Adobe loses security grip and falls to earth

Techworld.com ^ | December 15, 2004 | Techworld staff

[N3WBI3]

Everyone here has witnessed the countless diatribes of Mac and Linux bigots, railing against Windows and/or Microsoft -- pleading with people to 'just switch...' -- while insisting that 'their platform isn't vulnerable to viruses, worms, and malware.

Post one, please I beg you post up one example (after all they are countless) where someone does not say less vulnerable, but not at all vulnerable.. Stop making stuff up.

[Bush2000]

Here's a perfect example of someone who thinks that the Mac is invulnerable to viruses.

[general_re]

But I wouldn't be surprised if Microsoft at least makes an attempt to do something like this in the near future, given the increasing malware problems.

I'm not really sure it's doable, though, as you describe it. Nor am I sure that something that drastic is really necessary. Security is a process, not a product, and the keys to the process are education for users about safer computing, and tools that effectively promote safer computing.

Perfect example: the Half-Life 2 Steam client. It will not run on user-level accounts or lower on either XP or Win2k. This is because Steam expects to be able to write to HKEY_LOCAL_MACHINE when it installs, and expects to be able to write the Program Files folder when it updates itself or otherwise gets new content. Problem: user-level accounts (including "limited" accounts on XP-Home) do not have write access to Program Files or HKEY_LOCAL_MACHINE. Crappy design from Valve, to be sure, but there are two ways around that - either use "runas" to run that particular software with higher privileges, or you can give explicit write permissions to users for the Steam folder and that registry region (you probably would prefer to rewrite it so that you don't have to have users touching that portion of the registry, actually, but nevermind).

But most people don't know how to do either of those things to preserve some security, and even if they did, it's somewhat inconvenient, so they take the easy way out and simply run as administrators. In that case, both the software and the users are lacking - the software is lacking because it has a crappy design that requires the end-user to preserve security via workarounds, and the users are lacking because most of them don't know how to do those workarounds, or even why they should.

Good software design can help protect the system from clueless users, and savvy users can help protect the system from bad software design, but unfortunately, it's all too common to have neither. Instead, you wind up with the worst possible outcome - clueless users operating badly designed software.

[Bush2000]

Yet another one.

[N3WBI3]

Tell me exactly which unix virii can take over my G5?

Hmm so where in here is he saying that (A) Unix is invulnerable to attack, (B) OSX in invulnerable to attack, (C) Linux is invulnerable to attack?

Seems to me he is asking which UNIX Virii takes over macs? meaning there are not any out there right now. He did not say that a Mac is invulnerable to attack..

Nice try...

[avg_freeper]

What you described happens sometimes on the Mac as well. Instead of an application keeping preferences and other stuff in the ~/Library folder where it should, it tries to write to the /Applications folder it resides in.

I just refuse to use software that does that. I'm sure I won't encounter any problems with a Half-Life II installation on my mac though. LOL! For the same reason no one encountered problems with Half-Life one on their macs.

[zeugma]

Well, while it is certainly possible to have an FTP process dump the contents of ~/. to a remote server, such attacks seem to be fairly rare in practice. No type of attack, be they remote or local should be shrugged off if one is to be smart about using one's computer. It is a lot harder to infect Unix computers though, as the systems are not generally set up to automatically execute code. Saving an attachment to disk called "runme.exe" isn't enough to make something executable.

In general, the overall security is simply better on Unix systems because there is almost never a need to login as root. That doesn't mean you can be completely complacent, but the target is a lot smaller. I update programs for which there are only local exploits just as religiously as I to those that are succeptable to remote exploits, not because I'm worried about anyone in my household taking advantage of them, but rather because it's just the smart thing to do.

Also, to come back to the point about having an ftp program that will dump your data remotely, there are quite a few tools out there that will alert you to such things. I keep a program open that presents a histogram of CPU usage, cache and internet usage (both incoming and outgoing), so I'd most likely notice if something lke that were going on. It's all about awareness IMO. If you are aware of what should be happening, you're far less likely to get bitten by things that shouldn't be.

[Izzy Dunne]

Here's a perfect example of someone who thinks that the Mac is invulnerable to viruses

Wrong. Thank you for playing.
The point I was making was not that Macs are invulnerable. The point is that they are less vulnerable for MORE reasons than the old "security by obscurity" logic my opponent was using.

But I'll bet you knew that.

[N3WBI3]

Well Im still waiting, can you point out a post where someone actually says that OSX or Linux has not bugs and can not be attacked..

Comeon according to you they are all over the place..

[goldstategop]

Adobe just released Acrobat Reader 7.0 which addresses the vulnerabilities of the previous version. Every one is urged to download and install it immediately to take advantage of the security enhancements as well as file reading improvements.