Security Firm: Apple Has More Security Holes Than Microsoft

PC World ^ | 22 Jul 2010 | Preston Gralla

[for-q-clinton]

So preparing an attack makes Mac secure how?

[NVDave]

If you have autofill turned on.

[PugetSoundSoldier]

Which is the default setting for Safari...

Meaning an out-of-the-box Mac, with only Apple software pre-installed and ready to go, will give up all your personal information without any actions from you. Just by browsing to a website.

[NVDave]

Correct, it is on out of the box.

So if JavaScript - which I tend to turn off on all browsers for exactly the same reasons.

[NVDave]

keystroke error.

“So IS JavaScript...”

JavaScript can be a source of much mischief in browser attacks.

Recently, I think the Adobe exploit is much more serious than most of what has been happening on any particular OS.

[NVDave]

I tend to doubt it.

Chrome is a nice browser if you have great gobs of core to devote to it. It is, by far, the worst memory pig I’ve ever seen out of all the browsers on the Mac (Firefox, Safari, Opera and Chrome).

Google spent a great deal of effort optimizing JavaScript in Chrome, which is limited use from my perspective, but which is essential from Google’s “cloud computing” perspective. The one upside of Chrome is that they pay for security exploit reports, so they get a bunch of hungry developers actively trying to break it for the bucks.

[Swordmaker]

This latest security hole in Safari really isn't an issue since the number of users affected is rapidly diminishing as people drop Safari, even in preference for Chrome, Firefox, or IE.

Again you distort facts and lie. The use of Safari is not, as you put it "rapidly diminishing" in favor of Chrome. The statistics show that the browser losing users is Microsoft Internet Explorer. . . now down to 52%. You seem to think that the first thing the 3.47 million buyers of new Macs did in the last quarter was delete Safari and install an alternative browser. Not true. Certainly, the 3.27 million iPad owners and 8.7 million new iPhone owners are using Safari. . . Not Chrome.

[LeGrande]

Perhaps Apple is just relying upon a dying user base to make the impetus to solve this problem moot?

Are you trying to imply that for-q-clinton didn't make a false claim? I guess that makes you a reprobate too, PugetSoundwimp.

Put up or shut up. Oh I forgot, I already asked you to do that before on another thread and you ran away. You should know the snipers motto by now. You can run, but you will just die tired.

[gitmo]

My old TRS-80 never had a virus nor antivirus software. It must have been even more secure than the Mac!

[Swordmaker]

So preparing an attack makes Mac secure how?

No, for-q-clinton, the fact that it actually took weeks to prepare the exploit for breaking into the Mac at the pwn2own contest shows that is not the trivial matter you implied it is. THAT makes it much more secure than you want people to believe it is.

[Swordmaker]

I may not be able to take over your Mac (I don't know any of the arbitrary code execution holes being used right now), but it's trivially easy to get your personal information without you knowing. And it's from Safari, specifically the Apple-created (not Webkit) part of the browser.

Sorry, PugetSoundSoldier, this "exploit" doesn't work at all on my Mac... auto-fill from my address card turned on...

24" iMac, 2.4GHz Intel Core 2 Duo, Mac OSX.6.4, Safari Version 5.0 (6533.16).

I've tried on two other Macs... same results: Diddly and squat.

[IncPen]

Meaning an out-of-the-box Mac, with only Apple software pre-installed and ready to go, will give up all your personal information without any actions from you. Just by browsing to a website.

Even if I accepted your premise, I'd still rather do that with a Mac than a PC...

[dayglored]

Hi All,

You'll pardon me for not joining in these festivities more than I did way above. Unfortunately this thread has taken a familiar turn and I have nothing to add but this meta-observation:

There's an old joke, that among professional comedians, all the standard jokes had become so well known that they were simply cataloged and indexed by number. The pros no longer bothered to tell the jokes -- they just refer to them by number. (I'm sure you remember the rest of this joke and punchline, so I'll just refer to it by number... "47". [Ha ha ha ha...])

Anyway, these threads could be streamlined considerably, with no appreciable loss of content, if we had a catalog of statements and responses, and simply chose the appropriate one for our comment posts. Think of the time saved!

I hereby submit some initial suggestions for the catalog/index:

1. Neutral statement.
2. Snarky pro statement.
3. Snarky con statement.
4. Mild pro argument.
5. Mild con argument.
6. Direct attack.
7. Firm defense.
8. Statement strongly supported by the facts.
9. Statement only loosely supported by the facts.
10. Statement having no particular relation to the facts.
11. Impassioned appeal to authority.
12. Impassioned appeal to conservative principles.
13. Impassioned appeal to logic.
14. Impassioned appeal to Steve Jobs, Steve Ballmer, or Steve Reeves.
15. Impassioned defense.
16. Ad hominem attack.
17. Ad hominem defense.
18. Statement about how the prior opposing statement was BS.
19. Statement about how the statement about the prior opposing statement was even bigger BS.
20. Statement about how the other person misrepresents the facts.
21. Statement about how the other person wouldn't know a fact if it bit him/her on the arse.

You get the idea... of course, we'd want to branch out from the above "generic" comments, and include some that are specific to certain topics... but I'm not going there at the moment...

Cheers! :)

[Richard Kimball]

Rule 34

[LeGrande]

I may not be able to take over your Mac (I don't know any of the arbitrary code execution holes being used right now), but it's trivially easy to get your personal information without you knowing. And it's from Safari, specifically the Apple-created (not Webkit) part of the browser.

Lying again? Don't you ever learn. If my personal info is trivially easy to get, post it : )

How do you know your personal information has not been leaked already? You don't. Safari gladly gives away that information without and user interaction, just by visiting a web page.

I give cookies and crumbs out all the time. Who cares if Amazon or Google know what I like to buy?

[Swordmaker]

Meaning an out-of-the-box Mac, with only Apple software pre-installed and ready to go, will give up all your personal information without any actions from you. Just by browsing to a website.

Now you are just exaggerating. All??? Even if the exploit were working, which it is not, it will not give up It will not give up numerical data, such your phone numbers, as Apple will not allow numbers because of the real possibility of grabbing social security numbers, credit card numbers, address, account numbers, phone numbers, etc.

[dayglored]

> Rule 34

Joke pr0n? Yep, there probably is. :)

[dayglored]

OBTW, my FRiends, lest anyone wonder, this part of my comment:

...these threads could be streamlined considerably, with no appreciable loss of content...

does not refer to tech threads, or Apple threads, or Windows threads, or Linux threads, per se. It refers to threads (like this one) in which the reference article is crap and was posted merely to incite a flamewar. Provocative crap threads are a waste of bandwidth rivaled only by the Teletubbies.

I recognize that some tech-illiterate folks will believe everything they read on the internet, including Secunia's inflammatory, misleading, and self-serving claim, and they don't research such claims to see if they hold water. So not everyone is to be faulted for not immediately calling BS on these contrivances. But they can be faulted for gullibility.

[coon2000]

Because of your extraordinary additions to the field of idiocracy, you have been bequeathed with the title of Master of the Beta Club. This is a title that is given to few as few have the ability to stand up to the scrutiny as you have. As the newly crowned Master Beta, you are entitled to 10 hours of free Internet access as well as a complimentary World Of Warcraft account along with your very own Elf character with a glowing prong weapon that will surely be the envy of all your gaming friends.

You can have your mom drop you off at the nearest Starbucks, you do not need to purchase anything, we will provide you with complimentary water. Just let the baristas know that you are the current Master Beta and the will attempt to set you up.

[PugetSoundSoldier]

Again you distort facts and lie

BS. You're lying about me, and it's rather tiresome. I posted a link SHOWING that Safari is losing market share, and is now 4th behind IE, Firefox, and Chrome. Prove otherwise. It's losing marketshare, plain and simple, and your protestations to the contrary are simply out-and-out wrong.