Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- From: "Daniel Johnson" <danieljohnson2@xxxxxxxxxxx>
- Date: Thu, 18 Dec 2008 06:23:17 -0500
"wetpixel" <wetpixel@xxxxxxxxx> wrote in message news:171220081542478144%wetpixel@xxxxxxxxxxxx
In article <DaWdnWxWI5gARtXUnZ2dnUVZ_t3inZ2d@xxxxxxxxxxxxx>, Daniel
Johnson <danieljohnson2@xxxxxxxxxxx> wrote:
It's a standard Maccie trope to claim that since Windows has far moreBut you're wrong; no one is claiming pixie dust, no one claims anything
malware than the Mac, the Mac must have magic pixie dust (which Mac fans
cannot explain) to protect it.
magical -- they just show that there is an enormous and undeniable
difference.
No. People say much more than this. The very title of this thread says more than this.
The experts are uniform in saying it's because of the Unix
foundation and Apple's excellent implementation.
People who say that are not "experts", since they evidently know nothing about OS X, or Unix, and plainly haven't taken a look at Apple's implementation either.
You know who says that? Apple's marketing says that. They present "Unix" as a sort of totem, which is supposed to drive off malware like evil spirits. But no real 'expert' is going to be taken in by that sort of thing.
Lots of other people are- and it is a detriment to their own security when they are.
Mac users do not have
to know each reason why that made a difference, because (once more!)
Mac users do not have to think about the issue!
Perhaps not. But even though they do not think about it, this somehow does not stop them posting on public forums. :D
But we can look at the actual product, and see that this is not so.You can see that it doesn't have magical pixie dust? Right.
You can see that there is no difference in the malware threat? Silly,
obviously, stupidly wrong.
We can see that the product itself is a much softer target than Windows these days; we can see that Apple is not putting much effort into the technical side of security.
We cannot see how much malware there is by looking at the product. If we tried to do that, we'd be misled: we'd think OS X is lousy with worms and viruses.
The explaination must, therefore, lie elsewhere. It is worth noting that theIf you make that presumption in the face of so many factors, then you
notoriously insecure Mac OS Classic also had a very low malware count
(compared to Windows); presumably a lot of this is just market-share.
are proving to be the simple and uninformed one, not the others.
Well, I 'presume' it because no better explanation has been forthcoming. At least not if you exclude the verifiably false explanations.
The only other explanation I know of that isn't silly is that Mac users are much more informed about computers than Windows users, of average, and so are much more difficult to fool with trojans, more likely to be patched up to date, etc.
That sounds very plausible, but then I read this newsgroup. :D
[snip]
However, you are missing the point. The security features you mentioned-Are you trying to _defend_ Windows by saying that you don't have to use
"administrator permissions to modify the OS"- are just standard filesystem
permissions that Windows has had since NT debuted. But you do not need to do
any of that to, say, compromise an email client, and then send spam from the
compromised account.
one known weakness, because you can use another? This is by way of
proving there aren't any significant weaknesses in how Windows is made?
You seem to be a little weak in the 'reading' department. I meant what I said: Windows has the features that you imagine are protecting OS X, and more. It's features actually work, which isn't always true of their OS X equivalents.
These technical measures are not the reason that OS X has a low malware count.
I won't bother to correct the other instances in which you didn't read what I wrote. It's not really worth it.
More recently, MS has been addressing this problem- and with some success,I think you've been copying and pasting, but yes, I knew that Microsoft
you will notice. When the traditional buffer overflow bugs turn up, they
work rather less well than before. Code injection fails because of DEP or
ASLR or /GS stack protection. Or it succeeds, but it can't get out of the
'protected mode' process it is in. Or it can't get out of session 0.
had done a lot recently. Most people realize that was because a lot
needed to be done, and there were a lot of things needed.
Apple has done a lot less of this stuff.
And MS's secure development lifecycle also seems to be helping. They seem toUh... Apple isn't doing so much to help solve its malware problem? That
be having fewer exploitable bugs in the first place, as well.
You will observe, if you look, that Apple isn't doing nearly as much here.
might sound like an observation, but since you haven't shown any
attacks happening... what do you think Apple should have done?
I disapprove of security theater, and of Apple's dishonest marketing in general. They should not bother with password prompts unless those prompts mean something; they should either remove those prompts or fix the holes that can be used to bypass them.
As a practical matter, they don't intend to ever be a mainstream platform, so maybe they don't need Microsoft's level of security. But they really should not advertise themselves as safer without it.
You can argue that they are in some sense safer, but their advertising about this is clearly misleading.
[snip]
Well, no. But Leap-A would overwrite your applications (to infect them), andSeriously? You're going to cite one attack from years ago to show that
it could overwrite most of them without bothering with a password or
anything. There was no exploit; OS X just allows this.
the Mac OS problem is similar to what Windows has to deal with?
You're not serious!
I think it is illustrative of Apple's attitude. Before the SDL, XP was riddled with exploitable bugs- but MS did try to fix them; it did not just ignore them.
[snip]
This is what I mean by security theater. They show you the password promptsYou really don't want to make that stupid criticism in the face of how
to make you feel safe, but they don't bother to close trivial elevation
vectors that bypass it.
Windows works, do you?
I think that was an erudite, subtle criticism - full of nuance and jellybeans.
In any event, Windows' version of this feature, UAC, actually works. Nobody has found a way to bypass it. I expect that if they did, Microsoft would fix it promptly, too.
[snip]
You open the file and write. It's not hard. You'd think it would be, but itBut you cannot save that file, without user ack, right?
isn't.
Yes, you can.
So you cannot
make any lasting changes? And it's not clear that you can open the
system-protected (superuser ack) files with this 'technique.'
There are no 'superuser ask' files. The Finder (and some other things) will ask for the admin password to allow you to change some things, but it is always the admin, not the superuser.
Absolutely everything in '/Applications' should be in this category, but it isn't.
Normally, on a Unix, you would not be allowed to overwrite such anYou're getting this from what? And you know someone (other than the
executable; on OS X you are. If you do overwrite such an executable, it
loses its setuid-bit and becomes a normal executable. But 'repair
permissions' fixes this little problem, leave you with an executable that
will do whatever you want, and do it as root.
claimant) who has tried it and done it this way?
It's been widely confirmed. The original MOAB website seems to be down at the moment, but this vulnerability is
CVE 2007-0345, if you want to look it up.
I can find nothing confirming that this works on Leopard, but I can find nothing confirming that Apple has fixed or mitigated it, or if so, how.
[snip]
It is attacked. It is just not attacked much. But such attacks as there areIsn't the most important part that it is not attacked much?
show that it can be done, and we can look at the techniques they use. They
are not very clever or sophisticated; they don't need to be.
After all, once you are talking about real-world risk, that's rather
the point, isn't it?
If you want to use this as a selling point for OS X, you ought to demonstrate that whatever causes this difference will apply to a new users coming over from Windows.
Ironically, if it's OS X's obscurity doing it, then it will help, as long as not too many new users come along.
However, if OS X's advantage is the sophistication of its average user, then it won't be nearly so helpful.
[snip]
.
- References:
- Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- From: Chance Furlong
- Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- From: Daniel Johnson
- Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- From: wetpixel
- Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- From: Daniel Johnson
- Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- From: wetpixel
- Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- Prev by Date: Re: #1 reason people don't like VISTA
- Next by Date: Re: The responsibility dodge that keep coming back
- Previous by thread: Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
- Next by thread: Upgrading iMac
- Index(es):
Relevant Pages
|
