Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Does Sophos' Switch Argument Hold Water? 249

Posted by timothy
from the 40-lashes-with-a-willow-switch-story dept.

Wednesday's press-release-borne message from security firm Sophos that the best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X drew more than 500 comments; read on for the Backslash summary of the conversation.

Several readers pointed suspicious fingers at Sophos' motive for issuing the message in the first place; no one can call a company whose products are meant to offer "protection from viruses, Trojans, worms, spyware and spam" a disinterested party in evaluating OSes. Techguy666, for instance, writes "We use Sophos at our workplace. I also use other antivirus and antispyware — often to clean up the crap that Sophos doesn't find. Speaking as someone who's familiar with Sophos, I think it's curious that Sophos is telling home users to consider buying Macs. Go to Sophos' website and try to find a home user product ... They don't seem to promote any. If I were a conspiracy theorist, I would think this is a warning shot aimed at Microsoft because of MS's sudden focus on security, to the detriment of companies such as Sophos; send Microsoft's small clientele to the enemy &mdash it's no skin off of Sophos' corporate nose. ... They're talking to an audience that they don't serve or interact with."

(To this, an anonymous reader writes "Sophos has a number of fat contracts with institutes of higher learning, like mine. Every student has access to a fully licensed copy of Sophos if they so choose — available for Windows 98-XP, Linux, and OS X.")

A subtler gripe comes from Kope, who calls the metrics used by Sophos "misleading," and writes that "[s]aying that the most common malware only effects Windows, therefore Macs are more secure is simply bad reasoning. ... I'm sure that 'out of the box' Macs are better. But it's not 'out of the box' that I care about. My concern is level of security during actual operation. I have no problem believing that Macs are more resistant to malware, but this measure doesn't show that to necessarily be the case."

ZachPruckowski agrees that Sophos's claim is based on a "dumb study," but not that there's an easy line to draw between out-of-box and long-term use: "For 75 percent of the world, 'out-of-the-box' == 'during actual operation.' It's those people who get infected by malware. Don't expect users to do any extra work beyond going straight to Office or IE or their email app. Thus, 'out-of-the-box' is a pretty important state."

Whatever the company's reason for issuing what many Slashdot readers would consider the farthest thing from a discovery, no reader's comments seemed to cast doubt on the conventional wisdom that Mac users are at present far safer from malware than are typical Windows users — the reasons behind that situation, though, are hotly contested. One version of the story is that OS X, by dint of its design (including UNIX-style multi-user orientation and compartmentalization generally) simply can't help being more resistant to viruses and spyware; Windows intentional integration of operating system components has let security flaws in one small part of the operating system (such as Internet Explorer or Outlook) become flaws in all the others, too.

Reader cwgmpls, for instance, doesn't buy the argument that OS X is safe only because it's more obscure than are the various versions of Windows.

"Even if OS X is only 5% of all PCs in the world, surely there are a good number of hackers out there who would love to release an OS X virus into the wild, just to prove it can be done. Besides, the total number of OS X installs today is certainly greater than the total number of Windows installs that existed at the time the first Windows virus was released.

Most hackers don't need a huge number of installs to stroke their ego. The opportunity to prove that OS X is just as vulnerable as Windows should be more than enough to motivate someone to release an OS X virus into the wild. Yet no one has done it.

There must be more at work here than OS X's small market share. OS X must be inherently more secure than Windows to not have a virus in the wild six years after its release. Certainly there are enough hackers out there who would love to show their prowess by writing an OS X virus, even for the relatively small number of OS X installs that exist; but nobody has been able to do it yet."

Several readers assert that the real reason has little to do with the hardware or the software used by the rival camps, and is mostly an issue of user education and sophistication. Typifying this argument is reader WombatControl's (unsurprisingly contested) conclusion that "the Mac userbase tends to be a lot more savvy than the Windows userbase." His argument, in short:

"I'd hazard a guess that the vast majority of Windows malware comes not from the inherent insecurity of the Windows platform but from users doing dumb things. Someone who installs some stupid little weather applet and gets infected with spyware got infected not because of a flaw in the system, but because they didn't bother to determine whether or not the source of their software was credible or not. Even if they got a prompt like Vista and OS X present they'll still authorize the program. There's no patch that can be applied to a system to prevent stupid users from mucking it up. ...

Macs are more secure because Mac users have a much tougher stance towards crapware. Mac users tend to be much more technically proficient than the average. If that "zero-tolerance" policy changes, I'm not so sure we'll see an increase in the amount of malware targeting Macs.

OS X does a great job of providing technical barriers against malware, but nothing can prevent malware that uses social engineering to do its work. Mac users are safer because they choose to be - but if you get a group of users who have no awareness of security and will blindly execute anything they come across, even if the system specifically tells them not to, that could change very quickly."

Several Windows users agreed with the thrust of this argument — namely, that no system is truly safe from a determined, malicious attacker unless users (or their trustworthy proxies) head off not just automated attacks, but social-engineering tricks that really have little to do with the OS a user is interacting with. Their approach is based on heading off malware.

Readers like snwod (a sometimes user of Mac, Linux, and Windows) offered a level-headed synopsis of this approach: "I run a good firewall/anti-virus combo along with using Ad-aware and the rest. I don't click on banner adds and I don't install strange pop-up programs. Pretty simple really." Result? "[I] haven't had a virus or malware problem in years."

To this line of reasoning, though, aphor says "My grandma's Mac isn't infected, and she clicks on everything! I'm calling bullshit. Please produce the infected Mac. One synthetic test does not make a real-world case. I run the system updater on my grandma's Mac about 3-4 times a year. That's probably 1/10th (liberal estimate) of the exposed vulnerability that a [Windows] box has."

Even if sophisticated trickery might fool any user, Savage-Rabbit thinks avoiding mechanically the more widespread script-kiddy attacks is nothing to sneeze at: "I bet there still is a fair number of Windows users who envy the Mac zealots for not having to waste their time pruning Norton/Panda/Macaffee/etc... anti-malware suites with monotonous regularity never mind the endless nag screens these anti-malware suites throw at you."

The status quo has a way of not staying that way in the long term, though, and reader spyrochaete contributed one of the several (and sane) cautions against hubris on the part of OS X users, though the same logic applies to Linux and other systems whose security may be real and considerable but is grounded in part on being a smaller target for online vandals and thieves than is Windows. As he writes, "They said the same thing about Firefox, but that's starting to change. Mozilla is fixing holes all the time and I'm starting to see ads that get through Adblock (stupid Mediaplex). This is just an article about security through obscurity — the best kind of security according to too many Apple fans I've talked to. ... Faith in obscurity means you'll be totally unprepared when disaster strikes."

Amen!


Thanks to all who took part in the discussion, especially those readers quoted above.
This discussion has been archived. No new comments can be posted.

Does Sophos' Switch Argument Hold Water?

Comments Filter:
  • news? (Score:4, Insightful)

    by Bakadan (987312) on Thursday July 06, 2006 @04:34PM (#15670969)
    This isn't news. It's just pulp to get people riled up and screaming. Besides, it's nothing we haven't seen before.
  • by LiquidCoooled (634315) on Thursday July 06, 2006 @04:34PM (#15670971) Homepage Journal
    No matter what OS exists.

    I believe the anti virus firms are doing normal users a service by keeping lists of known bad software and preventing its spread.
    That software might come in from an exploitable hole in the OS or it can come just as easily by invitation through the front door because the user believed the catch line.

    3 simple words: i love you have been enough in the past, what will it take in future...
  • Well grandma... (Score:4, Insightful)

    by dedazo (737510) on Thursday July 06, 2006 @04:35PM (#15670987) Journal
    aphor's "Grandma" needs another 150 million or so people to join her in order for someone to develop an interest in creating malware for her operating system. Then it's all just a friendly "Please provide your root password" dialog away.

    Is OS X's attack surface smaller than Windows? Sure it is. Is it impervious to user stupidity? Absolutely not. No operating system is. Linux and OS X will probably eventually get there, and the complain we'll be hearing instead of M$ is teh fuxxorz will be well, what do you expect? users are stupid!!.

    Just wait, and you'll get there eventually.

    [This post is brought to you courtesy of the 300 million absolutely clueless Windows users who think it's OK to run executables in password-protected ZIP files that arrive in their inboxes with lead-ins such as "hello, teh info yuo requesteded is in the attachments". We can't wait for you to take them away]

  • by AKAImBatman (238306) * <akaimbatman AT gmail DOT com> on Thursday July 06, 2006 @04:36PM (#15670992) Homepage Journal
    ...is that their argument would have held water if they had done a bit more work. i.e. Instead of saying, "the top 10 viruses only work on Windows", performing an analysis of what flaws were exploited would have been more useful. Then they could have claimed that, "based on the flaws exploited by the most dangerous viruses today, it seems that Mac users will remain more secure for the time being."
  • Re:Oh. (Score:2, Insightful)

    by jasonwc (939262) on Thursday July 06, 2006 @04:37PM (#15671003)
    Very interesting synopsis of the arguments presented without BS. It's definitely worth a read.
  • Network effects (Score:3, Insightful)

    by ThousandStars (556222) on Thursday July 06, 2006 @04:40PM (#15671024) Homepage
    I doubt Mac users are any better with computers. The more likely scenario is that it's just too hard to get a Mac virus going. If I wanted to, I could write a small program to completely overwrite a user's directory. But to get it from user to user, I'd have to use social engineering methods via e-mail or IM, and the majority of people in both mediums won't be using Macs. So even if five other people try to open Britney_Spears_naked.dmg, which will e-mail itself to everyone in their address book and then wipe their home directory, if none of those people use OS X the virus stops spreading.

    Obviously it helps that there haven't been any worms on OS X, but in principle writing OS X viruses isn't technically difficult. Spreading them is.

    In addition, Microsoft finally appears to be concerned about security, as demonstrated with XP2 and as will probably be demonstrated in Vista. So the security advantage of OS X is, I suspect, likely to dissipate over time. Still, I plan on using OS X for the foreseeable future.

  • Re:Well grandma... (Score:5, Insightful)

    by rjstanford (69735) on Thursday July 06, 2006 @04:45PM (#15671070) Homepage Journal
    Disclaimer: I use Windows/UNIX/OSX. I like OSX, but even with IE7 on Windows I haven't been infected. So...

    Then it's all just a friendly "Please provide your root password" dialog away.

    Hmm. I just realized that this is a potential problem -- a major potential problem -- with the OSX and now Vista (and, I believe, some Linux) GUI security paradigms. We're training people to be ready to enter their administrator passwords whenever they're prompted to. And Ma & Pa User won't know when this is a good thing. Especially when badly behaved programs like Adobe's suite raise dialog after dialog during updating. What's to stop EvilSoftCo from creating a program that, during its first-time startup, just creates a dialog box that matches the standard one, and gathers your password?

    Hmm. Not great, methinks. Although surely someone must have thought of this already...
  • by spykemail (983593) on Thursday July 06, 2006 @04:46PM (#15671078) Homepage
    Their motives were questionable. Their evidence was lacking. But they were right. No matter how much the Microsoft trolls talk the fact remains that there is far less malicious software for OS X, even if you take into account its relatively tiny market share. It's also more secure by design, no matter how many minor flaws they find they haven't even come close to what has been (and is currently) wrong with Windows.

    I'm not really surprised that everyone supporting an illegal monopoly has been brainwashed, but it's still kind of sad.
  • No. really. . . (Score:1, Insightful)

    by treeves (963993) on Thursday July 06, 2006 @04:46PM (#15671080) Homepage Journal
    . . . the best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X. . .


    the best way to avoid malware is (like abstinence is the best [most reliable] way to avoid pregnancy and STDs) is to stay off the internet completely and never install new software.
  • The best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X

    Or in a more general sense: the best way to be safer from viruses is to use a platform that is not the mainstream one. Mac OS X is one example of something that could be used. Also, Linux, Free BSD, Solaris and various other platforms would work.
  • by Todd Knarr (15451) on Thursday July 06, 2006 @04:54PM (#15671143) Homepage

    My thought is that there's three reasons Macs and *nixen have fewer viruses.

    • It's partly the lack of market share. That's offset to a large degree by the extra l33t points accruing to the guy who manages to release the first malware to get widespread penetration into those "invulnerable" systems.
    • It's partly user sophistication. Except that Macs are targeted at people who're even less sophisticated than Windows users, who don't want to deal with things like the problems added new hardware to a Windows system. You might be able to argue that a Linux or FreeBSD user's more likely to be a geek, but not a Mac user.
    • It's in large part inherent system design. The basic design point: the seperation between ordinary users and the administrative user (root). That seperation means that, even if you do get infected with malware, the malware can't spread into the system itself. It can't tie into system libraries, it can't have itself started at system startup, it can't disable system services (like the firewall or the malware scanner) and it can't hide itself from the administrative user. This provides a two-layer defense similar to the layout of a medieval castle: once the attackers break through the outer wall, they have to start all over again breaking through the defenses of the inner keep (while being stuck in the yard between the keep and the wall, easy prey for the defenders in the keep). Changes in market share and declining user sophistication won't have any effect on this aspect of things.
  • Unfortunately, we don't have capabilities yet. Capabilities would allow everything to be sandboxed like that for free performance-wise, and you would see "Do you want ZOMG_TEH_EVIL_VIRUS to be able to see your address book?" and "Do you want ZOMG_TEH_EVIL_VIRUS to connect to your email account?"
  • Re:Well grandma... (Score:3, Insightful)

    by cyber-vandal (148830) on Thursday July 06, 2006 @05:11PM (#15671283) Homepage
    Reader cwgmpls, for instance, doesn't buy the argument that OS X is safe only because it's more obscure than are the various versions of Windows.
    "Even if OS X is only 5% of all PCs in the world, surely there are a good number of hackers out there who would love to release an OS X virus into the wild, just to prove it can be done. Besides, the total number of OS X installs today is certainly greater than the total number of Windows installs that existed at the time the first Windows virus was released.

    Most hackers don't need a huge number of installs to stroke their ego. The opportunity to prove that OS X is just as vulnerable as Windows should be more than enough to motivate someone to release an OS X virus into the wild. Yet no one has done it.


  • Re:Well grandma... (Score:3, Insightful)

    by forkazoo (138186) <wrosecrans AT gmail DOT com> on Thursday July 06, 2006 @05:20PM (#15671351) Homepage
    Hmm. I just realized that this is a potential problem -- a major potential problem -- with the OSX and now Vista (and, I believe, some Linux) GUI security paradigms. We're training people to be ready to enter their administrator passwords whenever they're prompted to. And Ma & Pa User won't know when this is a good thing. Especially when badly behaved programs like Adobe's suite raise dialog after dialog during updating. What's to stop EvilSoftCo from creating a program that, during its first-time startup, just creates a dialog box that matches the standard one, and gathers your password?
    Bah, you think too hard. Take a screenshot of the Vista authentication dialog box, and put it as a form on a website. Most users wouldn't even realise it isn't a real window. No need to go to the bother of having them download a binary. Then, just install whatever you want remotely.
  • I think there are good technical reasons why MacOS/X is more secure than MSWindows. (the fact that Sophos didn't bother to cite them nonwithstanding).

    The fact of the matter is that more people are going to believe a simple quantified statement than an abstract technical discussion; so Sophos is making the argument that will convince the most people, rather than an argument that would convince, say, the more technical folks on Slashdot.

    Oh, you want the technical reasons? Okay, here goes my list:

    • MacOS/X has a much more stable and mature core Operating System base (Mach). Mach is MUCH older (circa 1985) than the windows NT core (circa 1993), and has been changed less. For example NextStep, released in 1989, was based on Mach, and already did much of what MacOS/X does.
    • Mach (the underlying OS) was designed with security in mind. Note however, the Mach layer doesn't define security policy, it just gives you tools with which to implement such policies. That said, if the current MacOS upper layers [apple.com] get the policies wrong, flexible tools are there to fix it. Contrast that with Windows which has serious design flaws [com.com] in its interprocess communication mechanism.
    • The MacOS command-line code, so far, also seems to have a lower bug-density (similar to Linux) in fuzz testing [wisc.edu] than the MS code, although GUI code is unfortunately sucky in both OS-es.
  • Re:I would but... (Score:3, Insightful)

    by 47Ronin (39566) <glenn.47ronin@com> on Thursday July 06, 2006 @05:26PM (#15671391) Homepage
    I'm a SQL Server DBA.
    Install the free Aqua Data Studio database admin tool. [aquafold.com]

    My parents would but they do not like change. They had enough issues upgrading from Windows 98 to Windows XP.
    This is more a matter of social engineering. Some people fear change, while other are taught only applications, not resourceful thinking.

    My brother would but he plays WoW and he is not texh savy to get OSX to run on his PC.
    Take the same WOW cds and put into your Mac. Double-click the install icon. Did you forget that WOW (and pretty much every Blizzard title) is cross-platform? ... enjoy!
  • Re:Well grandma... (Score:5, Insightful)

    by TheRaven64 (641858) on Thursday July 06, 2006 @05:43PM (#15671506) Journal
    Microsoft are the only people who ever solved this problem sensibly, to my knowledge. On Windows NT, you were (I don't believe you are with XP, and it's an option with 2K) required to hit control-alt-delete before you entered your password. This key sequence sent a hardware interrupt which only something running in ring-0 (i.e. the OS) could catch. This meant that it was impossible to spoof the NT login box; as soon as the user hit control-alt-delete, control would be returned to the real login prompt (or a system dialog).

    I proposed two years ago that Apple implement something similar. Create a special key combination that would be caught by the OS and passed to WindowServer, which would then spawn an alert if the app presenting the dialog was not authorised to. This is particularly useful for Keychain access, for example. I don't mind an IM program having access to my login details, but I do object to it having root access. When I install a new version of it, I have to enter my keychain password (which is my login password, by default) in a dialog box that (hopefully) the system presents, but I have no way of verifying that it is the Keychain subsystem that is going to get the password, not the application.

  • by SuperKendall (25149) on Thursday July 06, 2006 @05:45PM (#15671518)
    We all know a lot of exploits make use of weaknesses in code like buffer overflows to run the attackers code instead.

    Well what happens now that the whole Mac architecture is shifting to Intel? It's substially harder (almost impossible) to write a buffer overflow attack that works on two different processor architectures. You have to choose which architecture your attack is going to execute code for.

    So then if there are not enough Macs around to write exploits for today, it stands to reason that there will not be any significant Mac exploits until the number of mac users at least doubles from current figures, possibly even more.

    Yes there are also attacks that attempt social engineering on a user but they often work in conjuction with more classic code exploits to gain more permission than they would have otherwise.
  • by MBCook (132727) <foobarsoft@foobarsoft.com> on Thursday July 06, 2006 @06:04PM (#15671621) Homepage

    No question in my mind. I'm not saying they are invulnerable. Heck, the community is so tight knit that if you could get something downloaded (say that MacSaber program a few weeks ago) and put something in it, you could get the virus out there. It may be found fast, but you got it out there and by then you may have done damage.

    That said, if I were to run MacSaber for the first time (or some little game or widget or whatever) and I suddenly got a box asking for my root password, you can bet I would be stopped dead in my tracks. You just DON'T SEE those boxes unless you are doing system updates or installing software like Office. If you just download a program and double click on it and get that, you have to wonder what it's doing.

    Now before I switched last year, I had a PC and I ran AV and all that stuff, but it never did any good. The fact is I had a clue and could have run with nothing but my firewall and been fine. You are not guaranteed to get malware on Windows. But let's talk about my little sister and my parents. They download stuff. And since they don't know where the reputable sites are, who to trust, which programs are good, etc... they find that stuff easily. Every time "the computer is broken", it is almost inevitably malware. That or they turned something off I installed they shouldn't have (Disk Keeper, for example, which is practically required to run Windows IMHO). Same thing with neighbors I help. Even if they are somewhat savvy and can use the computer and install hardware, it still happens to them. It's pathetic. There have been viruses that you just have to preview in Outlook to get your OS infested. That is just plain bad design.

    After using my Mac, it is clear to me that any idiot who sits down and uses a Mac day to day is less likely to end up with Malware. From the root prompts, to the fewer security holes, I think there is a clear reason for this divide. Mac users are not smarter. There is a very sizable portion of them that are just like introductory Windows users. They do the same stupid things. The fact they aren't ravaged by malware says something.

    Now I won't deny that the Mac's market share has played a part, you'd be an idiot not to. However, I think the virus-in-the-wild count for OS X (hint: 0) means something. It means instant fame for the first person to make a good virus for OS X. You get it out there, even if it doesn't do much but change people's wallpaper or whatever and you get your name EVERYWHERE. Slashdot, Digg, all the Apple sites, the mainstream computer media (PC World, et all). That is a REAL tempting target. Let's not forget that every time a story like that gets published, it is just someone publishing a big bulls-eye on the Mac. But the market share helps with the pop-up ad problem. How many ads do you see on the 'net that look like a Windows dialog box telling you "Your computer is infected, click here". Guess what, people do. In my house people do, my neighbors have. It tricks 'em. Most people on a Mac wouldn't be fooled by that (just because it looks different). So that kind of thing does make a difference. That report the other day that 80% of users can't tell the difference between a real toolbar and a picture of one was scary.

    Macs aren't immune. The OS is better designed.

    As for Linux, it's better designed too, but it also has some other influences (for example, it would be tough to make a virus that worked reliably across different kernel versions and distro configurations). But again, there are SO MANY Linux servers out there that there must be enough run by idiots that if it was just as bad as Windows we would see a reasonable number of viruses out there (ie.. more than next to none).

    There was a report in my PC World today (I think it was) that was basically scare tactics about viruses ("10 Myths That Make You Vulnerable" or some such). The one about Macs and Linux being safe really made me mad. While they are not immune, Windows for the average computer user is a leaper colony compared to running Mac or Linux.

  • by vought (160908) on Thursday July 06, 2006 @06:52PM (#15671893)
    At least this post is written in English and is comprehensible. Try making sense out of the "promote my blog" Apple non-post [slashdot.org] from earlier today.

    I think Slashdot is in serious need of maturity. This is not 1998 anymore, and stories like the one I cited make this place look like it's run by 14-year-olds - the PowerPoint deprived intellectual partners of those pointy-headed fools we love to hate. Immature 14-year-olds who are failing English, at that.

    What a joke this place has become - the commenters are as, uh, great as always, but the stories, editing, and crap that makes it to the front page are ridiculous. I mean, yay for the redesign, but pissing in a jeweled goblet doesn't make the piss taste better.

  • by Geoff-with-a-G (762688) on Thursday July 06, 2006 @07:09PM (#15672003)
    It's partly the lack of market share. That's offset to a large degree by the extra l33t points accruing to the guy who manages to release the first malware to get widespread penetration into those "invulnerable" systems.


    I don't find this argument convincing.

    These days, I believe the bulk of viruses and worms and malware are created by spam and DDoS guys. Spam is big money, and DDoS is either blackmail or spite. These aren't the same adolescent guys trying to show how cool they are, these are people who want to control millions of zombies.

    I'm not saying that the lack of market share is the only thing OS X has going for it, security wise, but I think market share contributes much more to the motivation of malware makers than "leet points".

  • Re:Well grandma... (Score:3, Insightful)

    by someone300 (891284) on Thursday July 06, 2006 @07:16PM (#15672045)
    How about using a dialog box where it shows the user some image or something they set up but only programs with the appropriate permission are allowed to display it. Couple it with "Do not enter your administration password when you do not see this image" or whatever and we're *hopefully* on the right path.
  • by tclgeek (587784) on Thursday July 06, 2006 @07:20PM (#15672079) Homepage
    That said, if I were to run MacSaber for the first time (or some little game or widget or whatever) and I suddenly got a box asking for my root password, you can bet I would be stopped dead in my tracks. You just DON'T SEE those boxes unless you are doing system updates or installing software like Office. If you just download a program and double click on it and get that, you have to wonder what it's doing.

    That is a most excellent observation

  • by MBCook (132727) <foobarsoft@foobarsoft.com> on Thursday July 06, 2006 @07:36PM (#15672172) Homepage

    Well that is one of the arguments about asking the user questions. When you ask the user too much, they just say yes. I've done that and gotten into trouble once or twice. When Windows constantly asks "Are you sure you want to delete this shortcut", "Are you sure you want to show all files", "Are you sure you want to download from this site", "Are you sure..." you learn very fast to just say yes because it is too much of a hassle. The only thing those dialogs did was annoy me. When they added them to OS X after downloading files, guess what I started doing... pressing "Yes" to EVERY ONE when it asks if I want to automatically open the file (I later turned it off because I didn't want it to open some kinds of files). In Vista, MS has added dialogs to ask for your root password when something interesting is about to happen (like updating Windows). The danger is that if they show this too often, users will just learn to type and go, and not think.

    The first time or 3 a new computer user gets a prompt from Windows "Are you sure..." they STOP AND READ. The problem is that they quickly learn that Windows asks about everything. When you almost never see the dialog, or only see it when you initiate and action, then when it happens elsewhere you STOP AND READ.

    If you don't show these dialogs enough, you get in trouble (because you aren't protecting the user). If you show them too much, you get in trouble (because the user ignores them). You have to strike the balance, and OS X has done a good job at that so far. We'll see how MS does in Vista (I haven't tried it, and don't have any reason to).

  • by SirSlud (67381) on Thursday July 06, 2006 @11:53PM (#15673339) Homepage
    I used to do tech support, and I know your pain regarding word macro viruses.

    Two thoughts:

    - its Word, an MS program. Kinda amusing to see people assert that Macs are as bad as Windows because an MS app is rediculously un-sandboxed.

    - these people HAVE to trade doc files. Its business. Still, its business folks who continue to insist that they must use Word. Its not the OSes problem, its a complete social engineering problem. They're practically sharing .exes through email, hundreds, on a daily basis. No OS can withstand that.

    Word macro viruses are not a fault of the OS, they're a fault of the application. A Microsoft Application.

    I use Windows, I'm not a Mac zealot or anything, but cmon .. this is a problem that mostly affects business users, using a Microsoft application.

    Historically, even tho I spent two years of my life reformatting Macs because of word macro trojans, I never saw it as a flaw in the OS but rather a flaw in Word. Most techs I knew saw it that way too.

    Nobody is arguing that OSes can get fucked up. They're arguing that surfing the internet in the more 'sandboxy' environment of the web is safer on a Mac than a PC. Even THEN, nobody would argue right now that its safer on a Mac, they're just arguing about the reason. Thats why the parent got a Troll. He wasn't really contributing to the dicussion about *why*, he was just pointing out that Macs can get infected. Thats a pretty trollish thing to say, because it seems to hint at an agenda based on personal experience. Like I said, I fought with that shit for 2 years, on the worse laptops ever created (the 5300s) and I still never felt that it was an OS issue.

    Its very simple to me .. Windows provides so many OS hooks for application integration, for better or for worse, that malware writers can capitalize on that. Combine it with the most popular browser being fairly insecure, liberal user rights management thats been patched over and over till kingdom come, and you have a pretty annoying OS in the hands of the right person. That API sprawl is gunna keep killing MS until they do what they never had the balls to do; kill backwards compat. I never understood that one - if anybody can absorb that kind of thing, its MS's bank account.

    Hey, one other thing; malware isn't a virus, and its important to distinguish between them when discussing exploitability. Lots of malware don't do anything more special than what major corperate software does in order to 'integrate' with the OS. Microsoft just bends over backwards to provide that integration .. or should I say uninstallability.
  • by k2r (255754) on Friday July 07, 2006 @07:42AM (#15674457)
    > yet a software reinstall fresh from scratch fixes many of those problems.
    > What does that tell you caused the problems?

    It tells me that your friend is not a competent Mac-Technician. A re-install might be the preferred way to fix a Windows sytem, but it is almost never necessary to reinstall a MacOSX-Box.
    I've used OSX since public beta and have at least a little experience in fixing OSX-boxen.

    > What does that tell you caused the problems? Some malware running on the machine is what.

    And it tells me that you're jumping to conclusions.

    I haven't seen any rootkit in the wild yet and I don't consider a php-flaw some OSX-related problem because it is nothing that comes pre-activated/installed on your box.

    A different beast are Word-Macro-Viruses on OSX - at least theoretically - though even those seem to be close to irrelevant still.

    If you like it or not, OSX is extremely secure against outside attacks - inherently and out of the box.

    And given the fact that anybody who'd write and publish an efficient OSX-worm would be famous, I highly doubt that OSX is just "safe because of the low market share."

    k2r

"No job too big; no fee too big!" -- Dr. Peter Venkman, "Ghost-busters"

Working...