If you want on or off the Mac Ping List, Freepmail me.
Posted on 05/30/2005 5:38:27 AM PDT by Swordmaker
Mad As Hell: Metaphor 1.42
---------------------------------------------------
The reason Windows people think they're just as safe is because they're the victim of a propaganda war about the existence of Security By Design. Microsoft tries to play both sides of Security By Design, and most people don't even notice.
When Microsoft (and their apologists) want to explain why they're OS seems to be a miserable piece of technology ridden with problems, they *deny* the existence of Security By Design, and say that the problem is because they are so wonderfully popular. They tell everyone that Security By Design doesn't exist and they'd be safe "if only they weren't so wonderfully popular!" They want you to believe only the gospel of Security By Obscurity.
But when Microsoft (and their apologists) want to explain how Longhorn will be better than the sucky situation now, suddenly Security By Design exists! Alleluia! Suddenly, you hear angels singing lofty ideas about "secure code" and "built with safety in mind". Microsoft leaders and evangelists swear Longhorn is a godsend because "security needs to be part of the design, not a bolt-on". Bill Gates had the chutzpah to tell the BBC that with Longhorn, he can personally promise no more malware ever again! (see http://news.bbc.co.uk/2/hi/business/4516269.stm )
Ha ha ha! Also, Longhorn users will get eternal life. And, umm, a pony!
So that's the story of the propaganda myths of Security By Design. The truth is, and even Microsoft admits it, is that Security By Design is real. And Windows is an old product, poorly designed, repeatedly patched and patched and patched, with an incestuous tangle of subsystems that interact directly with each other and get full access to everything they need whenever they want to.
But, for your readers, how exactly is Mac OS X different from Windows?
It's a long story, but the short version of the story goes like this...
Once upon a time, in a world full of yucky bugs and evil burglars, there was a house named Windows, and it had many doors and many windows. And they were all left open. (These are called "ports" and "services".) All the bugs and burglars in the world could just go right in. Only a few experts know how to close the doors and the experts just couldn't around often enough to prevent lots of bad problems. Bugs and burglars in the house! Bugs and burglars in the house! [Yes, XP SP2 helped this problem, but it's not perfect, and lots of people run other Windows variants]
And even worse, in order to let the townspeople actually use the house, in other words to actually live in the house, Windows was designed to let anyone create new windows or doors whenever they wanted. And you didn't even have to be in the house to create new windows and doors! You could be across town! Or if you read the newspaper, someone in another town could suddenly create problems in your town! [Browsing the Web with Internet Explorer exposes you to hackers across the world because of bugs, and also ActiveX "features"] The great power behind the risk is Administrator Privileges. With this power, it's especially easy to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) with Admin Privs. And so bad people all over town were creating new big holes in the house every hour! Bugs and burglars in the house! Bugs and burglars in the house!
Some people said "You don't have to give people Administrator Privileges simply to live in the house!" But all those people who said that were geeks and wizards who have special knowledge of how to control big companies. The truth is that if they weren't around to help their mother and grandmother, they would *need* all this power day-to-day (to configure the OS, to install software and drivers, etc). They would all use Administrator privileges because it's too complicated and restrictive and confusing for average folks not to. It's just plain hard to live in the house called Windows like without that destructive power at your fingertips.
And to make it worse for the house of Windows, it was an old house. You see, it originally was a small cottage, but over the course of many years of tubes and hammers and some scrap metal, the house's "walls" today are really weak body armor pieced together over a period of several decades.
Somewhere in town, a bird chirped.
Way across town, there was a house called Mac OS X. In that house, there is exactly one door and really thick strong walls made from rebar and reinforced concrete. Those are called the built-in firewall and a well-designed-and-tested UNIX BSD communications security architecture. No gratuitous doors or windows (ports and services).
It's not impossible for Mac OS X residents to create new doors and windows (opening ports, creating services), but it can only be done carefully in cooperation with whoever is keeping track of the front door and whether it's safe right now (configuring the firewall). And even in those cases, only certain types of objects can come in (opening specific ports) -- no bugs and no burglars in general. No bugs! No burglars!
When the Mac OS X residents were building their house, they realized they don't need to be able to make doors and windows *all* the time -- they don't need Admin Privs.
So the house called Mac OS X is designed that no one can simply just *create* doors and windows whenever they want in a split second on their own. Even the mighty geeks are suddenly prompted for their password, and then they have more power temporarily only, and only for what they are doing right then. This makes it much easier to prevent people from accidentally creating new doors and windows in the house! Also, it makes it harder for bad guests (malware) to create new doors and windows. Also, it makes it harder for to trick the residents of Mac OS X into creating new doors and windows, because the password must be magically said before such destructive big things happen. So, it's harder to create secret hidden and *permanent* doors (automated self-propagating worms/viruses and spyware) to sneak people into the house of OS X. (This approach is called "well-designed and user-friendly Privilege Escalation system and subsystem compartmentalization, while avoiding the *need* for normal average users to constantly wield dangerous Admin privileges". The idea that OS X Admin users don't *actually* wield root/Admin power full-time is often misunderstood, or lied about, by Windows apologists.)
The people living in the house of Mac OS X were happy. They had to keep track of their front door, and had to think carefully before announcing their password when something asked for it, but it was a good house, and a good world.
The people living in the house of Windows were riddled with bugs, and always had mosquitoes in their teeth. And burglars constantly entered their house and took everything, and they usually had 5-10 unwelcome visitors secretly watching them, eating their food, and learning all their secrets (spyware).
At the end of the day, the people in the house of Mac OS X gathered around the dinner table, talking of fun they'd had together as a family that day.
And the people suffering in the house of Windows said to all their friends "Yes, it's an awful life, and our homes are full of bugs and burglars, but it's only because our house's design is really so wonderfully popular!!!"
The End.
JX Bell http://www.jxconsulting.com http://www.jxphotography.com
If you want on or off the Mac Ping List, Freepmail me.
Thanks for the ping.
Gotta make sure hubby sees this one!
Thanks.
The best summation I've seen on the issue.
"Somewhere in town, a bird chirped."
What. A. Dork.
This "good town" reminds me of the good towns in horror films that wind up being bathed in a bloodbath.
Lock your front doors, little ones, and whatever you do don't let this mad-man in.
The difference is, that security isn't available out of the box.
And by the way, Norton products suck. All of them. Get NOD32 or Kaspersky AV, and grab the WPA2 patch from Microsoft so that you can upgrade your wireless security recommendation.
You also left out SpywareBlaster and an actual physical firewall of some sort--ideally a separate box, but in most cases a router would do. Software firewalls are bogus.
Using the configuration of XP SP2, Firefox, Kaspersky, Spywareblaster, and a router, I've had precisely zero malware infections of any type.
Gee, Turbo, you're right, if it wasn't for those darn users not knowing what to do immediately when they get their new Windows computers to safely surf the internet, everything would be peachy keen. Why not just get rid of those, oh, so ignorant, users? Then the problems will go away...
Or... maybe, just maybe... it might be better to use an operating system that is secure when you first turn it on after you take it out of the box???
From SecurityFocus' Scott Granneman:
. . . The Slammer worm did most of its dirty work in under ten minutes. A half an hour is all it took for Nimda to spread worldwide. The Witty worm took an almost leisurely 45 minutes - but in that time it managed to infect every possible machine in its threat portfolio. And the slowpoke of the bunch is Version 2 of the Code Red worm, which worked for almost 14 hours to infect 359,000 machines, but at one point it was taking over 2,000 new computers every minute, which ain't bad (be sure to check out the cool animations demonstrating the rapacious spread of the worm).
"If a user isn't educated enough to know how to open up a port he needs to run a particular program that needs a hole punched in the firewall, then that user shouldn't have unfettered access to the Net anyway."Let's add a new time frame for computing disaster to the list above, one that every security pro should know: 20 minutes. . . . that's how long your average unprotected PC running Windows XP will last once it's connected to the Internet ... before it's compromised and effectively owned. . . .
The SANS Institute Internet Storm Center released those eye-opening numbers a few days ago [Aug. 18, 2004 - Swordmaker]. Go take a look at their graph, and you'll note that the current time of 20 minutes is half that of what it was a year ago, although, to be fair, the average has been both higher and lower - over an hour last Christmas and only about 15 minutes in the spring. That hour at Christmas seems like an aberration, and the overall trend has definitely been downward, towards far shorter times before your Windows box is not really yours any longer. [Some pundits are now claiming less than 4 minutes - Swordmaker].
As the SANS Institute notes, 20 minutes is not long enough to update your Windows PC before it is too late. If you take a new PC out of the box, plug it in to the Internet, and power it on, most people (most people? OK - a lot of people. Uh, alright - some people. Erm ... *sigh*. A few people. Happy?) know enough to immediately hie thee over to Windows Update and get the latest patches from Microsoft. Then reboot. And get more patches. And reboot. Ad infinitum. Oh, and don't leave out the latest anti-virus updates either. Gotta have those. Oh oh oh - don't forget Windows XP Service Pack 2, the gotta-have update from Microsoft, which "may be as small as 70 megabytes (MB) or as large as 260 MB". And users are supposed to download all this in less than 20 minutes?
You don't like Bill Gates do you.
Look at the bright side, without his Billion dollar business, your chastising day's would be over.
That would lead you to frustration.
Or to become mad as hell....
You: "You don't like Bill Gates do you."
What has the comments on the blog have to do with Bill Gates? The Windows users who, with no experience with Macs, made clueless commentary about the issues.
Have you read the other "Mad as Hell" articles? These guys are not Mac partisans, although I suspect they will be after a few weeks. They are and have been Windows partisans for over 20 years.
I am at a loss for words.
My mistake, I thought Bill Gates had something to do with the windows operating system.
I'm just a happily clueless windows user....
Do you post inanities and falsehoods about an operating system you have never used and know very little about? Do you repeat those inanities and falsehoods merely because you've heard them from other people just as ignorant of the subject? I haven't see you do that... so, while you may be a Windows user, you probably aren't clueless.
On the other hand, several people in the position to know, claim that 70-80% of Windows users ARE clueless about computer security on their chosen platform. It is these people that Winn's company address on his web page "Security Awareness for Ma, Pa and the Corporate Clueless" and who are his primary customers. Quite frankly, most of my clients are also clueless and depend on me to make their Windows computers secure.
The Windows users who come on the Blog and make comments such as "Windows is perfectly capable of being secured if you just...a,b,c,d, and e, after you start it up", just as you did, ignore the fact that most people who buy a computer to surf the net, get email, print a few photos, haven't the foggiest idea that they even NEED to do those things much less HOW.
What's a computer?
LOL.
Well, up until the 1950s it was defined as a person who manipulated numbers...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.