Posted on 08/21/2005 5:35:07 PM PDT by bizzyblog
Again, you choose to ignore the qualified opinions of every expert in computer security who has compared the relative difficulties of writing virus for Windows and OSX... you are the one with your head in the sand.
The security by obscurity canard has been shot down by people who know, experts in the field. You go ahead and believe that your patched on patched Windows box is the equal of a more modern Operating system that was built with security in mind. The evidence is in... Mac OSX IS more secure than Windows.
You are assuming that my VW was made in Europe. It wasn't. I think it was made in Mexico. The VW Fox that we had before that was made in Brazil.
Of course that's not to say VWs haven't had any problems lately. The power window system in some fairly recent Golfs, Jettas, and Bugs had a part that would frequently snap, causing the window to vanish into the door. My point was not to get into a lenghty debate on the merits or flaws of VWs (and they, too, have some flaws as I mentioned in the previous sentence) but to point out that the things that liberals and hippies are known for buying are sometimes very good products.
But the newer Europeen cars have issues because they started putting in all the fancy gagedtry and have had issues with version 1.0 products (just like Mac and windows...hey see it relates).
Well, VWs are at the low end of European cars and don't always have a lot of gadgets, but they are moving in that direction. For example, the power window problem I mentioned is a non-issue with my car because it doesn't have power windows. I don't think you can buy a VW without power windows these days. I also have a manual transmission, as does my wife's much newer Passat. The only "defect" I've noticed in the Passat was that the panel under the front of the car to control air flow is easily ripped off by branches and such. Other than that, the '03 Passat made in Germany has been solid, too. If VWs start to have real quality problems, I'll happily switch to something else.
What is "Mac?"
And why would I need one when I have a computer?
Ok, I guess that exploit was too complicated for simple Mac folks to understand. Let me make it so that even a Macaholic can understand. Forgive me for assuming you understood, you know what happens when one assumes? And for that I apologize.
Here it is in pretty simple terms. 1) Grandma turns on Mac. 2) Grandma is smart enough to update to the latest updates so she updates via Mac's built in software update service 3) Hacker attacks her update and replaces the official Apple update with any application he wants. 4) Grandma didn't "install a trojan" she installed an approved update from Apple
As far as name changing...making my name shorter is worse than changing yours...unless you're too dim to understand what my name stands for. And once again I must apologize because I should have realized based on your incoherant posts and circular logic that you couldn't translate it. Try saying my screen name outloud to somone and they will explain to you what you just said.
I believe this horse has been beat enough. You won't open your eyes no matter what evidence is provided. And when proven wrong you just ignore your previous posts and put them out of order to fit your twisted/circular logic.
You know, For-q, I work every day with Windows computers... and I also work with Macs. When was the last time you even LOOKED at a Mac? Ever? Touched one?
I thought not.
You don't have the experience to have an opinion on whether or not anyone is comparing "Apples to Apples" or not.
I think that in some ways, that's closer to Windows 95 to Windows 98 but, like I said, I admit that Apple released OSX before it was ready for primetime, which is why most OSX software won't run on anything below 10.1 or 10.2. It's no secret, even if Apple's marketing department doesn't advertize it. It's old news.
If there is a legitimate reason to wait, I wait. I waited for 10.1 because 10.0 clearly wasn't ready for primetime when I tried it on a dual-boot machine. I upgraded to 10.2 and 10.3 almost immediately because they offered me important improvements and gave me no reason to be concerned. I haven't upgraded to 10.4 yet because (A) it doesn't add any features that I'm dying to have and (B) I have some concerns about the security of some of the new features.
So, no, I don't personally give Apple a pass and trust them blindly. But what makes Mac users laugh at the claim that people need to wait for SP1 before upgrading to a Microsoft product is that they simply assume, sight-unseen, that a Microsoft product is going to have major security defects that won't be properly fixed until the first Service Pack is released. I'm not so worried about the security of OSX 10.4 that I wouldn't upgrade, nor do I expect major problems to be found. My decision is as much, if not moreso, because I don't expect to get anything I really need out of it.
Further, the source code for Darwin (the OSX version of BSD Unix) and a lot of the other software on the Mac (as well as in Linux) is available for download and analysis. A clever programmer doesn't just have to guess or accidentally discover exploits in the OS. They could find them by searching through the source code for bugs and loose ends.
May not want to let swordswaller know that as he'll have a melt down. I believe he works in their advertizing department.
I'm ignoring Leonards posts, but I see there seems to be an assertion that Unix doesn't have security issues. LOL. Of course Unix has been around for a very long time, so when we say Unix doesn't have security problems I guess it's all relative and depends on how long you've been in the industry. But even today Linux has had quite a few security issues. Granted not as widely known as the Windows issues, but severe issues none-the-less.
While that was a free update, it was far more than a "service pack" level update.
OSX.0 was at best a "Beta" version... and the first really viable version was the OSX.1.
In OSX, because Apple wants to keep the double entendre "X", major upgrades are designated in the first decimal column while service pack upgrades are in the second decimal column... For example OSX.4.2, where the OS is X, the major revision is .4, and the service pack level is .2.
How does he do that? To do what you claim, the hacker has to have complete physical ROOT access to her computer. ROOT is turned off in OSX... a user has to first activate it then provide a separate password. Grandma is not operating in ROOT. That is the point. If he has that, your virus scenario is superfluous.
To be a "virus" it must be able to install itself without user interaction.
The only hard part about this exploit/hack/virus/malicious attack is that you need to capture her request to Apple's update site. Which isn't trivial, but can be done.
Here's a link explaining the exploit and even giving you the files needed to pull it off. Click Here
Once again you're splitting hairs. Do you think granny will care that it's officially called a virus or a trojan? Which by most definitions of virus a trojan is just a subset of a virus. Like the Cold and Flu are both a type of virus.
But let's consult Mariam Webster: click here
Now read item #4.
Or you can trust me and read it here:
4 : a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs and that usually performs a malicious action (as destroying data).
So to make this a "virus" all you have to do is turn granny's computer into the host attacking other Macs on her network. This way you won't have to leave your Mac on listening for Software Updates. Instead you use Granny's computer to do it. Just install the client software on her computer and you officially have a virus.
PING...your son would love to chime in on this topic!
No, there is a distinct difference... A Trojan relies on psychology to attack a computer, a virus replicates and installs itself on the target computers. Granny's machine will not install this on other computers without THAT user's intervention. There is no vector.
Without the "victim software package" the client computer will not connect to Granny's computer. It will ignore it and connect correctly to Apple. Just because Granny's compromised computer is on the same network does not cause other Mac's on the network to spontaneously also become infected. The only computer that will download malicious software will be Granny's. Trojan, not virus.
No, the exploit must be INSTALLED on the victim computer BEFORE any attempt at using software update will be compromised. Using Software Update as supplied by Apple cannot, even on OSX.1.2, will not connect you to a malicious server UNTIL the "victim package" has been installed to redirect the request to the malicious server. You simply fail to understand that. IF the computer is not compromised, clicking on Software Update cannot download the initial victim package unless it has somehow been sneaked onto Apple's secure site... that has to be installed, given permission to make System changes and then be run first, before "automatic" exploit is possible.
So as I said if I configure Granny's computer to act as the Malicious spoofing server...all Macs on her network that try to download a legit patch will get the trojan/virus.
This is just wrong. Read the link and you'll see. Nothing has to be installed to redirect the unpatched OSX box to install the malicious patch.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.