Posted on 07/05/2010 9:32:11 AM PDT by PugetSoundSoldier
You’ve heard about the yellow screen splotches and the wonky antenna that requires you to hold the new iPhone just right.
But now a new issue is coming to light: a faulty camera system that not only affects your ability to take pictures, it can foil your attempts to use FaceTime, the video chat feature that is the iPhone 4’s top talking point.
(Excerpt) Read more at siliconbeat.com ...
There is no implication that it cannot happen, you are inferring that. That there are no even moderately effective self-propagating viruses or worms in the wild is a simple statement of fact. For whatever the reason, it's not in the wild. Thus your real-world security is relatively far better on a Mac than on Windows.
If I'm swimming in a pool with a hundred thousand sharks, there's a good chance I'll get bit. If I'm swimming alone, there's no current chance I'll get bit. That's not to say someone won't throw in a shark later, but even if they do I'm still better off than the guy sharing the pool with a hundred thousand sharks.
That is not a claim of ultimate security. It is a statement of the obvious.
I agree, it’s most likely a software issue, and it’s happening often enough that it shouldn’t be blithely waved off as a “non-issue” that affects so few people. It’s a real problem. Thanks for your feedback on it, as well.
Glad you're willing to step up and tell RachelFaith that she's wrong about this. It's not impossible. But be ready - the entire "2 minutes of hate against PSS daily" started with the attacks immediately after my pointing this out. That kicked it off, you might find yourself also in my ranks of a heathen and heretic for daring to claim iOS or OSX could be infected.
The technical term is security through obscurity. It is effective to a certain degree but once the obscurity is penetrated then its katie-bar-the-door.
Security through obscurity is a 20 year old approach to security. It does not meet current security best practices or regulatory requirements.
I haven't read that, so I'll take a look. Thanks for the link. Looks conflicting. We have the "IMPOSSIBLE" statement, but we also have:
"And YES, there IS bad software written by bad people which CAN be forced onto a Mac or iPhone."Unless that was only talking about trojans that users allow in. Clarification, Rachel? I hope you realize that the only 100% secure system is one that's been melted down in a blast furnace. After that, all security is relative.
However, this line of conversation stemmed from you portraying a trojan firmware as in the same category as the Android viruses mentioned. When he said malware, I don't think he meant fake OS patches that need to be installed from the computer outside of iTunes. All iPods/Phones/Pads update through iTunes, and to do otherwise would be very abnormal for a regular user.
One of the big differences I see between the two are signing. Virus writers don't want to get caught since they tend to end up in jail. Anybody can use a self-signed certificate to put a Droid app on the Market, a CA isn't even required. That means you have no way of knowing who the developer is. All apps for non-jailbroken iPhones have to be signed with a certificate from Apple, which ties that to the developer's iPhone developer account. You would have to fraudulently, and untraceably, set up and pay for your iPhone developer's account to get that certificate. I can't see many virus writers doing that. Alternately, you could steal a certificate from a developer, but that has its own problems (you'd have to request a cert for your virus app and apply it from his system, and then it's traceable to him, and thus you).
The idea that the lack of effective Apple malware in the wild is only due to some kind of obscurity has been soundly refuted here many, many times. Please quit bringing that up. It wastes precious bits that could be better used transmitting and storing fart jokes.
Thanks, we agree on that. Now you know where I'm coming from. Calling BS on a clearly-false statement and then proceeding to get pilloried hundreds of times for stating as much.
At least you've done more than most of the Mac fans around here - you've actually called it false. And for that, I am grateful.
All apps for non-jailbroken iPhones have to be signed with a certificate from Apple, which ties that to the developer's iPhone developer account. You would have to fraudulently, and untraceably, set up and pay for your iPhone developer's account to get that certificate.
We've recently seen 22 million invalid SSL certs out there; how long until the App Store cert is broken, too? Maybe it already has been?
You would have to fraudulently, and untraceably, set up and pay for your iPhone developer's account to get that certificate. I can't see many virus writers doing that.
Writers overseas - outside of the arm of US law - will gladly do it, hoping for a few thousand purchases before being caught and tossed out of the App store. Yeah, it's only a few thousand dollars, but for them it's a big chunk of change. And one success will draw more and more attacks.
In fact, Apple pulls apps relatively frequently; who knows how many of those pulls were for security issues? With a good chunk of them being for porn, and porn sites being the most common trojan/attack vector on the web, how many of those pulled apps had malware in them?
I'm not saying the App store and iOS are leaky sieves when it comes to security; I AM saying they are not impenetrable. The message from Apple tends to reinforce the perception of the latter, and results in people like RachelFaith who simply cannot believe it ever happens. It may be happening right now, but that "slow camera/glitch in music play" will be excused as an Apple bug, not the interactions of an actual virus and trojan, and thus not detected.
Remember, NO ONE has any malware issue until it's caught and proven. The assumption is that you're clean, and having the manufacturer reinforce that concept to the point of "it can never happen" leads to an even riper garden to harvest.
I hear there's and app for that...;)
“The idea that the lack of effective Apple malware in the wild is only due to some kind of obscurity has been soundly refuted here many, many times.”
Apple says the risk exists and releases patches to correct some of the risks. You make the argument that the lack of “exploits in the wild” proves the OS is secure. That is the definition of security through obscurity.
Your fart joke is appropriate because something sure stinks in Denmark.
There were many in WebKit and that affected OSX and iOS (since they both have WebKit). So, yeah, ACE holes in an Apple product. Sorry, it's not baseless, but proven. I'm sure you'll change the goalposts to somehow save face and not admit your error...
So, I shouldn’t buy an iPhone unless I buy a Mac, too? I don’t have that kind of cash just lying around. *sigh*
I really shouldn’t read these threads anymore. It’s disheartening how “Junior High” things sometimes get. I only want info. It’s just a mobile device, people. :(
Actually, no. The anti-Mac crowd has been told this many times by people other than me.
We've recently seen 22 million invalid SSL certs out there; how long until the App Store cert is broken, too? Maybe it already has been?
I don't think you understand certificates. Those were probably almost all valid SSL certs with mismatched names or IPs. It happens all the time, usually for innocent reasons. Your browser will raise a warning if you encounter any of these sites, meaning the system is working as designed.
I mentioned the relative security of an Apple-issued certificate commensurate with a paid developer contract, vs. a self-signed certificate. What you posted as a rebuttal has NOTHING to do with Apple's security. You just read headlines.
Your extreme reaching for anything to put down Apple is showing the limits of your knowledge. I'm sorry if I wrote "over your head" in mentioning the certificate issue. Educate yourself first, then come back and read the post again. Then maybe you'll be qualified to comment.
Writers overseas - outside of the arm of US law - will gladly do it, hoping for a few thousand purchases before being caught and tossed out of the App store.
Blah, blah, blah. I knew you'd try to come up with any contrived theoretical way around it. In any case, you're talking a lot of effort and danger to get around what Apple has built up versus simply self-signing a cert for the Android Market. Apple's security is far higher on this front.
Theoretical vs. actual. One of the problems with these exploits is that while they work great in the lab or at the convention, they tend to be very difficult to implement in the wild. I remember one a while back that researchers had to nurse along just to be able to infect another local system, much less one on the Internet. Something like that has little prospect of thriving in the wild. OS X is BSD, a very robust, secure OS. Even if higher applications are compromised, it's difficult for them to do much with the system.
Oh sure, you'll post some CERT advisories, and I'll ask you "show me in the wild," and you won't be able to. Meanwhile I can show you a bunch of CERT advisories with millions of compromised Windows systems.
And you'll say that's because of obscurity. Then I'll show you successful exploits in the wild with target populations lower than that of OS X or iOS. Then you'll either slink away ignoring it and forget about it next time you claim "security through obscurity." Or you'll try to come up with some illogical way to rationalize the clear contradiction, maybe by redefinition or compartmentalization in a way that puts Apple all in its own little set that fits your criteria.
Oh I did. This is getting quite entertaining. Please, continue not reading beyond the headlines when Googling for comebacks. BTW, WebKit is the standard browser for Android and Symbian, and runs Google Chrome.
Puget, thank you for your link, very edifying. AGAIN, it does not show what you claim it shows. Read what Kaspersky, your OWN evidence claims are the systems at risk and note which systems ARE NOT LISTED!
The vulnerabilities could be exploited to launch remote code execution attacks if a user simply opens an image file or surfs to a rigged Web site. The update applies to Windows 7, Windows Vista and Windows XP machines.
Do you see OSX or iOS4 there? No, you don't. Why? Because they are not vulnerable to these buffer overflows. The data heaps and stacks in the Apple OSes are NX (non-executable) memory locations... and nothing will happen. Worst case, the app will crash.
Other vulnerabilities that Apple addressed in their update to Safari for both Mac and Windows, did include both in the effected systems. However, the degree of impact between the two can be totally different. A data buffer overflow exploit that may cause only a Denial of Service in the App on the Mac by causing Safari to crash, may result in arbitrary code running in a WindowsXP system.
The improvements that Apple continually makes in it's operating systems and software are both pro-active and re-active. Microsoft does the same. To take the stance that a system that has gone un-breeched for almost ten years in the wild is equally insecure as one that has suffered hundreds of thousands of successful invasions in that same period of exposure, merely because the more secure system publisher makes proactive improvements and reactively patches discovered, but unexploited vulnerabilities, is disingenuous to say the least, but we see that every time I post a thread about an Apple update, security or otherwise.
Inevitably, one of the first comments will be from a troll saying in a snarky tone of faux shock "How can this be? I thought Apple computers were all perfectly secure!" or crowing "See! You lied! Apple's perfectly secure OS has exploits and is just as dangerous as Windows! Even Apple admits it because they have to patch their mistakes! Nya nya nya!" just like you are doing right now with this link. But they cannot point to the in-the-wild EXPLOITS that take advantage of the vulnerabilities.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.