Re: OS X "Security" myths
- From: GreyCloud <cumulus@xxxxxxxx>
- Date: Sat, 08 Oct 2005 11:26:42 -0600
Donald McDaniel wrote:
>
> GreyCloud wrote:
> > Donald McDaniel wrote:
> >> On 2005-10-06 01:56:36 -0700, C Lund <clund@xxxxxxxxxxxxxxxxxxx> said:
> >>
> >>> In article <ByV0f.1735$y_1.517@edtnps89>, "Fred" <Fred@xxxxxxxx> wrote:
> >>>
> >>>> Windows is more secure than you think, and Mac OS X is worse than you
> >>>> ever imagined.....
> >>>>
> >>>> http://www.techworld.com/security/news/index.cfm?newsid=1798
> >>> So where is the malware for OS X?
> >>>
> >>> You wintrolls can spin like tops all you want. But the fact remains;
> >>> there is currently no known malware for OS X.
> >> This apparent lack of exploitations for OS X may be a simple matter of
> >> Apple's market-share of desktops as compared with Microsoft's
> >> market-share.
> >>
> >
> > Not likely. Market share has nothing to do with it.
> > Back around 1990 or so, a fellow that worked for NSA in the
> > computer division. His son figured out how to perform a
> > "Denial Of Service" attack on UNIX systems. It brought a
> > lot of UNIX systems down to their knees. But all that did
> > was jiggle the UNIX vendors into cleaning up their code,
> > which they did. A nice wake up call. But there really
> > hasn't been any major problems since, and no viruses were
> > ever able to get into UNIX boxes due to the way the o/s is
> > designed. Same for the WallStreet VMS machines which never
> > had even these problems. The real problem is that the
> > dominant operating system on the market today happens to
> > also be poorly designed. You did know that Jim Alchin
> > tossed out Longhorn due to its crappy designed and chastised
> > the software engineers?? They have started from ground-zero
> > and redoing it. It is called Vista. But with M$ track
> > record for poor security, we'll see.
> >
> >> Most malware writers want to reach as many desktops as possible with
> >> their code, so they concentrate on developing exploits for Windows,
> >> rather than OS X.
> >
> > With OS X or any UNIX, it is damn near slim to nil.
> > So what does this tell you about the design of windows??
>
> It's not so much that it tells me anything about the design of Windows.
> I already knew that Windows is not the most secure OS around.
>
> It does tell me that there is not much "boast factor" for malware
> writers and script kiddies to attempt to get through OS X's defenses at
> the current time.
This is where the faulty thinking comes in on most peoples
part.
Hasn't ever occured to you that just maybe... OS X is very
difficult to write malware for??
The script kiddies will only put in so much time and then
give up.
Just like the Hackers convention in Las Vegas known as
DEFCON.
It is easy to get into windows, a lot more difficult to get
into UNIX, and so far no one has ever been able to get into
VMS.
> There are not any OS's which are totally impossible
> to break into, IF they are connected to the Internet. All it takes to
> write an exploit is a "design feature" which is intrinsically vulnerable.
>
There is that sole point you should pay attention to...
vulnerabilities.
Find the vulnerabilities in any UNIX. You really have to
know UNIX internals to find them along with the source
code. With M$, you don't need the source code... it is just
too simple to breach their security.
That's why it seems that this is just a "popular o/s so it
is the most hacked" view.
Windows gets hacked because it can.
> That even Unix can be breached is evident from the fact that hackers and
> script kiddies break into Unix systems routinely.
Show an example of any UNIX system that is routinely broken
into.
> In fact, most serious
> hackers use Unix systems to do their dirty-work themselves.
Got any evidence that this is done?
Or is it because UNIX usually comes loaded with tools that
windows doesn't have?
> It's only a
> matter of time and chance before they break into OS X systems.
>
No, it will take great skill to figure out where the hole
is, if any.
> Apparently, they have had no reason to get into OS X systems up till now
> (although I would advance the theory that this may happen more often
> than Apple would want its users to know.)
>
They really have no reason to break into a windows box
either, but seeing that it is so simple they do.
Sort of like a drive-by mail box bashing spree.
> >
> >> Probably, if Apple ever gains a significant market-share of desktops,
> >> the malware writers will begin concentrating more of their time and
> >> resources on Apple.
> >
> > Only a guess in the dark, and when you turn on the lights
> > the imaginary roaches scatter.
>
> I've never seen an "imaginary" roach scatter when I turned on the
> lights. Only real ones. Perhaps you took too much Acid before you
> observed these "imaginary roaches."
Guffaw!! That's because you posted an imaginary scenario
that just isn't true and has no basis in fact.
>
> >
> >> As to the relative secureness of Windows and OS X: having used both a
> >> Wintel and a Mac, I prefer OS X over Windows. At least I don't have to
> >> purchase and install an antivirus product every year, as I did while
> >> using the Wintel machine.
> >>
> >
> > Absolutely. One of the main reasons for moving to a Mac in
> > the first place.
> > My Solaris box also doesn't have these problems.
>
> You really exhibit a "Pollyanna" attitude, my friend. Hackers don't
> care what OS you use. They probably use the same one. As long as you
> are connected to the Internet via a public IP, they can get in.
Yeah, right. I'm on broadband and have yet to have any
problems with Solaris for the last 7 years now.
Tell me another fairy tale.
> Some
> systems might take longer than others, but all systems are eventually
> breakable to hackers determined to get in.
Tell that to the professionals that have tried to break in
to a VMS system.
Hasn't been done yet.
>
> Unix-based machines get hacked routinely.
Again, show proof.
> Hackers like to capture them
> because of their relative security over lintels (isn't that ironic),
> making it easier to defeat other less-endowed hackers in their
> interminable wars which they wage on the Internet.
>
> >
> >> Being on a local network, I don't have to worry too much about
> >> exploitation by hackers, anyway. This, in combination with OS X and
> >> safe surfing habits, makes me feel much safer than I did while running
> >> Windows.
> >
> > Safe surfing habits?? Some sites you'll never know are safe
> > till after the fact.
> > No problems with all the other o/ses.
>
> These sites are usually pretty obvious. Also, while OS X itself may be
> relatively safe (for now) from most (if not all) malware, it is
> currently possible to pass on those Windows viruses which arrive via
> email to users with Wintels from an OS X machine. While they may not be
> executable on a Mac, all you have to do is forward an email containing
> Windows malware to a friend or friends, and then have them click on a
> link which you think is for a download of a picture file or mp3.
> Malware writers really know how to use "human engineering" to get people
> to install their crap. Even the most knowledgeable user sometimes gets
> sucked in.
Guffaw! Only if you use Windwoes.
You don't pay too much attention... I don't have that
problem with UNIX.
>
> Windows users usually learn to recognize those virus-laden emails (or
> their anti virus package informs them of viruses in their email) when
> they arrive, but I doubt that Mac users ever learn to recognize them
> because of their "Pollyanna" attitudes.
Guffaw!! Only in Windwoes land do you get these problems...
the rest just laugh it off.
.
- References:
- Re: OS X "Security" myths
- From: C Lund
- Re: OS X "Security" myths
- From: Donald McDaniel
- Re: OS X "Security" myths
- From: GreyCloud
- Re: OS X "Security" myths
- From: Donald McDaniel
- Re: OS X "Security" myths
- Prev by Date: Re: OS X "Security" myths
- Next by Date: Re: OS X "Security" myths
- Previous by thread: Re: OS X "Security" myths
- Next by thread: Re: OS X "Security" myths
- Index(es):
Relevant Pages
|
