Re: The Myth of the secure Mac

In article <ARd9f.30345$ty1.9711@xxxxxxxxxxxxxxxxxxxxxx>, TheLetterK
<theletterk@xxxxxxxxxxxxxxxxx> wrote:

> Donald L McDaniel wrote:
> > In article <uow8f.18753$NJ.1576@xxxxxxxxxxxxxxxxxxxxxx>, TheLetterK
> > <theletterk@xxxxxxxxxxxxxxxxxx> wrote:
> >
> >
> >
> >>That is equally untrue. You are screwed only if you use Outlook.
> >
> >
> > Let's be truly honest about this, ok? You are only screwed if:
> > 1) You fail to apply necessary recommended security patches after
> > installing XP, especially SP2, which contains many security
> > inhancements.
> > 2) You fail to install, use, and update decent antivirus, anti-trojan,
> > anti-malware, firewall protection after installing XP or soon
> > afterward.
> Oh, goody. After dropping $100 on a peice of software that does nothing,
> I get to go buy/find even *more* software.

Claiming that an antivirus package "does nothing" only shows your lack
of understanding of the facts at hand at best, and shows a callous
disrespect for the programming expertise of Windows security
programmers at worst.
>
> > 3) In the case of a firewall, the XP-supplied firewall should be
> > enabled before going on the Net. Additional firewall software should
> > be installed, however, for optimal safety.
> No point. Set your box behind some sort of simple 'hardware firewall'
> (the side effect of NAT translation is good enough for home users), then
> have some software firewall that checks outbound packets. No reason for
> multiple redundency on a home desktop.
>
> > 4) If Internet Explorer is used as default browser, it should be set on
> > highest security settings which will allow for good browsing. The
> > Popup Blocker should also be engaged, and set at highest settings
> > possible which allow for good browsing.
> Nothing to do with the subject we were discussing.

Browser security has nothing to do with overall security of the OS?
You really are a maroon, aren't you?

>
> > 5) If Outlook is used:
> > a) Junk Mail filter should be enabled, and set at highest level.
> > This will allow for some false-positives (not many, once it is
> > trained), but will filter out the majority of the crap (especially crap
> > containing social engineering in the body of the message or malware
> > attached as common Windows files) Make sure this Junk Mail is moved to
> > a local "Junk Mail" folder, so that it can be later examined for false
> > positives before being deleted. It might be a good idea to archive
> > Junk Mail for a few months, so that you will have a pretty good set of
> > messages which can be trained as Junk Mail. Or, just train it as you
> > go along (or automatically, if you don't mind some of your legitimate
> > mail being classified as "Junk").
> Or just forgo outlook in favor of a decent e-mail client.

Your characterization of Outlook as a "not-decent" email client
certainly doesn't give much credit to the software engineers at
Microsoft. To me it only shows your lack of understanding of just what
a "decent" email client is.

>
> > b) Outlook Security should be set at "medium" or higher. The
> > objective is to keep from downloading self-executing viruses or trojans
> > contained in binary files, which might hitch-hike onto an image from a
> > visited website, or a link which will send you to a criminal website
> > for further social engineering, or any number of other vile things.
> There is no excuse for self-executing e-mail viruses. None.

There is also no excuse for any other type of malware. They are all
written by criminals who have no concern for the lives or property
rights of anyone but themselves.

>
> >
> > Try to keep this in mind at all times: Never click on a link contained
> > in an email message from someone you have never communicated with or do
> > not recognize. It can only lead to damage to your file structure.
> Don't patronize me.

Patronize you? Sir, you do me an injustice by accusing me of this. I
don't know you. I have simply given general principles of Windows
security to anyone who needs it. Apparently you don't. Take what you
want from the plate, and leave the rest, but don't spit on it. It is
offered from an honest heart with a sincere desire to help someone who
might need the instruction.

>
> >
> > Between what your default browser stops, and the Junk Mail filter
> > catches, and what Outlook stops, and what the built-in firewall catches
> > before being downloaded, XP will be relatively safe and free from most
> > malware.
> Seems like a lot of work for a slow system that does nothing of value.

"Slow system"? I guess it would be slow if you tried to put XP on a
Pentium III 500mHz/w 128mb of memory. XP is in no way "slow" on my
Wintel system, however, nor is it "slow" on most modern Wintels.

Saying that a Wintel does nothing of value completely denigrates the
millions of workers out there who use Wintels on their desktops every
day to do the work of many industrialized nations.

>
> > Installing additional anti-malware software will only
> > increase your chances of being relativly safe
> While also increasing resource usage.

"Resource usage" was a problem with Window 98. However, XP was
designed from the ground up to better handle resources. I've never
noticed a slow down on my XP machine because of "resource usage",
except when I had poorly-behaved or beta software running in the
background.

Well-written XP programs will have little or no effect on available
resources. With XP, the only arbiter of resource usage is the amount
of available memory, and the amount of free disk space.

Even under OS X, an app can only use available memory, and the more
apps running there are, the more available memory will be used, and the
more demand on disk resources will be. This will all conspire to use
up resources on XP, and the same things will conspire to use up
resources on OS X, so OS X is really no "better" at resource usage than
XP is.

>
> > and free from malware
> > using XP Professional. Third-party firewalls are mostly installed to
> > control what goes OUT of your machine, not what comes in. In addition,
> > they are installed for the extra features, such as a visible Whois map
> > or Popup control, or to add better Spam controls and filters to your
> > email client, or better logging abilities.
> I am aware of this.

Ok, so you are aware of it. Big deal. Many people are aware of it.
However, others might not have been aware of it, and now are. Get over
yourself, dude.

>
> >
> > Now, this may or may not be necessary on the OS X desktop, but that is
> > irrelevant. The fact is, the above measures will keep you safe and
> > free from malware on Windows XP Professional if carefully and
> > consistently applied,
> But why go through the trouble? Windows is a peice of *** even in the
> best of situations.

That, sir, is your opinion. It may or may not also be mine. However,
our opinions are irrelevant. The fact is, the measures I have outlined
are followed by millions of Windows users every day, and they never
fail to work if applied consistently. If such reasoning were brought to
its logical conclusion, there would be no police protection on the
streets, because you might think that all cops are pieces of ***, so
why use them in the first place?

>
> > just as properly applying OS X's security
> > measures works only if carefully and consistently applied. Maccies may
> > not like this, since it shows the world that Macs are not the only
> > computers in the world which can be safely maintained by anyone if he
> > applies himself.
> >
> > Whether security is handled mostly internally by the OS, as in OS X, or
> > externally, through third-party Windows apps, is irrelevant, since both
> > work successfully for their respective platforms.
> The Windows 'solution' just costs a lot more, and lets more through.

Compared with spending the excess bucks on the inflated prices of
Apples, spending a few extra bucks to keep my system free of malware
would more than pay for itself very quickly.

>
> > And in fact, both
> > platforms have some form of firewall,
> OS X's is a great deal better. Ipfw vs. the XP firewall? Not a contenst,
> ipfw wins.

We aren't talking about the relative merits of a piece of software
here. We are talking about taking care of your data. So your argument
is totally irrelevant.

>
> > some form of junk mail filter,
> OS X Mail's is better.

How can you say that with a straight face. Mail's Junk filter is a
joke. It seldom works as it should, even after weeks of training.
Whereas the junk mail filter in Outlook works consistently, with few
false positives. Not only that, but it actually moves the Junk mail
out of the Inbox and puts it in the Junk Mail folder. Unlike Mail's
filter.

>
> > some form of browser security settings, in addition to internal OS
> > functions.
> >
> > Whether one way of handling security is better than another would be
> > better treated on Sunday morning down at the local Fundamentalist
> > Protestant church after the preacher's sermon, down in the basement
> > while everyone's having coffe and doughnuts.
> >
> > Are PowerMacs well-engineered? Yes.
> Just because they are well engineered does not mean they are a good
> value or a decent system. They currently offer a good value if in the
> market for a mid-range workstation, but that will probably change in the
> next 3 months.

I'm not using my arguments here, stud. I'm using a favorite Maccie
argument.

>
> > I do admit that everytime I look
> > inside the chassis of my G5, I am taken by its complete "beauty", solid
> > look, and lack of wires and cables everywhere. However, some people
> > like wires and cables everywhere. I certainly have no bone to pick
> > with them. As they say, there's no accounting for taste.
> PowerMacs are too limited inside.

I don't know. I seldom ever have to open the case. But if I did, it
would be very simple to do it, unlike most PC cases.

>
> >
> > However, PowerMacs are not the only computers on the face of the earth
> > which are "well-engineered". Many Wintels are also "well-engineered".
> > Many Suns are "well-engineered". Many Silicon Graphics machines are
> > "well-engineered". Many IBM's are "well-engineered". They have to
> > be. They are the work-horses of the industry.
> Engineering has never been a requirement for leading the industry...
> just a 'good enough' product that's dirt cheap.
>
> >
> > I agree that the Wintel world could take a few pointers from Apple as
> > far as chassis design is concerned.
> Where did I say this? Or are you responding to someone else and forgot
> to quote them?

I am responding to the arguments of Maccies everywhere I've been, not
just yours.

>
> >
> > The difference between the PowerMac and an equal or better Wintel is
> > price, not quality or engineering excellence. Putting a lower price on
> > a product does not automatically lower its quality at the same time,
> > just as putting a higher price on a product does not automatically
> > increase its quality. Price is just not a factor where quality is
> > concerned (or it doesn't have to be). Not with modern manufacturing
> > equipment (which design and produce CPUs on the molecular level) and
> > techniques.
> >
> > The WinTel consortium can charge less for its products, while at the
> > same time retaining their engineering quality standards, resulting in a
> > "lower-priced, well-engineered product" instead of a "higher-priced,
> > well-engineered product", because of the vast quantities of product
> > they sell (and therefore, they can afford to manufacture more while
> > retaining the same standards of quality). Mass-production methods do
> > not have to guarantee loss of quality.
> This has what, exactly, to do with Outlook's lack of security?
>
> >
> > At least Apple keeps its price for its OS at a reasonable level (even
> > though they charge for each minor version change, unlike Microsoft, who
> > supplies OS verion upgrades for free, only charging for a major version
> > change
> Microsoft also charges for major point upgrades. 2000 was NT 5.0, XP was
> NT 5.1, and Vista is also a member of the NT 5 family (though if it will
> be 5.2 or something else, I don't know). Microsoft lets minor point
> updates go through for free (Microsoft calls them service packs), just
> as Apple does.

So you're telling me that Apple will be justified in charging $129 for
10.5.0, but not for 10.4.9? This cannot compared to the difference
between Windows 95 and Windows 98, or the difference between Windows 16
and Windows 32.

When Microsoft charges for a version upgrade, it is ALWAYS a MAJOR
upgrade (or a totally different Operating System, such as Vista, which
will be "Microsoft Windows" in name only), not a minor one like an
upgrade from 10.4.9 to 10.5.0. Now, if the upgrade were from 10.9.9 to
11.0.0, I could see how they could be justified in charging for an
upgrade. From my way of thinking, all upgrades in this case from
10.0.0 to 10.9.9 are MINOR version upgrades, and should be free to
licensed users.

By the way, I do believe that Apple will be justified in charging for
OS X/x86, since it will be a major revision of the OS.

>
> > (such as from 98 to ME, or ME to NT, or NT to 2000, or 2000 to
> > XP).
> Those were equivilent to 10.1->10.2, 10.2->10.3, 10.3->10.4. Microsoft
> just refrains from using the actual version numbers, but Apple does not.
>
> > Microsoft offsets this by charging more for its OS. And it can
> > charge more for its OS, having the monopoly over PC desktop operating
> > systems as it does. If Stevie-boy would get a little back-bone into
> > him, he could make a serious dent in Microsoft's market-share of
> > desktop operating systems by releasing OS X for any machine which will
> > support it.
> This would cannibalize Apple's margins and decrease profits. Apple tried
> this before, and it nearly killed them.
>
> >
> > Apple, on the other hand, is limited by its production methods, along
> > with its small share of sales, resulting in a higher-priced product.
> > The blame for this can be placed squarely on Steve Jobs. He has kept
> > Apple's market share extremely low through his insistence on using
> > manufacturers who produce fewer units because of using "better quality"
> > products, with a price reflecting this "better quality". Apple prices
> > are artificially inflated by Steve Jobs through his "better quality,
> > therefore, higher price.", propaganda .
> This is a myth--Apple buys Mac hardware for very little (when you
> consider their size). It's why they can spend so much on engineering and
> chassis design.
>
> >
> > Apple sales are actually lower because of the higher price of his
> > hardware products (caused by marketing considerations, not technical
> > ones), not because it somehow takes a "more intelligent,
> > discriminating, hipper user to use a Mac, and therefore, there are
> > fewer of those than the ignorant bottom-feeders who base their buying
> > decisions on the price, therefore Apple sells fewer computers to those
> > bottom-feeders".
> Apple is in a comfortable place--they are the #2 profit earning OEM in
> the world right now. Why would they risk that for marketshare? They'd
> have to quadruple sales in a year, to break even on that proposition.

I guess sometimes you have to gamble, don't you. Great fortunes are
not made by never taking chances.

>
> >
> > Jeeze! Even old "Kingfisher" in Louisiana (thief that he was) built
> > hospitals for the people. I went to one of his relative's political
> > rallies in my youth. The old pirate was there along with the rest of
> > his "family". He threw silver dollars into the crowd, sending them
> > into a frenzy of "kingfisher love". Did his relative get the entire
> > crowd's vote when the election was held? I don't know, since I was
> > more concerned about a caterpillar which fell onto my hand from the
> > tree above.
> >
> > Maybe Stevie should throw a few silver dollars into the crowd. Maybe
> > people should use silver dollars more. They would soon learn to
> > appreciate the weight of the money rather than its quantity.
> >
> > What a delusion! And you keep hanging on to it, while the world goes
> > on all around you. All you Maccies should move to San Francisco, where
> > you can live on bean sprouts and lentil soup all day, doing NewAge
> > chants in front of the mirror, while listening to the Grateful Dead, as
> > your "partner" steals you blind using your G5 in the living room one
> > penny at a time by tapping into your bank account sereptitiously, while
> > you polish your Berkenstocks. Maybe you would lose a few pounds around
> > your brains walking up and down the hills.
> >
> >
> >
> >>>
> >>>>Apple Patches
> >>>>- Apple has been good about patching their software, however, they have
> >>>>been known to wait three months between when they are informed of an
> >>>>exploit and when they patch it. This is more common in the industry
> >>>>than it should be. The point is, Apple is good about this, but they are
> >>>>not perfect. Refer to:
> >>
>
> >>>>>>>>>>>>http://news.com.com/Apple+issues+Mac+OS+X+security+patch/2100-7355
> >>>>>>_3-52181
> >>>>
> >>>>89.html
> >>>>
> >>>
> >>>
> >>>M$ is far worse. Some companies point out security issues
> >>>with XP and M$ squawks about being told about them. How
> >>>long did it ever take M$ to fix the security problems with
> >>>IE 6.0?? Several years and still more than 2 dozen
> >>>outstanding security issues.
> >
> >
> > Microsoft does not "squawk" about possible security issues.
> Squawk is a good word to describe it.

That is your opinion. I have never read anywhere of Microsoft
"squawking" about a recently-discovered perceived "security threat".
On the contrary. I always read that they are addressing the issue. I
am totally convinced that Microsoft takes EVERY perceived "security
threat" to heart and investigates each and every one. You never hear
about it, because they address the issues internally, not in the press.

>
> > They
> > carefully consider them in their labs. But they ask for truth and
> > proof, not supposition and anecdotes. Tell Microsoft about a security
> > breach, and they will quietly add your testimony to a thousand others'.
> > And those thousands of anecdotes become over time a pool of usable
> > data. When they can sufficiently demonstrate the verity of this
> > testimony, they will admit the truth, and address the issue. This is
> > EXACTLY what all other manufacturers would do, including Apple.
> Hrmm, here I thought the GNU/Linux community generally responded much
> quicker than that.

Time, shmime. Sometimes, these issues take time to properly
investigate. There are bugs in even the latest versions of Linux, much
less in the earlier ones. Bugs are a part of the whole programming
process. They can't be avoided, since no human being has the ability
to see EVERY possible outcome of every possible solution.

>
> >
> > That it may sometimes take Microsoft more time to address an issue
> > satisfactorily (after all, Windows is many millions of lines long, and
> > changes to one part of the code could have disasterous effects on other
> > parts of the code) only shows their carefullness in addressing the
> > issue.
> Microsoft' delayed release cycle is due entirely to their focus on
> business users to the exclusion of home users. They don't have to 'check
> millions of lines'--operating systems are way more modular than that.

Windows' modularity is not so extensive as you might think. After all
it has been written and re-written over and over for the last 20 years,
leaving layers and layers of bad programming on top of each other,
joined together by a few core routines.

Home users are more important to Microsoft than you might think, since
more home desktops are sold than business desktops. Any more, it
doesn't really matter, anyway, since the same people using PCs at work
use PCs in their homes, too. So sell one desktop to a CEO, the next
thing you know, a hundred employees will buy one for their homes, too.
Business and home usage of PCs are complimentary as far as Microsoft is
concerned. They work together to produce more sales for Microsoft.

>
> > And sometimes, there is just no satisfactory solution at the
> > present time which will not also break another important part of the
> > code (not to mention the further billions and billions of lines of code
> > of the thousands and thousands of other Windows applications.)
> You greatly exaggerate their task.

Do I? There are bugs in Windows XP that have been there since Windows
95. Microsoft freely admits that some bugs are not easily-reducible.
They can't really be that lazy.

>
> >
> > Finding fault with Microsoft for doing the same thing Apple does is
> > kind of hypocritical, don't you think?
> Apple's security track record isn't exactly confidence inspiring.
>
> >
> >
> >>>
> >>>>The
> >>>>
> >>>>common cliche applies here. Past performance is not an indication of
> >>>>future results.
> >>>
> >>>
> >>>But a knowledge of the UNIX internals will tell you it will
> >>>be extremely difficult to accomplish.
> >>>
> >>>
> >>>
> >>>>The main point that I want to get through here is that Apple does take
> >>>>you a long way with respect to securing your system. I am extremely
> >>>>pleased about that. However, they do not take you all the way.
> >
> >
> > Some people don't like to dirty their hands. Some do. Does that make
> > one better than another? Or one platform better than another? Of
> > course not.
> >
> > Let's face it: If one truly wants to be relatively safe in this world
> > (there is no perfect safety short of the grave), he must take his
> > security into his own hands, and take pro-active measures to protect
> > himself, his family, and his data.
> And should do that by moving to a platform that allows him that control.
> Like GNU/Linux.
>
> >
> > Any man who implicitly puts his trust in a computer program, any
> > computer program(such as OS X or Windows XP), is a fool.
> Or a program like, say, an anti-virus scanner.

I agree. This is why it is necessary to use a suite of security
products on a Wintel if you want to be relatively secure. One program
can support another.

>
> >
> > An example: Recently, a friend of mine accessed his Credit Card
> > balance via the Web, and found that over $1500 in charges had been made
> > against his card for food and lodging in New York City. Thankfully, I
> > was his witness to not haveing been in NYC during the period (or in
> > fact any period) the charges were made, in addition to which he had
> > several independent ways of corroborating his whereabouts on the dates
> > in question. So it really only hurts his ego, and not his wallet. But
> > it did temporarily interrupt his financial plans.
> >
> > Evidently, a hotel cashier somewhere was convinced enough by a computer
> > screen that someone who used my brother's name and credit card number
> > (obtained who knows how) was in fact my brother, and allowed him to
> > charge several days' services at his hotel to a card not truly his.
> >
> >
> >>>
> >>>Please elaborate.
> >>>
> >>>
> >>>
> >>>>Regarding responses. Please don't waste intelligent people's time with
> >>>>Apple marketing rhetoric. If "OS/X is the number one Unix platform on
> >>>>the web" or "Mac users are the most savy users out there". Please back
> >>>>it up with respectable sources. Apple marketing is not one of those
> >>>>sources.
> >>>
> >>>
> >>>And of course neither are any other companies rhetoric
> >>>admissable as evidence.
> >
> >
> > So you are going to stop spouting Apple propaganda like a good little
> > Nazi from now on?.
> >
> >
> >>>We've had a Mac for two years now and so far I have yet to
> >>>waste any money on AV software, spybot removal tools or ad
> >>>removal tools that seem to plague M$ users.
> >
> >
> > I assure you, money spent on AV/anti-malware software for Windows
> > machines is never wasted.
> Definitely true--it's nessesary on Windows.
>
> > It may or may not be wasted for Macs. The
> > jury is still out on that one.
> There's no point in buying AV software for OS X, unless your employer
> requires it.

I certainly won't take your word for it. I will wait for a final
determination on the matter.

>
> > But every time I have purchased a
> > Windows AV product, it paid for itself within 1 month.
> *That* is a sad state of affairs.

How can saving money be a "sad state of affairs"?

>
> >
> >
> >>In the last three years of using Windows some of the time (albiet for
> >>nothing of even marginal importance), I have spent exactly $0 on malware
> >>removal tools. Of course, it's easier and cheaper for me to simply
> >>maintain good backups and restore the system when there's a problem.
> >
> >
> > Everyone has their favorite way of handling malware, I guess. It's
> > easier for me to maintain a suite of decent anti-malware products than
> > it is to have to remove the malware once it gets into my files.
> >
> > You say "toh-may-do" while I say "tuh-mah-to".

> It's better to just image your box once you have it setup properly and
> maintain strong backups.

Again, that is your opinion. Millions of others have a different
opinion, many of them recognized experts in the field of security.

What you SHOULD say if you want to be honest and balanced is:
"It's better for _me_ to just image "_my_ box once _ I _ have it set up
properly, and maintain strong backups." God forbid that you should
ever somehow be considered an expert on security. Your solution works
for you -- Great! I'm happy for you. However, my solution also works
for me. You should be happy for me, too, instead of making crazy talk
about the supposed superiority of doing things *your* way.

One of the _first_ things I learned when taking Programming 101 was
this:

"There are /always/ *many* solutions to the *same* problem. One
possible solution out of a hundred is no better than the other
ninety-nine, as long as it works."

Keeping this fantastic piece of wisdom in my consciousness has kept me
reasonably level-headed and unpredjudiced up till now. You would do
well to incorporate it into your thinking yourself. It will carry over
into the rest of your life, as well as make you less inclined to take
your stand with the bullies of this world.
.