Maybe not God but certainly to those to whom He loans talent.
Posted on 07/22/2010 7:40:23 AM PDT by for-q-clinton
Here's another blow to those insist that Apple products are rock solid and unhackable: The security company Secunia reports that Apple products have more vulnerabilities than those of any other company. Oracle came in second place, with Microsoft in third.
Secunia just issued a report that covers vulnerabilities for the first half of 2010, and it's not good news for Apple. The report (which you can download here) shows that Apple last had the most vulnerabilities of all vendors in 2005, before Oracle took over the top spot. And now Apple is on top again. You can see the chart, below.
The chart shows that Apple products consistently have more vulnerabilities than do Microsoft ones.
...
However, there will certainly be one surprise for those who believe that Microsoft products are particularly vulnerable --- Secunia reports that they're not. The primary vulnerabilities on PCs are not due to Microsoft programs, but rather third-party programs, it says:
...
The report then concludes:
Users and businesses must change their perception that Microsoft products pose the largest threat in order to allocate security resources effectively. General awareness on the risk of 3rd party programs must be established.
(Excerpt) Read more at pcworld.com ...
I used the word obscure. I did not misuse the security concept known as "security through obscurity" as you did. I know the anti-Mac crowd does misuse it in this way, as this isn't the first time I've had to smack down this false claim.
In any case, your use of the concept was incorrect, whatever word was used. Minority doesn't necessarily mean safer, and obscurity is used in valid ways in security. Nobody would laugh as you claim.
Maybe not God but certainly to those to whom He loans talent.
What color is a sky on your world?
The old Apple is too small to be noticed by hackers is a BUSTED MYTH.
Because Apple is the 200% larger than Android in the smartphone OS and as we all know, ZERO viruses on iPhone and THOUSANDS for Android. This was a thread 2 weeks ago beaten to death. And here we go again.
If PC and PC phones are better and safer than Apple products why do ALL the PC products have and NEED antivirus and why are there 10s of thousands of known actual real world working viruses for them and ZERO, ABSOLUTELY NONE for Apple?
Size... yeah... Well, iOS has been out now for 4 years and STILL ZERO while closing in on the #1 spot! So Size of market is meaningless.
Now, this won’t stop the FUD... you will post another article JUST LIKE THIS next week, after this one has 400 posts and you know the result?
ZERO VIRUSES NEXT WEEK....
Wow!!!! I must have dodged a bullet and won the lotto with this apparent one of a kind iMac. This is my first Mac that I have had for over 2 years. Not once has it froze and not once has it been infected.
Here is the really big surprise... Not once, as in never, have I had ANY problems with this one of a kind Mac.
Now with all that information and my nearly 3 years of complete satisfaction, I finally know that I am the only guy in the world with a perfect computer.
When I bought this thing I paid quite a bundle, but that is pocket change for what I should be able to get for it now!!!
If anyone want’s to buy the only known perfect iMac, I now have it for sale, for the quick sale price of $20,000 cash. My price is firm as this is a collectors item, the last and only one of it’s kind.
This very Mac, that is more rare than planets with known life, can be yours.
All other Mac’s suck, make you a lib and turn you into a gay... mine is the only one that is safe.
I’ll wait for your calls at 1-800- MORE B/S. Hurry, call now.... this won’t last long.
You can’t fix what isn’t tested.
LOL I can’t use a iPhone in my area because they just won’t work, until they contract with Verizon.
So, I bought an Android X 4 days ago. I immediately had to download virus protection. The phone has locked up 3 times. This first time it hung, I called the tech at the store and was told to take the battery out while it was on, wait a few seconds and put it back in. Here we go all over again.
My iMac has me spoiled.
I'd agree in general; however, Apple released a patch just a few weeks ago that contained something like 35 arbitrary code execution vulnerabilities in their Safari browser. ACE holes are particularly nasty, as the hacker can end up doing anything they want. And with those holes being in Safari, it means simply browsing to a website could compromise your entire system.
And we've pointed out, time and time again, three years running, backed up by statements by the winning hacker, Charlie Miller, that it was not "quickest" or "easiest," but actually took weeks of preliminary work by a world class security expert and two other ex-NSA computer security experts and was merely rapidly executed at the Pawn2Own contest because it was ready. Miller came prepared... the other hackers were not prepared with their hacks of the other platforms. Your repetition of this, in light of your "easiest/quickest" assertion after having being repeatedly disproved by links to the facts, makes your posting of it again a lie, since you cannot claim ignorance of the facts.
Googled up the concept, did you? I checked, that source comes up first for "security hide ssid" in Google. I'm glad you're learning something. As I said, and as your source confirms, both can easily be bypassed by an expert. But look at more sources. Both are still commonly accepted security practice.
True, it only takes a little extra effort by an expert to bypass SSID hiding and MAC filtering. But it's a good thing to force more effort upon your attacker. It quickly eliminates those going for the low-hanging fruit in your neighborhood, or just those who are less talented. It slows drive-bys and generally makes you the least attractive target of the 10 more open WiFi networks available from that spot in your neighborhood.
A dedicated hacker with resources can quickly bypass WPA2 encryption using a rainbow table attack if you didn't change the SSID (assuming average password length). But changing the SSID only slows him down in that same scenario, as a brute force attack can still be done with GPUs. Does that mean you shouldn't change the SSID from the default? No, changing the SSID is recommended because it slows the attacker down.
Defense in depth. Learn the concept. Removing even layers you know can be bypassed still lowers your depth.
If you want to talk counter-effective security measures, think of the Club (steering wheel lock) in modern cars. The thief quickly cuts through the steering wheel with a small hack saw to take the Club off. At that point, what is the Club to him? What you just left in your car for the thief to use is a hardened-steel bar that he can use to gain great mechanical advantage against the steering wheel to break the internal steering wheel lock. The Club is actually a benefit for the thief because it saves him from having to suspiciously walk around with a long leverage bar. In this scenario, the Club actually makes your car MORE attractive to the thief and likely to get stolen.
But even that negative scenario assumes a pro is going after your car. An amateur looking for a joyride is likely to pass over your car and go for your neighbor's if you have a Club.
You'll see them produce a Mac product when the Mac becomes a profitable platform for the virus writers, and viruses begin to appear.
For now, they're just spreading FUD, trying to break down the common assumption that Macs don't need anti-virus software. That's a correct assumption for the time being, because it's so much harder to write a virus for the Mac. Of course the Mac has vulnerabilities, all complex software does, but it's damn difficult to EXPLOIT them, which is why the virus writers avoid the Mac as a target. It's too much hard work!
But that won't last forever -- Windows 7 is pretty damn secure, and people are migrating off the old Win2K/XP platforms. So it will eventually become harder to use Windows for the botnets and so forth.
At that point, the Mac will start to look attractive as a virus target, despite the much greater difficulty of exploiting its vulnerabilities.
And then you will see Mac anti-virus software begin to take hold. Until then, the companies have to stick mainly to Windows, because that's where the profit is. To do otherwise would be stupid business.
Why did they bother expending resources to go after ISS and SQL Server/MSDE? Why expend resources for OS 9? You're trying to redefine and move the goalposts so your theory will work, but you're left with the basic fact that hackers ARE interested not only in OS X, but have been interested in software with a far smaller target population.
I do grant that, all else being equal, a larger target population makes it likely that a larger number of hackers will go after it, and that a relatively larger number of exploits will be found and utilized to spread malware. But with over 100,000 distinct, effective bits of malware floating around for NT, I'd expect a decent number of successful OS X malware in the wild if the inherent security of the systems were the same. Yet here we are, nine years running, almost nothing.
Malware getting installed by dumb users is a lot more involved and take a lot more time to hit many users especially when you are targeting only 5% of the computer market.
The aforementioned OS 9 virus required the user to 1) put an untrusted disk in his machine without antivirus protection while knowing there were already disk-based viruses out there, and 2) leave QuickTime autorun on. In short, it required dumb users.
It's even easier to target the smaller populations these days, since spam bots can easily send out billions of links to infected sites. Most of them go to the already well worked over Windows world. Given that there's little to no cost in sending this spam, there's no good reason not to go after an UNTAPPED 50+ million machines.
Care to explain this Here is where the word OBSCURITY was first used by you
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.