Announcement

**Fake Boris** · February 18, 2006, 17:12

Security Focus quoted Jay Beale, a senior security consultant for Intelguardians and expert in hardening Linux and Mac OS X systems last week at the ShmooCon, "This is almost certainly the year of the OS X exploit. The OS X platform may be based on a Unix platform, but Apple seems to be making mistakes that Unix made, and corrected, long ago."

"On a good day, Apple doesn't even make it to Microsoft's level of security awareness," Beale said.

Not that I believe he's necessarily wrong, but he falls short of providing any argument. It's 'wait and see' then.

**BlackCat** · February 18, 2006, 17:15

Isn't Imran one of those wichh "a thousand of them at the bottom of the sea with their feets in a cement block" is considered a good start ?

**Fake Boris** · February 18, 2006, 17:21

Errr... that joke is funny in some contexts, but not this one.

**Agathon** · February 18, 2006, 17:34

Originally posted by Oncle Boris
Here is the original quote, Imran:

Monolith says:

but us macheads have always pointed out that one advantage comes with smallness

to whom you reply:

Not true. Aggie has claimed on numerous occasions that Mac doesn't get hit by malware because of its security and not just because of smallness. Which is why Asher posted this. It's because of smallness, not because of better OS security.

Actually your post was ambiguous. On one hand, you seem to imply that indeed Agathon recognizes the two reasons for OS X security. OTOH you also categorically said 'not true' of Monolith's claim that Macheads willingly point out smallness as a security bonus.

If you are going to say one thing and its opposite in the same post, don't blame people for having troubles following you.

FTR - I have always said that I don't know. Asher has said that it is all down to marketshare. Disagreeing with him does not commit me to saying that it's all about security. Anyone who believed so would be logically inept.

I think that a significant reason is the UNIX base. Unless you've used a UNIX based OS, you won't know what I'm talking about.

As I've said before: in OS X malware simply cannot write to folders that the user does not have permission to write to. If you are logged in as a regular user, this means everything outside your Home folder and the "Shared" folder. Such malware will either try and fail, or generate an authentication prompt. If you have inexperienced users sharing your machine, do not give them admin privileges and you can let them download whatever they want -- they might screw up their own files, but they can't mess with anyone else's, the applications or the system itself. They just can't: it won't work.

Moreover: apps like this cannot arrive via Safari or Mail without being detected and advertised to the user as applications via a prompt that asks you if you want to continue.

Furthermore, if you inadvertently install an app on your machine which tries to run indirectly, you will be alerted to this fact the first time it tries to.

**Imran Siddiqui** · February 19, 2006, 01:40

Originally posted by Oncle Boris
Here is the original quote, Imran:

Monolith says:

but us macheads have always pointed out that one advantage comes with smallness

to whom you reply:

Not true. Aggie has claimed on numerous occasions that Mac doesn't get hit by malware because of its security and not just because of smallness. Which is why Asher posted this. It's because of smallness, not because of better OS security.

Actually your post was ambiguous. On one hand, you seem to imply that indeed Agathon recognizes the two reasons for OS X security. OTOH you also categorically said 'not true' of Monolith's claim that Macheads willingly point out smallness as a security bonus.

If you are going to say one thing and its opposite in the same post, don't blame people for having troubles following you.

If you read mono's entire post, you'll notice that it seems to say that most machead's are totally up front that their lack of malware problems are due to smallness:

We never complained that our OS was "magic" - simply that it isn't targeted.

Which, I countered. Aggie seems to put the blame on Windows being a less secure platform and grudgenly saying smallness may be a factor. The whole belief that the Mac is a far more secure platform, and that's a big reason for no malware, IS saying that the OS is "magic". And even if he makes some noises that the OS isn't looked at as much, he still considers it to be a far more secure box than Windows (ie, a "magic" box).

**Agathon** · February 19, 2006, 03:11

Which, I countered. Aggie seems to put the blame on Windows being a less secure platform and grudgenly saying smallness may be a factor.

It is. UNIX based systems, by their very design are more secure than Windows.

Do you understand how the UNIX permissions system works, Imran? If so, please explain the differences between the root account, admin and regular user accounts. Then explain to me how it is possible for someone logged in as user to write to the system folders without authenticating as admin. Then please explain to me how it is possible for anything that user does to affect shared applications that will then start spreading malware over the net.

Mac OS X is a UNIX based system. It is basically FreeBSD with Mach and Apple's GUI and associated technologies pasted over it.

**Imran Siddiqui** · February 19, 2006, 03:26

If you want to criticize Apple, then you should echo the complaint I have had for years - that the initial user account is admin by default.

--

You realize that if you are not logged in as an admin in Windows you can't install any downloads either, right (though if you've found a way you can, please let me know, as I'd really love to install Firefox on my work computer)?

**Agathon** · February 19, 2006, 03:29

You realize that if you are not logged in as an admin in Windows you can't install any downloads either, right (though if you've found a way you can, please let me know, as I'd really love to install Firefox on my work computer)?

But last time I looked you can happily rape the entire system, which you cannot do on OS X.

**Imran Siddiqui** · February 19, 2006, 03:31

Such as... running an .exe that tries to install something on the computer? Because it prevents you from that as well unless you have admin access.

**Agathon** · February 19, 2006, 03:35

Duh dude... If you run as admin on OS X, there's still a lot of stuff you can't do. Learn about the root account...

If you want superuser privileges you have to authenticate, whether you are running an admin account or not.

Besides, Windows is so full of holes it doesn't matter.

**Nostromo** · February 19, 2006, 16:02

You realize that if you are not logged in as an admin in Windows you can't install any downloads either, right (though if you've found a way you can, please let me know, as I'd really love to install Firefox on my work computer)?

Except user accounts are barely functional and are a major pain in the ass in XP. When I try user accounts, certain programs (some games, Winamp) simply don't work, Windows then asks me if I want to install these programs. Of course, since I'm not in the admin account, I can't... That's why I'm always in the Admin account, and also why most users are also in the Admin account most of the time.

**Gatekeeper** · February 19, 2006, 18:54

God bless automatic security updates and common sense.

Gatekeeper

**Asher** · February 19, 2006, 21:09

Originally posted by nostromo

Except user accounts are barely functional and are a major pain in the ass in XP. When I try user accounts, certain programs (some games, Winamp) simply don't work, Windows then asks me if I want to install these programs. Of course, since I'm not in the admin account, I can't... That's why I'm always in the Admin account, and also why most users are also in the Admin account most of the time.

That's the fault of the individual programs, not Windows.

**Urban Ranger** · February 20, 2006, 04:42

Originally posted by Asher
A few programs broke in the process and needed some changes. Tell us, UR, which programs did SP2 break that don't work today?

It's like asking which machine got infected by the "I Love You" virus/worm/whatever still has it today.

Originally posted by Asher
Earth to UR -- we're not talking about major OS upgrades...we're talking a 0.0.1 revision to fix bugs...

SP2 is not a "major OS upgrade" either.

**Urban Ranger** · February 20, 2006, 04:45

Originally posted by Asher
In most cases, that is the most dangerous thing.

My dad could spend an hour reinstalling Windows if it's borked, but if his documents and data were deleted or corrupted, that's a major FUBAR.

If your dad do not backup his own data regularly, nothing can save him.

Originally posted by Asher
It's time for you to obtain what is called "perspective".

You are still stuck in the single-user mindset just like Microsoft.

I much rather have a user borks his own account instead of every single account on a computer.

This is perspective.

Announcement

The impossible has happened: MacOS X worm/malware spreads via iChat

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment