Evil Empire Marches On: Palm Sells Out At Last, M$SFT Increases Outsourcing, M$FT Loses in MA

[SudsyFist 0]

Quote

Apple's superior security also makes getting a virus extremely difficult.

No, Apple's tiny (read: midget porn) market share makes developing a virus on/for a Mac extremely fruitless. Unless you're Jeff Goldblum.

This has nothing to do with who's got the biggest phallic-shaped security -- it's purely a matter of numbers: very few virus writers are interested in targeting the Apple platform; therefore, there are very few viruses which target the Apple platform.

The only superior security in modern computing is unplugging your machine and enjoying the silence.

[tso-d_chris 0]

Quote

No, Apple's tiny (read: midget porn) market share makes developing a virus on/for a Mac extremely fruitless.

This argument has been thouroughly debunked many times. One study found much more obscure OSs that still had a higher "market share" of viruses than OS X.

Writing the first successful large scale (relative to Mac user base, which is growing far more rapidly than industry standards) virus for OS X would make a career for a hacker. If it were as easy as writing a Windows virus, it would have been done by now.

With a Mac, I can go anywhere on the internet, including porn sights if I so desired, without any virus protection or spyware protection, except the OS's firewall, without getting malware. My biggest security concern with my Mac is if someone hacks in with the keyboard.

[AlexCrowley 0]

Old Macs had fewer infection vectors because they didnt let processes run rampant across the entire system.

New Mac architecture is based on BSD's model, which makes infection just as difficult and any possible damage kept to a minimum.

The reason MS gets so many virii is because MS programmed for convenience and not security. Which is why it's a total nightmare to lock down a Windows network, especially if you want it to be usable.

TV's got them images, TV's got them all, nothing's shocking.

[AlexCrowley 0]

Quote

Quote

urg? Linux already has plenty of .ps creation tools, why wait for yet another proprietary format from a private company?

I can't send a *.ps file to most Windows users because they don't have the software to view it. Adobe does a good job too.

Uh huh. You obviously didnt RTFA.

"he state of Massachusetts has finalized a proposed move to an open, nonproprietary format for office documents, a plan that involves phasing out versions of Microsoft's Office productivity suite deployed in the state's executive branch agencies."

PDF is owned by Adobe, making it proprietary and just as vulnerable to corporate greed as MS Office ever was (unless you've not been watching Adobe for the last 15 years)

Open Office opens most closed formats and generates documents in a variety of open ones, I'd imagine that would be where they're heading. The latest version of OO is actually pretty respectable compared to its earlier incarnations.

TV's got them images, TV's got them all, nothing's shocking.

[SudsyFist 0]

Quote

Quote

No, Apple's tiny (read: midget porn) market share makes developing a virus on/for a Mac extremely fruitless.

This argument has been thouroughly debunked many times. One study found much more obscure OSs that still had a higher "market share" of viruses than OS X.

I've read several related studies with completely conflicting conclusions (what's new), but I offer my own experienced perspective for whatever it's worth.

Quote

Writing the first successful large scale (relative to Mac user base, which is growing far more rapidly than industry standards) virus for OS X would make a career for a hacker. If it were as easy as writing a Windows virus, it would have been done by now.

A virus's "success" has less to do with how well or easy it is developed than it does with how well it propagates. How many shitty, completely inert viruses have made their ways across hundreds of millions of Windows PC's in the last five years? How well do you think a buffer overflow vulnerability somewhere in the Mac's TCP/IP stack (for simple example) can be exploited for propagation when only one out of every few hundred connected IP's are even *possibly* going to be vulnerable?

You're right about Mac's growth. Mac will eventually reach a critical mass, however, where it becomes more of a target, and at that time it will be exploited. Period. And Mac's not alone... (*cough* GNU/Linux *cough* *cough*)

Look at the browser world: Internet Explorer was *the* poster child for vulnerabilities and exploitation. Once Mozilla/Firefox got popular enough, though, guess what? Exploits are popping up right and left, and Microsoft's having a PR field day, particularly with Mozilla's claims of superior security.

I agree with your assertion that Mac has a few security advantages over Windows in its architecture, but as any security professional will tell you, security measures do not prevent exploitation: they can only impede it. So long as code is not perfect and your machine is connected to a network, you are at risk, regardless of any clamor -- technical, marketing, fanboy, or otherwise -- about superiority of this or that or the other thing.

[SudsyFist 0]

Quote

New Mac architecture is based on BSD's model, which makes infection just as difficult and any possible damage kept to a minimum.

You can do plenty of nastiness to *nix OS's as users other than root. Anyone who's ever written C in vi can tell you that.

Remember, there's more to being impacted by a virus than just catastrophic loss of data/config. Something as simple as slowing down your machine or making you reboot can, multiplied over thousands or millions of machines, cause some pretty hefty productivity losses.

EDIT: Remember the good ol' finger exploit? Something about a root prompt...

[AlexCrowley 0]

Yup, there will always be exploits. The major difference is that Apple has a sane architecture and security model which minimizes the risk to a very large extent.

By not having all the tied in convenience of Windows there's a much higher barrier of entry in creating malicious Mac software.

Even on Windows if you don't use MS internet products you're almost bullet proof. If you dont use Office on top of that you'll have to work hard to get infected. I just spent a few years without virus scans and without using Outlook or IE and when I eventually did scan I had a couple of inactive nasties in a cache file for firefox but nothing that had a chance of replicating.

Any system can be exploited. Windows gets whacked more because it's security out of the box is shit. I dont think comparing Windows architectural flaws to the odd forkbomb or buffer overflow is a reasonable comparison.

Numberswise, my network does a great deal of traffic, an amount that makes Cisco engineers eye's grow very large. Looking at snort it would appear that there is a great deal of Windows exploits compared to *nix based attacks. Considering their installed base is roughly even (actually the *nixes are slightly ahead if the numbers haven't changed too much recently).

Grepping quickly through a web servers log shows a lot of attempted windows attacks compared to a very low incidence of Unix specific ones.

So no, I wouldnt say 'plenty' of nastiness on Unix, unless you're going to say 'an enormously large number of nasty things to do to windows.

If that didnt make sense its because i'm hitting hour 24.

TV's got them images, TV's got them all, nothing's shocking.

[kelpdiver 2]

keep telling yourself that if it makes you happy. But it ignores history and common sense. Linux predates Win95. It predates Windows having effective tcp networking to exploit. And vunerabilities have been squashed over the years. Whereas it's been a growth industry with Windows.

As for losing access to thousands of machines - that happened to me at work less than two months ago. All win2k boxes. When's the last time this happened in the unix world? Reagan was President. There is no lack of people trying to bust unix servers. Not nearly so much success.

[SudsyFist 0]

Quote

By not having all the tied in convenience of Windows there's a much higher barrier of entry in creating malicious Mac software.

IMO, there a number of things about the Windows architecture that's lacking but I think it's much more complex than having convenience built-in. The same could be said about other OS's, as well, but I'll agree not to the same extent.

Quote

I just spent a few years without virus scans and without using Outlook or IE and when I eventually did scan I had a couple of inactive nasties in a cache file for firefox but nothing that had a chance of replicating.

I've never -- I say again, never -- run background/service anti-virus software on my Windows PC's. Nor anti-spyware, for that matter. Once, about four years ago, someone connected an infected laptop to my network and popped my IIS cherry on one of my boxes (wasn't on the latest service pack), but I caught it the day it happened. Other than that, my relatively infrequent scans have always come up negative.

So I agree with you.

Quote

Windows gets whacked more because it's security out of the box is shit.

That's where I disagree. Yes, security out of the box is shit, but pinning the blame on that one reason is a great example of tunnel vision. And I strongly believe if the Apple/MS market share roles were reversed, we would have an abundant (note, I didn't say same) amount of vulnerabilities being exploited on the Mac.

Quote

I dont think comparing Windows architectural flaws to the odd forkbomb or buffer overflow is a reasonable comparison.

Honest question: which gets exploited more, or has a more successful track record of infection? You see your web logs.

Quote

So no, I wouldnt say 'plenty' of nastiness on Unix, unless you're going to say 'an enormously large number of nasty things to do to windows.

Agreed. I was trying to make a point that fanboys rarely seem to be able to see: less does not imply zero.

[SudsyFist 0]

Quote

keep telling yourself that if it makes you happy. But it ignores history and common sense. Linux predates Win95.

WTF has that got to do with anything? Today's Windows is built off the old NT codebase, not 95. I'll agree, though, that it's younger nonetheless.

Quote

As for losing access to thousands of machines - that happened to me at work less than two months ago. All win2k boxes. When's the last time this happened in the unix world?

How often are servers targeted by virus authors? Seriously? If you're looking to pollute the net with your twisted creation, are you going to target the machines that have a gaggle of high-paid nose-picking pizza-and-peanut-M&M-eating dorks building layer after layer of protection around them? Or are you going to target Joe Dumbass who bought his first PC for the online porn? And how many of those dumbasses choose Unix for their desktop OS?

Quote

There is no lack of people trying to bust unix servers. Not nearly so much success.

That is so inaccurate, I don't even know where to begin.

[GTAVercetti 0]

Quote

How often are servers targeted by virus authors? Seriously? If you're looking to pollute the net with your twisted creation, are you going to target the machines that have a gaggle of high-paid nose-picking pizza-and-peanut-M&M-eating dorks building layer after layer of protection around them? Or are you going to target Joe Dumbass who bought his first PC for the online porn? And how many of those dumbasses choose Unix for their desktop OS?

Which is all the more reason MS should ACTUALLY TRY to break their product before release. If their target is Joe Sixpack who understand little about security and even less about viruses, then the product should be designed to protect him. It should not be released and then followed by 4,345,665 security updates because they did not bother to do it right the first time. There should be beta after beta after beta to test. And then some more testing. They should HIRE hackers to write software to exploit...all before release. The more complex a piece of softwarem the more testing it should have before its release.

Why yes, my license number is a palindrome. Thank you for noticing.

[SudsyFist 0]

Quote

Which is all the more reason MS should ACTUALLY TRY to break their product before release.

Hear, freakin', hear! They're doing a lot better now than five years ago, but there's still a looooooooong way to go.

[AlexCrowley 0]

I'm sorry but Windows was never intended to be secure and was bolted on afterwards. The various *nixes have a 20 year headstart on Windows.

We know that MS finally realized they'd screwed themselves when they decided to totally rewrite longhorn - THANK GOD.

This isnt a fanboy attitude, hell I use a little of everything depending on the job at hand.

Windows presents the following happy bonuses to hackers: A nice stable standard kernel, and due to its closed nature theres a lot ofnice overflows to play with (direct quote from a very high profile hacker - as seen in Wired magazine...heh heh heh).

Popularity just made it visible, but no more so than a *nix. it's the lack of openness that ensures plenty of opportunities to exploid the system. Once you tie that into a system that pretty much overrides sensible security mechanisms and allows for automated replication with very few roadblocks and you get some pretty cool nastiness. We can talk about raw sockets, stupid crypto key lengths and limited key entropy in Window's implementation of password security if you'd like. Or that tying user space applications into the system kernel as a bad design concept. OR just the simple mess thats involved with trying to evolve an operating system while remaining a slave to backward compatibility.

The exciting thing about the vista approach is simply that Microsoft are no longer playing the arrogant technology role, they're looking at history and designs that have worked in the past. A monolothic system is ALWAYS a really bad idea. You're forver playing whackamole and eventually you have something so complex that a 1000000 QA test cases aren't going to be enough to catch the significant showstopping bugs.

The Times or WSJ (dont remember which) had a great article at the beginning of the week about how MS have watched Google and realized that it's only going to survive by creating a plug-in style architecture. Of course, anyone near technology in the last 8 years or so knows something about object oriented programming, and anyone who's paid attention will realize that most people use it for exactly the wrong reasons.

however, with some discipline and forethought taking the concept and creating truly reusable code and then architecting lightweight components that fit together cleanly and simply allow for some stunningly elegant and effective applications.

It's that sort of vision that has pushed open source programming forward rapidly, its MS's complete ignorance of that model that generally raises the ire of many developers and tech geeks.

TV's got them images, TV's got them all, nothing's shocking.

[SudsyFist 0]

Quote

Popularity just made it visible, but no more so than a *nix.

Popularity makes it more than just visible: it makes Windows the most effective vector for an epidemic (imagine if HIV went airborne). That's the point at which I was trying to get. If Mac or any other OS ends up in the same place, you absolutely will see exploit after exploit targeting that platform. Once compromised, there may be a whole lot more that can be done to a Windows box due to its architecture, but a compromise is still a compromise.

Quote

A monolothic system is ALWAYS a really bad idea.

Just don't let Linus hear you say that.

Quote

however, with some discipline and forethought taking the concept and creating truly reusable code and then architecting lightweight components that fit together cleanly and simply allow for some stunningly elegant and effective applications.

It's that sort of vision that has pushed open source programming forward rapidly, its MS's complete ignorance of that model that generally raises the ire of many developers and tech geeks.

Couldn't agree more.

[kelpdiver 2]

Quote

Quote

There is no lack of people trying to bust unix servers. Not nearly so much success.

That is so inaccurate, I don't even know where to begin.

You'll need to make something clear. Are you talking about security, which is actually a meaningful concern, or about virus attacks?

In the real world, script kiddies and real hackers alike target companies they dislike, in order to coopt the web page, or to obtain credit card info, or to just be a pain in the ass. God help those companies that based their infrastructure on Windows. Immature, closed source code is not the recipe for success. MS is learning the same lessons learned by the unix world in the 90s, despite the fact that MS has been using a lot of their code.

[SudsyFist 0]

Quote

You'll need to make something clear. Are you talking about security, which is actually a meaningful concern, or about virus attacks?

Here's where this bit of the thread started:

Quote

Quote

Apple's superior security also makes getting a virus extremely difficult.

No, Apple's tiny (read: midget porn) market share makes developing a virus on/for a Mac extremely fruitless. Unless you're Jeff Goldblum.

I don't dispute security weaknesses in the Windows architecture. I don't dispute that OSX is better in that department. I do, however, dispute the causal notion that because OSX (or any *nix for that matter) is arguably more secure from the architecture standpoint, that these platforms are less exploited than Windows. That's all.

Thanks for the clarification request. It's easy to get on different sheets of music.

Quote

In the real world, script kiddies and real hackers alike target companies they dislike

In the latter cases, in particular, there's a lot more going on behind the scenes (social networking, e.g.) than just exploiting OS vulnerabilities. A good example is SQL injection; a platform independent vulnerability (just bad, bad application design).

Quote

Immature, closed source code is not the recipe for success.

As a blanket statement, I'll disagree. Open and closed source each have their respective roles, but as far as Internet-exposed server platforms are concerned, I'm *totally* with you.

[AlexCrowley 0]

Kelp, I totally disagree. What you're claiming does not map to the reality of the situation.

Personally motivated attacks make up a tiny percentage of attempted intrusions. Leave any system on an open network and watch your logs for a few days to understand that concept.

The vast majority of attack traffic is junk, compromised machines scanning subnets and running scripted attacks in the hope that it'll find something unpatched. You really haven't lived until you've watched a "l33t" skript kiddie irc channel discuss how they just r00t3d a b0xen but can't get their l33t batch scripts to run.....and wtf is lunix anyway?

"real" hackers target companies they want to exploit. FULL STOP. Yes, the activists and griefers will hack some poor bastards www server so they can shout out to their friends and talk about the human rights violations of some regime somewhere, but any perusal of any pwn3d archive shows that its mostly for shits and giggles.

"Real" hackers target companies that have something cool to play with. Lexis Nexus was hacked because it had information of interest. T-Mobile was hacked because it had information of interest AND it's security was a complete fucking mess - something their admins didnt work out for at least 8 months (even with some people calling their staff and dropping very large hints...morons).

Security itself is a process, not an OS or a piece of software. Lexis Nexus wasnt a technical hack, it was basic social engineering. T-Mobile left the door wide open.

The toughest part of my job when starting any new role is explaining to the bosses that a perfectly secure system does not exist. People think that the right OS, the right firewall, virus scanner, IDS system will be these mystic totems that will forever protect them from the scary guys.

At the last job I got through that little speech and started checking out the network only to find that their dev box was compromised - how? A new hire didnt realize that the box was internet accessible (he thought that was a stupid security risk) so he used an insecure passwd on his account (which WAS a stupid security risk), some automated script did a dictionary attack and they gained access to the system.

Hmm I need sleep.

TV's got them images, TV's got them all, nothing's shocking.

[kelpdiver 2]

Quote

***

Quote

Apple's superior security also makes getting a virus extremely difficult.

I don't dispute security weaknesses in the Windows architecture. I don't dispute that OSX is better in that department. I do, however, dispute the causal notion that because OSX (or any *nix for that matter) is arguably more secure from the architecture standpoint, that these platforms are less exploited than Windows. That's all.

The the key difference that makes this statement fairly true is that the unix model of user processes being owned by users instead of root means that if something is vunerable, it's likely to stop at that offending process. But with most people running as Administrator equilivent on Windows, getting through to Outlook Express means you have the whole machine at your disposal.

Root versus user has been in the unix world since the 80s. On the Windows/NT side, it's a much more recent development - realistically around win2k. And most users don't see a reason for it, so they subvert it.

[AlexCrowley 0]

usability over security. Who wants to switch to an authorized user for every time you plug in your printer, or change a network setting, or want to install something?

TV's got them images, TV's got them all, nothing's shocking.