“This security estimation by counting advisories was well debunked a while ago”
Uh, excuse me READ the advisories.... don’t just count them.
Sword claimed that the only vulnerabilties that exist for OSX were a few trojans that required significant user interaction in order to achieve....
“There are a few trojans... but that require quite a bit of user participation to download, install and run... giving administrator permission at every step.”
That is simply NOT ACCURATE. A simple search on SANS or CERT or any other security site will reveal many OSX vulnerabilties of all different types.... including many buffer overflow style attacks and even some zero day exploits.
Heck... check Apples site at this URL (http://docs.info.apple.com/article.html?artnum=305391) for a list of just one release of patches addressing 25 different vulnerabilties. Go ahead and read the description and tell me how well that matches Swords characterization.
There is no question that OS-X...or heck any MAC OS has less active exploits then Windows (version whatever)... the debate is whether that is due to better inherent security in design....or simply being a small target.
I tend to side with the smaller target camp.... and it’s not like I’m a voice in the Wilderness there.
“Mac systems might be “safer because less people are throwing bombs at them, that doesn’t mean they are more secure”.” - Graham Cluley, senior technology consultant at Sophos
“The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms” - Neil Archibald
Or maybe we can hear from the guy that beat the Feb 22nd, 2006 “rm-my-mac” challange by getting Root of OSX in 30 minutes.
“”Mac OS X is easy pickings for bug finders. That said, it doesn’t have the market share to really interest most serious bug finders”
Regardles, the point I was making is for an end user.... particulary one that has some tech saavy and has plenty of familiarity with the Windows OS already (like ScoutMaster has described himself).... it’s really a moot point.... it’s not THAT difficult to keep a Windows machine relatively secure and running well.
Mac gets hit less....but it does get hit...and if some-one is really concerned about security... the answer isn’t to buy a Mac and think your magicaly ok..... the answer is to spend a little bit of time and effort educating yourself about safe computing behavior and how to configure whatever flavor of O.S. you happen to prefer properly. No O.S. in existance is a substitute for that....or will save a user from thier own reckless behavior.
Probably both. But remember that back in the extremely low marketshare days of OS 8 and OS 9 the Mac had over a hundred active viruses in the wild easily infecting computers. Now Apple has more computers out there, a bigger marketshare and much higher visibility. By target size calculations it should have far more, but it doesn't, not one dangerous virus running active.
The main difference between the two times is throwing out the old OS and using UNIX. So architecture must have a lot to do with it.
No, I didn't. Read what I said.
Uh, excuse me READ the advisories.... don’t just count them.
I have.
...including many buffer overflow style attacks and even some zero day exploits.
Please list the zero day exploits.
Or maybe we can hear from the guy that beat the Feb 22nd, 2006 “rm-my-mac” challange by getting Root of OSX in 30 minutes.
Please. Let's. This was debunked at the time it was fudded around. The Swedish Mac owner TURNED ON many ports that are OFF by default in a standard OSX installation. He also enabled ROOT, putting in a password... opened SSH ports... and allowed challengers to create their own user accounts. Every attacker was given local access! To make it even easier, the attackers were allowed to create Administrator Accounts for themselves. When they logged in, they could see the owner's user name!
Neither Gwerdna, the supposed Australian hacker, nor the Swedish Mac Mini owner would provide any details on how it was done. Since the hackers already knew the owner's name getting Root access may have been as simple as guessing his Root password. Further research showed the target computer had software had been modified from the standard OSX installation:
"Looking at the hacker contest link - it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine. So this test was totally bogus for purposes of evaluating security for the average Mac user."
This Swedish "contest" was so flawed that a week or so after it was widely hyped (read fudded) around the world, David Schroeder, an Assistant Professor of Information Technology at the University of Wisconsin, put a brand new, just out-of-the-box Mac Mini on a static IP address with the challenge to the world's hacker community to break into it and simply modify the web page it was displaying. The contest, original planned to last 72 hours, continued for 38 hours with thousands of attempts before the University IT department shut it down due to excess bandwidth usage - peaking at 30Mbps. None of the attempts succeeded.
... list of just one release of patches addressing 25 different vulnerabilties. Go ahead and read the description and tell me how well that matches Swords characterization.
Apple reports and lists improvement and security updates for all of the underlying UNIX applications. Being open source, ALL UNIX vulnerabilities are reported. Although many of these Unix applications are either turned off or not- implemented in OSX, Apple reports the vulnerabilities and provides the fixes and updates in any case. They are counted as OSX vulnerabilities. (Microsoft does NOT report hidden vulnerabilities in their proprietary applications until they are "discovered" and reported by someone outside Microsoft.)
You might also be interested in the fact that one of the most targeted websites in the world, the United States Army's, is run on a Mac OSX server... because they are so hard to hack. The US Army is also quietly incorporating Macs in other areas to increase security. Maybe they know a little more about it than you?