Hello! Community Page
- bobcaswell.com Jump to website »
-
Subscribe -
Community
-
Top Commenters
-
Popular Threads
-
Recent Comments
- Thanks for helping provide better perspective. Sometimes, in all the noise, we forget that protesters are usually just quiet neighbors. It takes an especially awful situation to get the noise level...
- Thanks for the comment. The more I read up on the situation, the more I understand why you (and others) are very upset about all this.
- "nice job, with your piece on the Bellevue demostration on Iran and awareness is all we can bring to the problem in Iran. Thanks Bob for his humane and objective view. Most of us have never...
- Thank you for the post. It's logical and repectful. I was there, mad as hell ( guy in red shirt...)
- Thanks for the thoughts, Bighappy, hopefully Bing will get to the point where you'll want to use it for tech info or classic cars. When you say that 93% of your searches have "absolutely...
1 year ago
1 year ago
Paul, the firewall software changed in Leopard, but Mac has always offered far more sensible default configurations than Microsoft, you are seriously confused about that point.
1 year ago
This isn't the first time someone has tried to do this. Most of these so called "trojans" are spread by going to illegal file sharing sites or by going to porn sites from links from obvious rogue emails.
You can't really blame the platform for idiots that use it and don't know what they are doing. In contrast, you can plug in a PC with XP and leave it online and don't visit any sites and it can get infected.
Paul, you must have never used a Mac because the Mac's default security settings in Tiger are way better than XP.
1 year ago
Note that, so far, all of the supposed infections of OSX have been done by crippling the Mac so that it becomes possible to infect the OS, and usually done through a third party software hole. And note the source of most of the so called vulnerability scares: the companies that make virus protection software.
FUD. Get a Mac.
1 year ago
http://www.infoworld.com/article/08/01/30/Criti...
1 year ago
1 year ago
1 year ago
Paul ellis-"I seriously doubt the Mac users will do better at resisting malware Than PC users have.", I advise you to adopt a course of intellectual rigor, perhaps you might think about what you say, and try to relate it to rw.
1 year ago
1 year ago
Ben, 'You can’t really blame the platform for idiots that use it and don’t know what they are doing.' That is exactly what happens to Windows. By far most malware that targets and successfully exploits Windows (XP or Vista) is really a "social engineering" trick. If you can get people to run a program (via P2P, porn, etc) on ANY OS you are going to have a lot more problems.
'In contrast, you can plug in a PC with XP and leave it online and don’t visit any sites and it can get infected.' That statement is not true. It is only true if you use a pre-service-pack release of Windows XP from 2001. The Windows XP SP2 firewall (which has been out since 2004!) is far more secure than the Leopard firewall.
Mac may still be safer for the time being, but it is because of obscurity. Even a lot of the praise Linux gets for its security is a result of its obscurity. If the current versions of Mac OS X or Linux commanded 95% market share they would have far more problems with security than Windows XP or Vista.
Mack520 you might try actually making a point to illustrate my error. I am saying it is a stupid, and completely unfounded expectation that Mac users (who assume they are inherently immune) will be smarter about malware than Windows users. If anything they are ripe for the picking.
1 year ago
This is the kind of ignorance I'm talking about. Security was tacked on to Windows as an afterthought. Security was a prime directive in the creation of Unix. That fundamental difference makes OS X inherently more secure. Windows has holes by nature. OS X has (far fewer) holes because it grew from a platform that is secure by design.
1 year ago
I've been hearing that since 1997.
That line has outlasted most of the security professionals careers.
The Mac zealots say, not us, the PC guys say, why not you.
I say, show me something.
For some reason unknown to me, no one can ever show me a situation where a user opens a e-mail and their Mac turns into a robot sending out hundreds of e-mails every night at 3 am.
Show me where a user has their password directory or database compromised by some outside hacker without their help.
Somebody show me something where a Mac gets hacked while the owner is sleeping and no one is using it to "click on something" or authenticate a process.
Until then, please stop all this "largely unknown security expert" wishful thinking income enhancing nonsense.
1 year ago
1 year ago
George, I agree with you that currently OS X is safer, and it has been a long running story that Mac would be next. Do you know what has happened? People always assumed Mac was actually going to grab some significant market share (read: somewhere around 20% or higher) and it hasn't. And if anyone tries to argue that any Mac OS before OS X was secure (going back to 1997?) they don't have a clue. Pre-X Mac OS was a joke: no protected memory, no real user-level access controls, the ability to easily grab any other user account's password, etc.
1 year ago
Do you know what I've learned from all of this? Every single one of them has very visible flaws, and it is ignorant to act like any of them are perfect. Pick and choose your problems. As for me I actually really like Vista. Although I'm sure I'll get slammed for my personal preference.
1 year ago
1 year ago
The army is apparently pretty happy with the performance of their Macs as they have been hosting on the Macintosh platform since 1999.
Beside that I've never really understood the down side of security by obscurity. I mean if you are more secure, you're more secure right? Who cares why? It's as if you built two houses, one in the country, one in the inner city, the one in the country would probably be more secure for the same reason. I fail to see how that is detrimental to the country house.
1 year ago
1 year ago
1 year ago
inappropriate. How about try typing fsck -f
1 year ago
To my knowledge, there have been exactly zero Mac's compromised without the help of the user to click on something or to authenticate a process.
I know there have been some attempts, highly publicized dog and pony shows to hack a Mac OS X based server, but I think we're still waiting or someone to actually take control of one.
If there was a MS or anyone else's OS that had that sort of security success, I would be for that, as well.
I just get annoyed that every know-nothing blogger falls for and subsequently publishes every "almost known security expert's" Chicken Little statements of an impending security doomsday scenerio that's about to fall on the heads of every Mac admin.
Just stop with the BS "proof of concept video's" from these so completely unknown security firms showing that if a certain user were to inadvertainly log onto some spoofed portal than perhaps they could get lured into downloading an app that might, just might, with the proper authentication and only after running the app, might actually do something bad someday in the future to someone, maybe...well it could happen, maybe
1 year ago
Lol, one can only hope it will eventually be good for something...
1 year ago
"I say, show me something.
For some reason unknown to me, no one can ever show me a situation where a user opens a e-mail and their Mac turns into a robot sending out hundreds of e-mails every night at 3 am.
Show me where a user has their password directory or database compromised by some outside hacker without their help.
Somebody show me something where a Mac gets hacked while the owner is sleeping and no one is using it to “click on something” or authenticate a process.
Until then, please stop all this “largely unknown security expert” wishful thinking income enhancing nonsense."
Yeah, yeah, someday the Mac will be hacked.
C'mon! Do it! Doesn't anyone want to be the first to be famous for this?
C'mon! It happens with regularity in the Windows world!
C'mon! Hack the Mac! Be famous!
Oh, and that marketshare crap:
More Internet servers run on open-source (eg. Apapche) instead of IIS (Microsoft).
Guess which one gets hacked more?
I knew you'd know the answer!
1 year ago
The "unknown security expert" in question (Sophos), by the way, has over 100 million users. What they say may or may not be completely accurate, but that likely has little to do with their popularity. But I thought I'd throw out a popularity number to appease those for whom it matters.
And, George, did you look at the report? It's quite possible that it's not just made up to annoy you (though that's still a possibility, I suppose), despite your convincing argument that suggests otherwise (what was it again? oh yeah, something along the lines of you're tired of reading about it, so it's not true).
And all your the-MAC-is-more-secure scenarios that you mention are beside the point. If you read what this report is about, it's precisely about those instances where users (Mac or PC) are tricked (phishing, etc.). And this is type of activity is on the rise for Macs (i.e., users of Mac computers are targeted). So Macs could still be safer when left on and not touched for all I know, but again, that misses the point of the article.
1 year ago
"Brian, About the firewall check this review of Leopard’s firwall (http://www.heise-security.co.uk/articles/98120/1). ‘The Mac OS X Leopard firewall failed every test...’"
At the bottom of that article:
"Update:
Apple has issued security patches to address the issues raised in this article.
All new software releases have problems. Staying up to date (with any OS) helps a lot.
There's no way to win this argument right now, on any side. The "Security through Obscurity" thing is a theory, no matter how many claim it is fact, and will only be proved if Mac continues to gain market share AND at some magical market share point, suddenly has a boatload of successful attacks. So far, the market share is gaining, but there have been no significant increase in successful attacks, so one could conclude that it's either more secure, or it hasn't reached that magical market share point. Time will tell. All we know is for sure is that Windows has had a rough time of it in the past, with tens of thousands of pieces of malware. OS X so far does not have that history. As with stock market disclaimers, the performance of the past does not guarantee future performance, but I'll keep using my Mac, which I've been very happy with, for many reasons beyond security.
1 year ago
1) Your Mac admin password wields power. If any installer asks for this password, know why, or don't type the password.
2) Even *without* an admin password, a malicious application can do damage to files in your Home Directory. (Your home space on the computer) The reason for this is common sense--
You have, in your own space on the computer, the power to create, edit, or delete files.
3) Because of #2, always know why you are running any application, and only download applications from trusted sources. Note that Mac OS X Leopard will actually warn you if an application and has been downloaded from the internet and you are about to run it for the first time.
4) Just like in the Windows world, keep up with the security updates.
5) If anyone accuses you of being a smug mac user, deny it. Why? Because you're not a smug Mac user, you're a sensible one.
1 year ago
Certainly you wouldn't say burying a million dollars in a suitcase in your backyard is more secure than depositing it in a bank right? It may be safer because nobody knows you have a million dollars buried in your backyard, but the bank would be more secure because it has certain protection measures that it implements to stop people even though they all know the money is there. Now image that everyone starts burying money in their backyard because it is safer than the bank. You can see that as soon as you loose the obscurity you lose the safety.
The point being, if the underlying platform is not more secure (which I believe, pound for pound, it isn't) and the platform becomes significantly popular (which Apple runs lots of ads to try and make that happen) then obscurity isn't enough. Microsoft learned a long time ago that not having your firewall on by default is a bad idea. If Mac becomes popular, Apple will learn that same lesson. Also remember, that if I wanted to be safe through obscurity I could just run BeOS (I still wish Apple would have bought them instead of NeXT).
Let's look at another insecure part of OS X, the wifi configuration. Did you know OS X will connect to any wireless network it can (maybe not peer-to-peer ones, I'm not positive) without asking the user? I've had a lot of Mac people tell me how they hate how they have to "setup" the wireless on Windows and Mac just does it automatically. That is actually a very bad idea. You could be using your Mac somewhere where there will be a rogue network that your OS will automatically connect to. Keep in mind that your firewall is off, so any shared folders (with potential sensitive information), or vulnerable services (which every OS has, that is why they all get security updates), or even website spoofing/phishing/sniffing all available to whoever runs that network. Again, maybe not a problem yet, but if (and it is a big if that this whole conversation hinges on) Mac really takes off you will have a major problem.
BTW, only George and maybe kboggs have made legitimate fact-based arguments. Anecdotal stuff like using a Mac since '86 and not having a problem doesn't really matter. I have been using PCs for that long and I don't run anti-virus either, and I don't have problems. Yet, I wouldn't recommend that for my parents.
I'm still on the record that pre-OS X was insecure. When you don't even have protected memory it is so insanely easy to do whatever you want if you can compromise almost anything on the computer. You could still write a really secure (or even the most secure) web server that would run on it, but the consequences of a security failure in the web server program would be much worse.
Last but not least, picking out one website (army.mil) to show security doesn't really mean anything. The Navy and Airforce run Linux with Apache, and the Marines use Windows 2003 and IIS. I'm sure they all get a lot of hack attempts. Interestingly enough, when I was briefly looking at a number of bank websites, they all ran Solaris.
1 year ago
You so completely don't get it.
It's not that if I don't read about it it's not real.
It's that they write about a topic that at this point in time is not relevent.
Hackers can target all the Mac's they want, but the way it works right now, unless someone is moving a mouse and clicking on a dialog box with an admon password in front of that particular Mac, it's not happening.
As to Sopho's having 100 million users...my guess is that they're not Mac users.
1 year ago
DaveK: while I will agree that all new software has issues, I wouldn't call OS X 10.5 to be really new. It is much more akin to Windows XP SP2. Pretty much the same as the preceding version (10.4 and SP1 respectively). I just think it is crazy that in 2007 Apple would try to sell an OS with the firewall off by default. You can see why though (http://www.heise-security.co.uk/news/98492), because it broke applications. Even now you have to allow Skype to accept inbound connections every single time you use it. It was easier for the user to not have a firewall on. Probably the same reason Microsoft didn't enable it by default on pre-SP Windows XP.
Wiley: all the points you make are valid for Mac, Windows, or Linux. That's really the problem today for most operating systems, how can you protect people from their own stupidity/ignorance? How can you get everyone to actually obey that list. Really. Have you heard of anyone having Windows Vista get hacked while just sitting connected to a network? I haven't, and it already has a larger install base (i.e. exposure) than Mac. That's why if you can get a user to run a file through social engineering it really doesn't matter how "secure" the OS is. The malware might not crash OS X, but it could delete your home folder, and all the time machine backups of it.
If you find a great way to take care of that problem then talk to me about starting a business. We could be billionaires.
1 year ago
Those problems all ended with MacOSX.
1 year ago
My example of the Army's server was just to illustrate that here's one server that is definitely not obscure. If OS X is such a security push over as others claim, then why does the Army continue to use Macs? Why has this considerably conspicuous Mac not been hacked?
All that being said I know that no OS is perfect nor 100% secure. I think it is important for us maintain antivirus software if for no other reason than to prevent being a carrier for Windows viruses.
1 year ago
1 year ago
This was supposed to be a feature or a convenience...it was a bad decision on MS's part. Why?
1 year ago
1 year ago
Greg: The statement that the sky is failing was usually (at least when I read them) tied to Mac's becoming popular, and that hasn't happened either.
JZ: Just because Windows defaulted to super user, it doesn't mean the underlying base is insecure. In fact, I think that Windows 2000 was a very good base for a multi-user GUI OS. The defaults may have been set insecure, but it could be locked down quite well.
1 year ago
I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:
vs.
Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.
For further information, see:
?
“I just think it is crazy that in 2007 Apple would try to sell an OS with the firewall off by default. “
But that doesn’t mean all the ports are open. They’re not. Actually, even all Mac OS versions prior to Leopard installed with the firewall preference setting off I believe, and always came with all ports closed out of the box. So all Mac OS X versions have had the firewall off by default since what, 2000? Where are all the security breaches cause by the firewall being open? Oh yeah, the security by obscurity thing that we can’t prove yet.
Traditionally you only needed to “turn on” the firewall in Mac OS X if you needed to open some ports. Most users would not need to do this. But they can if they want.
If I run Shields UP from the Gibson Research Corp. web site (), with the Leopard (10.5.1) firewall off, and outside my hardware router, I see that all ports are closed. Not all marked as “stealth”, but all closed. Of course you can configure the Leopard firewall to “Enable Stealth Mode, if you like.
“You can see why though (http://www.heise-security.co.uk/news/98492), because it broke applications. Even now you have to allow Skype to accept inbound connections every single time you use it. It was easier for the user to not have a firewall on. Probably the same reason Microsoft didn’t enable it by default on pre-SP Windows XP.”
Microsoft didn’t enable it AND they left a bunch of ports open, which was why all you had to do was connect a Windows box to the internet and watch it get violated in 20 minutes or so.
I think the reason the firewall is left off by default in OS X is because all the ports are closed by default, and you only need to turn the firewall on if you need to open ports, not because it breaks software when turned on. Not that Skype has been the most reliable software on the Mac anyway, but I'm sure that problem will get sorted out eventually.
1 year ago
I wrote:
I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:
http://www.microsoft.com/windowsxp/sp2/features...
vs.
http://www.apple.com/macosx/features/
Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.
For further information, see:
http://www.roughlydrafted.com/2007/10/31/ten-my...
Gibson web site:
www.grc.com
1 year ago
About Leopard, I would call it more of a feature pack than a service pack. Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn't at all like the difference between XP and Vista, good or bad.
And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don't really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn't mean anything. It is just their version policy. Just look at the difference in numbering between Debian and Fedora Core. In the last 12 years Debian has gone from version 1.1 to 4.0. Fedora went through 8 versions (cores) in 4 years. Yet fundamentally they are both using the same base components.
1 year ago
"DaveK: If the firewall is off, ports are open, no matter what OS. Also, even though my Windows firewall is off right now (my home network is set as a private network in Vista) ShieldsUp isn’t finding any open ports, but that is because I’m behind a NAT router and no ports are forwarded. Odds are that unless you are plugged straight into your cable/dsl modem that ShieldsUp will give the same report. "
But what I said was that I was NOT behind a NAT router. I plugged a MacBook Pro right into my incoming internet connection - no hardware firewall whatsoever, and reconfigured the ethernet settings to use the direct connection. And the Leopard firewall preference setting was to "Allow all incoming connections", and ShieldsUp stated all ports are closed. So you are wrong, at least about the Leopard "firewall". And you obviously haven't tried it, or you'd see that I'm correct.
I think the confusion is that the firewall in Apple's preferences seems to be what Apple is calling an "Application Firewall" - the open source firewall ipfw is still present at a lower level, and can be accessed via the terminal, from what I've read. I think Apple has major terminology problems here, but the fact remains that if the preferences are set to have the APPLICATION firewall in the preferences "Allow all incoming connections", all ports are still closed. That explains the basic security out of the box of a Leopard install. Perhaps the correct terminology would be to say that in Leopard, the packet inspection firewall ipfw is still always running (on) in the background, even though the Apple's UI seems to indicate the firewall is off. I'm not defending them - I think this was a major UI blunder. And it's caused all sorts of bad press.
BTW, when I am behind my hardware firewall, Shields UP shows all the ports as "stealth" unless I configure them otherwise on my router.
"The firewall is really only that significant in public network (usually wifi) scenarios for most people. I can see people’s Mac’s on my school subnet (but they can’t see me). "
True. Which is why a default install of Leopard has all ports closed, so you don't have to worry while on a public network.
"It is well documented at a number of sites that OS X defaulted to “allow all incoming connections” until very very recently."
They still do, but all the ports are closed, as I said.
"About Leopard, I would call it more of a feature pack than a service pack. "
Sure, you can call it what you want. The many additional features is why it was a paid upgrade. Apple's service packs are free. Apple is just a bit more responsive than Microsoft in this area. But there were many changes to the underpinnings of Leopard, from a developer's standpoint. Probably more than any other OS X release. Many made to support the new features Apple added, but also to allow more innovation from third party developers.
"Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn’t at all like the difference between XP and Vista, good or bad."
I would agree with you - there were many more differences between XP and Vista than between XP SP1 and SP2.
"And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don’t really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn’t mean anything. It is just their version policy."
And Apple's version numbering policy is that all of the Mac OS X releases have a version number starting with "10", with the first number after that signifying paid releases with major features AND many underlying changes, and the second number after the "10" being free "service pack" releases. But yet many don't understand that going from 10.4.x to 10.5 is a MAJOR release and don't understand why they have to pay for it. It's all marketing - Apple wants to milk the roman numeral "X" for as long as possible.
1 year ago