Re: Is Windows 98 SE More Secure Than OS X?


"GreyCloud" <mist@xxxxxxxxxxx> wrote in message
news:BPudnf0iat4nHxbZnZ2dnUVZ_rSdnZ2d@xxxxxxxxxxxxxx
John Slade wrote:

"GreyCloud" <mist@xxxxxxxxxxx> wrote in message
news:Jq2dncZFLOhPkBbZnZ2dnUVZ_s2dnZ2d@xxxxxxxxxxxxxx

John Slade wrote:


"GreyCloud" <mist@xxxxxxxxxxx> wrote in message
news:b7GdnRC2R_xsZxTZnZ2dnUVZ_vWdnZ2d@xxxxxxxxxxxxxx


NRen2k5 wrote:



GreyCloud wrote:



Josh McKee wrote:



In article <mr-5591F7.10084108062006@xxxxxxxxxxxxxx>,
Sandman <mr@xxxxxxxxxxx> wrote:




In article
<jtmckee-7947EB.14454307062006@xxxxxxxxxxxxxxxxxxxxxxxx>,
Josh McKee <jtmckee@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:




Wow. You've discovered that there aren't many security advisories
for an OS that isn't being used much any more...


Why would it's usage be relevant? Haven't we heard from Mac
zealots that market share (number of users) has nothing to do with
it?


No, I haven't. Could you quote someone saying it is? Actually,
you'd have to show Alan Baker saying it, since you're replying to
him, not "all Mac zealots" which is an undefined group of people
that no one knows who's included in.



Thanks for finally admitting that market share is a factor in the
lack of malware for the Macintosh. See...it wasn't that hard. You
didn't fall over dead.


Doubt it. Mind explaining how to write a virus or malware for any
Unix?


Same as with any other OS: You find a weakness, and then you think of
a way to exploit it.

Which appears that windows has many weaknesses. Very few have been
able to find the weaknesses in Unix.


Then why does Apple release patch after patch after patch that plugs
up a hole that could let someone take over OS X boxes?

To take care of the vulnerabilities that *they* have discovered.


Damn. Why are you stating the obvious?

To keep you honest.

Once again, the holes did exist and could be exploited by bad hackers.

But do you know this? I doubt it very much.

Yea I know it. It's called proof of concept. The holes exist so they
issue a patch. If it was impossible to exploit then there would be no patch.

Name the patch numbers and what was it precisely that Apple patched?


I'll do you one better I'll actually show you the particular security
holes that are marked "Extreme Criticality" by Secunia.

For starters, I'll show you the whole list on Secunia.

http://secunia.com/product/96/

9% of the threats on that page are listed as "Extreme Criticality". But
since you don't want top hear just raw numbers let's go to an individual
threats.

Here's one from a few months ago. ]

http://secunia.com/advisories/19129/

As we read this we find that in Safari, the imbeded OS X browser, (like
IE is imbeded in Windows) was very vulnerable. The launcher program in OS X
could run maliciouis remote code that had been made to look "safe". This
could be a virus, trojan, worm or other malware inside a file that's
launched. The Apple Security Update number is 2006-002. I like how they put
three zeros in front of the "2". I guess they expect a lot more patches this
year. ;)

Now that Safari hole is probably the worst one. In that same patch
issued this year, apparently there is a hole in mail that will let...oh just
read it.

"2) A boundary error in Mail can be exploited to cause a buffer overflow via
a specially crafted email with an overly long Real Name entry. This allows
execution of arbitrary code on a user's system if a specially crafted
attachment in the AppleDouble format is double-clicked."

***! That sound like a critical hole to me. A hole that lets somone run
arbitrary code from a remote location? Hehe. That sound severe enough for
you?

Oh wait here's another one. Boy it's a doozie too!

http://secunia.com/advisories/20077/

Wow this one fixes no less that 12 highly critical vulnerabilities and
it came out just about a month ago. Let's take a look at the specifics.


1) An error in the AppKit framework allows an application to read characters
entered into secure text field in the same window session.

2) Errors in the AppKit and ImageIO framework when processing GIF and TIFF
images can be exploited to crash an application or potentially execute
arbitrary code.

For more information:
SA19686

3) A boundary error within the BOM component when expanding archives can be
exploited to crash an application or potentially execute arbitrary code.

For more information:
SA19686

4) An input validation error in the BOM component when expanding archives
can be exploited to cause files to be written to arbitrary locations outside
the specified directory via directory traversal attacks.

5) An integer overflow error in the CFNetwork component when handling
chunked transfer encoding may allow execution of arbitrary code if a user is
tricked into visiting a malicious web site.

6) Errors in ClamAV when processing specially crafted email messages may
allow execution of arbitrary code.

For more information:
SA19534

7) An error in the CoreFoundation component allows dynamic libraries to load
and execute when a bundle is registered. This can be exploited to execute
arbitrary code if an untrusted bundle is registered.

8) An integer underflow error within the
"CFStringGetFileSystemRepresentation()" API during string conversion may
allow execution of arbitrary code.

9) An error in the CoreGraphics component allows an application in the same
window session to read characters entered into secure text field when
"Enable access for assistive devices" is enabled.

10) An error in Finder within the handling of Internet Location items makes
it possible to specify a different Internet Location type than the actual
URL scheme used. This may allow execution of arbitrary code when launching
an Internet Location item.

11) Boundary errors in the FTPServer component when handling path names can
be exploited to malicious users to cause a buffer overflow, which may allow
execution of arbitrary code.

12) Various errors in the Flash Player makes it possible to compromise a
user's system via specially crafted Flash files.

For more information:
SA17430
SA19218

13) An integer overflow error in the ImageIO framework when processing JPEG
images can be exploited to crash an application or potentially execute
arbitrary code.

14) An error in the Keychain component allows an application to use Keychain
items even when the Keychain is locked. This requires that the application
has obtained a reference to a Keychain item before the Keychain was locked.

15) An error in the LaunchServices component when processing long filename
extensions may allow bypassing of the Download Validation functionality.

16) Boundary errors in the libcurl URL handling may allow execution of
arbitrary code.

For more information:
SA17907

17) An integer overflow error in the Mail component may allow execution of
arbitrary code when viewing a specially crafted email message with MacMIME
encapsulated attachments.

18) An error in the Mail component when handling invalid colour information
in enriched text email messages may allow execution of arbitrary code.

19) An design error in MySQL Manager makes it possible to access the MySQL
database with an empty password as the MySQL password supplying during
initial setup is not used.

20) A boundary error in the Preview component may allow execution of
arbitrary code via a stack-based buffer overflow when navigating a specially
crafted directory hierarchy.

21) Two boundary errors in the QuickDraw component when processing of PICT
images can be exploited to either cause a stack-based via a PICT image with
specially crafted font information or a heap-based buffer overflow via a
PICT image with specially crafted image data. This can be exploited to crash
an application and potentially execute arbitrary code.

22) A NULL pointer dereference error in QuickTime Streaming Server when
processing QuickTime movies with a missing track can be exploited to crash
the application.

23) A boundary error in QuickTime Streaming Server when processing RTSP
requests can be exploited to crash the application or potentially execute
arbitrary code.

24) An error in Ruby can be exploited to bypass safe level restrictions.

For more information:
SA16904

25) An error in Safari when handling archives with symbolic links may place
the symbolic links on a user's desktop. This requires that the "Open 'safe'
files after downloading" option is enabled.

Damn! I look at this patch and quite a few of these say "execute
arbitrary code". That could mean anthing including malware like keyloggers,
viruses and spyware. Man that's a lot of vulnerablities. When I update my
Windows system, it usually fixes a few things and maybe a critical on here
and there. *** this OS X with all those "highly critical" vulnerablities in
just one patch seems to speak of a very unsecure OS according to Mac people
who parrot every exploit found in Windows even if it was NEVER exploited.
This is Apple's OS X Security Update number 2006-003.

Now that was just two of the patches. I won't go into the others. Now I
expect the whiners to start trying to qualify these now that I answered your
question. They're going to say stuff like "duh nobody used that exploit to
attack." That's becaue, drumroll please, nobody hardly uses OS X and hackers
attack OSes that are POPULAR.

Why do you think nobody even tried? I mean damn are you that fucking
stupid?

No, but you seem to be quite stupid.

I'm smart enough to know why nobody has attacke the multiple security
holes in OS X. Now let's do something. Let's count ahead from the last time
Apple issued patches for severe or highly critical vulnerablities in OS X.
When they issue another one for highly or severely critical vulnerabilites,
count the days that those holes were there without being patched for someone
to try and exploit them. Then ask yourself why nobody did.


I mean *** how many times do I have to keep telling you the same damned
thing before it sinks in?


How many times do I have to tell you to quit making things up?

I wish I could see your face as you read this post.


> And

most of these are found in the Apps.


Excuse number 1.


But the apps did have holes in them.

Yep, just like IE is an app and Outlook Express is an app. Apple uses
the same types of helper apps for OS X. I've shown vulnerablities in Safari.
A huge portion of the vulnerablities in Windows are found in IE and OE.
However something tells me that you will continue to say these are Windows
problems and not problems with the apps alone. However you will try to split
hairs with the same kinds of apps in OS X.


But where are all this malware you keep talking about for OS X?


I've told you so many times that I think you're so brainwashed, your
brain won't allow you to see the posts that contain the information. I've
cited malware time and time again.


What malware? You mean something that got fixed a couple of years ago??

Nope this year.


Guffaw!!! Quit making up FUD.


Am I?


I've yet to have any problems with OS X.


Once again, just because you don't have problems doesn't mean they
exist.


I'm not saying that a problem may be there,

As well you shouldn't but you did challenge me to find the patches for
these problems and numbers. Obviously you thought it would be hard to find
them.

but no one has exploited anything yet. Which makes it rather obvious that
so far nothing has happened.


BING! BING! BING! That's my COQA detector at work. COQA=Cop Out
Qualification Addition. You see what this person just did. He challenged me
to find holes, he realized I might find some so now he's saying they don't
count because nobody exploited them. However that was not in his original
claim. He's trying to weasle out.

Now will this person apply the same rules to Windows? Is he going to
show that every single vulnerablity, patched and unpatched, has been
exploited in Windows? I don't think so. You see he's saying that just
because a vulnerablity in Windows exists, that means it's not secure.
However though the same type of vulnerablities in OS X exist, he's saying OS
X is "more secure than Windows. Now we see what a big tub of bull*** this
is. Fact is the ONLY thing that's keeping all those holes in OS X from being
exploited is obscurity.


You do know the difference between a vulnerability and an exploit?


Exploits are vulnerablities. When someone successfully attacks then
the vulnerablities are exploited. But hey I'm always open to new meanings
of words. Please explain the different meanings.


No, a vulnerability will have a potential to be an exploit when someone
figures out how to take advantage of a vulnerability. A major difference.


They're the same thing essentially. An exploit is a vulnerablity plain
and simple. Exploit being a security hole. This hole can be exploited or
not.


And also the difference between low risk and severe risk?



Yea some of the patches Apple puts out are critical pataches. That
means damage can be done by hackers if it isn't patched. Tell me this,
how do they actually find the holes in OS X at Apple?


Name the patch numbers that are considered critical patches.
The fact that no one got hacked makes your argument meaningless.
Keep pissing against the wind.

BING! BING! BING! Another COQA detected. Now this idiot has played right
into my hands. He's saying that because nobody wants to attack OS X, the
argument about vulnerablities in OS X is invalid. He's saying that OS X's
obscurity is what makes it secure. Now isn't that what we've been saying all
along? How long did it take this dummy to figure it out? Years... That's a
damned shame...

John



--
Posted via a free Usenet account from http://www.teranews.com

.

Quantcast