Posted on 08/21/2005 5:35:07 PM PDT by bizzyblog
Of course there are still OSX.2.1 boxes out there... but I could write a virus that infects Windows 95 also... We are not talking about unupdated operating systems here. You keep changing the heighth of the bar... virus, now exploit, now exploit on one build of an early release...
Try post #36 where you finished by stating:
If I wrote a virus that attacked 100% of Macs, the impact would be neglible on most corporations and home users; therefore, I won't waste my time.
That certainly implies that you can write viruses... which was then compounded by your request for information to see if it was worth your time.
What shocked me were the auctions for G3 500MHz iBooks that closed over $500! They didn't even have anything special about them...
Actually, OS9 is still supported as it works within OSX as Macintosh Classic. Minor updates are included with each OSX upgrade.
No, For-q, I haven't "finally foudn" it. Nor have I 'changed my tune" which is THERE ARE NO VIRUSES CURRENTLY INFECTING APPLE MACINTOSH OS X.
I've known about this ancient vulnerability since it was first proposed and patched in 2002. Simply put, For-q, it is not a virus, nor can it be.
Nor, For-q, was it ever exploited unlike the similar spoofing of Microsoft's update website which caused Microsoft to be reactive and shut down their update sites until secure software and websites could be set up. It did only take them a couple-three days or so to fix it, admittedly.
Nor does it meet the criteria for being a remote exploit... since it requires the user to download and install a "Victim package" as described on Russell's page on the Phantom Update.
You have merely again demonstrated your inability to handle words properly.
Apparently YOU don't understand how it works...
How is the putative attacker going to get the malicious applications installed on the victim machine, replacing the legitimate apps? To do so requires access to the machine itself at the keyboard AND knowledge of the Administrator Name and Password (ROOT level, no less) so that the hacker can install his malware. If the attacker can do that, he already has all the access he needs to install anything he wants.
If he can't get to the computer, he has to trick the administrator into installing his malicious package...
To get to the point of "The user just goes to update his Mac and unknown to him, etc" the user MUST DOWNLOAD AND INSTALL A MALICIOUS TROJAN. It cannot download and install itself... it has to have permission to be installed... and in the latest version of OX it has to have permission to run for the first time. This relies on psychology to be spread... tricking the user into installing it himself. There is nothing autonomous about this first step.
I am well aware of what I said in those first posts... and one of them was the following:
Apple is endeavoring (as is Microsoft) to be proactive instead of reactive.
As you can see, if you read and comprehend, that I said both companies are attempting to fix problems before they occur. That is a far cry from "...for M$ (sic) that doesn't count." (Please note that I don't use the slur "M$" when referring to Microsoft, but you do... I avoid it because I wish I could make the kind of money Microsoft does providing a product that so many people use, even if I think there are better products out there.)
I then shifted focus of my comments (That's why there are things called paragraphs... to separate different ideas from each other in written form) from detecting and repairing vulnerabilities to the difference it would make if actual exploits appeared in the wild rather than a vulnerability when I said:
Now when you can come back and show an EXPLOIT in the wild, maybe something like the exploit that brought down over 400,000 Windows 2000 computers last week, rather than discovered vulnerabilities, then we'll talk.
There is no circular logic... the meaning and intent was exactly as was written... if someone can show us a Mac exploit in the wild that we need to worry about, THEN we will take action to prevent it. That may include installing updates (such as was needed to close this vulnerability) or purchasing and installing anti-virus software, which is, as of now, totally unnecessary on a Macintosh running OSX.
If you inferred some slur to Microsoft in what I posted, its probable source is that portion of your mind that insists on using "M$" to represent the company that makes your operating system in YOUR writing and not what I wrote.
Even if you did erroneously infer some slur to your favorite OS in what I wrote, why did you take it so personally???
Mac OS X is the best choice for most computer users, and it will be that way for the foreseeable future.
Actually it is you that keeps changing the bar. Early on you acted is if Mac was invincible. Just go back and read it. Now that you finally see the vulnerability, you go back to parsing the challenge. As far as virus vs. exploit. I'm sure the grandma that has a hacker control her machine doesn't care if it was a virus or an exploit. It's all the same. But if you read my earlier comments that exploit is pretty easily changed to a virus. Just script the exploit to install itself on the mac and now it will attack other machines trying to update.
Also I'm not the same guy you're referring to. I didn't mix your name up until after you changed my screen name. So I guess as you try to point your finger, you end up with 4 pointing back at you.
I'm not going to rahash what is already posted. Just re-read the entire thread and you'll see where you act as if OS X is impossible to exploit via a virus. I've proven it can be done and now you say well it doesn't count because it's an old flavor (although it's still out in the field).
Ah, I see now you say CURRENTLY. Got it. Well there are CURRENTLY no viruses (per your definition) attacking a fully update-to-date Windows box.
We just had a different frame of reference. I thought you were saying Windows sucked because exploits existed on unpatched boxes, but Max was great because a fully patched box hasn't been exploited via a self-replicating virus. I guess your unequal comparison through me off trying to get you to compare apples to apples (see my very first post). But now I see you are actually comparing apples and oranges, so I guess I agree with your comparison.
A fully patched Mac is a lot more secure than an unpatched windows box.
But I guess you run a big risk the first time you try to patch OS X (if you have a build that is vulnerable to the phantom update).
When installing updates, what can be updated? And what level of access is required?
So my option is to either go unpatched or risk running the patch program? Hmmmmm....sounds like a bad deal to me.
As I said that's not a "fair" question. That's like saying let me know my custom OS that I wrote isn't secure after it's had 400,000 machines attacked...of course I'm the only one running a version of it, so the most that it could be attacked is 1. Mac is similiar. As I stated numerous times. An unpatched Mac at a certain build level on the internet doesn't make for a good target for a hacker. In addition to that, you'll now dismiss it out of hand because Apple already released a patch but the user was too dump to apply it.
If you plan to keep Mac safe, you better hope it doesn't become a popular OS. Linux types used to have the same attitude you had and they quickly did an about face once they got large enough.
And you are still ignoring the obvious apples to oranges comparisons you're making between Mac and windows. Windows comparisions are based on unpatched machines and Mac are patched. in that scenario I'd take a Mac too.
I think the real problem is that it doesn't have autonomous replication without user intervention. To us, that's a virus. The most user intervention I'd accept is opening an email, something normally done where the user shouldn't have an expectation of infecting his computer. I wouldn't call it a virus when the user has to type in the admin password to get infected.
I can't remember where any Mac advocate said it's impossible to have OS X viruses, as that's a plain stupid assumption for any operating system. I have seen, over and over, the true statements that 1) there is no virus in the wild yet and 2) security experts say it's generally harder to write one for OS X than it is for Windows.
To me there's no question that OS X will eventually get a virus. The only question is when, but that could be a while off. But then Microsofties can finally point to one OS X virus, vs. their probably 100,000 by then.
Completely understand, but if the # of seats on the Internet were switched, I have no doubt Windows number of viruses would be a lot less and OS X would be a lot more; however, that wouldn't mean Windows is more secure.
The only user intervention that Mac OSX asks for is (A) approval to install the update (which I think you can make automatic and background, but I don't), (B) clicking "OK" on certain licenses, and (C) typing an admin password for update privileges. I think (A) can be automated and (C) goes back to my point about security and ease of use. I think that password step is important to impose on a user. As for (B), that's legal nonsense but I'll agree it's annoying.
When the HP PC we had bought my mother-in-law's died, we gave her our old iMac (which was older than the HP PC) and I installed OSX 10.2 on it (I had just upgraded to 10.3 at home, so gave her the older OS so she could have the box and disks). A few months later, she mentioned that the update box pops up and she just clicks OK and does what it says and never had a problem. If my non-technical mother-in-law could figure out what to do without me even mentioning automatic updates to her, I think it's easy enough.
So are Volkswagens. I drive one of those, too. And like my Mac, the VW "just works", too, unlike the cars that many of my friends own. Hippies are stupid but because they are stupid, they tend to buy stuff that "just works". I'm all for stuff that "just works", regardless of whether hippies like it or not.
Mac OSX not only has a toolbar to solve that problem (and you can get third party software that emulates the old application selector menu, too, from OS9), but you can hit a function key which activates a feature called Expose which spreads all the open windows out on the screen so they appear side by side and you can select one. To me, that blows away anything that Windows or any earlier version of OSX could do.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.