1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apple Apple Vulnerabilities

Discussion in 'Software' started by nachofault, 22 Apr 2007.

  1. nachofault

    nachofault What's a Dremel?

    Joined:
    27 Mar 2007
    Posts:
    14
    Likes Received:
    0
    Since the Month of Apple Bugs (http://projects.info-pull.com/moab/ ) was released in January, Apple (http://docs.info.apple.com/article.html?artnum=61798 ) has released 6 patches which specifically address 17 issues posted on MOAB :


    Of the 31 bugs released, only 3 were not deemed as bugs. Does anyone know when we can expect patches for the remaining vulnerabilities? And as a note, in the last security update 15 of the 25 issues specifically patch arbitrary code execution holes.

    From reading previous posts, there seemed to be an arrogance of Apple users in regards to security. So I am a little curious, has the MOAB and the fact that arbitrary code execution holes are getting plugged been a surprise to Apple users? Have your habits changed at all? Or do you gauge security relative to MS Windows?
     
  2. Fod

    Fod what is the cheesecake?

    Joined:
    26 Aug 2004
    Posts:
    5,802
    Likes Received:
    133
    vulnerabilities are an occurrence in every single operating system out there - people don't make bug free code.

    even though there are vulnerabilities documented, most of the time they are patched pretty quickly, rather than MS, who generally are slow to patch (by which time a prepackaged exploit is on the web).

    remember just because a vulnerability is there doesn't mean it can be exploited, borne out by the fact that as of this date there have been no exploit tools released for macOS.
     
  3. Gordy

    Gordy Evil Teddy

    Joined:
    17 Apr 2001
    Posts:
    2,532
    Likes Received:
    3
    Look at the os x hacking competition on at the moment, they had to drastically reduce the rules to get anybody to succeed, personally I wish apple fixed these bugs very quickly as it means that they would be ready if there was ever a really critical bug out there.
     
  4. rowin4kicks

    rowin4kicks a man walked into a bar ...

    Joined:
    5 Feb 2006
    Posts:
    1,481
    Likes Received:
    33
    i think with the recent uprise in mac usage and with apples increased poularity over the years there will be some form of virus or sumthing released as people just dont use any form of blocking software on there macs unlike in windows
    have there been any bugs found in the new shiny *chough* Vista yet....
     
  5. seebul

    seebul Minimodder

    Joined:
    9 Aug 2005
    Posts:
    1,211
    Likes Received:
    1
  6. Gordy

    Gordy Evil Teddy

    Joined:
    17 Apr 2001
    Posts:
    2,532
    Likes Received:
    3
  7. DreamTheEndless

    DreamTheEndless Gravity hates Bacon

    Joined:
    27 Jan 2004
    Posts:
    1,554
    Likes Received:
    0
    Are we surprised? Of course not. I don't know anyone who has ever said that there are no security issues with OS X - (although, I have said that there are no viruses, and I stand by that. In 6 years, not 1 virus... That's zero. Nada.)

    In regards to whether or not I gauge security relative to MS Windows - what the hell else am I supposed to gauge it by? Of the 2 commercially viable consumer home operating systems - OS X is secure and windows is not.

    What point are you trying to make here? We know that security concerns exist, but when you evaluate the available options, apple is clearly the best choice.
     
  8. koola

    koola Minimodder

    Joined:
    11 Jul 2004
    Posts:
    2,462
    Likes Received:
    10
    QFT

    No problems here.
     
  9. nachofault

    nachofault What's a Dremel?

    Joined:
    27 Mar 2007
    Posts:
    14
    Likes Received:
    0
    There were two points to my post, 1. were you surprised that there were as many big holes with the Apple OS, and 2. how do you gauge security.

    So in regards to 1.
    , DTE I figured you would be the one most surprised.

    So clearly they do get cracked. I also figured with your comments of:
    ...that you would be surprised that Apple indeed acknowledged and fixed some of these (last count, 11 still not patched).

    Regarding 2.
    , I do think it is fair to use Windows as your gauge considering it is the most popular OS. Though that being said, I think that Linux has become/is becoming a viable OS for the common user. I have given away a PC to my parents (Ubuntu) and another to my grandfather (SUSE), and neither have had problems. I think that part of the challenge is that everyone has been brainwashed in a Windows mode of thinking, and it takes some time to adjust to other Operating System nuances.
     
  10. DreamTheEndless

    DreamTheEndless Gravity hates Bacon

    Joined:
    27 Jan 2004
    Posts:
    1,554
    Likes Received:
    0
    In regards to your first - Are you aware of any instances of these 'exploits' actually being exploited? I mean - in the real world, not a lab? Do macs get cracked? I have never heard of someone having their mac system compromised outside of a lab. I know many windows users whose machines have become so unusable that they couldn't even be fixed by booting from an antivirus CD - the only thing to be done was to reformat and reinstall; although some of them just bought a new computer because they didn't know any better....

    Do you know of anyone (real users) who has had their mac compromised? I don't - hence my "don't get cracked" -

    For your second "point" - well, I'm glad that we agree that it is relevant to compare windows to OS X in regards to security. In that comparison - well, it's almost a joke. I mean - really....
    Yes - linux can be very secure as can the other 'nixes - but instead of opposing apple - why can't you embrace them as a brother in arms? I mean - if you oversimplify, OS X is nothing more than a very good shell runing on open bsd. I'm not asking you to buy a mac, I just think that you should be able to appriciate what they have to offer for others.

    In regards to moab - well, I admit that most of the news coverage I got of moab was from a biased site (www.macdailynews.com) - they make no effort to be neutral.

    Still though - It does seem that coverage of this stuff is reported in weird ways - I mean this most recent exploit (it turns out,) is a hole in java that affects all java enabled browsers in windows and mac OS X - but almost no one is reporting this side of it.....

    (And yes, you already made the very good point that a "secure" os should not allow third party apps to create security holes.)

    If someone I know is asking my advice on which computer to buy I have no problems with strongly suggesting a macintosh and telling them that if they go with a mac that they are better off NOT installing antivirus softare and that they won't have to worry about all the spyware and malware that they had on their windows machine. These are non-technical people. Do you consider this to be bad advice?
     
  11. Gordy

    Gordy Evil Teddy

    Joined:
    17 Apr 2001
    Posts:
    2,532
    Likes Received:
    3
  12. Fod

    Fod what is the cheesecake?

    Joined:
    26 Aug 2004
    Posts:
    5,802
    Likes Received:
    133
    actually strictly speaking, macs haven't ever been 'cracked'.

    all the vulnerabilities so far released/published for macs have been client side, i.e the attacker has to rely on social engineering in order to get the user to do something which opens up the hole.

    put an unmanned OS X machine on the web and ask people to hack into it, i'd put money on it lasting a good while.

    and as for a vanilla ubuntu box being secure, well, haha, sorry mate, beg to differ. linux is only secure if you make it so. and ubuntu isn't made so. it's a nice desktop environment but don't go telling me it's more secure than any other OS out there. don't try and get 1337 on me about this either. i can't be arsed to be dragged down into a pithy little debate.
     
  13. nachofault

    nachofault What's a Dremel?

    Joined:
    27 Mar 2007
    Posts:
    14
    Likes Received:
    0
    I've only known of one, but then again....I only know a handful of MAC users. I don't believe that MAC is a big enough target yet. You don't find corporations pushing MACs to their users (at least that I know of), rather Windows. And I believe the main reason is that MAC doesn't have the $500 computer that is typically given to the average user.

    Well, I agree and disagree here. I have heard of infected computers that required a reinstall of the OS (though I would argue that any time you become infected, you should reinstall everything). But I believe that the vast majority of the users that find their computers unusable is because of the crap software they load on their pc. Because ms opened their APIs, a lot of poorly written software took advantage of it and made the OS unstable.

    I believe there is an arrogance with the MAC users that is destructive. Since MACs are relatively obscure (compared to windows), I think that they have the chance to do things right and be as secure as they think they are. But the problem is that Apple also drinks the koolaid. MS has finally developed a pretty good security strategy (pushing fixes, etc.), and think that Apple should start to think along the same lines. Instead, the average MAC user doesn't have a clue when security patches are available.

    In regards to suggesting that users buy MACs, I think that it depends on their reason for a PC. If they just need to surf the internet, or write an occasional document...I think that a MAC may be overkill. I think that MACs are for "serious" users (ie. development, media creation/editing).
     
  14. DreamTheEndless

    DreamTheEndless Gravity hates Bacon

    Joined:
    27 Jan 2004
    Posts:
    1,554
    Likes Received:
    0
    Gee - you talk about arrogance -

    So many little things I could talk about; like all the large corporations that do use macs - like Nike and Hallmark; or that the cause of windows machines becoming unusable is more likely to be the fault of the user for choosing to install crappy software instead of from malware that the user didn't choose to install (are you serious?) -

    I wanted to talk about security strategy. You said that "Instead, the average MAC user doesn't have a clue when security patches are available." -

    Now, if by "doesn't have a clue" you mean that they didn't really think about it as the little update box popped up, told the user that there was a security update available, that they should install it, asked them to enter their admin password when they clicked yes, and then downloaded and installed the security patch - I guess I can give you this one - Nope, sorry - changed my mind. I think that mac users are more likely to have the most recent security updates on their computers than windows users and far far more likely than non-technical linux users.

    "Apple should start to think along the same lines." - Where exactly have you been for the last 6 years? Just curious..... Good thing those guys at microsoft thought of that one......

    Oh - and the last bit - your average "non-technical" user will be able to surf the net and create the occasional document on a $600 mac mini without having to be exposed to the security problems that windows users face - whether that is due to the "security via obscurity" MYTH or it's due to the fact that macs are more secure than windows machines.

    (Just a note - windows vista - the "most secure operating system microsoft has ever built" has more active malware and virus infection rates than apple.)

    (One more note - There are still ZERO viruses for mac os x - after 6 years)
     
  15. nachofault

    nachofault What's a Dremel?

    Joined:
    27 Mar 2007
    Posts:
    14
    Likes Received:
    0
    Like I said, from my experience. % wise, how many MACs were at Nike or Hallmark? I have worked with many Fortune 100 companies, and their PCs were almost exclusively Windows, with the exception of the media development departments. Hell, look at the government. What do they run?

    We obviously hang out in different circles. Yes, windows is obviously able to become corrupt with malware, etc...but the vast majority of that can be avoided through common sense user behavior. If you are talking about users that follow basic rules (ie. don't open particular email attachments, etc.), then I do see crappy software corrupt the os. This can normally be fixed by reapplying a patch. And from my experiences, this is the more typical scenario. There are several explanations for these possible differences.

    Okay, misspoke on this one. From talking with some other MAC users they typically weren't aware...which probably means they just ignore it.


    Just comparing a new user setup of the MAC mini versus the same at dell, it was $1376 versus $688. If you say that Vista needs more memory, then $848. I'm sure that's not exactly apples to apples, but then again I am not going to go through that exercise for the purpose of this thread. You are more than welcome to though.


    DTE, if you were going to develop an application, which platform would you select? According to OneStat (http://www.onestat.com/html/aboutus_pressbox46-operating-systems-market-share.html), MS has a 96.9% share of the pcs, with MACs at 2.32%. And even though I can't vouch for OneStat's data, I saw a similar breakdown when analyzing a large corporation's website. MACs had 2.7% of requests, 96% MS, and everything else made up the difference. So...if you had an interest in compromising systems, where would you focus your time?


    I have a problem with MS saying that this is the most secure os they have produced. I believe I read that they spent ~$6B on it, with a much greater emphasis on security than in the past. But that being said, there are too many new, unproven, "internals" to try and grade their security. Only time will tell if the media hype is anywhere near the truth. I can't imagine many companies are going to roll this out anytime soon. I just don't see a benefit to move to this new OS.

    And btw, ms is my main pc at work, but not at home. I prefer Linux (I run 3 different distros at home), and am just as cautious running linux as I am ms. While Linux is more secure than Windows (like MAC is more secure than Windows), irresponsible user behavior can negate the "benefit".
     
  16. DougEdey

    DougEdey I pwn all your storage

    Joined:
    5 Jul 2005
    Posts:
    13,933
    Likes Received:
    33
    You can't really base too much on malware infection rates.

    If you have a larger market share and most standard unknowledgable users use your system, your system will be targeted by more people.

    Same reason that Linux has the appearance of being more secure (note the word appearance) there's no viruses being propogated.
     
Tags:

Share This Page