Posted on 01/03/2007 11:04:31 AM PST by newgeezer
Apple has been flying under the hackers radar. Just like Linux once did. Their smugness has led hackers to show they aren't perfect either. We all know Windows isn't perfect, but the reason they have the most exploits found is because they have the biggest footprint and hackers won't waste time trying to attack a handful of machines.
If you're saying no exploits makes an OS secure, then you will want to buy the one I wrote as it has yet to be exploited. Of course I'm the only one that has ever used it, but it must be secure since no one has ever hacked it. /sarcasm
Once again...security by obscurity is no security. Reason they don't exist is because there's not enough bang for the buck for the hackers. Oh and btw, they do exist...ever heard of Leap-A or Oompa-A. Now what's your defense.
I can take your word for that. I've heard of PC users who've had problems running QuickTime.
Although QuickTime does not contain spyware, looking at the technical details of this latest vulnerability, it's feasible that QuickTime could be a attack vector for loading spyware or performing some other malicious act. But the attack would have to lure the user into taking some action, like clicking on a link, so it's not an efficient way to propagate malware. The risk to the average QuickTime user is negligible. Another complication is that QuickTime is available for three platforms (Windows, PowerPC Macs and Intel Macs), and it would be difficult to create an exploit that works on all three.
Apple needs to fix some things, like checking for buffer overflows and checking for code following a colon character in URLs. These fixes should be simple to apply. I'm sure Apple is a little embarrassed that these bugs exist, but they should not cause any widespread problems.
The reason it wont' cause widespread harm is because there aren't enough MACs to make a dent on the news cycle, so hackers won't waste their time.
The Windows version is already fixed, but that requires someone to install the patch. Does quicktime autocheck for security patches?
But to lure someone to a link is pretty easy nowadays...a simple email with a funny video will do the trick. Users will click all your links if you give them one or two funny videos to watch.
Previous versions of Mac OS had lots of viruses in the wild, and they had nowhere near the market penetration or visibility of OS X, which has none.
Oh and btw, they do exist...ever heard of Leap-A or Oompa-A. Now what's your defense.
Leap-A/Oompa-A was a trojan, requiring the person to purposely run it and be running as administrator (which is not as common in the Mac world due to the better permissions set up in UNIX). I believe the first malware for OS X was a supposed pirated copy of MS Office, which if ran deleted files in the user's profile (but couldn't hose the system due to lack of root permission). There was one reported case of getting nailed by the latter, none that I heard of with the former.
There are no Mac viruses in the wild, no self-propagating malware, so the odds of getting infected are very low. People without antivirus are just playing the odds that they won't be among the first to get hit, and given that those odds are probably millions to one, it's not too bad a bet for most people.
AV sellers have been hyping every proof of concept (some of which they probably create) to boost sales, and so far nobody is listening. Only expect OS X AV sales to go up when there's actually something out there to worry about.
Apple had occasional problems with viruses several years ago when they were selling far fewer computers. Since then, Apple has switched to Mac OS X and is selling Macs in record numbers - and not a single virus has spread in the wild. Your theory is discredited.
The basic point is that there are better design decisions on the Mac side which explain the lack of exploits and viruses.
The best debunking of the security through obscurity myth is here.
It's a social engineering bug. People who click unknown links deserve what awaits them.
Assholes.
Hand him a 512MB video card and have him let you know when he's got it installed in the Mini.
Well, Apple chose to go from... MIPS? to Intel. Now there's essentially one homogenous processor used by everybody. So you can imagine the implications.
If you spent your time posting about every Windows exploit, you'd never leave your computer.
I'm not so sure that will continue with Apple's embracing of the Intel processor. Granted, dll-loading and system API calls within the virus code designed for Windows will not work, but I'd still think hackers could now have the capability to write platform-agnostic viruses for Intel that could do a phenomenal amount of damage. Your thoughts?
If the attack is designed in machine code, it probably won't be very portable. But it's possible to use cross-platform scripting and network vulnerabilities to attack different operating systems, even with different CPU architectures.
But there have been as noted above. The new vista requires users to say yes when running as admin as well; however, I bet the excuse antirepublicrat uses won't be acceptable for Microsoft when idiot users click on a link and say yes to allow admin access and wammo virus hits. The fact that most machines will be windows it's more likely that a virus writer will gamble that even if 1% of the users are dumb enough to say yes...they'll catch hundreds of thousands if not millions of users with their virus. If you catch 1% of the mac users that say yes to an admin access request...then you have caught hundreds of people. Not exactly newsworthy.
But those viruses were for Mac OS 9 and earlier operating systems that were discontinued years ago. There have been zero viruses in the wild for Mac OS X since it was introduced five years ago.
The vast majority of Mac OS X users don't even have anti-virus software. In the Windows world, they would be sitting ducks.
For trojans of this type, it'll still be the user's fault. However, Microsoft's implementation has its own problems in that it makes that box pop up so much in normal usage that users will get used to simply typing in the password to keep working with their normal stuff, and they may not notice that they just allowed something they shouldn't have.
And please learn something about the platform you denigrate before posting about it. There is less relation between OS 9 and OS X than between Windows 3.1 and Vista.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.