Posted on 04/12/2015 6:27:05 PM PDT by Utilizer
I'll just say that it's worth noting that those slams against Macs are the same tired old tech-blog writer whore list of unworth complaints. Same ones as for the last, what, 5? 7? more? years.
And Apple's OS X, based on BSD Unix with a designed-in, not bolted-on-afterward, approach to security, will continue to have the smaller, stronger, and better defended attack surface for the foreseeable future. Windows has gotten much better over the years, and it's largely on a par with OS X with regard to most aspects of user security. But its internal complexity works against the goal of a simple, strong structure with inherently minimal attackable characteristics. That's just a fact.
Let me get this straight... Someone asks about their old MacBook that isn’t upgradable beyond Lion (or maybe it is, but they just haven’t done it?). The computer is old enough that it would fall under the same kind of software obsoleteness as Windows XP. So that makes Apple “crap”? Really?
My 12 year oldmac book pro still runs like a champ too
That’s right good old Seattle pulled Windows 7 from the shelves when it released 8.0.They had NO desire to let the market decide. You act as if Microsoft spends countless dollars and hours supporting old systems.....It doesn’t.
That’s right good old Seattle pulled Windows 7 from the shelves when it released 8.0.They had NO desire to let the market decide. You act as if Microsoft spends countless dollars and hours supporting old systems.....It doesn’t.You are 100% wrong. Microsoft supports and issues patches for Windows 7 every month, along with Windows 8/8.1, and the server OSes. Most IT departments are still installing Windows 7...
Amazing amount of ignorance on this thread.
Let me get this straight... Someone asks about their old MacBook that isn’t upgradable beyond Lion (or maybe it is, but they just haven’t done it?). The computer is old enough that it would fall under the same kind of software obsoleteness as Windows XP. So that makes Apple “crap”? Really?
Mac OS-X Lion was released in 2011. It's 2015 now, which means Apple is not releasing a security patch for an OS that is 4 years old. Microsoft supported Windows XP for 12 years before cutting off support.
I never said Apple was crap. It's only you Mac fanboys that are calling Windows crap.
And Apple's OS X, based on BSD Unix with a designed-in, not bolted-on-afterward, approach to security, will continue to have the smaller, stronger, and better defended attack surface for the foreseeable future. Windows has gotten much better over the years, and it's largely on a par with OS X with regard to most aspects of user security. But its internal complexity works against the goal of a simple, strong structure with inherently minimal attackable characteristics. That's just a fact.The Windows security model, which originated in Windows NT, was designed in from the start. Windows users are, unfortunately, used to running as an Administrator (*nix equivalent of root). UAC is essentially the same thing as the sudo feature on Linux and Mac. It's not some "bolt on".
There is so much misinformation in your reply, I’m not even sure where to start.
The vast majority of malware that I’ve seen on people’s PCs comes from them downloading some crap and installing it, blindly clicking past the security prompts. Usually this is some software product that has some crap like Ask.com toolbar or equivalent embedded in the installation. I don’t care what platform you’re on, if you do that, you’re going to get malware. The difference is, on the Mac, the quantity of apps that do that is just way less. The App stores (on both platforms), I think are eventually going to kill off that attack vector. There just won’t be another way to install apps.
We’re on a thread discussing a critical vulnerability (root level access) in OS-X, that’s been there since 2011, and you’re sitting there claiming that Macs are completely secure. You’re not doing less-informed users a real disservice with that kind of outright lie.
The comment about Apple products losing the hacking contests because people wanted to win a Mac is, by far, one of the most laughable claims I’ve ever seen on the Internet.
But I will concede one point, and one that you don’t directly make, but that you allude to in your reply. And that is, the biggest security vulnerability these days is not the OS platform, but rather the browser add-in products, most especially Flash and Adobe acrobat. It’s so bad, that the hacking contests like Pwn2Own have broken those exploits out as a separate category. And btw, those products are cross-platform.
“only you Mac fanboys that are calling Windows crap” - really? When did I do that?
You might want to look up some of the interviews done with these hackers... interestingly enough, year after year of "hack it/win it" contests - the reason repeated - they wanted the Mac... it is a FACT.
Well, you're right about Windows users being used to running as an Administrator. But for the rest of what you said, I don't quite agree.
Windows NT, as originally designed by Dave Cutler with VAX/VMS as its model, had a very good, if overly complex, security model. It was, however, compromised severely as Microsoft turned it inside out to make it more like Windows 95. Stability was compromised by designing it to run drivers in kernel space (that's where most BSODs are from), and security was compromised by not enforcing simplicity when adding features. Convenience was held higher than security for a critical decade, until it became clear that XP was unsustainable and they brought out SP2 and broke a bunch of stuff because they had to. Then Vista UAC was added to the user interface, shifting responsibility to the user instead of making the system more intrinsically robust.
UAC is not "essentially the same thing as sudo". Sudo is not a privilege elevation of a process per se, it's you becoming root. The closest Windows comes to sudo is "Run-As Administrator", except that Run-As Administrator isn't really that, it's more like "run as something kinda like Administrator, except that you're really not Administrator, and the program you're running can tell, and it won't run exactly like it would if you were really Administrator." Believe me, there are plenty of things you have to do logged in as the Administrator that you cannot do with Run-As Administrator. Sudo on Unix/Linux/OS-X actually makes you root -- your effective user ID (euid) actually changes to 0 (root). That is not true in Windows; you do not become the Administrator. And anyway, that's not UAC.
UAC is selective process privilege elevation, the same "Mother-May-I" user prompt which in OS-X is the prompt for an administrator username and password. In both cases it makes the user responsible for making a decision they may not be qualified to make. But there's no other way to limit privilege elevations.
Beyond all that, the actual point of my original comment was that the more secure a system is inherently, the less you have to worry about all this Mother-May-I crap. Unix has a relatively simple internal structure and is inherently more secure than Windows, which is incredibly complicated*. The original NT would have served much better if they hadn't weakened it, and then had to bolt on things like UAC after the fact -- UAC appeared first in Vista, 15 years after NT was designed.
* There is a famous quote from one of the senior members of the Vista team, when a flock of them quit when Vista was released, admitting that "There is no one at Microsoft who actually understands what all is inside Windows and how it all works". That's one hell of an admission, when you consider that there are literally scores of people who understand quite thoroughly how Unix and Linux work.
I am not wrong in saying that Microsoft pulled7 from the retail shelves.
Amazing amount of ignorance from one who has an axe to grind
I am not wrong in saying that Microsoft pulled7 from the retail shelves.I'm not disputing that you can't walk into the Microsoft Store and buy a copy of Windows 7. But neither can you walk into the Apple Store and buy a copy of OS-X Lion. Enterprise customers can, by the way, continue to buy Windows 7 licenses.
What I was disputing was the claim that Microsoft doesn't support old versions of Windows, or that Apple's support is comparable. I gave you a specific example of Microsoft supporting XP for 12 years, and Apple having already stopped patching an OS that is only 4 years old.
Please, spare me the lectures about how Windows works.
I agree with some of what you say, but I also take exception to some of it. It sounds like your understanding of Windows is about 10-12 years out of date. I’ll give you some examples.
Let’s take your first point, about drivers running in kernel mode. Linux, OS-X, and Windows all have aspects of the system code that might be considered to fall into the category of “driver” and that is running in kernel mode. It’s pretty much a necessity for performance.
Things that don’t need to run in kernel mode, generally don’t do so. A good example of that is the user-mode driver framework supported in all recent versions of Windows. Most drivers that can run that way do so (for example, USB device drivers, printer drivers, etc.).
REgarding UAC, I understand that UAC is not exactly the same as sudo, but it’s effectively equivalent for the point I was making. The user is running with reduced privileges, but can temporarily get a privilege boost to perform some action. And BTW, “Run as Administrator” is pretty much the same thing as what happens with UAC - the process token has the same user account associated with it, but the token temporarily gains Administrator permissions. The only difference is that when people say “UAC” they are generally referring to the OS popping up that box asking for permission before elevating privileges. The benefit of this model over sudo is that you retain the user identity, so any auditing that is done will show which user made the change.
Personally, at times I find the Windows security model over-complicated, although I do like aspects of it better than *nix (for example, I find the simplistic file permission model in *nix limiting at times).
I completely disagree that the security model in Windows now is a weakened version of what was in NT. That’s just not true at all.
And in any event, the security issues the hackers exploit really have little to do with the underlying security model. With few exceptions, the problems generally fall into one of two categories: 1) User’s doing stupid stuff and giving malicious code permission to run amok through the system, or 2) Some bug in the OS code (or browser code, or browser plug-in code) allowing an exploit. The article in this thread is an example of category #2.
Finally, your comment about Linux versus Vista complexity is just flat-out wrong. No one understands every aspect of Linux, nor OS-X. These systems are all too large for one person to understand it all from end to end. Even Linus Torvalds doesn’t understand every module that’s part of a modern Linux distro.
That said, I agree that there are things in Windows that are poorly designed or unnecessarily complicated, and that are better in Linux. My favorite example of that is the Windows driver model, which is an absolute nightmare compared to the elegant “everything’s a file” model of Linux (not sure what OS-X driver model is, is it even available outside of Apple?).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.