Does Sophos' Switch Argument Hold Water? 249
Wednesday's press-release-borne message from security firm Sophos that the best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X drew more than 500 comments; read on for the Backslash summary of the conversation.
Several readers pointed suspicious fingers at Sophos' motive for issuing the message in the first place; no one can call a company whose products are meant to offer "protection from viruses, Trojans, worms, spyware and spam" a disinterested party in evaluating OSes. Techguy666, for instance, writes "We use Sophos at our workplace. I also use other antivirus and antispyware — often to clean up the crap that Sophos doesn't find. Speaking as someone who's familiar with Sophos, I think it's curious that Sophos is telling home users to consider buying Macs. Go to Sophos' website and try to find a home user product ... They don't seem to promote any. If I were a conspiracy theorist, I would think this is a warning shot aimed at Microsoft because of MS's sudden focus on security, to the detriment of companies such as Sophos; send Microsoft's small clientele to the enemy &mdash it's no skin off of Sophos' corporate nose. ... They're talking to an audience that they don't serve or interact with."
(To this, an anonymous reader writes "Sophos has a number of fat contracts with institutes of higher learning, like mine. Every student has access to a fully licensed copy of Sophos if they so choose — available for Windows 98-XP, Linux, and OS X.")
A subtler gripe comes from Kope, who calls the metrics used by Sophos "misleading," and writes that "[s]aying that the most common malware only effects Windows, therefore Macs are more secure is simply bad reasoning. ... I'm sure that 'out of the box' Macs are better. But it's not 'out of the box' that I care about. My concern is level of security during actual operation. I have no problem believing that Macs are more resistant to malware, but this measure doesn't show that to necessarily be the case."
ZachPruckowski agrees that Sophos's claim is based on a "dumb study," but not that there's an easy line to draw between out-of-box and long-term use: "For 75 percent of the world, 'out-of-the-box' == 'during actual operation.' It's those people who get infected by malware. Don't expect users to do any extra work beyond going straight to Office or IE or their email app. Thus, 'out-of-the-box' is a pretty important state."
Whatever the company's reason for issuing what many Slashdot readers would consider the farthest thing from a discovery, no reader's comments seemed to cast doubt on the conventional wisdom that Mac users are at present far safer from malware than are typical Windows users — the reasons behind that situation, though, are hotly contested. One version of the story is that OS X, by dint of its design (including UNIX-style multi-user orientation and compartmentalization generally) simply can't help being more resistant to viruses and spyware; Windows intentional integration of operating system components has let security flaws in one small part of the operating system (such as Internet Explorer or Outlook) become flaws in all the others, too.
Reader cwgmpls, for instance, doesn't buy the argument that OS X is safe only because it's more obscure than are the various versions of Windows.
"Even if OS X is only 5% of all PCs in the world, surely there are a good number of hackers out there who would love to release an OS X virus into the wild, just to prove it can be done. Besides, the total number of OS X installs today is certainly greater than the total number of Windows installs that existed at the time the first Windows virus was released.Most hackers don't need a huge number of installs to stroke their ego. The opportunity to prove that OS X is just as vulnerable as Windows should be more than enough to motivate someone to release an OS X virus into the wild. Yet no one has done it.
There must be more at work here than OS X's small market share. OS X must be inherently more secure than Windows to not have a virus in the wild six years after its release. Certainly there are enough hackers out there who would love to show their prowess by writing an OS X virus, even for the relatively small number of OS X installs that exist; but nobody has been able to do it yet."
Several readers assert that the real reason has little to do with the hardware or the software used by the rival camps, and is mostly an issue of user education and sophistication. Typifying this argument is reader WombatControl's (unsurprisingly contested) conclusion that "the Mac userbase tends to be a lot more savvy than the Windows userbase." His argument, in short:
"I'd hazard a guess that the vast majority of Windows malware comes not from the inherent insecurity of the Windows platform but from users doing dumb things. Someone who installs some stupid little weather applet and gets infected with spyware got infected not because of a flaw in the system, but because they didn't bother to determine whether or not the source of their software was credible or not. Even if they got a prompt like Vista and OS X present they'll still authorize the program. There's no patch that can be applied to a system to prevent stupid users from mucking it up. ...
Macs are more secure because Mac users have a much tougher stance towards crapware. Mac users tend to be much more technically proficient than the average. If that "zero-tolerance" policy changes, I'm not so sure we'll see an increase in the amount of malware targeting Macs.
OS X does a great job of providing technical barriers against malware, but nothing can prevent malware that uses social engineering to do its work. Mac users are safer because they choose to be - but if you get a group of users who have no awareness of security and will blindly execute anything they come across, even if the system specifically tells them not to, that could change very quickly."
Several Windows users agreed with the thrust of this argument — namely, that no system is truly safe from a determined, malicious attacker unless users (or their trustworthy proxies) head off not just automated attacks, but social-engineering tricks that really have little to do with the OS a user is interacting with. Their approach is based on heading off malware.
Readers like snwod (a sometimes user of Mac, Linux, and Windows) offered a level-headed synopsis of this approach: "I run a good firewall/anti-virus combo along with using Ad-aware and the rest. I don't click on banner adds and I don't install strange pop-up programs. Pretty simple really." Result? "[I] haven't had a virus or malware problem in years."
To this line of reasoning, though, aphor says "My grandma's Mac isn't infected, and she clicks on everything! I'm calling bullshit. Please produce the infected Mac. One synthetic test does not make a real-world case. I run the system updater on my grandma's Mac about 3-4 times a year. That's probably 1/10th (liberal estimate) of the exposed vulnerability that a [Windows] box has."
Even if sophisticated trickery might fool any user, Savage-Rabbit thinks avoiding mechanically the more widespread script-kiddy attacks is nothing to sneeze at: "I bet there still is a fair number of Windows users who envy the Mac zealots for not having to waste their time pruning Norton/Panda/Macaffee/etc... anti-malware suites with monotonous regularity never mind the endless nag screens these anti-malware suites throw at you."
The status quo has a way of not staying that way in the long term, though, and reader spyrochaete contributed one of the several (and sane) cautions against hubris on the part of OS X users, though the same logic applies to Linux and other systems whose security may be real and considerable but is grounded in part on being a smaller target for online vandals and thieves than is Windows. As he writes, "They said the same thing about Firefox, but that's starting to change. Mozilla is fixing holes all the time and I'm starting to see ads that get through Adblock (stupid Mediaplex). This is just an article about security through obscurity — the best kind of security according to too many Apple fans I've talked to. ... Faith in obscurity means you'll be totally unprepared when disaster strikes."
Amen!
Thanks to all who took part in the discussion, especially those readers quoted above.
Slashdot now run by pointy-headed managers (Score:5, Funny)
Re:Slashdot now run by pointy-headed managers (Score:2, Funny)
Seenonslash (Score:2)
All the actual content is outside the white area, all the way over on the right hand side. (This is with Firefox 1.0.7.
It's odd -- I've used Firefox for a while now, and never had a problem with very many pages rendering (outside of the odd bank page or something that just refused to work). But in the past week I've run into two pages that just looked awful in Firefox, obviously poorly created, but looked okay in other browsers. Are site aut
Re:Seenonslash (Score:2, Informative)
Re:Slashdot now run by pointy-headed managers (Score:5, Insightful)
I think Slashdot is in serious need of maturity. This is not 1998 anymore, and stories like the one I cited make this place look like it's run by 14-year-olds - the PowerPoint deprived intellectual partners of those pointy-headed fools we love to hate. Immature 14-year-olds who are failing English, at that.
What a joke this place has become - the commenters are as, uh, great as always, but the stories, editing, and crap that makes it to the front page are ridiculous. I mean, yay for the redesign, but pissing in a jeweled goblet doesn't make the piss taste better.
Re:Slashdot now run by pointy-headed managers (Score:3, Informative)
I don't always get to read every last story on Slashdot (like some of the complainers, I suspect) and I even less often get to read a decent chunk of the comments. Having EDITORS filter through all that and pick out the gems saves me a lot of time and (hopefully) features the best of Slashdot.
One personal note on the topic of malware.
Personally, I've only ever been bitten by a hack on my Debian GNU/Li
Re:Slashdot now run by pointy-headed managers (Score:2)
That's interesting. I do it the other way. If I see a catchy headline, I skip straight to the comments. You can usually figure everything else out by reading the first +5 informative comment ya run across. You can even figure out whether it's a good idea to RTFA.
Re:No, it's better than that (Score:2)
Re:No, it's better than that (Score:2, Funny)
Out of the box is one thing (Score:3, Informative)
Don't let anyone tell you macs have no malware, it's just not true. from Renepo the rootkit, to php worms that send out spam infecting message boards, to word macro viruses to the recent oompaloompa, they affect macs as badly as they can affect windows.
One thing that tells mac users they have fewer viruses is poor antivirus software. A friend of mine works in a mac shop and often people will come in with bizarre problems with their macs. No networking working, slow networking, random crashes, won't wake properly from sleep. Scanning with an antivirus package shows no viruses, yet a software reinstall fresh from scratch fixes many of those problems. What does that tell you caused the problems? Some malware running on the machine is what.
When mac software gets up to scratch in detecting the worms that are out there for macs, that is the only time people will get the truth about maleware infections. Sophos need to get off their ass and make something more worthwhile for macs and then we'll see who goes saying what about security.
Piss off moderators. (Score:3, Interesting)
It's not a nothing problem you can just sweep under the
Re:Piss off moderators. (Score:2)
That said, you have a few options. First, you can stop accepting Word documents. "We only take PDFs." Depending on what you are doing, that may work. Second, convert the docs to PDFs when you receive them (there must be a way to do this outside of Word). Why not use Open Office for everything, and only open in Word as a last resort?
That said, I don
Re:Piss off moderators. (Score:3, Insightful)
Two thoughts:
- its Word, an MS program. Kinda amusing to see people assert that Macs are as bad as Windows because an MS app is rediculously un-sandboxed.
- these people HAVE to trade doc files. Its business. Still, its business folks who continue to insist that they must use Word. Its not the OSes problem, its a complete social engineering problem. They're practically sharing
Re:Out of the box is one thing (Score:3, Insightful)
> What does that tell you caused the problems?
It tells me that your friend is not a competent Mac-Technician. A re-install might be the preferred way to fix a Windows sytem, but it is almost never necessary to reinstall a MacOSX-Box.
I've used OSX since public beta and have at least a little experience in fixing OSX-boxen.
> What does that tell you caused the problems? Some malware running on the machine is what.
And it tells m
news? (Score:4, Insightful)
Re:news? (Score:5, Funny)
Oh come on now. It's not like this exact story and many of the comments were just posted earlier this week or anything.
Dude... WHO CARES!!! (Score:2)
Begun the flamewars have! I hope you remembered to charge your lightsaber... here comes the Microsoft droid army and they are pissed!!
Re:news? (Score:2)
Timothy reads at Threshold+5 so you don't have to! (Score:2)
Re:news? (Score:2, Funny)
It's not pulp, but small reusable pellets. Remember that slashdot is green.
Spyware and spam will remain (Score:2, Insightful)
I believe the anti virus firms are doing normal users a service by keeping lists of known bad software and preventing its spread.
That software might come in from an exploitable hole in the OS or it can come just as easily by invitation through the front door because the user believed the catch line.
3 simple words: i love you have been enough in the past, what will it take in future...
Re:Spyware and spam will remain (Score:2)
So THAT's why slashdot users' machines are so secure... They would never believe such a catch line!
Re:Spyware and spam will remain (Score:3, Interesting)
Re:Spyware and spam will remain (Score:2)
"Faith in obscurity means you'll be totally unprepared when disaster strikes."
Your post indicates that you think there will never be an attack on a Mac box. Never is a very long time you know.
"-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----"
Damn....Remind me to change the combination on my luggage!
B.
Re:Spyware and spam will remain (Score:2)
have been less effective, excepting for the Windows
feature of hiding file extensions.
Re:Spyware and spam will remain (Score:2)
Re:Spyware and spam will NOT remain to be problems (Score:2, Insightful)
Re:Sure pal. (Score:2)
Users don't NEED to know what's a virtual machine. Ideally it'd just be there lurking in the bowels of the OS, just like memory protection, swapping, multitasking, and a myriad of other features that many people don't understand but take advantage of every day.
Well grandma... (Score:4, Insightful)
Is OS X's attack surface smaller than Windows? Sure it is. Is it impervious to user stupidity? Absolutely not. No operating system is. Linux and OS X will probably eventually get there, and the complain we'll be hearing instead of M$ is teh fuxxorz will be well, what do you expect? users are stupid!!.
Just wait, and you'll get there eventually.
[This post is brought to you courtesy of the 300 million absolutely clueless Windows users who think it's OK to run executables in password-protected ZIP files that arrive in their inboxes with lead-ins such as "hello, teh info yuo requesteded is in the attachments". We can't wait for you to take them away]
Re:Well grandma... (Score:5, Insightful)
Hmm. I just realized that this is a potential problem -- a major potential problem -- with the OSX and now Vista (and, I believe, some Linux) GUI security paradigms. We're training people to be ready to enter their administrator passwords whenever they're prompted to. And Ma & Pa User won't know when this is a good thing. Especially when badly behaved programs like Adobe's suite raise dialog after dialog during updating. What's to stop EvilSoftCo from creating a program that, during its first-time startup, just creates a dialog box that matches the standard one, and gathers your password?
Hmm. Not great, methinks. Although surely someone must have thought of this already...
Re:Well grandma... (Score:2)
I can only speak for Ubuntu, which is the most significant Linux Distro that does this, and IIRC I am only prompted after I actively clicked on an entry in the Administration menu.
Re:Well grandma... (Score:3, Insightful)
Re:Well grandma... (Score:2)
Re:Well grandma... (Score:2)
Nope. On modern GUIs you only get prompted for the admin password when you directly try to perform an administrative task. If I click on the printer management item in the administration menu, I expect to be asked for the root password. On the other hand, if I try to run a game I do not expect to be asked for the root password and I'm going to be alarmed if that dialog pops up. Thus my advice to people running various Linux distros or OSX with this facility: if you don't know that what you just tried to do
Re:Well grandma... (Score:3, Informative)
Actually my approach is simple and requires a minimum of IQ points: "Everything you need to do that needs administrative access is on the "Administration" menu. Anything else is trying to trick you.". That's a nice, simple black-and-white rule that's easy for the average user to get their head around, much easier than the rules needed under Windows. This neatly gets them out of the habit of OK'ing every dialog they find because they don't run into that many extraneous dialogs that have to be dismissed. Thos
Re:Well grandma... (Score:2)
All it takes is for someone to take such an app, add a trojan, and suddenly when you enter the password you're *expecting* to enter, you get a lot more than you bargained for. Stick it in an email titled "Hey
Re:Well grandma... (Score:2)
True, but again the trick is to keep the rule iron-clad and simple. My rule catches your example, because it's not run from the Administration menu. My statement to the user who asked about it: "If it really worked, it'd've been available in the package management window that you use to install everything else and it'd've put itself in the Administration menu properly. It didn't, therefore it's trying to trick you.". It's all conditioned response. Windows conditions people to click OK no matter what. On mos
Re:Well grandma... (Score:5, Insightful)
I proposed two years ago that Apple implement something similar. Create a special key combination that would be caught by the OS and passed to WindowServer, which would then spawn an alert if the app presenting the dialog was not authorised to. This is particularly useful for Keychain access, for example. I don't mind an IM program having access to my login details, but I do object to it having root access. When I install a new version of it, I have to enter my keychain password (which is my login password, by default) in a dialog box that (hopefully) the system presents, but I have no way of verifying that it is the Keychain subsystem that is going to get the password, not the application.
Re:Well grandma... (Score:3, Informative)
Windows is running in protected mode at the login screen. Generating a hardware interrupt from ctrl+alt+del was a bios feature.
ergo, if you are running NT, 2K or XP then keyboard is handled by the OS rather than the bios and there is no automatic hardware interrupt. It only works in real mode!!!
Also, what if you are using a USB keyboard?
Re:Well grandma... (Score:3, Insightful)
Re:Well grandma... (Score:3, Insightful)
"Even if OS X is only 5% of all PCs in the world, surely there are a good number of hackers out there who would love to release an OS X virus into the wild, just to prove it can be done. Besides, the total number of OS X installs today is certainly greater than the total number of Windows installs that existed at the time the first Windows virus was released.
Most h
Re:So? Grandma isn't my problem (Score:2)
Again... Not my problem. Social engineering tricks are only the fault of the user and never the OS.
The point being is that it is very hard to hit you with invisible or automatic attacks with OS X.
Sure I might put in an admin password or run a fungame.app which clears out my user directory, but you know... That was my fault and I should hold the blame.
Other user's stupidity isn't my problem and if it
Re:So? Grandma isn't my problem (Score:2)
Re:So? Grandma isn't my problem (Score:2)
So you were lucky and either:
1.) Never bought a music cd with a Sony rootkit on it
or
2.) Had a hardware/software firewall or NAT router that prevented your computer from being infected in 2003 when the Blaster worm [wikipedia.org] outbreak occured. The Blaster Worm nailed m
Re:So? Grandma isn't my problem (Score:2)
As for your hypothetical example --- that's what it is. We can talk about it when it actually happens.
Re:Well grandma... (Score:2)
Exactly. When people talk about "insecure windows" they inevitably bring up Spyware.
There isn't any spyware on a mac, this tells me there's a lot more credence to the "no marketshare" argument than most people think. Spyware doesn't rely on any security holes... why isn't there spyware on OSX?
Re:Well grandma... (Score:2)
The real issue is that Windows is inherently insecure because of (order does NOT matter):
- most users run as Administrators members (and Windows XP SP2 - the
The frustrating part... (Score:3, Insightful)
Re:The frustrating part... (Score:2)
Yes to caution, no to being silly: you can get killed in a good neighborhood, however if someone suggests you move from let's say Harlem to Beverly Hills you don't come with "Beverly Hills could be unsafe too" argument.
Network effects (Score:3, Insightful)
Obviously it helps that there haven't been any worms on OS X, but in principle writing OS X viruses isn't technically difficult. Spreading them is.
In addition, Microsoft finally appears to be concerned about security, as demonstrated with XP2 and as will probably be demonstrated in Vista. So the security advantage of OS X is, I suspect, likely to dissipate over time. Still, I plan on using OS X for the foreseeable future.
Re:Network effects (Score:3, Interesting)
Obviously it helps that there haven't been any worms on OS X, but in principle writing OS X viruses isn't technically difficult. Spreading them is.
This is true for all OS's. It is the propagation mechanism(s) that are the hard part. Most malware by infection number is not spread as trojans. Especially, most is not spread as trojans not disguised as data. With Windows, it is easier to disguise a program as data and it is easier to find a remote vulnerability to exploit. As you mentioned, it is also easier
The reason for sex (Score:4, Interesting)
There you go. The reason sex exist at all and why monocultures are dumb. Diversity and variation makes life very difficult for diseases.
In fact the security advantage of OSX isn't likely to dissipate all that much, a monoculture will always be more likely to spread diseases, all it takes is a single flaw and there are going to be plenty of flaws in millions of lines of code.
Re:Network effects (Score:2)
No, if it were simple to do, someone would have done it. What is protecting the mac is that the MS Windows is not the softer target. What
Re:Network effects (Score:3, Interesting)
Personally, I think the best estimate for expected viruses should be: (installed base * attack surface)^2.
The (installed base * attack surface) value defines the number of potential network connections that malware writers can use, so that number should d
Maybe, but they're still right. (Score:3, Insightful)
I'm not really surprised that everyone supporting an illegal monopoly has been brainwashed, but it's still kind of sad.
Best way to compute untroubled (Score:2, Insightful)
Or in a more general sense: the best way to be safer from viruses is to use a platform that is not the mainstream one. Mac OS X is one example of something that could be used. Also, Linux, Free BSD, Solaris and various other platforms would work.
Why some OSes are more resistant (Score:5, Insightful)
My thought is that there's three reasons Macs and *nixen have fewer viruses.
Re:Why some OSes are more resistant (Score:2, Informative)
Re:Why some OSes are more resistant (Score:2)
Re: (Score:2)
Re:Why some OSes are more resistant (Score:2)
In my experience (Score:2)
UNIX systems
Re:Why some OSes are more resistant (Score:3, Insightful)
I don't find this argument convincing.
These days, I believe the bulk of viruses and worms and malware are created by spam and DDoS guys. Spam is big money, and DDoS is either blackmail or spite. These aren't the same adolescent guys trying to show how cool they are, these are people who
Re:Why some OSes are more resistant (Score:2)
WinXP/smart-user is not their target, and much less BSD/advanced-admin.
However Linux/naive-admin is sometimes their target and WinXP/clueless-user is a target so big that they can certainly avoid all the other targets that are more time consuming.
I believe there aren't any BSD/clueless-admin boxes out there.
Re: (Score:3, Informative)
Re:Why some OSes are more resistant (Score:2)
My feeling is the guys doing this for money aren't writing the malware. Using kits built by someone else yes, but it's a lot cheaper to use something already prepared than to invest heavily in your own tame uberhackers to come up with original software. The money guys are about ROI, and the ROI on original software just isn't there.
By tying into the system libraries, I mean tricks like the rootkits use (and that ancient DOS-based stealth viruses used) to make themselves invisible. Modify or override libc o
Re:Why some OSes are more resistant (Score:2)
Re:Why some OSes are more resistant (Score:2)
My girlfriend's computer is infected... (Score:5, Funny)
She currently runs:
Re:My girlfriend's computer is infected... (Score:2)
It's hard to measure what they are saying. (Score:4, Interesting)
When you talk about security things and security software people like to have numbers, it makes them feel good. Like the Snort IDS has 3000 signatures (I'm not sure what the latest number is but I imagine it's around 3k) or Norton AV detects 50,000 viruses where non-Norton AV may only detect 20,000 known viruses and some other IDS may only have 100 signatures. Does that make Snort and Norton AV better because they have bigger numbers? For certain types of audits it might be better but for real security it doesn't matter that much. At any given time you're probably only realistically concerned with a smallish handful of IDS signatures or viruses. The old "stoned" viruses for example (of which there are dozens of variants) simply aren't interesting or even terribly important today. This has a direct correlation to desktop security. Basically, the number of holes as a raw metric isn't so interesting, you're really concerned about the holes you have that people don't know about (or maybe they do) Fundamentally though, at any given time there are only a handful of interesting viruses that are active or interesting exploits that people are really using, big databases of them look better but don't mean much.
Mac OS X isn't built using some exotic technology (or maybe not exotic, Ada or Java would be exotic for an OS) that somehow creates fewer bugs. It's in C, C++ and Objective-C, not that different from windows. It has gone through some porting which might lead to better code and coding practices. Relatively speaking the bug densities should be fairly similar. Apple is different from MS in a somewhat larger way though, they don't have the same resources and so they probably generate a lot less code. They also have to please Steve and rather than adding feature after feature which has kind of been the MS way, they've taken a much more simple route. Less code is less bugs. More features probably does mean more bugs but I'm not sure I've seen that really established as a general truth anywhere.
The crapware point is an interesting one. Personally, since I've been Mac OS Xing it, my taste and tollerance has changed. I don't know that it's particularly more secure but I do expect things to work and I think I have a higher standard than I have in the past. I know on windows (which I don't use much) I've been less expectent of things working. In the wildwildwest days of Linux I got really use to v0.4 and 0.7 of various things working enough to get some stuff done. On OSX I pretty much demand that things work, I demand that apps are "good." (TM) There are some emotional things that may result in better security, I don't just willy-nilly install stuff, I like some vendors better than others, Apple for example has a track record of building really good software for OS X, I'm more likely to use their shit. Nagware is simply a no-go. To be completely honest, there isn't that much stuff that I really *have* to install on it to get it up and running and productive. I can't remember not "enhancing" a Linux install or windows install before it was "useable"
Maybe the other biggest thing and I couldn't back this up with real science anywhere, MS has a tremendous legacy to support. Simply removing DCOM or OLE or Active-X might fix a ton of security problems but windows wouldn't keep working. I think Apple may have learned some of those lessons form AppleTalk back in the day; I don't even know if you can make OS X do it, I really have no need.
Re:It's hard to measure what they are saying. (Score:2)
This is a big issue. Apple has a few hundred programmers total. Microsoft
Perhaps not watertight, but not a sieve, either. (Score:3, Insightful)
The fact of the matter is that more people are going to believe a simple quantified statement than an abstract technical discussion; so Sophos is making the argument that will convince the most people, rather than an argument that would convince, say, the more technical folks on Slashdot.
Oh, you want the technical reasons? Okay, here goes my list:
Re:Perhaps not watertight, but not a sieve, either (Score:4, Informative)
The fact that Mach was designed with security in mind is why no one sane used it. Mach checked port rights on every message send, which made a Mach system call and order of magnitude slower than a BSD system call. While people might be willing to sacrifice 10-20% of their power for security, 90% is too expensive. This was exacerbated by the fact that Mach required a lot of context switches to get anything done. On OS X, this is irrelevant. The entire XNU kernel runs in a single address space, losing the memory protection benefit that a multi-server Mach-based OS (like Mach/HURD) gains. In addition, Mach messages are only used at the Mach layer (and for a few low-performance things, like notifying the GUI of kernel-related changes), removing this benefit.
Re:Perhaps not watertight, but not a sieve, either (Score:2)
If you want to go back to the OSes NT and OSX are based on, the NT core is based on VMS [windowsitpro.com]'s design (almost as much as OSX from Mach, though OSX actually uses code from Mach, whereas NT has VMS's developers) and VMS was first released in 1
Let's take a look at the arguments. (Score:4, Informative)
"It's because there aren't many OS X machines."
Bogus. 4% might be a small percentage, but there are tens of millions of Macs out there. Not only that, Apple users tend to be smug and Apple itself puts out a constant vibe of superiority, plus a very visible chain of elitist boutique retail stores. Is there not a hacker on Earth motivated to take down those arrogant Mac users?
On top of that, with millions of OS X machines out there, the number of self-propagating viruses in the wild should be greater than zero. But the number is actually zero.
Surely something more than "security through obscurity" is at work here.
"Mac users are more sophisticated."
Bogus. Aren't Macs supposed to be the computer "for the rest of us," the non-technical, the artsy-fartsy, the writers, the musicians, the English majors? Those people are NOT technically savvy, yet they are the Mac's core users.
Macs have fewer viruses even though their users are not technically oriented and are not security savvy.
"All you have to do is trick a Mac user into entering their root password."
Bogus. The root user is not enabled by default in OS X. The non-technical users mentioned above are not going to know how to turn it on.
You might be confusing the root and administrative passwords, since there isn't that much of a barrier between the two in Windows.
The Mac is safer because of the nature of Unix architecture and Apple's own safeguards, not because of obscurity or user sophistication. There are things you can get away with in Windows, like certain e-mail-based viruses, that are simply not allowed in OS X. Mac OS X is not invincible, but clearly there are structural advantages to how OS X is set up for security.
Remember, the number of viruses in the wild for Mac OS X is not proportional to market share, user base sophistication, or anything. It's pretty hard to correlate the number of viruses to any single cause when the number is ZERO.
Intel switch resets clock on Mac viruses (Score:5, Insightful)
Well what happens now that the whole Mac architecture is shifting to Intel? It's substially harder (almost impossible) to write a buffer overflow attack that works on two different processor architectures. You have to choose which architecture your attack is going to execute code for.
So then if there are not enough Macs around to write exploits for today, it stands to reason that there will not be any significant Mac exploits until the number of mac users at least doubles from current figures, possibly even more.
Yes there are also attacks that attempt social engineering on a user but they often work in conjuction with more classic code exploits to gain more permission than they would have otherwise.
I'm in the "Macs are better designed" camp (Score:5, Insightful)
No question in my mind. I'm not saying they are invulnerable. Heck, the community is so tight knit that if you could get something downloaded (say that MacSaber program a few weeks ago) and put something in it, you could get the virus out there. It may be found fast, but you got it out there and by then you may have done damage.
That said, if I were to run MacSaber for the first time (or some little game or widget or whatever) and I suddenly got a box asking for my root password, you can bet I would be stopped dead in my tracks. You just DON'T SEE those boxes unless you are doing system updates or installing software like Office. If you just download a program and double click on it and get that, you have to wonder what it's doing.
Now before I switched last year, I had a PC and I ran AV and all that stuff, but it never did any good. The fact is I had a clue and could have run with nothing but my firewall and been fine. You are not guaranteed to get malware on Windows. But let's talk about my little sister and my parents. They download stuff. And since they don't know where the reputable sites are, who to trust, which programs are good, etc... they find that stuff easily. Every time "the computer is broken", it is almost inevitably malware. That or they turned something off I installed they shouldn't have (Disk Keeper, for example, which is practically required to run Windows IMHO). Same thing with neighbors I help. Even if they are somewhat savvy and can use the computer and install hardware, it still happens to them. It's pathetic. There have been viruses that you just have to preview in Outlook to get your OS infested. That is just plain bad design.
After using my Mac, it is clear to me that any idiot who sits down and uses a Mac day to day is less likely to end up with Malware. From the root prompts, to the fewer security holes, I think there is a clear reason for this divide. Mac users are not smarter. There is a very sizable portion of them that are just like introductory Windows users. They do the same stupid things. The fact they aren't ravaged by malware says something.
Now I won't deny that the Mac's market share has played a part, you'd be an idiot not to. However, I think the virus-in-the-wild count for OS X (hint: 0) means something. It means instant fame for the first person to make a good virus for OS X. You get it out there, even if it doesn't do much but change people's wallpaper or whatever and you get your name EVERYWHERE. Slashdot, Digg, all the Apple sites, the mainstream computer media (PC World, et all). That is a REAL tempting target. Let's not forget that every time a story like that gets published, it is just someone publishing a big bulls-eye on the Mac. But the market share helps with the pop-up ad problem. How many ads do you see on the 'net that look like a Windows dialog box telling you "Your computer is infected, click here". Guess what, people do. In my house people do, my neighbors have. It tricks 'em. Most people on a Mac wouldn't be fooled by that (just because it looks different). So that kind of thing does make a difference. That report the other day that 80% of users can't tell the difference between a real toolbar and a picture of one was scary.
Macs aren't immune. The OS is better designed.
As for Linux, it's better designed too, but it also has some other influences (for example, it would be tough to make a virus that worked reliably across different kernel versions and distro configurations). But again, there are SO MANY Linux servers out there that there must be enough run by idiots that if it was just as bad as Windows we would see a reasonable number of viruses out there (ie.. more than next to none).
There was a report in my PC World today (I think it was) that was basically scare tactics about viruses ("10 Myths That Make You Vulnerable" or some such). The one about Macs and Linux being safe really made me mad. While they are not immune, Windows for the average computer user is a leaper colony compared to running Mac or Linux.
Re:I'm in the "Macs are better designed" camp (Score:2, Insightful)
That is a most excellent observation
Re:I'm in the "Macs are better designed" camp (Score:3, Insightful)
Well that is one of the arguments about asking the user questions. When you ask the user too much, they just say yes. I've done that and gotten into trouble once or twice. When Windows constantly asks "Are you sure you want to delete this shortcut", "Are you sure you want to show all files", "Are you sure you want to download from this site", "Are you sure..." you learn very fast to just say yes because it is too much of a hassle. The only thing those dialogs did was annoy me. When they added them to OS X a
In a perfect world (Score:2)
AND
We'd have more secure OSes. Microsoft is already borrowing from OS X and Linux, which is good
AND
We'd have better educated users. This takes patience and persistence. People need to keep plinking away at friends/family.
If they were serious ... (Score:2)
Of course, I would love for the virus checkers and Microsoft to kill each other with their last dying act.
Now back to my Debian testing desktop with XFCE and Firefox and OpenOffice and Rhythmbox and
It's simple (Score:3, Interesting)
Re:Oh. (Score:2, Insightful)
Re:I switched (Score:3, Informative)
And a crash a week is too much. You probably have something gone wrong there.. like bad memory or a peripheral that is not happy.
Re:I switched (Score:2)
Re:I switched (Score:2)
Re:I switched (Score:2)
on x86? (Score:2)
If you're using Mac OS X on a PC, you need to know that most (illegal) images you grab on the net has some sort of patch applied to it in order to make it install and run on non-Apple hardware. The patches do not come with any reliability guanratee.
Furthermore, the "original image" was most likely grabbed by Disk Utility on OS X, which results in a .
Re:on x86? (Score:2)
Try memtest (Score:2)
Equation to jpg (Score:3, Informative)
Create your equation in either Grapher.app or the Equation Editor tool that comes bundled with Appleworks. (Equation Editor is more powerful and flexible and has a certain classic charm, but it's very old and a little clunky. Grapher is newer and easier to use).
Select and copy the equation to the clipboard. Open Preview.app. Select File->New (or hit Cmd+N); this creates a new document containing the image in your cli
Re:I switched (Score:2)
Re:I would but... (Score:3, Insightful)
Install the free Aqua Data Studio database admin tool. [aquafold.com]
My parents would but they do not like change. They had enough issues upgrading from Windows 98 to Windows XP.
This is more a matter of social engineering. Some people fear change, while other are taught only applications, not resourceful thinking.
My brother would but he plays WoW and he is not texh savy to get OSX to run on his PC.
Take the same WOW cds and put into your Mac. Double-click the install icon. Did you forget that WOW (and
Yes but (Score:2)
Yes, at that point the Mac and Windows box are equally secure.
Then you turn both of them on...
Re:Mac users are unable to identify hax anyway (Score:4, Informative)
Huh? What's wrong with typing "netstat -a" and "ps -aux" in the console?
Thats all the tools I need to detect unathorized connections and programs.
Re:Mac users are unable to identify hax anyway (Score:2)
Re:A briliant mac review ;-) (Score:2)
Obviously not. No one who expects to be taken seriously uses the term "fan-boy" anymore.
Re:No. really. . . (Score:2)
Never Install (Score:2)
Dang.
Ed Palma