Mac OS X security myth exposed

Techworld ^ | 24 June 2004 | Matthew Broersma, Techworld

[Bush2000]

PS, it is usually the OWNER/Professional himself who screws up the computers after hours when the employees can't stop him...

Read my previous post. Users need to be protected from themselves. If you won't do that -- or they're unwilling to be protected from their own bad instincts, that's a HUMAN problem -- not an OS problem.

[Bush2000]

No, Bush you cannot. My computer is up-to-date and these "proofs of concept" demonstration will no longer work. YOU keep claiming how easy it is to invade a Macintosh and we keep challenging you to PROVE it... and then you obfuscate, back peddling and dancing. You claim you can own my box... DO IT!

The challenge wasn't to break into YOUR PATCHED computer. It was to break into an UNPATCHED computer. After all, you've been saying that the exploits patched by Apple weren't a big deal and couldn't give somebody else root privileges -- which I disproved. Getting root privileges through one or more stepping-stone attacks isn't that difficult.

... then we should say that every Windows vulnerability, exploited or not, is an exploit because someone, somewhere is still operating a box that is vulnerable.

Yeah -- and that same rule applies to Macs -- as I've been saying repeatedly.

[Swordmaker]

The challenge wasn't to break into YOUR PATCHED computer. It was to break into an UNPATCHED computer. After all, you've been saying that the exploits patched by Apple weren't a big deal and couldn't give somebody else root privileges -- which I disproved. Getting root privileges through one or more stepping-stone attacks isn't that difficult.

No, you said you could own MY computer... you keep moving the goalposts. As for "disproving" that it is very difficult to escalate user priveledges to ROOT, you proved nothing... you CLAIMED it but offered no demonstration of such a feat being accomplished. Coulda, woulda, might have... don't an escalation make.

As to it not being an OS problem... Windows cannot be safely put on the internet without running several third party programs to keep it safe. Spyware blockers, pop-up blockers, ad-ware blockers, anti-virus scanners, firewalls turned on... all necessary before it is safe to take your OS for a spin around the World Wide Web. This is like buying a car and having to install windshields, brakes, safety belts, airbags, and oil, all provided by someone other than the automaker, BEFORE setting out to the grocery store!

The only thing a prudent Mac OSX user needs to do is turn on the built in Firewall... oh, sorry,that's wrong, it's already turned on.

[Swordmaker]

Read my previous post. Users need to be protected from themselves. If you won't do that -- or they're unwilling to be protected from their own bad instincts, that's a HUMAN problem -- not an OS problem.

So, following this line of thinking, if a burglar breaks into my house and steals my silverplate teapot, it's MY fault because I didn't lock it in the vault, didn't build my house out of 2" plate steel, and didn't hire a 24 hour guard to watch the teapot.

If we just prevent people from using these poor OSes, then the problems would not exist... Solution, let the computers compute without human intervention!

[Bush2000]

No, you said you could own MY computer...

Look, if you lack the ability to conjure abstract thought, that's your problem, not mine.

As for "disproving" that it is very difficult to escalate user priveledges to ROOT, you proved nothing... you CLAIMED it but offered no demonstration of such a feat being accomplished.

You're hopeless. I could hand over the code and you still wouldn't believe it.

As to it not being an OS problem... Windows cannot be safely put on the internet without running several third party programs to keep it safe. Spyware blockers, pop-up blockers, ad-ware blockers, anti-virus scanners, firewalls turned on... all necessary before it is safe to take your OS for a spin around the World Wide Web.

Nonsense -- and spoken like a guy who doesn't know how to administer a Windows box. First of all, running with restricted privileges (aka not Administrator) will prevent any adware crap from installing itself and modifying the registry. You don't realize this because you allow your clients to run as Administrator. I doubt whether you've even tried to run in anything other than Administrator under Windows. Second, XP SP2 has an exceptional built-in firewall. Third, you can choose any web browser you want. You don't have to use IE.

The only thing a prudent Mac OSX user needs to do is turn on the built in Firewall... oh, sorry,that's wrong, it's already turned on.

Another idiotic statement. If you really knew what you're doing, you'd realize that XP SP2's firewall is ENABLED by default.

[Bush2000]

So, following this line of thinking, if a burglar breaks into my house and steals my silverplate teapot, it's MY fault because I didn't lock it in the vault, didn't build my house out of 2" plate steel, and didn't hire a 24 hour guard to watch the teapot.

Nice try -- but how about if we use a more reasonable analogy, ok? If you left your doors open and a burglar broke into your house, you would be partially culpable for not taking some reasonable precautions to prevent a break-in.

If we just prevent people from using these poor OSes, then the problems would not exist... Solution, let the computers compute without human intervention!

Yeah, imagine my audacity: I actually have the temerity to suggest that you use the same standards for administering Windows that you'd use for OS X. Such as restricted user accounts. Oh, the horror! You didn't quite expect that response, did you? You thought that you could simply get away with bashing Windows security without taking any responsibility for your own shoddy administration.

[HAL9000]

Read my previous post. Users need to be protected from themselves.

Mac OS X does that. Windows doesn't.

If you won't do that -- or they're unwilling to be protected from their own bad instincts, that's a HUMAN problem -- not an OS problem.

The human problem occurs when a user decides to purchase a Windows-based system. It goes downhill from there. Buy the ticket, take the ride.

[Swordmaker]

You're hopeless. I could hand over the code and you still wouldn't believe it.

You keep claiming things, Bush. You prove nothing. You don't have the code to "hand over". Where is the code that will compromise an up-to-date OSX installation, Bush. You postulate a Rube Goldberg series of events that must occur before your "exploit" can be exploited and then claim that is proof of anything. It isn't.

Second, XP SP2 has an exceptional built-in firewall.

But, but, but... Bush, you said we were talking about UNPATCHED boxes here... gosh. How many XP users have upgraded to SP2? 100%? 50%? 10%?

You might also realize that millions of Windows users are NOT using XP... I have clients who are still using 98, ME, or 2000. Why? Because they have been told by their software suppliers NOT TO UPGRADE... and I have seen some enterprise software break under unauthorized upgrades.

If you really knew what you're doing, you'd realize that XP SP2's firewall is ENABLED by default.

Of course I know it. How many years did it take Microsoft to figure out to turn the XP SP2 firewall on as a default????

But XPs wasn't... and where was the built-in Firewall in Windows before XP? Third parties suppliers had to jump into that vacuum.

Nonsense -- and spoken like a guy who doesn't know how to administer a Windows box. First of all, running with restricted privileges (aka not Administrator) will prevent any adware crap from installing itself and modifying the registry. You don't realize this because you allow your clients to run as Administrator. I doubt whether you've even tried to run in anything other than Administrator under Windows.

AGAIN you call me incompetent. Yet YOU make negative claims about a system with which you have little experience... OSX.

My clients are INDEPENDENT businesses... THEY call the shots, not me. I can tell them, I can set up the computers, I can limit employees' access... but they always want someone to be able to install software and usually it is the owner or a manager. They tell me what they want, I provide it. Then, later when it gets screwed up, I fix it and TELL THEM AGAIN HOW TO BE SAFE. Those who follow my instructions stay safe... those who don't get to pay me to fix it.

Often, it is their enterprise software tech who turns off the protections, elevates the priveleges, and occassionally even installs something that is compromised. I HAVE to leave them the passwords for administrator level.

Third, you can choose any web browser you want. You don't have to use IE.

Getting back to the car analogy... you can drive your car, but you really don't have to use the engine it came with... you can get an engine from another maker.

[Swordmaker]

Nice try -- but how about if we use a more reasonable analogy, ok? If you left your doors open and a burglar broke into your house, you would be partially culpable for not taking some reasonable precautions to prevent a break-in.

So if the contractor who built my house neglected to provide doors, I have to go out and get doors from another source... just to FIX the incompetence of the builder who did not provide them. When I buy a house I expect a certain degree of safety, privacy, and utility... if the builder constructed a house that did not provide those things, it is HIS incompetence... especially if he led me to believe that these things were there necessary.

Windows is like that disappointing toy... the one that has got all these neat things it can do... that you open on Christmas morning only to read those three damning words: "Batteries Not Included." Before you can play with your new toy, you have to get something more that wasn't provided. In the toy's case, batteries; in Windows' case, security software.

[N3WBI3]

Second, XP SP2 has an exceptional built-in firewall

Better late than never, windows is always playing catch up..

[Bush2000]

Mac OS X does that. Windows doesn't.

Wrong. Windows does precisely that -- when properly administered.

[Bush2000]

You keep claiming things, Bush. You prove nothing. You don't have the code to "hand over". Where is the code that will compromise an up-to-date OSX installation, Bush.

You just can't get it, can you? The original argument was over the criticality of bugs. You claimed that the Mac bugs -- even if UNPATCHED -- couldn't provide remote root access. That's what the discussion was about. I described precisely how a series of attacks could give somebody remote root access. Now, you want to move the goalposts and demand how the same can be done with a PATCHED machine. Sheez. Forget it. I can't discuss anything rationally with somebody who wants to change the rules constantly.

But, but, but... Bush, you said we were talking about UNPATCHED boxes here... gosh. How many XP users have upgraded to SP2? 100%? 50%? 10%?

The same holds true for any OS X patch, fan-boy.

Of course I know it. How many years did it take Microsoft to figure out to turn the XP SP2 firewall on as a default????

Too long.

AGAIN you call me incompetent.

Only YOU truly know whether you're incompetent. I don't know you, personally. I can only pose possibilities.

Yet YOU make negative claims about a system with which you have little experience... OSX.

OS X is nothing more than BSD Unix. I've got plenty of experience with BSD. So lay off the BS.

My clients are INDEPENDENT businesses... THEY call the shots, not me. I can tell them, I can set up the computers, I can limit employees' access... but they always want someone to be able to install software and usually it is the owner or a manager. They tell me what they want, I provide it. Then, later when it gets screwed up, I fix it and TELL THEM AGAIN HOW TO BE SAFE. Those who follow my instructions stay safe... those who don't get to pay me to fix it.

LIKE I SAID ... you have a HUMAN problem, NOT AN OS PROBLEM! If I told you that I wanted my entire business to run as root under OS X -- and then all of my computers were screwed by malware -- you would scream if I then criticized your OS, wouldn't you? Can't you admit the obvious? That the source of the problems is poor administration? The fact remains that it isn't your fault. It's your customers' fault. Because they opted for poor administration over security and reliability. But you can't turn around and criticize the OS for HUMAN failures. Get it?

Often, it is their enterprise software tech who turns off the protections, elevates the priveleges, and occassionally even installs something that is compromised. I HAVE to leave them the passwords for administrator level.

Again, a HUMAN failure. Bad administration. You haven't said anything which identifies the OS as the source of the problem. Can't you see that simple fact? Can't you admit the obvious?

Getting back to the car analogy... you can drive your car, but you really don't have to use the engine it came with... you can get an engine from another maker.

Yet another flawed analogy. A web browser is not REQUIRED in order to make the computer function. An engine is required. Try again. A web browser is just another software application. Not critical to the operation of a computer. You can install Opera, Mozilla, Firefox, or a dozen other browsers without impacting the operation of the computer.

[Bush2000]

So if the contractor who built my house neglected to provide doors, I have to go out and get doors from another source... just to FIX the incompetence of the builder who did not provide them.

Another bad analogy. Windows does provide doors. IHVs choose to leave them open by default. That's not Microsoft's problem.

Windows is like that disappointing toy... the one that has got all these neat things it can do... that you open on Christmas morning only to read those three damning words: "Batteries Not Included." Before you can play with your new toy, you have to get something more that wasn't provided. In the toy's case, batteries; in Windows' case, security software.

More FUD. Windows easily prevents all of the problems you claim can't be prevented. But you're not allowed by your customers to turn on the protections.

[Bush2000]

Better late than never, windows is always playing catch up..

And the day that OS X and Linux ever have as many desktop users as Windows, they'll have to actually focus on real usability problems.

[Swordmaker]

More FUD.

Once again, the only one spreading Fear, Uncertainty, and Doubt around here is Bush2000

[Bush2000]

Look, you're the one who continues to bash Windows -- DESPITE THE FACT THAT YOU AREN'T ADMINISTERING IT IN A SANE AND REASONABLE FASHION.

[Swordmaker]

Look, you're the one who continues to bash Windows --

Let's see... who posted a seven month old article on FreeRepublic knocking the Mac? Whose posts in this thread have CONSISTENTLY bashed the Mac OS? Who has used ad hominem attacks against those in this discussion who take the opposing view?

ANSWER: Bush2000.

Here are a sampling of the bashing that YOU have done in this thread against the Mac OS.

-------------------

"Bump and weep..."

-------------------

Mac OS X worms, viruses and spyware market share: near zero.

"Fixed it for you."

-------------------

"-- and ignore the Mac Moonies."

-------------------

"'Bu-bu-bu-bu... Macs don't crash!' /sarcasm"

-------------------

"They're too busy recovering from crashes ..."

-------------------

". . .which really pisses you Mac zealots off because it interferes with your reality distortion field."

". . . OS X had the highest percentage of critical vulnerabilities. Try spinning that away, fan boy."

--------------------

". . . because companies simply don't use Macs.

---------------------

" Right, companies don't use Macs. Hence... figure it out. Apple would looooooooove to have the problem of companies applying patches -- because that would mean that companies actually using Macs. But that's just a Mac bigot's pipe dream."

----------------------

"There are practically no Macs in the wild."

----------------------

"Mac market share in companies is MINISCULE. You know it. I know it. Don't pretend otherwise."

----------------------

"Which means you belong to the Cult of Mac."

----------------------

". . . or AntiRepublicrat/Swordmaker's delusions that Macs are secure."

----------------------

". . . And the day that OS X and Linux ever have as many desktop users as Windows, they'll have to actually focus on real usability problems.

----------------------

I challenge you, Bush, to find anywhere near that many number of my posts in this thread where I have "bashed Windows"... I think you will find I spoke of my experiences with that operating system. It is YOU who posts gratuitous slurs against OSX and Apple. In almost every post of mine in this thread you will find that I am providing a rebuttal to your calumnies and false information.

[cyborg]

I concur with your post.

[SunkenCiv]

Well said.

[IncPen]

Thanks Sword.

I've said it before.

What the hell kind of life must it be to try to justify the unjustifiable - who would die on Bill Gates' hill? What does that say about a person?

Who could be for Microsoft, or more to the point, who would defend their software/crapware/marketing/usability?

B2k is a sad and bitter person, uninformed at best, willfully mispoken at worst, more to be pitied than shamed.

I think it's hilarious that B2k gets pinged to every bad-news-Gates thread and still drinks the KoolAid.

Like mama used to say, ain't some folks never gonna learn...