Dino Dai Zovi, the New York-based security researcher who took home USD b10000 in a highly-publicized MacBook Pro hijack on April 20, has been at the center of a week’s worth of controversy about the security of Apple’s operating system. In an e-mail interview with Computerworld, Dai Zovi talked about how finding vulnerabilities is like fishing, the chances that someone else will stumble on the still-unpatched bug, and what operating system – Windows Vista or Mac OS X – is the sturdiest when it comes to security.
Given Microsoft’s track record, I’ll begin to take this seriously if we see less flaws in Vista than in OSX after about a year.
“Given Microsoft’s track record, I’ll begin to take this seriously if we see less flaws in Vista than in OSX after about a year.”
It’s not like Apple’s track record is much better. Since 2005, OSX has had nearly as many Security Updates as Windows, and many of those updates have been massive, at least one fixing over 40 flaws, and multiple updates fixing over 20.
http://www.apple.com/downloads/macosx/apple/security_updates/
And it’s not like the “contest winner” is a fanboy or anything. He seems very knowledgable.
From your research on both platforms, is there a winner between Mac OS X 10.4 and Vista on security?
I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.
What this tells me is that Microsoft has been the main target for so long that they’ve had to make adjustments to the way they do things, while others have been free to sit on their laurels and relax. It may very well be that Microsoft is producing the most secure code right now. But this only applies to new code, of course (well, and old code that’s been through audits).
Edited 2007-05-01 05:57
It’s not like Apple’s track record is much better. Since 2005, OSX has had nearly as many Security Updates as Windows, and many of those updates have been massive, at least one fixing over 40 flaws, and multiple updates fixing over 20.
Do you think computer security is a one time event ? A one night stand ? No, computer security is an ongoing never ending process. Apps change, apps grow, can do more and behave differently by each new versions. The OS does also evolve.
After 5 years on the market none of the 25-30 million Mac OS X users have had their Mac OS X systems infected with viruses nor spyware. The end results for Mac OS X after 5 years on the market is one or two unsuccessful worms that where more like a proof of concept – plus one hole in Java (but never the less – a serious enough one)
Edited 2007-05-01 05:58
Which really goes to show that with all the security vulnerabilities many, if not most, have been identified by others that people who tend to write viruses, worms, etc are not bothered with a relatively small user base.
Your rebuttal completely misses the point. Whether or not anyone has bothered to take advantage of all the bugs in MacOS is not the point being made, the point is that OSX has had as many bugs as Windows.
Microsoft has gone from having the worst develpoment policies/processes relating to security to being a model for all other vendors excluding maybe OpenBSD.
Which really goes to show that with all the security vulnerabilities many, if not most, have been identified by others that people who tend to write viruses, worms, etc are not bothered with a relatively small user base.
If the size of the user base was the main reason why no one is writing malware for Mac OS X, then why was Mac OS 9 and previous versions a target? Why is it that I ran Virex on my older Macs (to protect them from viruses in the wild), but my last three Macs (all OS X) have not suffered the same fate?
The user base excuse does have some merit (my BeOS installation is running fine with no real malware threat), but OS X has a huge banner on it asking for it to be compromised. As Umbra stated above, there are 25-30 million OS X users out there, and this is no small number. The target is rather large, and even better, the users would most likely be unsuspecting.
I agree. And this is no longer true, since I believe that an important compromise on the Mac, would be -today- more publicity than anything that could happen on Windows.
If a “real” old-school-win virus/malaware/trojan were to be released and worked on Mac OS X, the news will really put it on the front page. People are “used” to Windows security problems, so a new one amost always means waiting for Windows Update or calling the Tech friend.
The kind-of-small Mac OS X marketshare used to be a “professional” market (Photo, Audio, Video), so compromising those “small” pro targets will really get the authors in the front page. I think that -and I insist- the UNIX nature of OS X makes it really harder to compromise. It’s by no means invulnerable, but it is hard. Time will tell.
Compared to the number of Windows users out there, it is a very tiny number.
Bear in mind, that if you want to crack a Mac, then that means you have to buy one. Now are hackers really willing to fork out that kind of money, just to hack it? Not sure they would to be honest.
I think the size of the user base is really what’s protecting it here. After all, when the ANI bug hit Windows, exploits were rampant within a day or so. But when a very similar vulnerability hit MacOSX last year, no-one took a blind bit of notice.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1552
The only reason I found out about it, was that I managed to trip over a website that had a malformed JPEG; it completely locked up my Mac.
So, what did I do? So confident that this couldn’t happen to my Mac, I went there again after rebooting. Same thing happened.
Found the cause of the problem on MacIntouch.
Yeah, Apple’s security record is so terrible that Mac users everywhere have spyware/malware-infested computers. Oh, wait.
Msft not only has a track record of poor security, msft also has a track record for “information incontrol.”
Fake TCO studies, fake think-tanks (adti), fake grassroots letter writing campaigns, fake benchmark tests, fake journalists like Enderle. Msft pays bloggers to be pro-msft, and probably pays message board posters as well. Msft lied to the US-DoJ in video-taped testomony, and also lied to the EU.
Msft also sponsered the scox-scam which tried to gag: groklaw, Linus Torvalds, Eben Moglen, and Eric Raymond:
http://www.groklaw.net/article.php?story=2007042819571717
Less known exploits doesn’t mean more secure.
Vista has active security. E.g. ALSR, NX to prevent buffer overflows being exploited.
Mac OSX has well… no active security. On top of that they take weeks to come out with security fixes. An example is when zlib had a flaw in less than 24 hours all the major linux distros had a fix. I remember a few weeks later I saw a security update for OSX that contained a fix for zlib.
The issue is that apple and their minions are so arrogant.
Vista has active security. E.g. ALSR, NX to prevent buffer overflows being exploited.
Mac OSX has well… no active security. On top of that they take weeks to come out with security fixes. An example is when zlib had a flaw in less than 24 hours all the major linux distros had a fix. I remember a few weeks later I saw a security update for OSX that contained a fix for zlib.
The issue is that apple and their minions are so arrogant.
Wow. Your right on the money there. Microsoft cut alot of features out of Vista but security was not one of them.
The sad part of it all is 90-95% of the available Linux distributions are in the same boat as OS X: lack of active security due to arrogance of distro devs/complexity of implimenting them.
This is a rather rude, inflammatory personal attack on developers of OS X and Linux distributions. You are, of course, allowed to say such things but I think you should at least defend your claims.
Nobody is perfect at security – and nobody can be. It is not fair to argue that “90-95%” of linux distributions have arrogant developers who produce operating systems that have worse security than Vista. You present no evidence to back up this claim.
I will, on the other hand, present evidence:
http://www.debian.org/security/
http://www.ubuntu.com/usn
http://fedoraproject.org/wiki/Security
http://www.novell.com/linux/security/securitysupport.html
http://www.apple.com/macosx/features/security/
You didn’t state this, but, how on earth can anybody claim Mac OS X has no “active security”? They rely on the security built right into the Unix core (yes I know, this is an old claim) – but that didn’t stop them having (1) Auto Update – just like Windows and Linux distributions. (2) A firewall – just like Windows (and, uh, Linux, depends on the distribution!).
The original post mentions “active security”, and you say OS X and Linux does not have “Active Security”. I’d like you to first tell me what Active Security is. It seems you are throwing two acronyms around – ALSR and NX.
Well guess what. Linux and Mac OS X support the NX bit and have done so for a while. Mac OS has supported NX bit ever since Apple released an Intel Mac OS X. Support was added to the Linux kernel in 2004. Many other operating systems support it.
Amusingly, there has been something called PaX available for the Linux Kernel which does exactly what ASLR does. PaX however has been in existence since 2000. PaX also does a heck of a lot more than the Windows kernel does. Sadly, and I don’t really know why, most distributions don’t compile it into their Kernel – I might be missing a key reason why they don’t.
I’m now going to throw around some acronyms and names regarding Linux security: you can look these up yourself before claiming Vista is far better. Linux Security Modules, grsecurity, SELinux, ExecSheild, AppArmour, Linux Intrusion Detection Systems (LIDS).
Windows doesn’t have them, the developers must be arrogant!
In reality, Microsoft, Apple and lots of open source companies and groups care deeply about security and they all work hard to make their operating systems as secure as possible. The last thing this debate needs is slander and personal attacks – it needs real evidence and constructive criticism.
Edited 2007-05-01 09:39
Care to mention which distributions you are thinking about? Not to mention some evidence for your claim?
Security is a major issue for all mainstream distributions like (k)Ubuntu, Fedora, CentOS, Debian, Gentoo, Mandriva, OpenSuse, Linspire (that’s true), Xandros, Ark Linux, Arch Linux and so on. Even smalller linux distributions (or meta-distributions) like LlinuxFromScratch, Sourcemage and the likes are security oriented.
The issue is that apple and their minions are so arrogant.
It is the role of technology companies to be arrogant. Tech companies should always know better than their customers. If they dont, we end up with with operating systems like Microsoft Windows (all versions) which all have been a major security disasters for more than 12 years. The main reason is Microsoft’s pathetic fear for braking compatibility for customers apps & solutions and knowing better than their customers. As soon as tech companies stop being arrogant they are dead as tech companies. Tech companies role is to always know better than their customers – know better and know far ahead. This is what IBM once knew. But today they have started to listen to customers, and the customer knows nothing and is usually only aware of that fact too late – just like Microsoft.
All Mac OS operating systems have been extremely safe. Classic is still 100% safe to use and Mac OS X is still probably the safest desktop operating system on this planet.
Read my lips, Microsoft Windows Vista will continue from where Microsoft NT.95.98.W2K.XP ended their lifes as a stranded security mess, all unmaintainable. I am note mentioning Microsoft Windows Millennium, am I ?
The only maintence for vista/xp i noticed are Vlite and Nlite where the user has to cut out insecure things and basiclly alter the system/change its purpuse. Mighthaps even use windows embedded Minlogon.exe for Velocity
The issue is that apple and their minions are so arrogant.
No the real issue is that you are comparing the brand new Microsoft OS with the old Apple’s one. Wait Leopard with all the new security stuff, then we will see.
Anyway I don’t give Vista a year to get a *lots of security hole*.
This is not so much about the strength of Windows’s security, as it is the weakness of OSX’s. Apple just put a Mac compatibility layer and a Mac GUI over an OS they never created nor maintained, which is a large part of why Apple’s security has dropped since Apple switched to the Mach microkernel: they literally don’t know their own OS anymore.
My ITEC 120 professor uses an OSX laptop in class (instead of the networked computer which uses Windows), and it has crashed outright three times this semester, as well as other strange bugs in the execution of normal tasks (program windows that appear off the screen, pinwheels of death that still work like a normal mouse, a media player that once opened itself, &c.). Our school’s Windows-based computers are three to four years old and come loaded with malware and other things that load themselves on startup, and they are still more stable than his year-old OSS-only laptop.
(The most annoying thing, though… When he uses Firefox to show us course webpages that are illegible and malformatted in Firefox but readable and properly laid-out in the Internet Explorer on our laptops (course pages that he coded by hand on that machine itself!), it’s always somehow Microsoft’s fault, never him or the programs he’s using.)
Edited 2007-05-01 01:28
“This is not so much about the strength of Windows’s security, as it is the weakness of OSX’s. Apple just put a Mac compatibility layer and a Mac GUI over an OS they never created nor maintained, which is a large part of why Apple’s security has dropped since Apple switched to the Mach microkernel: they literally don’t know their own OS anymore. ”
Why are you trying to talk about something that you don’t know!!!
Do you just realize tha the code base of OS X is a code base that was largely developed, tested by the sane team who built NextStep which itself is the code bas of OS X? Do you realize that the people behind NextStep are most of them still the minds behind OS X? Do you realize that the main architect of MACH (Avie Tevanian) was the main architect of OS X, and was the leader of the OS X team and software team at Apple until OS X 10.3? Do you realize that the present OS X team leader, Bertrand Serlet, is also a key architect of both NextStep and OS X?
Given that, you come here to say us that Apple does not know its own OS….. Do you just realize how silly this sounds?
“My ITEC 120 professor uses an OSX laptop in class (instead of the networked computer which uses Windows), and it has crashed outright three times this semester, as well as other strange bugs in the execution of normal tasks (program windows that appear off the screen, pinwheels of death that still work like a normal mouse, a media player that once opened itself, &c.). Our school’s Windows-based computers are three to four years old and come loaded with malware and other things that load themselves on startup, and they are still more stable than his year-old OSS-only laptop. ”
Well no machine can be completely safe to get some issues, your professor has an issue with his machine. This would concern a small amont of macs, i had several macs running OS X for months, 27/7 without any reboot. Try to do that with XP or Vista, ……
From the article:
“I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.”
I really have to laugh when i read such thing. I mean, if this would be true ok, fine, but this really does not fit to the reality. Look at the fact, if the Vista code quality is good in terms of security, how a hell could the ANI bug affect Vista too? This bug was tracked from Vista back to Windows 2000!
Also what about this:
http://www.eweek.com/article2/0,1759,2069209,00.asp
Or this:
http://www.microsoft.com/technet/security/Bulletin/MS07-021.mspx
Or this:
http://vil.nai.com/vil/content/v_vul28025.htm
And so on, so that’s nice to say that Vista is more secure, but in reality this is just a joke…
Alo even Micorost does not believe either in the security of its OS:
http://arstechnica.com/news.ars/post/20070430-microsofts-guru-malwa…
What a world !!!!!
Sounds like you’re fed up with computers… or people.
Naw, sounds more like he just received a nice cheque from Microsoft. Suum cuique.
Theoretical analyses (and fancy acronyms, siti!) aside, the assertion that Windows is more secure than OS X is absurd to anyone who has actually had to maintain the two systems for real users.
In the year my mom has had her iMac, she has had:
0 pieces of spyware.
0 viruses.
0 crashes.
No Windows machine any member of my family has ever touched has achieved that kind of record.
For people like me supporting machines for their technophobe parents from 700 miles away, that’s peace of mind that money can’t buy (oh wait, I guess it can!)
So Windows fans can scream ALSR, NX, GX, and UAC all they want, show me a Windows that can survive in the hands of my mom for a year with no issues (and no babysitting!), then you might have something…
Edited 2007-05-01 01:24
BECAUSE MAC HAS 2.86 PERCENT OF THE MARKET. That’s why she has seen no malware or viruses. I can’t speak for the no crashes though, my Windows PC hasn’t crashed in a very long time.
If you’re just using malware or viruses to gauge security then you’re a fool.
Vista was just released, why are you comparing the experience of family members with certainly older versions of Windows (XP and back) and using it as evidence to support your point?
Vista has the improvements, not XP. So whatever experience they had with XP is irrelevant.
Security isn’t solely about protecting the user from himself, it’s about protecting the user and his data from outside attacks. Appearantly, Vista’s built in technologies stop most of these attacks right in their tracks.
I am not sure if Vista has 2.86% of the market yet… Vista has improvements but we heard the same song and Dance from Microsoft about XP, I remember a contest where MS had a XP Box on the internet and asked people if they could hack it, and they couldn’t during the allowed time. They had a similar concept with Linux and Linux got hacked.
Right now Vista is more secure then OS X just because the hackers haven’t finishing studying it yet. Mac OS has been out for over a half a decade now. Hackers had time to learn about where OS X is weak and where it is strong.
RIght now most of us need to go by Experience with older systems it is the concept of fool me once shame on you, fool me twice shame on me. The general public has been shammed into using windows for a much larger percent of the population who should. In fair competition Windows Market Share would be around 40%, Linux 30%, OS X 25%, Others 5%. Still the market leader but it is to big for its size. So don’t get so frustrated when people are weary about Vista Security clames.
<>
That’s the point : the real problem is not that windows is the best (or not) OS around. The problem is that windows is near the monopoly state.
regards,
glyj
“””
BECAUSE MAC HAS 2.86 PERCENT OF THE MARKET. That’s why she has seen no malware or viruses.
“””
This point usually gets lost in the noise, but what difference does it make *why* the malware is directed at Windows?
The *fact* is (and I don’t think that anyone would dispute this) that the vast majority of malware *is* directed at Windows and Windows users.
I am intentionally avoiding the issue of which OSes have better defenses than others because that is irrelevant to the point I am making.
If you use Windows, the majority of malware is directed at you.
People keep saying “But that’s only because it has the most market share” as though that changes this basic fact. It does not. And I wish people would stop acting like it did.
Regardless of the OS’s intrinsic security fitness, if you run Windows you have a target painted on your back.
This is not an attack on Windows or its quality, though I do have my own thoughts on that.
There is also the implication that “If $INSERT_OS_HERE had Windows’ market share then it would have the same problems”.
Maybe… and maybe not.
But that is not important, because I don’t think that any other OS ever *could* have that kind of desktop market share, and I suspect that few advocates of Linux, BSD, Mac, or Haiku would *want* to live in a world where one OS, even their own favored one, had such a stranglehold on the market.
Edited 2007-05-01 02:12
Right on
Thanks for bringing this important point up again. I’ve said this before, but somehow it falls on deaf ears among the MDB…
BECAUSE MAC HAS 2.86 PERCENT OF THE MARKET. That’s why she has seen no malware or viruses.
I don’t think marketshare even begins to explain the issue though. Malware is written for two reasons: for recognition and for profit. In the former case, you’d think getting a widely-distributed OS X virus would be good motivation. In the second case, OS X’s market share may be only 3%, but it represents millions of computers. There should be enough profit potential in compromising OS X for us to have seen at least a couple of widely-distributed OS X viruses by now!
I can’t speak for the no crashes though, my Windows PC hasn’t crashed in a very long time.
I maintained a Win 9x machine that almost never crashed either. It’s easy to do when its your own machine and you can babysit it. Not so easy to do when you put it in front of somebody who abuses it.
If you’re just using malware or viruses to gauge security then you’re a fool.
If you’re using technical bullet-points to evaluate security than you’re an idiot.
Vista was just released, why are you comparing the experience of family members with certainly older versions of Windows (XP and back) and using it as evidence to support your point?
Because Vista is a continuation of the same codebase. The Vista code is basically a superset of the XP code. Many of the defects present in the latter will still remain in the former. Eg: the pointer animation bug posted a few days ago was in code dating back to Win2k.
More generally, there are three important things to remember about software:
1) It’s hard to unf–kup a broken system; Security isn’t something you add to insecure code, it’s something you design into the system.
2) If developer A wrote insecure crap last time, the odds of him writing secure stuff this time around are not great.
Security isn’t solely about protecting the user from himself, it’s about protecting the user and his data from outside attacks. Appearantly, Vista’s built in technologies stop most of these attacks right in their tracks.
We’ll see about this when Vista has had some time out in the wild. Who knows, Vista could be another NT 3.1. Or it could be another XP…
Maybe the marketshare bit was just poking fun
Vista is built off of the Windows 2003 Codebase which (iirc) is an audited version of the XP sourcecode with a lot of buffer overflow exploits found and removed.
I think it’s inherently more secure than XP but sure some simple bugs (like the cursor exploit) will remain because it’s something that’s relatively unchanged from WinXP to WinVista.
I do find it interesting to how the .ani exploit bypassed the /GS, ALSR, etc.. in Windows Vista..
Obviously, things like this will not make Vista bullet proof but it will stop a great deal of it. Point being, that Vista is more secure than XP so comparing your experiences with XP isnt’ exaclty accurate.
I agree whole heartedly that you can’t insert security into insecure code. it needs to be designed that way. However given the complexity of the Windows Operating System I think that these “obstacles” that exploits now face is a good thing.
The attack surface is greatly minimized from what I can see.
Anyhow, I’m tired and I’ll mod you up for a good post.
“BECAUSE MAC HAS 2.86 PERCENT OF THE MARKET. That’s why she has seen no malware or viruses.”
OK let’s assume this is true. At which share of the market do we need to worry? 5%? 10%, 25%, 50%?
I think if that number is anywhere near double digits then it’s a security problem that Apple would like to have.
Right now it seems, his mom’s mac is safe.
iPod’s running linux have no market what so ever yet there are more wild viruses for that combo than they are for OSX. Where does that leave you’re market share arguement ?
Anything above 0.5-1.0% is a target for malware. However, at the moment only Windows ships with the API required for malware to work.
Yes and you go on tell me that market share is also the reason that there are more exploits for IIS than Apache, because we all now that IIS has the bigger… oh, wait…
hmmmm I guess that’s how the cookie crumbles….
“Yes and you go on tell me that market share is also the reason that there are more exploits for IIS than Apache, because we all now that IIS has the bigger… oh, wait…
hmmmm I guess that’s how the cookie crumbles….”
—————————-
*sigh* Here we go again.
The security records for IIS6 and Apache 2.x since 2003 (the date that IIS6 was released):
IIS6:
http://secunia.com/product/1438/?task=statistics
Summary: Three advisories, none “highly” or “extremely” critical, all patched.
Apache 2.x:
http://secunia.com/product/73/?task=statistics
Summary: 33 advisories, 3% “highly” critical, 10% unpatched, and 3% only partially patched.
How many times is someone going to bring out the Apache vs IIS canard and get owned? Really, it’s old, it’s well-known to be a canard, and should no longer be used for your side of the argument.
Edited 2007-05-02 02:21
And what’s the market share breakdown for IIS5, IIS6, Apache 1.3.x, and Apache 2.x?
I’ve built the systems that run and also supported Windows 2000 and Windows XP for years for large international organisations and it is my experience that the problem with these machines crashing is largely attributed to users and the hardware vendors, and not so much the operating system itself.
If the users would stop installing software that frankly isn’t needed, isn’t tested and is written many times by very small developers or companies that don’t have the resources to develop and test appropriately, then the operating system, regardless of what is is, would operate far more reliably.
If the users would treat the hardware with more respect (i.e. stop damaging it and letting your children smear their food, drink and greasy fingers all over the device) then the operating system, regardless of what it is, would operate far more reliably.
If the likes of HP would send out hardware that is functional and operational, rather than send me the supposedly refurbished (yet still defective) hardware from one of their other customers, then the operating system, regardless of what is is, would operate far more reliably.
Also, I haven’t had a virus since the days of the 286SX. I haven’t had any known spyware, ever. The last two crashes I had was due to a faulty motherboard and poor drivers from nVidia. In fact, I cannot recall the last time I’ve had a Windows born crash.
Sir, there is so much truth in this post, you could start a religion on it.
And that’s how zealotry starts…
If computer designers didn’t have to deal with clueless users, they wouldn’t get paid the big bucks. In engineering, you don’t get to choose reality. Reality is a given, and you design your product the best you can to deal with it. If your product doesn’t work, blaming reality is… not productive.
FYI: I have this great design for an airplane! Now if only gravity were 90% weaker, it’d actually fly!
Edited 2007-05-01 02:56
Design cannot accommodate all stupidity and common sense.
What do you expect, Microsoft is meant to accommodate the stupidity and bad practices of all the millions of users and thousands of hardware vendors?
I really fail to see how it’s Microsoft’s responsibility, even if they had the ability, to a somehow prevent poor hardware and stop users on installing dodgy software or treating the hardware poorly.
It’s the users & third parties that make the vast majority of poor choices when it comes to Windows performing poorly or crashing. This is experience talking here, not opinion.
If your family has problems with maintaining a stable Windows experience they should perhaps look at themselves and the hardware they use, rather than just chasing the scapegoat that Microsoft so often is.
You are right on the money dude. End users use things in ways that are crimes against god and nature. There have been many times when the answer has been, “It’s not designed to be used like that.”
I’m not going to excuse MS for some of the dumb design decisions they’ve made in the past, like integrating IE into Windows and trying to have one general purpose OS. I understand the decisions since they make sense, not the IE one, in an enterprise, but they don’t make sense for the home user who leaves his computer wide open because it’s easier.
Some perspective is in order on this topic.
“It’s not designed to be used like that.”
And i thought that i was a Wyld Stylist
user become scapegoat then?
Better engineering will help in many cases. Even Microsoft prove it.
– A more transparent administrative rights in XP compare to 2000. User then where less likely to use the admin account.
-Easy firewall configuration and administration in XP SP2. This is another example that make things easier and more secure. It doesn’t solve everything, but still a move forward.
If windows can manage poorly written software, there is probably something that can be made. Builtin high-level language? Kernel protected memory? Better API/Library?
HP has good hardware, just not in their PCs. Just buy an Alpha, PA-RISC or Itanium workstation, install Linux and there you have what you want! (Just kidding :-)).
HP should be run over hot coals for the shocking quality of their hardware. It’s disgusting.
Not willing to make troll out of myself, but I really want to re-iterate what has already been said. HP may well make crappy x86-based hardware (uhm, is there *any* good good x86-based hardware?), but their Alphas (ok, DEC’s Alphas) and PA-RICSs are worth a lot of consideration. Well, not that it has anything to do with Windows being secure, but I couldn’t help.
“In the year my mom has had her iMac, she has had:
0 pieces of spyware.
0 viruses.
0 crashes.
No Windows machine any member of my family has ever touched has achieved that kind of record.”
My daughter’s XP was installed four years ago (my wife’s three yrs ago):
0 pieces of spyware.
0 viruses.
0 crashes.
It looks even better
Still I would not use the fate of family members boxes as a proof of OS security.
“My daughter’s XP was installed four years ago (my wife’s three yrs ago):
0 pieces of spyware.
0 viruses.
0 crashes.
It looks even better ”
Yeah, but it’s not hooked up to a network!!!
oh, it is.
No AV, no anti-malware. Pretty simple and effective setup.
Is your daughter living at home? If so, then this stellar record is probably due to the fact that *you* keep them secure.
In Rayiner’s, he was referring to family members he does not live with, and therefore which are out of his day-to-day administration reach.
I’ve had the same issues, as a Family-and-Friends Windows Tech Support guy. No matter how much you try to get non-technical people to be security-conscious, they’ll often screw up their PC and/or get infected with Malware.
As others have said before, it doesn’t matter if Windows is targeted by more malware because of its market share or not. The bottom line is that Windows is targeted by more malware, and consequently *is* less secure than a Mac or Linux. We’re not talking about hypothetical scenarios here, but about the gritty reality.
I do find your claim that she has had zero crashes in four years a bit hard to believe, though. Not impossible, but unlikely (in my experience).
Edited 2007-05-01 16:13
I keep telling my siblings to use Firefox instead of IE, but they never listen. Next time their PC is bogged down with malware, I won’t fix it unless they’re willing to use Linux.
Whatever.
Well, none of my family’s windows boxes (3) have gotten anything more harmful than a tracking cookie in about 3 years.
Granted, I’ve trained them on reasonable security precautions, browser isn’t IE, mail isn’t outlook, and most importantly, they understand not to install a random application or open attachments that they weren’t expecting.
Windows *can* be secure. By default, XP wasn’t. By default, Vista tries very hard to be. Time will tell how successful it was, but compare Vista with OSX 10.0.
Finally, the assertion wasn’t that OSX is less secure than Windows. The assertion was that the Vista development team is paying more attention to security than the OSX development team.
Sure, Windows can be secure, if you have the time to babysit them. But I can’t. I do support for machines that I see maybe once a year (family friends). What makes it really hard is that I can’t trust automatic Windows updates. Not since the patch a couple of years ago that just borked networking, leaving my mom without internet access for a month and a half until I could visit the machine again.
Maybe 10 years ago it would’ve been acceptable to have an OS that required scheduled regular tune-ups. But it’s 2007. And in 2007 I want the computer-equivalent of a Toyota — something that can take 10 years of abuse and neglect (late/missed oil changes, stop-and-go city driving, north-east road grunge) and continue functioning like nothing happened.
You might want to look at a Palm Pilot, a Windows Mobile device, or maybe something based on QNX then.
I have a ten year old car, and I’ve still had to perform maintenance on it to keep it running in top shape. Ten year old cars that have been neglected and abused are in sad shape regardless of the make. You can always tell the people who take care of their cars.
I have Ubuntu, FreeBSD, OS X, and WinXP running, and I patch them and perform routine maintenance on them regularly.
My Nissan runs great by the way.
You mustn’t forget that the commercial-car industry is still in the industrial revolution age .
Look at Toyota Fine-X a car with only electronic engines in its wheels making you park in 360 degree.
Imagine now us running only computers from the industrial revolution First Generation Mechanical/Electromechanical computers. They always worked fine, i would say much better than all other PC’s today in performance .
But they were limited very limited .
With a modern pc you can download movies, play games etc, you never have to use gasoline or oil in it.
In A modern car: you use Gasoline/water/oil , the engine is quite primitive like when the first cars were manufactured .
You are limited to a hudge Internal combustion engine which wastes alot of energy that could be used for nothing and weighs alot , besides the car movement should be used for charging the car with electricity like a laptop can.
So Compare an Industrial revolution machine with another industrial revolution machine or it wont make sence.
Edited 2007-05-01 05:58
Generally spyware comes in the form of programs that the user, who doesn’t know any better, installs usually to see something pointless like a picture of a bear on a unicycle or a naked picture of Jessica Alba.
spyware is not a problem of the operating system, it’s a problem with unknowledgable users demanding control of there PCs.
I’m guessing your grandma probably doesn’t do much with her computer, checks her emails, surfs the web, maybe some instant messaging and you probably set all of this up for her and she is running in a lowly user account.
Which is exactly the type of setup she should have. But it’s hardly a good test of the security of an operating system.
Rayiner: If you are a scam artist and you want to create a scam, would you target 1% of the population or 99%?
You would target the system that proves the easiest to break into and replicate.
Would a robber break into Fort Knox with the Billions of gold reserves in it, or would they try a back-woods local bank with maybe $100000 dollars in it ?
Depends… can I replace all the guards in Fort Knox with just my kid sister?
The more security you have, the harder it is to actually USE your computer (I mean install programs and do things that “joe user” finds unintuitive). You have to deal with extra prompts and mysterious failures when you want to do some things.
If you’re running a secured UNIX, then you also need to have a UNIX guru on hand. Windows has the opposite problem: if you get borked with spyware, you need to have a tech-savvy Windows user (I wouldn’t call too many of them gurus).
Spyware is one case in which I’d like to see Microsoft lobby the government for laws. We should go after the miscreants who create this crap in court. It hurts Windows’ reputation, so Microsoft has a case as an aggrieved party, and eliminating spyware helps society.
if you’re running a secured UNIX, then you also need to have a UNIX guru on hand
not really. set the system up with all the software they ever need, give them a limited user account, and away they go. sort of like “fire and forget”.
It hurts Windows’ reputation, so Microsoft has a case as an aggrieved party, and eliminating spyware helps society.
Yes indeed, but not just Microsoft. Some big companies have had their websites hacked and trojans put onto them, http://www.itv.com/f1 had 17 separate trojans just before the start of the f1 season. Assuming these were not from itv themselves, this is atrocious.
Finding where the spyware originated should not be too hard to do, as you just have to follow it back to destination.
However, Microsoft are taking the wrong approach. Instead of chasing these people down, they are promoting Vista as a better deterrant. Even though they themselves says Vista secutiry is not the best….. even though all other OS’s should use it ??????
I am confused by these mixed messages from Redmond.
Is that because it’s turned off?
I use both OSX and Windows at work and at home. I like Windows a lot more and it’s as stable as OSX. No spyware or malware and only the odd crash once a year to spice things up – on both systems.
I agree with the security standpoint that OSX and other *nixes from a malware/virus standpoint as far more secure than windows, that goes without saying … What i do find interesting though is a vulnerability finders viewpoint that Vista, and indeed MS’s security methodoligies regarding writing code is seemingly better than the current method used for OSX development .. While this may be true in so much as Vista is a new toy and mabey not so much “blood is in the water” yet i think mabey (flame me if you like) MS mabey beginning to get something right (shock .. horror), even if “right” is not the correct word, “better” is at least an improvement than what has become the norm for the older MS, OS.. I’d be surprised if the researcher had the same viewpoint when considering comparions between XP and OSX in the same context ….
Roll on OS 10.5 … mabey we will see an about turn in the comments if the researcher is ever interviewed again when this is released ….
It’s still early yet; we’ll see how it goes.
I do think MS got some religion after getting kicked around like they have been. You can’t get beat up like they and not learn something.
Maybe Apple will hire Theo de Raadt from OpenBSD to beef up their security after this.
This sort of thing happens after every release. There is a team of people who go how much better this new version of Windows is over the closest competitor, in areas which the competitor says it is better at. Then in a few years people are finding flaws in windows and taking advantage of them.
If Windows Vista is more secure then OS X then great, we are all better off. But Ill stick with OS X until Microsoft can really prove itself not just from a couple of months live where people are to afraid of messing up their new systems with attempts to make mal-ware.
Not suprised given that it (quicktime) have been around just as long as some of the parts that is giving microsoft headaches…
Browser: Opera/8.01 (J2ME/MIDP; Opera Mini/3.1.7139/1662; nb; U; ssr)
Probably one of the most insightful posts in this thread…
Give it a year. Then I’ll do a count on McSoft security patches and downloads. One or two zero-day attacks on the new Vista shoud increase the number of those patches.
To bad security hacks have to be forced on OS X via a Java crack via a browser in a contest. With Winderz – you just turn the computer on and connect it to the internet.
The person who said their relatives have been running a Wind box on the net for four years is either in denial or stoned off their ass.
Edited 2007-05-01 03:35
Windows vista first update says (you can get this text if you right click the available updates and choose view more details about the update) This update protects the system from being totally controlled by a hacker remotely!!!!
I don’t expect this OS to be thus secure after the many years they swear to God that this time windows is secure. OSX is still unix underneath and thus more secure.
One test can prove this: OSX visiting 1000 malacious web pages –> one infection; Windows XP/vista visiting 100 malacious web sites –> abortion
OSX is still unix underneath and thus more secure.
I have read this statement dozens of times but have never seen any detailed explanation. What about Unix makes things secure?
Take a look at the “Unix Haters Handbook,” and you’ll see that it’s nothing in particular. Unix had all the security problems of other OSes and still has some of the dangerous practices that allow new security holes to crop up.
The reason Unix is secure today is just that it has been tested extensively. And the primary role of Unix has long been to serve clients on public networks, so it’s just had long term exposure to malicious attacks. Linux and Unix are still compromised quite often. I had a friend here who was taken off the school network because his linux box got hacked and someone was using it to get to restricted library resources. The difference between Windows and Unix, is that attacks against Unix are usually specifically targeted and require human interaction because no two instances of Unix are exactly the same. With the Mac this is starting to change, and we might see some automated Mac hacks.
From a lot of the news we’ve been seeing, Mac OS X has had some long-standing Unix vulnerabilities that were simply never fixed by NeXT even though the BSDs had fixed them. Apple has largely ironed these issues out, but they clearly don’t have the same large-scale security push as Microsoft has (and they haven’t needed it so far).
The answer IS actually market-share. Most of today’s mass vulnerabilities involve user-interaction. You’ll likely only get a 5% response to a social engineering trick which gets a user to click a link. For Windows, this means that you can get perhaps 4.5% of the computing populace with an attack… a worthwhile percentage. Attacking OS X will get you 0.3% of the market (assuming apple’s market share in the US is 6%). Furthermore, malware infection is really an n-squared phenomenon since you usually rely on infected hosts to spread the virus to new targets (this makes the social engineering more effective).
The upshot? Macs are not worth writing automated viruses for and the malware tooling industry has consequently not really developed. This makes them safer for the naive user and I WOULD recommend the Mac for such a person. On the other hand, if you’re a government or institution and are afraid of a targeted attack against you, I’d recommend using something more hardened like a competently-administered Windows network, a enterprise linux deployment, or proprietary Unix.
But I have five personal computers in my family. One of which is an iMac I bought in 2002. It has never crashed even when I had 10.1. Never had a virus. Never ran antivirus software or a firewall either. You can spout statistics, FUD, or whatever, but it was this track record that made me buy my wife a shiny new MacBook. If you really want to spout statistics shouldn’t OSX then have 2-3% of the virus/malware? Plus like the poster above said it would be MORE bragging rights if you hacked OSX.
I got a job for you, you are hired, no kidding. You can tell for a given system whether it got malware without installing software that could assess this in the first place. I salute you Of course once hired, you will have to teach me your secret skill, that is the whole point in hiring you. C’moooon… tell us, how do you do it..? You better not hesitate too long, because your skill isn’t unique, either. I keep reading from people possessing this skill a lot on this forum. (I will admit I am even more impressed with people who can do the same thing for Windows). My neighbour didn’t have a virus in 2-3 years either, that is until I got terribly bored one day, installed SP2 for XP and Antivir – then, once in a sudden, he had like 6-8 viruses out of thin air.
It’s pretty easy if you’re an OS enthusiast: you probably took a look at the task list when you first installed your OS and investigated what was running and why. When you come to a potentially infected machine, you see if there are any odd tasks there and look up the ones that don’t make sense. After that, you run “netstat -a” to find out all open connections on your machine. If you see nothing, you’ve got a rootkit. If you’ve got listening connections on unexpected ports or connected communications with unexpected remote hosts, then you’re owned.
If you’re still suspicious after all this, run Rootkit Revealer. But this last step is not strictly necessary unless you’re really suspicious because most malware is targeted at users who don’t have the skill to take all the above steps. If you’re infected, just remove all the data from the machine and reinstall the OS completely (this time, make sure the users are not admin, as they clearly can’t be trusted) because it’s rather risky to try to repair it, and you’ll probably find a recurrence of the problem. So, am I hired? What’s the pay?
Edited 2007-05-01 17:27
Good tips.
netstat -a is good at spotting spyware on the machine too. Run it after you restart the machine and have done nothing else. XP should have around 4 – 10 active connections. Anything more means a quick install of spy-bot and ad-aware and avg-antispyware. run all three to make sure you get it all….
netstat -a under linux is nice too, it will show the active tcp connections, but also active unix connections, and it is laid out a bit nicer too.
Now I do not agree with tech-savvy users checking the running tasks and spotting malware. This can be done with some stuff, but the whole idea of malware is to remain hidden from the user, therefore the vast majority does not show up in the running tasks.
Windows people should aquaint themselves with the Registry, especially the part of the registry that is resposible for running programs on start-up.
Give me a break. This genius did not succeed in compromising OS X until they relaxed the rules to the point where just about any OS out there could have been compromised. But he forgot to mention that little fact in the interview.
Don’t get me wrong, I take pretty much the same precautions with OS X that I do with Windows and any other OS I run.
How many people are really have that many problems with crapware or viruses with Windows XP? And if you are you might want to question what you are doing with your PC.
Edited 2007-05-01 04:14
My roommate got hit with a virus that hosed his system a couple of weeks ago. He was running an anti-virus and we are behind a hardware firewall (Linksys router). We also found out he had some spyware installed.
The bad thing is that he lost his XP disk…he’s ordered a replacement copy of XP online and is using Kubuntu in the meantime…I’m not sure he’ll stick with it, but he is finding it quite good. Kubuntu actually performs better than XP on his machine (partly due to the fact that it unencumbered by anti-malware programs, no doubt).
“How many people are really have that many problems with crapware or viruses with Windows XP?”
You will have to be more precise while questioning: How many people can tell if they’re running spyware, p2p network storage, spam senders or network scanners?
I’d like to say this: Most people claiming “I’ve never had a virus and I do not get any!” cannot be sure making this statement because they lack any means of diagnostics to make a valid proof.
Some months ago, I had a “Windows” machine which “does not have a virus”. The fact was: It served as a storage point in a strange p2p network (tried to connect), scanned around in the (local) subnet, tried to phone home somewhere and tried some other strange stuff in the network. There were several antivirus and firewall applications installed, some of them set to “accept all”, in a very strange matter of composition. The PC seemed to work as expected, slow, sometimes needing a reboot, sometimes loosing data, as most “Windows” users know it from their experience. The PC’s owner did not notice any of this, just complaining about his limited traffic reaching the month’s limit after some days which forced him to pay money for extra traffic loads. “But I do not download so much!” Of course, he not, but his PC did.
Fabula docet: Do not count everyone who claims “I have no virus”, because this cannot be considered to be true in every case.
“And if you are you might want to question what you are doing with your PC.”
People are doing stupid things, you know…
The person who said their relatives have been running a Wind box on the net for four years is either in denial or stoned off their ass.
don’t you love people that say this shit when they, themselves, are probably the ones in denial?
I don’t have much love for windows, in fact, I run OSX at home right now. I haven’t even booted up my windows pc in about 2 months.
Windows, even neglected, /can/ run for years without issues.
example, my brothers tower. I put it together like 6 or 7 years ago and promptly forgot about it.
its running windows 2000 Pro with sp2 (!!!) still. its running AVG set to only run once a week without realtime scanning so its using NO system resources except for a bit one day a week.
guess what. the machine is still humming along in his room with no problems what so ever. its on a battery backup and is up for months at a time between reboots.
I decided it was time for some maintenance a month agop
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows 95; PalmSource; Blazer 3.0) 16;160×160
sorry, my phone cut the message off..
as I was saying…
I decided it was time to do some maintenance about a month ago. I popped in my ‘Ultimate Boot CD For Windows’ that I use and ran a defragger off of it. It took teh PC over 6 hours to defrag. This is a 1.7ghz p4 with 512mb of ram and an ata133 IDE hdd. I’m truly surprised windows 2k is still running right.
The fact of the matter is this; Windows can, however unlikely, run for years without problems. So the people you claim are smoking crack and in denial /could/ (*GASP!*) be telling the truth and have windows machines belonging to themselves or friends/family members that have faired quite well.
So before you start bashing people and an OS that you apparently don’t know how to administer or have just had bad luck with, open your eyes and mind a bit and stop being as narrowminded and dimwhitted as the people that bash your OS of choice can be.
Having said this, I’m not fond of windows at all and will never go back to it on *MY* computers.
Now, I’m going to bed. Mod me up or down, I don’t give a damn. But please think about what I said. I’m really getting sick of people today believing ONLY what they have personally experienced or for some reason want to believe to be the gospel truth.
Have. An. Open. Mind.
It’s not hard, and believe me, It makes life a whole lot more fun.
*EDIT* Spelling
Edited 2007-05-01 04:37
Win2K was actually a very good OS.
That said, performance on his machine must have been dismal if it took 6 hours to defrag the disk…
That’s the one thing that annoys me with Windows PC (all the way up to XP…don’t know enough about Vista to say): performance degradation issues. I don’t know if it’s due to disk fragmentation (probably not, since NTFS is not supposed to fragment that much), because of installing/uninstalling programs, or simply because people run too much sh…stuff in their system trays, but this is something I’ve constantly noticed on any Windows install that’s older than 2 years – they all seem to be much more sluggish than a fresh install.
His machine was pretty sluggish at some things. Opening the star menu was laggy, etc.
After defragging, I compressed the registery and cleaned up a few things and now its running about as fast as when I first installed it. Absolutely no lag on the start menu (I removed the 400ms delay on menus via the registery) and even opening up folders is just about instantaneous.
Hopefully it’ll stay this way for several more years
About the “real world” accurracy of the Market Share. 2-3% seems awfully low when I go to Starbucks or their clones and see all those Mac Laptops. Out of all the Musicians i know, there are only 3 that don’t use Macs. Ditto for The Broadcast folks, the independant video editors, and small documentary houses. The percentage of people who aren’t on Macs is very small.
These people tend to take care of the equipment that takes care of them, so it might be a contributing factor to less exploits on the Mac platform.
Vista is a different monster than xp , while xp has its Overactive desktop meaning the GUI explorer interface shell is heavily tied down to mshtml.dll, Vista relies on UAC, annoying popups includes too much DRM that will mess it up for the people , oh did i mention the overbloated IE7 as usual with no real uninstall button.
So now people will find a way to infect the security center , MS still hasnt made it better . a secure system need not be Hudge and bloated , on the contrary Small flexible and reliable .
Would i re-design the os i would add to my project to remove every security feature avaiable and Iexporer using basic Classic mode system coloured windows.
have the OS around 50-200 mb .
On top of that i would make a mode where nothing except for whats installed can be executed and run until i pop in a special Run-things-normal-mode CD also i wouldn’t use Internet Explorer , K-meleon had me content for quite awhile.
So in a not so distant future the malware guys and script kiddies will have the times of their life with Vista, For MacosX? Nobody cares about Steve Jobs bloatware that only runs on ss3 systems unless he really hates Apple
Quoting # of fixes in a security patch by Apple you have to look at how many of those fixes are general unix security fixes that apply across all the distro’s. If you look at OS X which is built on a huge array of Open Source unix code with a proprietary Window Manager that allows Apple to differentiate their product from everyone else in the unix vendor space. Taking the history of all security patches applied to OS X you will find a vast majority are not Apple, nor even OS X specific. All your #insert_windows_version vs OS X comments in reality are just #insert_windows_version vs unix comments.
My Dell laptop on its worst day last 3 weeks before succumbing to a trojan or malware and on a good run can make it about 3 months.
The same hardware runs faster and more secure on Ubuntu linux (currently up to 7.04 installed). The distro is a joy to use, easier to setup in a lot of ways than Windows (and yet in a few quirky areas a lot more difficult to configure than Windows). A lot of the problems I have running Windows in a heavily secured wireless environment go away under Linux on the same hardware. Also of note, our MacBooks running OS X also don’t encounter the same problems that bring all our engineers running Windows off and on the wireless connection so many times that the majority have switched to wired network cables.
I also run OS X at home on a Mac and can attest that in 3 years of ownership and constantly being online, no virus scanners (except twice downloading and running one just for curiostiy sake to what it would fine [it found no OS X viruses – just lots of false alerts detecting windows viruses in email attachments of which they are just deadweight inside OS X as they won’t execute or run and are purely just Dead On Arrival).]
Has Apple been slower than some unix distro’s in patching general unix security flaws that are uncovered? Yes! Has a single exploit of any of those security flaws lead to actual real world attacks and compromise of OS X security? No! Will it ever happen in the future? Maybe! Therefore does time to patch being a #insert_hours_ordays_orweeks longer than another unix distro make for a valid argument? To date, No. You guys need to subscribe to the multiple security digest lists we use in the industry and keep tabs on the daily events on all the operating systems to get a true real-world picture of what is happening out there. Until then, its just Opinion and FUD posted by the uneducated masses.
I have never had a single Windows box attached to the internet without virus scanners or internet security software ever be able to run for any length of time without succumbing to security breaches and infections.
Would I love to be able to get rid of Windows – Yes. I could almost do it right now and run Ubuntu 7.04 as the main operating system on my Dell laptop if it were not for the fact that OpenOffice and Microsoft Office don’t get along in a quirky feature area I use extensively.
I am however looking into buying more MacBook Pros for the office here and will wait and see how future OpenOffice packages work and in the meantime just load Microsoft Office for Mac on the MacBooks.
If you’re an Old IT guy, how do you get viruses or malware on your Windows install?
You mention that your laptop succumbs to “trojans.” Doesn’t that mean that you’re infecting yourself, there?
Your virus scanners find viruses, apparently, but does that mean that they’ve infected your system, or did you just get one by email?
I think you’re not a very competent IT administrator if your self-report is accurate! I suggest you hire someone who knows what they’re doing.
I agree, he should hire someone with a bit of a clue….
Would I love to be able to get rid of Windows – Yes. I could almost do it right now and run Ubuntu 7.04 as the main operating system on my Dell laptop if it were not for the fact that OpenOffice and Microsoft Office don’t get along in a quirky feature area I use extensively.
MSOffice runs brilliantly under Wine
2% sounds a low market share, but what does that actually mean? 20millions computers, 100million computers.
Malware and other crapware is primarly there to get money, to scam and to otherwise extract financial information from users. This is not mainly someone trying to get his name noticed, these are cyber criminals.
If you were these criminals why wouldn’t you target the mac, the vast majority of users don’t care about security so shouldn’t it be ripe for the picking.
As for windows, i was a massive fan of Win2k, i love win2k3. XP i don’t really like as much and i really don’t think much of Vista (resource hungry). However to say that windows crashes because the end user doesn’t know how to use it, doesn’t suggest that it’s the users fault more over a fault with windows.
At the end of the day we may be in the IT industry and love our profession, but a lot of people see the computer as a tool, perhaps how a lot of people see their cars as a way to get from a to b. To get infected with spyware and viruses suggests that the windows design is wrong. Oblivously we learn to drive so they should know the basics, but the user shouldn’t have to have a degree in computing to keep his computer safe and stable.
There was an article earlier on OSAlert i can’t find it now, where a researcher proved that Market share doesn’t matter and that it’s the overall design. The problem mainly for windows was that Windows NT was designed to be open by default, to chatter to everything and anything, which win2k inherited, xp etc.. where as unix’s are secured by default.
I have high hopes for the version of windows after Vista R2 (Whatever they decide to call it), as we now have a good design team and a more productive development cycle.
We also have to consider that Mac users generally have higher income, and therefore should represent a more appealling target for cybercrooks.
I have previously run Windows 95, 2000 and XP. Now I am running OS X, 10.4.9.
My experience tells me I am getting more done more easily with OS X now, which was not the case previously – constant battles with malware and viruses, not to mention the frequent crashes, glitches, etc.
I think any OS, and the use of it, for any individual, has to taken as a whole and in the round: it’s risk and productivity assessment, and lots of other things, together.
I have had a Mac box since Christmas, and now I am heavily upgrading it, and look forward to Leopard. If other OS users find that theirs fills that ‘OS-shaped whole’ I am happy for them. That whole happens for me to be Apple-shaped at the minute.
Bugs vs. Misconceptions
When it comes to bugs I believe that there is no big difference between Vista and Mac OS X.
A Bug is found and hopefully fixed soon.
When it comes to misconceptions I really think that Windows (no matter which version) has big problems.
These misconceptions seem to be hacks to support some ill implemented ‘features’ that cannot be fixed without breaking compatibility.
(Process can send keystrokes to processes with higher rights etc.)
OK: How do I, as a disabled person, use my computer if the screenreader can’t get text from and send keystrokes to the processes I need to interact with?
I guess disabled people are rare, so we can ignore them (Microsoft can’t).
What if I’m East Asian and want to use an IME to enter text into a privileged application?? We can ignore blind people, but not 1/3 of the world population.
Maybe the architecture could be a little different to support this. Perhaps that’s something they’ll fix in the next version of Windows.
I think I’ve seen this a lot of times in the last few months, just like I saw it in the months when Windows XP came out.
Every time Microsoft comes out with a new version of Windows, there are thousands of users and tech experts claiming that it’s more secure than Anything Else On The Market, depending on who its top rival is.
Unsurprisingly, this only happens in the first few months, because after a year or so, when the holes keep coming along and the security patches you need begin to fill a CD, everyone but the zealots stops applauding this great new security.
Meanwhile, in those months, I see very few Mac/Linux/etc users or experts who are “in love” with it starting to mess around with statements about how this new version is not more secure than what they already use. The only reason I can think of for this is that they really don’t “care” — they already know their systems are secure enough for their needs (this is my case at least. I rarely go into x-is-more-secure-than-y, unless x and y are webservers or similar things).
I’m a regular Mac user (I use it at work which makes for some hefty hours every day) but I use NetBSD and Linux at home. I haven’t bothered to run a set of benchmarks, so my “standards” regarding which OS is more secure are more earthly. I do appreciate the enormous work put up by security experts in analyzing Vista’s security, I really do. But it will take a long time to convince me that you can call “secure” a system where you can still end up with viruses (which are written as more than just a proof of concept and that actually works, Loop-A which spreads over Bonjour only in a LAN is not an option here), which still requires you some hefty anti-virus, anti-spyware and firewall programs just to surf the fsckin web safely. Not to mention the fact that I’d rather have a few viruses than being asked to Cancel or Allow on just about everything.
The only conclusion I can draw from all this flooding of articles with Windows-Vista-is-oh-so-secure is that Microsoft is so desperate for restoring their bad image that they are simply rocketing up to the sky a number of technically excellent, but modestly efficient and insufficiently tested improvements.
Let’s make a benchmark of it if you want. Mac OS Cheetah was launched in april 2001 if I remember well. Let’s wait for six other years and see if Vista’s set of discovered security flaws is as big as OS X’s is today. As someone said before, the proof of the pudding is in the eating.
” … brand new Microsoft OS ….”
I’m not sure I would call it that since it is still built on NT.
” … BECAUSE MAC HAS 2.86 PERCENT OF THE MARKET ….”
Really! Seriously, I see that marketshare growing now that Dell has lost its vision and had issues with exploding laptops.
And OS X was built on Bach, but that doesn’t mean OS X wasn’t brand new in 1999 (or was it 2001 if you’re talking specifically about the desktop version)
Correct, an OS is much more than the kernel.
“And OS X was built on Bach, but that doesn’t mean OS X wasn’t brand new in 1999 ….”
Bach?
Did you mean to type Mach?
OS X users may or may not be in denial about their computer security environments … at least we’re not completely oblivious about security like Bill is. I wonder what his tech tell him daily.
“
”
hehehe Yes. Serves me right listening to classical while talking tech.
Nigel Tufnel: I’m really influenced by Mozart and Bach, and it’s sort of in between those, really. It’s like a Mach piece, really. It’s sort of…
Marty DiBergi: What do you call this?
Nigel Tufnel: Well, this piece is called “Lick My Love Pump”.
It’s also more secure than Windows Millenium
All test of security test Windows with user account.
Because it’s not recomended to use administrator normal use.
But the great majority of user used administrator account.
In that case, the result of security vs. Os X probably change.
Be underground, get an Amiga or an Acorn, most malware writers probably don’t even realize they exist
Despite Macs having a much smaller user base of about 3%, there is actually much greater potential for sustained ‘profit’ if a malware author was able to successfully exploit the platform.
Imagine, millions of Macs, networked together via “.Mac” and iChat, all running without any anti-virus or anti-malware protection, only relying on the once-a-week or once-a-month security update from Apple (yeah I know the users can set it to daily but I doubt if even 1% of Mac users change it to that).
Meanwhile, almost all of the Windows users have some form of anti-malware and anti-virus application always running, almost all of them perform daily updates.
I would reckon that there would be much more to gain from writing malware for Macs purely because the population of Mac owners are so much more unprepared for it. Also, it can be argued that many Mac owners are that much more affluent than the Windows users (hence the arrogance) so that there is significantly more money to phish if malware was successful.
By the way, the author of the article completely failed to mention that his hack against the Mac is also possible against Windows machines as the vulnerability exists on both platforms – in the Quicktime plugin.
I call it a draw.
Well that just dont hold any real ground what so ever, No one has ANY proof that one a said OS gets more market share it gets attacked more.
Linux gets attack regardless OS X gets regardless and if OS X is as bad as people claim why no virus’s yet, if it’s really that unsecure. I would’t call 20 million plus users not many and it WOULD get news.
You see now that Windows is sort of ontop(much better than it was preSP2) of theses issues people start throwing the FUD at other OS’s even though they have a totally different design.
Again Vista has been out 4 months, it’s just yet another FUD artical promoting Vista as the most secure OS ever made.
Not to nitpick, but technically it’s not FUD if it promotes something and puts it in a positive light (though you could say that the implications that OS X is less secure, in themselves, are FUD…)
Sleek gadget maker Apple seems to have put OSX and their PC’s on the back burner for the iPhone, Ipod, etc…
I’m not surprised that Vista is more locked down than
OSX atm. It’s good that MS has included some nice features in Vista.
The problem with Mac fanboys is that they are dishonest and they will not enter into any discussion to be honest that does not involve Apple worship. I get tired of seeing post from Mac fanboys making grand claims about how bad PC is, their bad experience with XP, Mac just works and PC does not, I can work better on Mac now because I had problems on PC, blah..blah…blah. They always spin and never address the facts or they spin the facts like the guy who suggested that malware writers would waste the time to write malware for 2.8% of the market.
These types of fanboys are:
1. ignorant on how to install software(you can get free versions) AV and anti-walware. Basically they are just ignorant and are used to Apple telling them what to do etc…
2. they are dishonest.
This is my personal favorite Mac fanboy spin:
“Macs are better than PC. They are better built, better hardware, and more secure. OSX is far better than Windows! Oh yes…you can….um… you can use Boot Camp to install XP on a Mac!”, says the Mac fanboys
“If OSX is so much better than why promote it Boot Camp fanboy?, I asked
“ummmm”, replies the fanboys
“Is it because OSX software selection is so bad when compared to Windows?” I ask.
“You do know that Apple’s hardware they put in Macs is far behind PC hardware atm. When you fanboys look outside of the box you will see how much your Macs are lacking when compared to PC hardware. Don’t believe me then take a look at Nvidia, ATI, AMD, Creative Labs, the mother board makers, the various chipsets, power supplies, etc….”,I said.
Now the spinning starts! LOL. Observe the fanboy spin that will start this post.
Any post that takes me multiple tries to not ask how old you are means that it’s probably flamebait, but I’ll bite anyways.
I am a mac fanboy. I shall now be completely honest with you. I like Mac because Mac and GNU/Linux are what I am comfortable with, and I’ve been using them longer than I have used Windows(7 years Windows, 12 years MacOS of various flavors, 8 years GNU/Linux experience [since March of 1999 when I started with Slackware 4 and an old Pentium Pro my brother gave me]). That said, I know exactly what free software is out there for windows from having to help people with it so much.
If I put a computer, fully loaded with free anti-virus (usually either AVG or AntiVir PE Classic), firewall (ZoneLabs ZoneAlarm), anti-spyware (LavaSoft AdAware), and anti-malware software (spybot search and destroy) freshly updated, hand it to my girlfriend, and leave the room for 30 minutes, when I come back it WILL be infected with something unless I start up PeerGuardian 2 beforehand, at which point I’ll start hearing screams about “how the web is broken” because a web page was blocked.
Meanwhile, if I hand her my laptop with Ubuntu or sit her down at my mac, I can come back and the machine will be pretty much in the same state I left it after I close all the opened windows. The most I usually have to worry about setting up is ClamAV.
Is it possible for the opposite to be true? Absolutely. A friend of mine can seemingly crash a GNU/Linux box or Mac OS X box just by looking at it yet his windows boxes are so stable Microsoft could use them in their advertising.
As far as the hardware for the price? Yea, if you don’t have a specific reason that you need Mac OS X, you can save a LOT of money just getting plain-old PC hardware and using GNU/Linux. Their high-end boxes are fairly competitive, but the “consumer level” hardware generally stands about $200 – $400 higher than the equivalent PC + GNU/Linux. But then again, the same statement holds true for Windows boxes as well.
And as far as security goes, EVERY OS needs proper security, and the more software you use the more potential holes you need to block up. From my experience, it’s easier FOR ME to secure GNU/Linux or Mac OS X boxes than it is for me to properly secure Windows boxes. That is one reason I’m a fan. _I’M_ a fan of GNU/Linux and Mac OS X because, to me, it is what windows isn’t: comfortable and intuitive.
Can you honestly say that you’ve tried the competition for any significant amount of time and prefer MS Windows? If so, great. If not, why don’t you take a look at that dishonesty complaint of yours and see if you’re being honest with yourself.
So we have an apparent pro here who states that MS has better code security built into the development process. He has a proven track record or at the least he has some ‘wins’ under his belt.
Then we have a bunch of armchair security ‘experts’ and coders on this forum who are posting like mad with variations of how their grandmother either did or did not get hit by malware depending on what OS was run.
Who to believe? Hmmm… considering the track record between the two groups I’ll put my money on the hacker who exploited in this instance. The guy is probably right.
You guys are hilarious… I use OSX, Various flavors of linux and WindowsXP. Haven’t purchased Vista for my home PC yet but I do use it elsewhere. I find it funny that you people are so critical of any particular os. I have many uses for each OS I run. But with the three PC’s in front of me I admit my MacBookPro gets the most use. No major reason for it. It’s just the most pleasant to use. I can just do what I need to do without worrying about AV updates , Anti-spyware updates etc… I get frustrated with windows quite often. Still can’t believe one misbehaving app in windows can take down the whole system lol… OSX and Linux can just carry on with what it’s doing and just force quit or kill the offending app. But anyways, I’m not a fanboy of any OS or company. I take the open-minded and objective approach when critiquing and OS or apps. My Opinion is that Linux is the most secure but not quite up to par with OSX’s usability. I have the knowledge to configure Linux but when my mac is sitting right here ready to use and just works and keeps on working I use it to get my work done. When I feel like digging into the OS a little more I can with OSX as well as I can with Linux. Windows on the other hand it pretty limited in that respect. But when I want to use windows for the most part it works. Leaves a bad taste in my mouth but works lol. When people ask which computer I recommend when they are purchasing a new one, I can’t avoid recommending a Mac. Flame me if you want but hey this is my opinion based on my experiences with these OS’s.
Everyone here is commenting on Microsofts track record, from 95 on to just before XP SP2. This is really funny, as everyone knows MS wasnt paying enough attention, at that point they stopped vista development, and did code reviews/rewrites of security in XP because they acknowledged it was such an issue. XP SP2 has average security (compared to osx and linux), and Vista has technologies which would seem to make it better then XP SP2.
So, when these new features are put to the test, everyone goes up in flames because winME had bad security, and completely ignore the last few years of windows history, which havent been bad at all when it comes to security.
I do not trust what this guy is saying due to the fact he made the following statement:
“I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.”
I do not mean to be sarcastic here but I am sure Microsoft and Apple gave him the source code to the binaries he was testing.
There is no way he can make quality comparisons between the two code bases without seeing the source code so the above statement is just stupid, or worse he doesn’t understand what he is talking about.
He doesn’t even describe what MSDL is. I tend to discount that statement as well as nothing that he is describing meshes with my experience out here in the wild.
I have lots of associates and lots of colleagues running Linux and OS X and Microsoft systems.
The only ones that call me who R in trouble are the Microsoft ones, not the Linux or the OS X owners.
-Hack
I do not mean to be sarcastic here but I am sure Microsoft and Apple gave him the source code to the binaries he was testing.
Well, maybe he was just guessing and the whole Vista community saw this and immediately made it a part of their Holy Bible.
At first reading that Win is more secure than MacOS has made me smile. Then, thinking about it a bit more I couldn’t avoid laughing.
What he SAID was that the code quality in Vista is currently better overall than Mac OS X.
That doesn’t necessarily translate into better security overall. It merely means that Microsoft is writing their code more securely than they used to.
It doesn’t address DESIGN issues at all.
In other words, ActiveX is still there, at the very least. And the majority of malware comes in via ActiveX from malicious Web sites.
Windows is not and never will be even remotely “secure” BY DESIGN.
Uhm, the whole point was that the way he managed to examine the code in order to say which one is better overall is a bit unclear.
If OS X is partly open source and you can examine at least parts of its code, Vista is not only closed-source, but so new that such a statement about its code is… very early on, to say the least.
Besides, the article shows very few arguments about how Dai Zovi reached this conclusion. If he said this based on a cross-platform vulnerability in QuickTime, he should get another job.
If not, I’d really like to see the proofs. Until then, Vista still has more viruses, more spyware and a lot of other things than OS X has.
Sure, sure, Vista is technically speaking more secure and it has a ton of fancy features OS X has and it’s the future of computing and the OS borgs use I guess, but the fact is that I still haven’t got infected on an OS X box. In spite of all technical discussion, Vista will be *practically* as secure as OS X is when it will not be as vulnerable as it is.
Please, don’t give me the marketshare shiFt. As an end-user, I hardly give a damn about why I get viruses on Vista. I know I don’t get any on NetBSD or OS X, which I use, and therefore, empirically (but very efficient for me), they are the more secure.
its been out for four months, so far I have zero virii, zero spyware, and I use IE every day, AND i use free AV w/ windows defender (built-in).
The difference is that if steve jobs ever ends up actually ruling the world, OSX will be in the same boat as XP pre SP2 was. A big naked target.
You wont get any virii on haiku or beOS either, and it has nothing to do with their security. It has to do with the zero payoff to virus writers to write for something that noone uses. Sorry to say, but OSX security is because its relative obscurity.
http://projects.info-pull.com/moab/
you are ALLLLLL full of sh@t!
i can not beleive how often this topic goes ROUND AND ROUND!!!!!!
ROFL