Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Windflier; Swordmaker

From the article:

“Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple released its own “security update” on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.”

So if Apple allowed java to be updated by Oracle then this wouldn’t have been as widespread of an issue. Very interesting.

I wonder why Apple took so long to patch this vulnerability? Maybe they should stick to making hardware and leave the software to the pros.


26 posted on 04/05/2012 10:18:55 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 2 | View Replies ]

To: for-q-clinton

Apple controlling the updates is part of their overall security, and part of why they tend to have less issues. The model has its pluses and minuses.

The plus, only updates they send are going to get pushed to computers, meaning someone can’t hijack or spoof say an update looking like its an oracle update from oracle and compromise your box.. the update must come from apple. The down side, is as you pointed out, updates can take longer to be distributed because Apple must review and push them.

Security is a balance between usability and safety. The safer you want your computer to be, the less usable its going to be in practical application.

Opening up updates to be done from anywhere, does open Windows up to a more likely possibility of a phone update being pushed and infecting computers than a centralized distribution policy such as Apple has. However it also means updates don’t happen as quickly because the developers can’t push them directly.

I’ve had flame wars against Apple since the days of the Apple II, my Commodore 8 bits ran rings around them in every measurable way back in the day, and honestly I’ve traditionally not been a huge fan of theirs...though I can see why some folks enjoy them. From a user experience side, they have traditionally been miles ahead of MS. As a tech geek, they frustrate the heck out of me. However as a tech geek I’m really not their target market, their target market is people who are not technically savvy, and don’t want to be but want to use technology elegantly and simply... and on that front, Apple has done a supurb job, and does to this day.

Yes, that comes with pricetags I don’t care for, ungodly overpriced hardware, a development language that is rediculously and needlessly obtuse, and UI weaknesses that they need to concede they are wrong about.. IE only the bottom right corner can be used to resize a window... Its time to accept and update that one guys and let users drag any part of a window to resize it.

Apple focus these days is on USER EXPERIENCE, and give them credit where it is due, they own it. But like their security push model, it too comes with a price, want to publish for iPhone etc better meet their guidelines and pass their review before it will get out to the world. No such restrictions on other platforms, but this oversight while annoying from a pure hacker perspective, does lead to a ubiquitous experience to the user, regardless of who develops the app etc. All you have to do is go look at Android Apps and you’ll instantly see what I am talking about. Thousand upon thousands of crappy apps, they may do their jobs, but the user experience and interfaces are kludgy and inconsistent.

However getting back to security, Apples model for security is a generally safter design than Windows, especially on older version of the OS. Is it perfect? Nope, no such thing exists.


35 posted on 04/05/2012 10:54:25 AM PDT by HamiltonJay
[ Post Reply | Private Reply | To 26 | View Replies ]
To: for-q-clinton
"From the article:“Java’s developer, Oracle,......"

From a better article....

"OS X does not come with Java installed by default, and the latest versions of Java should be patched properly so anyone with new or properly updated systems should be safe from these threats........."

To summarize, the malware has overall adopted two modes of infection. The first is where it requires administrative privileges......The second .... is done to the user's account... does not require admin privileges to complete;however, it does ultimately result in a more obvious infection that will destabilize the system and lead to crashes."

Bottom line.....

....again.

41 posted on 04/05/2012 1:07:01 PM PDT by moehoward
[ Post Reply | Private Reply | To 26 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson