Mac OS X security myth exposed

Techworld ^ | 24 June 2004 | Matthew Broersma, Techworld

[antiRepublicrat]

There are a few wide aspect LCD monitors out there.

That's the size of Apple's smallest monitor. He got the 30 inch display, about 2/3 more viewing area. And it's price-competitive with the few other 30" flat panels on the market.

[dennisw]

Who is he you mention? js1138?

[dennisw]

Computers - Apple Computer Monitors 30 inch Cinema HD Display

... Pricing Apple 30 " Cinema HD Display $3299, In order to use the 30" Cinema Display, you will need an: NVIDEA GeForce 6800 Ultra DDL Video Card $595 Add To Cart. ...
www.pictureline.com/computers/monitors30inch.html - 30k - Cached - Similar pages

  

 

Total for that display and video card.... .....$3900

[antiRepublicrat]

Total for that display and video card.... .....$3900

It went down. The display's only $2999. It's still a pretty good deal if you need that screen real estate on one monitor.

[antiRepublicrat]

Who is he you mention? js1138?

Can't remember.

[dennisw]

Display is $2999 and a $600 video card is required to handle it. This nvidia card is mentioned in one of my previous posts. I doubt the Apple computer comes with this card. It's an upgrade. So total for this 30" monster display is $3600.

[Swordmaker]

And your point is?

Let's see...

Dell 30" HDTV/Monitor - 1280 x 768 Resolution - $2000 plus shipping

LG Flatron 30" Monitor - 1280 x 768 Resolution - $3000 plus shipping

Apple 30" Cinema Display - 2560 x 1600 Resolution - $3000 with free shipping

In addition, the Apple display provides TWO USB2 ports and TWO Firewire 400 ports on the monitor.

WHOW!

The Apple monitor has MORE than twice the resolution for 50% more than the dell and the same price as the LG! Gee, don't you think it MIGHT need a little bit more than your average WVGA graphics card to control it?

That $599 NVIDIA GeForce 6800 Ultra DDL has 256 MEGABYTES of dedicated fast RAM and has TWO DVI outputs... It provides more than 35 GIGABYTES PER SECOND which provides 6.4 BILLION!!! "textured" pixels per second. This card can drive TWO of the Apple 30" monitors simultaneously!

That is actually a bargain!

[dennisw]

http://search.ebay.com/30-lcd_W0QQfrppZ50QQfsopZ1QQmaxrecordsreturnedZ300QQsatitleZ30Q22Q20lcd

The actual price for a Dell 30" LCD monitor is about $1700. NEW DELL W3000 30" LCD TV HDTV WIDESCREEN FLAT PANEL. It prolly also needs an expensive video card though not right away since it can be hooked up via VGA as well as DVI. Apple LCDs are usually DVI only. Which means you must buy that $600 nvidia card now! Or the monitor will not be in native resolution.


So Dell is once more cheaper than Apple (I don't own a Dell computer)

[dennisw]

Sorry .... disregard that last post .... it was for a Dell LCD TV.

[Bush2000]

It is because YOU intend it to be. YOU use it to belittle your opponents and to make others think less of their positions. It is a form of ad hominem attack.

Not at all. It's a term of endearment.

I will admit to being a person who has selected to use a computer using Apple's Macintosh OSX operating system. I made this selection from the position of being a professional in the computer industry with over 30 years of experience and a very good knowledge of several operating systems including the various incarnations of Windows. In other words, Bush, I made an informed selection based on experience... lots of it.

You know, it used to be fun to work on Windows computers for my clients... I can no longer say that. It is tiresome and not a bit boring to once again clean out spy-ware, ad-ware, and other crap that can and does infest those boxes.

These two paragraphs are at odds with one another. If you truly had the experience that you claim to have, you would be able to administer the boxes properly so that it would not be possible to install spyware, viruses, and all of that other crap. It's really not that difficult. But you have to be a competent admin.

[Bush2000]

What I cannot understand is why YOU have appointed yourself as the guardian intent on preventing anyone from using a Macintosh and computing safely... so much so that you invade any and every thread on FreeRepublic that even hints of the capabilities of the Mac and start spewing insults and knocking everything about the Mac.

LMFAO! Look, it's not that difficult to understand. You Mac guys have taken it upon yourselves to invade every Windows-related thread. People who visit these tech threads know exactly what I'm talking about. The average is usually about 5 or 6 posts before some idiot posts his or her obligatory "you should be using a Mac" tripe. So, think of my presence here as restoring balance to the Force. I realize that you guys would prefer if other people (such as me) were silenced, suppressed, and/or censored ... but I would remind you that we live in a free republic. Hmmmm ... why does those terms sound so familiar?

You call us LIARS, you generalize everyone who uses a Mac, you make ridiculous claims like "No businesses use Macs" when thousands, if not hundreds of thousands, do.

I'm speaking in statistical terms. When you examine companies, the Mac has a negligible presence. Most major corporations simply don't use them. That is a fact.

We repeatedly refute your assertions yet you never go away. You ALWAYS come back with the same tired and often outdated arguments.

You're legends in your own minds.

Frankly, Bush, you resemble a particularly tenacious ad-ware... one that is impossible to remove.

Pot, meet kettle. I can't count the number of threads that you and other Mac shills have posted that are little more than advertising/marketing press releases from Apple. That isn't news. It's blatant advertising and a clear violation of posting rules.

[Bush2000]

Both of these UNEXPLOITED vulnerabilities were fixed, long ago.

So what. One of the reasons why hackers are often able to take advantage of exploits is that people fail to apply patches. The availability of a patch doesn't mean the patch is applied on all vulnerable machines. Sheez, you guys seem to think that it's like flipping some kind of magic switch. The real world doesn't work that way. Many people are lazy, ignorant, and/or disinclined to apply patches.

Did you read the part about local scripts? This may have worked if there was a script already on the computer that could be called to do something malicious. Of course, you hypothesize, there IS a malware script installed on the user's computer because the malicious script downloaded a disk image file ... blah, blah, blah

It's not that difficult to get you to download an arbitrary file. Hell, I can specify a script file as a reference within an IMG tag on this web page -- and cause it to download to your browser cache. Since I can guess that you're either using Safari, FireFox, or Mozilla, it's not that difficult to figure out where the resulting script will be downloaded. And when I cause you to execute that script through the help URI exploit, I own your box. Both of these "vulnerabilities" were demonstrated only as "proofs of concepts" and were expeditiously fixed.

See above. Bang head repeatedly against the words in this post. They're obviously not sinking in.

It is a long way from "cause the kernel to crash," to "owning the box".

Wrong. Since I can exploit a buffer overflow in the kernel -- and this exploit allows me to do that -- I can cause arbitrary code to run with root privileges. I can elevate my own privileges, create a new user account (which I can access remotely via SSH), and a ton of nasty things. Honestly, dude, the fact that you're denying that all of this is possible is evidence that you're wearing blinders. Kernel exploits are among the worst possible problems (regardless of platform -- whether they're in Windows, Linux, or OS X). That's the thing that always cracks me up about people who say, "well, sh..t, it's only a local exploit. nothing to worry about" because they don't take into account "stepping-stone attacks", where somebody leverages one attack to launch another, more lethal attack.

And understand: I'm not saying that Windows is invulnerable to this, either. It's happened plenty. But I'm not going to sit here and listen to you whine and obfuscate about this stuff when I know that it's possible to exploit on an unpatched box.

[Bush2000]

Total for that display and video card.... .....$3900

Dude, that's insane. I mean, unless you're a slave to fashion or like to burn money, that is.

[dennisw]

For the price of that $600 video card I could buy a more than adequate wintel computer for myself. Not that I need one .... I'm all set.

[Swordmaker]

These two paragraphs are at odds with one another. If you truly had the experience that you claim to have, you would be able to administer the boxes properly so that it would not be possible to install spyware, viruses, and all of that other crap. It's really not that difficult. But you have to be a competent admin.

Now you are calling me incompetent.

No, Bush, it is not. I am not in total control at all times of the computers that I work on. They are owned and operated by numerous small professional offices who have employees that TURN OFF protective software, visit malicious sites, and download "cool" and "neat" things. I don't "administer" them, I get called in to FIX them after someone screws up what I have set up.

[Swordmaker]

PS, it is usually the OWNER/Professional himself who screws up the computers after hours when the employees can't stop him...

[Swordmaker]

It's not that difficult to get you to download an arbitrary file. Hell, I can specify a script file as a reference within an IMG tag on this web page -- and cause it to download to your browser cache. Since I can guess that you're either using Safari, FireFox, or Mozilla, it's not that difficult to figure out where the resulting script will be downloaded. And when I cause you to execute that script through the help URI exploit, I own your box. Both of these "vulnerabilities" were demonstrated only as "proofs of concepts" and were expeditiously fixed.

No, Bush you cannot. My computer is up-to-date and these "proofs of concept" demonstration will no longer work. YOU keep claiming how easy it is to invade a Macintosh and we keep challenging you to PROVE it... and then you obfuscate, back peddling and dancing. You claim you can own my box... DO IT!

when I know that it's possible to exploit on an unpatched box.

No sh!t Sherlock... then we should say that every Windows vulnerability, exploited or not, is an exploit because someone, somewhere is still operating a box that is vulnerable. Microsoft Windows should be held up as the epitome of swiss cheese security because of all the PAST (although patched) vulnerabilities that must still exist - somewhere. That is the problem of those who refuse to update their systems... not Microsoft... OR Apple. "You can lead a horse to water but you cannot make him drink."

[Swordmaker]

Sorry .... disregard that last post .... it was for a Dell LCD TV.

The Dell 30" HDTV Monitor IS an LCD TV... with monitor capabilities... so we might be looking at the same thing. My $2000 price came directly from Dell's web site.

The point I was making is that the Apple Cinema Display is not in the same league as any of the other 30" LCD monitors out there. The native mode of the Dell and LG is only 1280 X 768 which equals 983,040 pixels. The Apple display provied 2560 X 1600 which equals 4,096,000 pixels - MORE THAN FOUR TIMES THE RESOLUTION in the same area.

Would I buy a 30" Cinema display + card for $3600 to surf the internet? Not on your life.

Would I buy a 30" Cinema display + card for $3600 to do professional videography and motion picture editing? You bet your life I would.

I would also buy it if I were doing high-end photography, high end graphics, etc. For any of those uses, $3600 is a bargain!

[dennisw]

The point I was making is that the Apple Cinema Display is not in the same league as any of the other 30" LCD monitors out there. The native mode of the Dell and LG is only 1280 X 768 which equals 983,040 pixels. The Apple display provided 2560 X 1600 which equals 4,096,000 pixels - MORE THAN FOUR TIMES THE RESOLUTION in the same area.
______________________________

I realized this too late. That's why I said to disregard that post. Apple 30" cinema is the only one I can find with a true computer monitor resolution. It must have TV, HDTV inputs too? Anyways, all the other 30" LCDs are primarily TV and secondarily computer monitors. 1280 X 768 just don't cut it for a legitimate 30" computer monitor. LOL!

[Bush2000]

Now you are calling me incompetent.

No, I'm not calling you incompetent. I'm saying that you haven't exercised options at your disposal to make these problems go away.

No, Bush, it is not. I am not in total control at all times of the computers that I work on. They are owned and operated by numerous small professional offices who have employees that TURN OFF protective software, visit malicious sites, and download "cool" and "neat" things. I don't "administer" them, I get called in to FIX them after someone screws up what I have set up.

Listen, you're not dealing with an OS problem. You're dealing with a HUMAN problem. You can easily fix this problem by restricting user privileges. Give them normal user accounts rather than allowing them to run as Administrator and they can't install/uninstall/turn off stuff, you can prevent them from visiting sites that aren't on an approved list -- either in the local HOSTS file, on a proxy server (easier and more efficient to control office-wide), or local filtering software.

BUT ... If you are NOT ALLOWED to implement those sane procedures by the people who own those boxes because they like the range of freedom that they currently enjoy (freedom which everyone here would admit they probably shouldn't have), then don't blame the freaking OS!!! Blame the people who want to run in an unrestricted mode!!! This is just common sense. Sheez ... if I told you that you had to give everyone root privileges on their OS X boxes -- and then people started hosing those same boxes by download/installing crapware, then you'd SCREAM if I accused OS X of being a "buggy" or "insecure" OS. But that's precisely what you're saying about Windows. You're blaming HUMAN failures on the OS. How weak is that? It's pathetic and hypocritical.

Like I said, I could fix the security problems within a few minutes. So lay off the "it's Windows' fault" crap. That's just pure ideological nonsense.