[isteve]

In theory if your running windows Vista with all it's updates and have good spyware, antivirus running. You would be just as safe using os x (with updates) out of the box. Unless on either machine you download something bad and install it. Same with Linux.

In the next week or so os x 10.5.7 will be out with a lot of bug fixes and this summer 10.6 will be available. 10.6 is a new os written just for intel Macs that should mean old security bugs fixed and new ones to find.

If anyone has the os x botnet trojan (estimated at less then a 1000 machines) you can get a free removal tool at Secure Mac.

[iccaros]

mewi, on Apr 21 2009, 04:17 AM, said:

hitest, on Apr 20 2009, 11:14 PM, said:

mewi, on Apr 20 2009, 08:03 PM, said:

But I suggest you read the month of the apple bugs website before making claims that the Apple OS is secure.

No operating system is perfectly secure. Some hardened versions of BSD like OpenBSD are quite secure.

Lets say we reversed the popularity of windows and OSX, something tells me, OSX would have far more viruses than windows XP does in reality today.

But who knows, you also have to calculate the difference in income, of course more money = more staff. So maybe, maybe not. But as it stands, there is no possible way that OSX is more secure than windows XP

and I do love Windows XP ( nlited of course ;3 )

hmm,
I love ignorance..

first name how OSX is not secure and what features it is missing (I can by the way)
also name the ways to hack a Vista machine (hint they are the same in most ways )
name the 2 things that will put XP even on a even start?

I will start
OSX is missing no exaction bit and OS memory randomisation (next release fixes both of these)

Vista and XP still give its first user full system privileges..

On a OSX machine the user uses SUDO (through a nice gui) to gain privlages
what does this little difrence mean

you are serfing the web and a pop up that is correctly written to install software on Mac OSX comes up. This is easy to do in both Mozilla and safari. the user than is confronted with the system asking for the Admin password.. Most users, but not all would click cancel on the password part because it is not normal for things on the web to ask for your admin account password

on Vista and XP the same situation, the user is presented a prompt (pop up written in active X). at which time the user selects cancel on the pop up (but its coded the same as ok) and on xp the program is installed since the user is admin on 99% of all windows systems shipped out. on Vista a OK prompt comes up but most users have been found to just hit ok because they are used to windows vista asking for a OK prompt for a lot of things that don't make sence to them.

now to make XP and or Vista even close to this on security feature, make all users limited users accounts.. problem 88% of software will not run in this mode..

and yes with Internet explorer just going to a website and running a java script can install a virus with no user interaction as agian to make it simple most users have INTERNET security set to minimum, so the user did nothing but click a link on a web page.. and if for some reason you do not believe it, please pick up a few books. We do it all the time to government sites as this is what I do for a living, I get paid to secure and show security issues to our customers.

on OSX a user just going to a site could not install software, but you can attack it using a buffer overrun (the guy who hacked safari in 5 min worked on that exploit for over a year)
so what can fix both of these issues, firefox with noscript running.. but again how many normal people know about this..

so while OSX is missing two major security options that windows has, the entire user structure of windows makes its features moot.

also since you need to get root access, a virus on mac would have a issues spreading

now for this case, some people downloaded a piece of software and installed it, and when asked gave the software their password.. This would work on any system.. any, in windows vista if you are a limited user even and you install a piece of software there is a bug that gives the installation program system privlages.. so even a limited user on vista can do this..

how do you stop this kind of attack
use roles and sandboxing.. but as of yet only solaris and SELinux support this. while winows has roles in windows domain the policy is tricky to get right (not impossable) but sand boxing is implemented by applications not the OS in windows (they call it siloing )

so the point, anytime anyone says this SO is more secure than that OS, ask why and show me.. if they can't they are giving opinion not fact.

also popularity is a joke answer and a excuse.. OSX is based on UNIX (bsd as a matter of fact) and UNIX system make up more than 55% of the installed market (just not desktop). UNIX and Linux systems run more publicly accessed systems than any other. a virus written to attack UNIX or Linux would most likely be able to affect all of them, so they are a bigger target and can effect more people. if google was taken down or infected it would case a loot more trouble then infecting th ewindows desktops.. so hackers do try and are trying to hack Unix systems just as much or more. but I guess it sounds good, until you think about it for more than 5 min

[iccaros]

isteve, on Apr 21 2009, 05:36 PM, said:

In theory if your running windows Vista with all it's updates and have good spyware, antivirus running. You would be just as safe using os x (with updates) out of the box. Unless on either machine you download something bad and install it. Same with Linux.

In the next week or so os x 10.5.7 will be out with a lot of bug fixes and this summer 10.6 will be available. 10.6 is a new os written just for intel Macs that should mean old security bugs fixed and new ones to find.

If anyone has the os x botnet trojan (estimated at less then a 1000 machines) you can get a free removal tool at Secure Mac.

this version will include memory randomization and no exe bit (as those are intel specific programmings..)
which means OSX will not be susceptible to the hack that won Charlie Miller $10,000 this year. .
Also they are talking about adding application sandboxing, which would give you what solaris can do with zones for linux/bsd with jails.

[isteve]

Cool didn't know they were adding the sandboxing. I think most people think apple os engineers only work on pretty interfaces.

Does anyone know if Apple has decided to use ZFS on all the mac lineup or just the servers?

Hey, apple just now distributed their one billionth app on the app store.

[iccaros]

zfs is going to stay server by default..
ZFS would be awesome as its features are well worth the fact that it is not 100% yet.
I use it on my solaris systems and my Linux systems.
When LVM get the ability to do snap backups .. well it will be the only other filesystem that comes close to the usefulness of ZFS

[hitest]

iccaros, on Apr 23 2009, 01:06 PM, said:

this version will include memory randomization and no exe bit (as those are intel specific programmings..)
which means OSX will not be susceptible to the hack that won Charlie Miller $10,000 this year. .
Also they are talking about adding application sandboxing, which would give you what solaris can do with zones for linux/bsd with jails.

That is very cool.

[mewi]

iccaros, on Apr 23 2009, 04:03 PM, said:

mewi, on Apr 21 2009, 04:17 AM, said:

hitest, on Apr 20 2009, 11:14 PM, said:

mewi, on Apr 20 2009, 08:03 PM, said:

But I suggest you read the month of the apple bugs website before making claims that the Apple OS is secure.

No operating system is perfectly secure. Some hardened versions of BSD like OpenBSD are quite secure.

Lets say we reversed the popularity of windows and OSX, something tells me, OSX would have far more viruses than windows XP does in reality today.

But who knows, you also have to calculate the difference in income, of course more money = more staff. So maybe, maybe not. But as it stands, there is no possible way that OSX is more secure than windows XP

and I do love Windows XP ( nlited of course ;3 )

hmm,
I love ignorance..

I love how a staff member of BT is calling me ignorant which is disrespectful and I do not appreciate it.

Then asking me to prove something I never even stated before hand. I was speaking entirely about Apple OS security, I did not even mention any of alot of things you typed about. Whether it be from performance or otherwise.

I like windows XP, who cares? That makes me ignorant? I hate apple products, who cares? That makes me ignorant?

Edit: And just because it's Unix, doesn't mean that the people building from it are not interfering with the stability of Unix. Do I need to direct anyone to Apple's previous OS's?

This post has been edited by mewi: 23 April 2009 - 07:04 PM

[hitest]

mewi, on Apr 23 2009, 04:53 PM, said:

And just because it's Unix, doesn't mean that the people building from it are not interfering with the stability of Unix. Do I need to direct anyone to Apple's previous OS's?

First of all, welcome to besttechie.net, mewl. I am pleased that you are posting here! iccaros is an expert in many operating systems, I have known him for many years. I trust his advice as do the members of our forum. To be frank some of your comments are a bit confusing.

[jcl]

iccaros, on Apr 23 2009, 01:03 PM, said:

also popularity is a joke answer and a excuse.. OSX is based on UNIX (bsd as a matter of fact) and UNIX system make up more than 55% of the installed market (just not desktop).

No way. Unix has maybe 15% of the PC market. The server market's something like 1/25th the size of the PC market, so that's at most another few percent.

Quote

a virus written to attack UNIX or Linux would most likely be able to affect all of them, so they are a bigger target and can effect more people.

The near-complete lack of binary compatibility presents a bit of a problem. Source compatibility, too, for that matter; I don't think autoconf is an option for a virus.

[mewi]

hitest, on Apr 23 2009, 09:39 PM, said:

mewi, on Apr 23 2009, 04:53 PM, said:

And just because it's Unix, doesn't mean that the people building from it are not interfering with the stability of Unix. Do I need to direct anyone to Apple's previous OS's?

First of all, welcome to besttechie.net, mewl. I am pleased that you are posting here! iccaros is an expert in many operating systems, I have known him for many years. I trust his advice as do the members of our forum. To be frank some of your comments are a bit confusing.

I apologize for any confusion I may have caused, if you have a question you wish to ask me, about my previous posts, please do so and I will try to make my post(s) less confusing =3

[hitest]

mewi, on Apr 24 2009, 07:50 AM, said:

I apologize for any confusion I may have caused, if you have a question you wish to ask me, about my previous posts, please do so and I will try to make my post(s) less confusing =3

No need to apologize, mewl. I think you and I got off to a bad start as I was a tad abrupt in our first encounter. My apologies. Enjoy our forums! I'm a long-time member here and our forums have a lot to offer.
Later.

hitest

[iccaros]

mewi, on Apr 21 2009, 03:03 AM, said:

A virus is without question something that requires a user to initiate, like most any other malicious intended programs.

We all know it has very little viruses, but this isn't due to good programming by Apple, this is due to it not being an appropriate target by hackers. Speaking from my personal views on apple, apple products are overpriced and suck...

This is what is ignorant
First the definition of virus is it take no user interaction.. Conficker spreads via Microsoft Windows Server Service RPC , no user interaction need, but boot the machine, have connected to a network
also since you state that you hate Mac, Then why post on the board unless you are trolling.

the second part is exactly what I was posting about, its being a not appropiate target to hackers is due to a security model

also lets look at the older Mac Os.. IT had viruses even though it had a much smaller user base than they do now.. simple logic.. user base has nothing to do with virus writing..
as a matter of fact there are Zero virus for Mac OS.. there are vulnerabilities but no viruses. if it takes root access its not a exploit.. The exploit is gaining root access.

in the end I am sorry if you were offended, but the comments are ignorant of what a virus is (it means you don't know what you are talking about on that subject) and the rest is still in debate and really can not be proved which is why its still debated.

and if you have a complaint against me, tell Jeff . He owns the board and will not punish anyone for making a complaint about us moderators, and I will gladly give up moderator if it makes you feel better, and Jeff fells I crossed the line. but please study on the subject you are talking about and don't troll.

[hitest]

iccaros, on Apr 24 2009, 11:15 AM, said:

and if you have a complaint against me, tell Jeff . He owns the board and will not punish anyone for making a complaint about us moderators, and I will gladly give up moderator if it makes you feel better, and Jeff fells I crossed the line. but please study on the subject you are talking about and don't troll.

Your posts have always been accurate and of high value to the members here at besttechie.net. We are lucky to have experts of your caliber here.

[mewi]

iccaros, on Apr 24 2009, 02:15 PM, said:

mewi, on Apr 21 2009, 03:03 AM, said:

A virus is without question something that requires a user to initiate, like most any other malicious intended programs.

We all know it has very little viruses, but this isn't due to good programming by Apple, this is due to it not being an appropriate target by hackers. Speaking from my personal views on apple, apple products are overpriced and suck...

This is what is ignorant
First the definition of virus is it take no user interaction.. Conficker spreads via Microsoft Windows Server Service RPC , no user interaction need, but boot the machine, have connected to a network
also since you state that you hate Mac, Then why post on the board unless you are trolling.

the second part is exactly what I was posting about, its being a not appropiate target to hackers is due to a security model

also lets look at the older Mac Os.. IT had viruses even though it had a much smaller user base than they do now.. simple logic.. user base has nothing to do with virus writing..
as a matter of fact there are Zero virus for Mac OS.. there are vulnerabilities but no viruses. if it takes root access its not a exploit.. The exploit is gaining root access.

in the end I am sorry if you were offended, but the comments are ignorant of what a virus is (it means you don't know what you are talking about on that subject) and the rest is still in debate and really can not be proved which is why its still debated.

and if you have a complaint against me, tell Jeff . He owns the board and will not punish anyone for making a complaint about us moderators, and I will gladly give up moderator if it makes you feel better, and Jeff fells I crossed the line. but please study on the subject you are talking about and don't troll.

Back then Macintosh computers were somewhat common in schools due to forced contracts by the company. At least thats what I recalled reading a few years ago, I could be slightly inaccurate with that statement.

Nevertheless you make no valid argument in my opinion, seeing as how it is relevant to point out that Apple computers are hardly used in most parts of the world, correct me if I am wrong. If you do not think it is relevant that Apple computers make up a very small portion of the market, then I fear I should question your claimed knowledge over my own.

Nevertheless, I was not trolling, I studied the subject I am talking about. You just don't like my opinion, so you are trying to take vague sentences in my paragraphs in a futile attempt to make my knowledge less than your own. I do not know you, I do not know your knowledge base, but please PLEASE do not assume you know my own.

Thank you for your time~

Edit: As for quitting, I do not think that is necessary, you seem to be an intelligent and forgiving person and I would not like to see someone leaving their moderation position over this argument. So I am sorry if I have caused you any due stress, I am a very cold and upfront person. It's a personallity flaw lol.

This post has been edited by mewi: 24 April 2009 - 03:50 PM

[iccaros]

hmm.. usage..
Usage is a joke of an argument IMO, because Mac OSX is based on BSD (next was based on BSD and became Darwin) BSD is UNIX, and as such keeps a lot of things the in common with other Unix systems. This means that a hack written for any Unix system that is not kernel dependent work well on many different flavors of Unix. Since more servers run UNIX than run windows.. Its not correct to say the system does not have a large attack vector. Linux systems fall in the same boat.

If that does not work then hows this..
there were a lot of viruses written for Mac OS 6,7,8 and 9. While you saw Macs in schools, you saw very few, I believe my high school of over 3,000 students had 4 Mac's but we had 100 PC's running Dos. The Mac's were for the graphic artist and CAD classes and the student shared. WordStar for Dos was used on the PC's. So Apple did not have a big market share and the systems were not connected to the Internet (what Internet? ). So it was even harder to spread a virus but they existed, and they did damage.

As I stated before, you can have all the security options in the world, and trust me XP and Vista has lot of them, but if the person using the system has admin privileges they make the entire system vulnerable (Vista fixed this, but contains a bug in the windows installer that allows non admin users to install harmful software). This is why windows systems are attacked more than others. When you hack a system you look for what you know about the system.. what is the same. So in a Unix system we know that Root is ID 0 (in SElinux and Trusted Solaris root is a role and not a id), so if we could connect with a account that can present its self as id 0, then you own it.. so in the 1980's Unix started to root squash. So all accounts that connect remotely even if its root, are now given a temporary id that is not 0. the exception to that was SSH but proper setting up of SSH fixes that issue. But we also know that most Unix systems are setup with the user not being root and having to use a Sudo to affect the OS.

What do we know about windows.. the first user of the system is the admin (or root user.. if you like). Since we know the first user is always root and observation tells us that most people do not add accounts to the system and when they do, they do not create limited users.. we now know that a simple install exploit will work with just an OK prompt, or worse we could send RPC commands and since the system is operating as root/admin user those commands are ran as admin.. so in this case no ok prompt the system quietly install the exploit with no user interaction. We also know from observation that most users click on ok prompts with out reading them. So an exploit that requires a OK prompt will still work on a majority of users.



As for me quiting.. I don't what you to feel you can't have a discussion with a moderator and disagree. You can and it is encouraged.

Also I don't know your knowledge and I expect everyone to challenge mine.. the whole point was you stated that viruses needed user intervention, and JCL and I (JCL who is a True expert in all he talks about) relayed that the definition of virus is that it needed no user intervention, that is what I meant by study the subject.



This is old but gives the point about market share http://www.theregister.co.uk/2003/10/06/li...indows_viruses/



good poll information
http://www.darkreading.com/security/perime...cleID=208804378


as for you opinion, we love your opinion, we just don't agree with it..

Plus I like to debate.. so I have some of the same flaws.. (you can not offend me.. is near imposable)