Posted on 01/03/2007 11:04:31 AM PST by newgeezer
If you wanted "meaningful data" about a crash, why didn't you install the free Macsbug utility from Apple and Motorola? It would invoke the interactive debugger instead of the bomb screen when a crash occurred.
Ok what about the USAF. . . .I'm not 100% certain, but I'd bet windows has a lion share.
You lose.
Most of the Air Force sites I found are using LINUX. The US Air Force Academy was using Solaris but this month switched the OS to LINUX while retaining the Sun server software.
However, the Air Force Reserve web site, www.afreserve.com, and the Air Force Research Lab web site, www.afrl.af.mil, runs on Windows. I hope that pleases you.
BTW: A public facing website really doesn't have a lot of secure data.
However, the military web sites ARE prominent, attractive targets for crackers from the lunatic left who regularly defaced them when they were running less secure software or OSes.
Let's double-check that. I believe that Perl and Ruby are part of the standard distribution. Open your Terminal.app and try a couple of commands -
perl -v
ruby -v
That will print the version numbers if they're installed on your system.
So far, moab is not attacking Ruby - they're using Ruby to generate the attack.
Ok, so we only count the OS out of the box with OS patches (I presume). . . Well that makes the MAC even more useless if you can't install the handfull of programs on it without making it a security risk.
You are being deliberately obtuse. The programs that MOAB seems to be relying on are "RUN TIME INTERPRETERS" or the actual programing languages for their specific exploits. The point is that 99.9% of Mac users will never install a "programming language" on their Mac and NEVER be at risk from these very obscure vulnerabilities. That makes them FUD.
Take a PC out of the box and don't install the AV, AS, and AA applications and see how long your computer lasts before it is infested. Do the same with a Mac and it will last for years. As an experiment, I have been running my Mac OS X.4.8 G5 without a firewall. It has been on 24/7 for the last 10 months, being restarted only for OS updates, and is perfectly safe and uncompromised.
I can take an out-of-the-box Mac and make it just as vulnerable to web rats and cockroaches as any unprotected Windows machine by opening all the ports and turning on all the services that no average user will ever use. That is what the guy in Sweden did and his Mac got pwned by Gwerdna in under 30 minutes.
I guess I was misled (again) by the MAC fanbase claiming it was uber secure and nothing could break their security model...
It is "uber secure" but if you break the security model, it will no longer BE secure.
I thought the OS was so well designed the OS wouldn't allow a program to do such things.
Just as on Windows, a program can be designed to do a lot of things. However a user on a Mac, implementing a malicious program can only damage his own files, not the system or application files or any other user's files. 99% of Windows users are running at administrator level by default... and can trash everything. They have access to that mess called the Registry and an application running with their user privileges can hose the entire system. Vista is making some improvements in this... finally.
(I'm not saying you're a peacenik or non-techy, but the majority of Mac users are).
Your proof? President Bush uses Macs, Rush Limbaugh uses Macs... there are more.... Al Gore uses... oh, damn... Macs. However, go to any IT convention and see what the IT managers are carrying. More and more they are carrying Macbooks. Techies are choosing Macs.
No, they require a runtime interpreter for Ruby.
I've installed them because I installed X11 to run some UNIX apps so my system is not a good test for this..
I hadn't tested this... but yesterday, none of the demonstration exploits would work on my Mac. The MOAB guys did say a "working" version of Perl and Ruby. After you mentioned double-checking, I invoked Perl from a terminal and then tried the #2 exploit and it worked. Tried 1,3,& 4 and they didn't. Then I Invoked Ruby and they worked. The programing languages have to be running... then their vulnerabilities work. Thanks for the heads up.
Ruby is required to run the proof-of-concept code, but that's really just an implementation detail. Equivalent attacks could be coded in many other languages besides Ruby.
True.
It does. There's constant fretting over Windows servers doing down, while the Sun, HP and IBM UNIX servers just keep humming for years.
I think the reason Windows has so much presence in the servers is because of cost-cutting measures back when UNIX was far more expensive than Windows. The government wanted to save money, so it started migrating from UNIX. What the government didn't realize was that what it was saving in purchase price it was losing in extra personnel hours, down time and complexity (several cheaper boxes to do the job of one solid expensive one). Do you realize what a headache it is to run Exchange to provide email for 20,000 people? It's frickin' insane!
At that time I never heard of it and neither did the 20 or so Mac guys that turned me on to the Mac. Besides with Windows it was so easy. I just look at the bug crash and at that time (before I knew how to debug) I could just search on the stop code on technet for a possible cause. Plus it showed you which driver was on the stack when it crashed so I had a reasonable idea of what is broken. I didn't have to install anything.
Besides MACS have never been about install debug tools...they were just supposed to work out of the box since it was a closed system. All I had was a MAC with all the Mac bundled software and it still crashed!!!!
Wow, so you're saying you know what the AF runs internally? Also what do they run on their desktops. BTW: I'll give you a hint...it's not Linux nor Mac.
Finally, what is the AF running on their internal websites for collaboration? Hint: it's not Mac.
So is it safe to say you were wrong on the subject that started this whole discussion? :-D
When will you be installing your anti-virus protection for Mac? I recommend staying away from Norton/Symantec as they have been horrible on the Windows platform causing about 50% of all the blue screens I've ever seen and they can corrupt data.
Be Sure to read his post where he confirmed the exploits listed in the MOAB (with special credit to Hal9000 as he explained how to do it properly).
I just want to make sure the Mac zealots don't think their system is 100% secure. I'm sure it's a fine OS (now), and it works good for the 5 to 10% of users that want to be unique but don't want to mess with BSD or Linux.
FYI...our very own FR MAC fan has confirmed the MOAB attacks. If you run a Mac it's time to get some AV protection.
Gotta read what Swordmaker finally confirmed...Mac has some exploits available. Looks like you and I were right...who knew you'd be proven so right so quickly?
Looks like the MOAB is true as swordmaker confirmed. Read a few posts up and you'll see Mac needs some AV protection as do all computer systems.
I guess when I know I'm right I will come off as arrogant which will attract moths to my flame. But you know what happens to the moth when it gets too close to the flame?
"Hand him a 512MB video card and have him let you know when he's got it installed in the Mini."
Irrelevant. The Mini is just a well designed micro PC, not intented for the uber cards for gaming or 3-d, but it's specs are as good or better than your average desktop tower. (Which will never get a $500 video card, either, not everyone is an uber gamer or CAD user). Yes, it has limitations - it uses slower laptop drives, limited in the amount of ram it can have, small power supply, but it's got a LOT of bang for it's buck - and the thing is really dinky -they did a great job engineering the thing. Expect a refresh at Macworld next week, or sometime this spring.
Apple did'nt invent the form factor, but they improved on it (and been copied already), and as a cheap entry to the Mac world it can't be beat, as it'll run most applications just fine, and now the Intel version will dual boot to Windows XP or run XP in Parallels in a virtual box. Not bad for $500 - or cheaper if you pick one up used.
I hear it runs Vista just fine, too...
I'm not saying unix is a bad OS. But to say they are fretting of windows is silly. You have to compare how the windows machine is maintained and managed vs. the unix system. The unix systems tend to have knowledgeable IT guys making 6 figures running them. Windows has 1 6 figures guy managing a bunch of guys in the 50-80K range. You don't get to touch the unix system til your certified but windows they throw the keys at you.
Plus a lot of windows servers are kept at people's desk and have no UPS or AV protection. Sure cost has a big part to play in it, but it's not as much the hardware costs but the operations costs.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.