetite for destruction, neither of which lend themselves to tiny marketshares...

    While that's what I was saying.
    All this is obvious to me, and Im asking if anybody really defends the other position (the myth you talk about)...
    Did you even read my post?

    Comment

    • #32
      Originally posted by Atahualpa
      Generally speaking, how old is Windows NT (which XP is based on, no?) and how old is Mac OS X?
      Are you talking about the kernel or the OS itself?

      Windows NT is mid-90s, Mach is from the mid-80s.

      But anyway a security flaw != a security flaw and 100 flaws can be less harmful than a single other. You're playing marketing department if you just compare numbers.
      This is true to an extent -- for instance, a remote exploit versus local exploit.

      It doesn't matter, there are remote exploits for virtually every system.

      Hell, even the latest MacOS X patches fix remote buffer overflow vulnerabilities that allow arbitary code execution (not unlike Blaster...):
      # Cyrus IMAP
      Available for: Mac OS X Server v10.3.8
      CVE-ID: CAN-2004-1011, CAN-2004-1012, CAN-2004-1013, CAN-2004-1015, CAN-2004-1067
      Impact: Multiple vulnerabilities in Cyrus IMAP, including remotely exploitable denial of service and buffer overflows.
      Description: Cyrus IMAP is updated to version 2.2.12, which includes fixes for buffer overflows in fetchnews, backend, proxyd, and imapd. Further information is available from http://asg.web.cmu.edu/cyrus/downloa.../changes.html.

      Cyrus SASL
      Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
      CVE-ID: CAN-2002-1347, CAN-2004-0884
      Impact: Multiple vulnerabilities in Cyrus SASL, including remote denial of service and possible remote code execution in applications that use this library.
      Description: Cyrus SASL is updated to address several security holes caused by improper data validation, memory allocation, and data handling.


      However I still doubt that in OS X there are such easily exploitable vulnerabilites such as the Blaster attack, which doesn't even require user action, just a connection to the internet and the absence of a firewall (which was deactivated by default in pre-SP2 and how many OEMs shipped with an enabled firewall???). Flaws like these make MS look stupid.
      It was addressed and a fix made public 3 months before the attack happened. The user would need to have disabled automatic updates to be affected by this.

      That doesn't make MS necessarily stupid, but the users affected.

      It was a pretty embarrassing bug, but I don't think you understand much about it if you think MS is the only system that does that. RPC was actually first on Unix, not Windows.

      MS overhauled RPC in SP2 and higher though, and should be much safer...not to mention the firewall.

      You live, you learn.

      Isn't OS X' firewall disabled by default, BTW?
      "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
      Ben Kenobi: "That means I'm doing something right. "

      Comment

      • #33
        Originally posted by Lul Thyme
        While that's what I was saying.
        All this is obvious to me, and Im asking if anybody really defends the other position (the myth you talk about)...
        Did you even read my post?
        Your post wasn't very clear. That's why I asked for clarification.

        I'm pretty sure more money is stolen from pickpockets as a whole than banks, for instance.
        "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
        Ben Kenobi: "That means I'm doing something right. "

        Comment

        • #34
          This is common sense no matter how much the Mac zealots try to deny it.
          Try http://wordforge.net/index.php for discussion and debate.

          Comment

          • #35
            Originally posted by Asher

            Your post wasn't very clear. That's why I asked for clarification.

            I'm pretty sure more money is stolen from pickpockets as a whole than banks, for instance.
            Ok I guess the analogy wasn't all that clear but I meant just my pockets.
            In any case as previous poster just said to, it is evidence.

            Comment

            • #36
              This is true to an extent -- for instance, a remote exploit versus local exploit.
              no, not just to an extent. For example when you compare windows RPC implementation bugs to application specific bugs....

              That doesn't make MS necessarily stupid, but the users affected.
              MS profits from stupid users, so they have to deal with them. This is called a trade-off.
              If you want to call their userbase stupid, but then OTOH praise how windows is easier for a stupid userbase...

              Comment

              • #37
                I'm still amused by the fact that many Mac users, for example, Agathon, have said that there's no need to be worried about Mac security because it's Windows that has all the problems.

                You can operate a computer without taking any elementary security precautions. You can also steer a car with your feet. Doesn't make it a good ****ing idea.
                B♭3

                Comment

                • #38
                  Originally posted by Atahualpa
                  no, not just to an extent. For example when you compare windows RPC implementation bugs to application specific bugs....
                  Huh?

                  What's the difference between RPC implementation bugs (ie, a bundled program with the OS) and other "application specific bugs" for...programs bundled with the OS?

                  The only real differences are:
                  1) Is it a remote or a local exploit?
                  2) Is it included with the OS?
                  3) Is it enabled by default or not?

                  MS profits from stupid users, so they have to deal with them. This is called a trade-off.
                  If you want to call their userbase stupid, but then OTOH praise how windows is easier for a stupid userbase...
                  I don't understand what you want.

                  MS profits from ignorant users, but it also ships stuff like autoupdate to help those ignorant users. Users who intentionally disable mechanisms designed to thwart attacks and then get bitten by those attacks are stupid -- not ignorant -- and MS does not deserve full liability for that.
                  "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                  Ben Kenobi: "That means I'm doing something right. "

                  Comment

                  • #39
                    Windows:

                    Mac OS:

                    Comment

                    • #40
                      I still don't see why we can't just license people to get on the INTARWEBS!

                      If you want on the internet, on the other hand, feel free.

                      Most users would be right at home on the INTARWEBS!
                      B♭3

                      Comment

                      • #41
                        Originally posted by Q Cubed
                        I'm still amused by the fact that many Mac users, for example, Agathon, have said that there's no need to be worried about Mac security because it's Windows that has all the problems.

                        You can operate a computer without taking any elementary security precautions. You can also steer a car with your feet. Doesn't make it a good ****ing idea.
                        It's been proven time and time again in the computer world that security through paranoia > security through obscurity.
                        "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                        Ben Kenobi: "That means I'm doing something right. "

                        Comment

                        • #42
                          Windows, secured
                          OS X, secured
                          Linux, secured

                          Give me gvim, firefox/opera, gaim, winamp/winampclones, and maybe mplayer/vlc, i'm good to go.
                          B♭3

                          Comment

                          • #43
                            It's been proven time and time again in the computer world that security through paranoia > security through obscurity.


                            of course. it's just common sense. you can defeat both, but at least with the former, you've got a fighting chance:

                            security through paranoia: fort knox, with all of its defenses and what not.
                            security through obfuscation: all of fort knox's gold, buried somewhere near washington dc.
                            B♭3

                            Comment

                            • #44
                              There are huge fundamental flaws to the design of Windows
                              Namely? The article you posted was nothing but unsubstantiated opinion and tautologies like "security is..." which make no sense when you're being asked for specific examples.
                              "I work in IT so I'd be buggered without a computer" - Words of wisdom from Provost Harrison
                              "You can be wrong AND jewish" - Wiglaf :love:

                              Comment

                              • #45
                                Originally posted by Q Cubed
                                I'm still amused by the fact that many Mac users, for example, Agathon, have said that there's no need to be worried about Mac security because it's Windows that has all the problems.

                                You can operate a computer without taking any elementary security precautions. You can also steer a car with your feet. Doesn't make it a good ****ing idea.
                                That's not what I've said. I don't run anti-virus software because there are no known viruses for my platform.

                                None.. nada.. zilch...

                                That's it.... why should I care about non-existent threats?

                                No-one has proved that OS X's relative security is down to marketshare. It may well be, but no one has proved that. Asher's response to this is to say that "it's obvious" to him -- but that doesn't make it true -- it's just speculation.
                                Only feebs vote.

                                Comment

                                Previous 1 2 3 4 5 6 template Next
                                Working...
                                X