Slashdot Log In
More Mac Vulnerabilities Than Windows In 2007?
Posted by
Zonk
on Tuesday December 18, @01:24PM
from the dogs-and-cats-living-together-mass-hysteria dept.
from the dogs-and-cats-living-together-mass-hysteria dept.
eldavojohn writes "A ZDNet blog reports stats from Secunia showing OSX averaged 20.25 vulnerabilities per month while XP & Vista combined averaged 3.67/month. Is this report card's implication accurate, or is this a symptom of one company turning a blind eye while the other concentrates on timely bugfixes? 'While Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren't present in Windows XP. Sidebar accounted for three of those additional vulnerabilities and it's something I am glad I don't use. The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.'"
Related Stories
[+]
Vulnerability Numerology - Defective by Design? 100 comments
rdmreader writes "RDM has a point by point disassembly of the security vulnerability story phenomenon. We regularly see these, comparing various vulnerability lists for different operating systems. ZDNet's George Ou, for example, condemns Linux and Mac OS X by tallying up reported flaws and comparing them against Microsoft's. What he doesn't note is that his source, Secunia, only lists what vendors and researchers report. Results selectively include or exclude component software seemingly at random, and backhandedly claims its data is evidence of what it now tells journalists they shouldn't report. Is Secunia presenting slanted information with the expectation it will be misused?"
More Mac Vulnerabilities Than Windows In 2007?
|
Log In/Create an Account
| Top
| 329 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
/. Windows bashing makes me want to throw a chair (Score:5, Insightful)
Re:News Flash: nothing has changed (Score:5, Informative)
Well, here's my token sound bite too...
MIcrosoft is the party guilty of underreporting vulnerabilities, including undocumented patches in updates - how much more obscure can you get?! On the other hand show me a significant linux virus or OS X exploit being used in the wild. Well? Where are they? Waiting.....Re:lots of linux exploits in the wild... (Score:5, Insightful)
Could that have something to do with the fact that "Linux" means tens of thousands of different applications? In fact, how exactly is a SquirrelMail a Linux security threat? Why not a Windows security threat? Doesn't it run on Windows too? It's a web app.
Please make a difference between security threats targeted at GNU/Linux itself (the kernel and GNU tools) and something targeted at a 3rd-party app which may very well run on other OS as well.
Are you actually dumb as a rock or just trolling? How can you say there aren't enough Linux machines out there? What do you think most of servers of all kinds run on? Don't you think that a virus or worm would have a lot more to gain by breaking into servers than personal desktop computers?
That settles it, you ARE as dumb as a rock. You seem to really believe that somehow Linux apps are staying out of harm's way by sheer luck and hiding behind the poor Windows computers. Has it ever crossed your brain that perhaps Linux apps are designed with security first in mind? Such as, I dunno, NOT ALLOWING BLOODY EMAIL ATTACHMENTS TO BE EXECUTED?
Re:News Flash: nothing has changed (Score:5, Informative)
But your right, many old school hackers will exclusively target unix machines because they are simply more useful from their perspective. People typically only target windows machines to run a particular program (their bot) which has a fixed set of built in capabilities. Gaining access to a shell gives someone far more scope, and makes it much easier to deploy new malicious code.
You will rarely get an attacker interactively connecting to a hacked windows system to do something, but this is common with compromised unix systems. When a windows box is compromised, it's typically by an automated process which will install a bot and move on to the next host. Automated attacks are less common on unix, partly also because of the increased diversity of unix systems.
Re:News Flash: nothing has changed (Score:4, Insightful)
You must be new here. :)
This is a very old tactic by Microsoft supporters to make Windows look much more secure than Linux.
Re:News Flash: nothing has changed (Score:5, Insightful)
Counting shows nothing (Score:5, Informative)
Shouldn't Slashdot link to some more insightful analysis?
Re:Counting shows nothing (Score:5, Funny)
Re:Counting shows nothing (Score:5, Funny)
Re:Counting shows nothing (Score:5, Informative)
Re:Counting shows nothing (Score:5, Insightful)
Absolutely. Vulnerability counts are worthless. Here's the simplest example I can think of:
My friend and I both maintain a tool of some sort. We both get ten security vulnerability reports sent to us each year. I patch ten security bugs ten minutes after they are reported and my friend sits on the first ten bugs for a year, then the next year, we both fix ten vulnerabilities in the second year. However, for a user that keeps their system patched, I have an average of slightly over zero exposed vulnerabilities, while my friend's software exposes slightly over ten. According to the vulnerability count, however, I had 20 and my friend had 10.
Re:Counting shows nothing (Score:5, Interesting)
1) Your friends flaws only allowed an administrator of the systm, on the local system to accidentally delete (but not read or otherwise modify) secur data of the users.
2) Your flaws allowed anyone to connect to the machine remotely and read/write/modify all of the secure data on the server.
Which is worse? It's severity and time of exposure. MacOS X didn't have any extremely critical vulnerabilities, but Windows had four, MacOS X had a lot more highly critical, and slightly more moderately/less critical. This makes the vulnerability count look even less meainingful (if every level counts 100x more than the previous level in terms of overall risk, and the average fix time was the same, Windows would be more vulnerable than MacOS X, even with only 15% the bug count.)
Re:Counting shows nothing (Score:5, Informative)
As long as the bugs are counted at very different resolutions, and as long as very different functionality is compared, the numbers are worthless.
Re:Counting shows nothing (Score:5, Informative)
Any exploit that occured in both XP and Vista was only counted once for the total, not twice.
Just as any exploit that occured in both OS X.4 and X.5 was counted once, not twice.
As long as he did the same thing on both operating system pairs, it's ok. Though he should have given a breakdown of the X.4 and X.5 bugcounts as well.
Re:Counting shows nothing (Score:4, Funny)
Re:Counting shows nothing (Score:5, Insightful)
Also, the way they rate vulnerabilities seems to be different. Microsoft "Highly critical" vulnerabilities seem to all be remote arbitrary code, and "Less critical" can be remote DoS, whereas "Highly critical" on OS X seems to sometimes include DoS. Infact, CVE-2007-4702 (less critical) doesn't even seem to be a security vulnerability. I thought it was discussed and found that the application firewall on OS X functioned as documented (though potentially not as a user would expect). CVE-2007-3036 and CVE-2007-0023 seem to describe similar vulnerabilities, but they're rated less critical on Windows than OS X.
It's all academic. (Score:5, Insightful)
In the end, what matters is the real-world security performance of these systems. Sure, it's not so easy to quantify and measure, but stories like this ZDNet fodder are just pageview generators, and nothing more.
Re:It's all academic. (Score:5, Insightful)
One thousand exploits that allow someone to wipe a users home directory is nothing compared to single exploit that allows an unauthorized person to gain root access to the machine remotely.
Glad /. will be discussing this (Score:2)
I posted my retort on this just before the
I wish non-security folks would stop reporting on security "stuff"... I can't wait for NPR, CNN and Fox to run with this "breaking news!" tonight or tomorrow.
Are we not done yet? (Score:4, Insightful)
flamebait (Score:2, Insightful)
Not really objective (Score:4, Informative)
Nonsense (Score:5, Informative)
Re:Nonsense (Score:5, Insightful)
Agreed, although not all the "vulnerabilities" listed in this so-called study do ship from Apple, many are third-party applications that just run on OS X. Also, OS X includes a lot of cool tools with their OS, because they are free. 99.99% of the time, these tools are never used, let alone exposed to the outside world. For example, almost a third of the first 30 CVE's listed in this study apply to the same Perl, regular expression evaluator. Now how many users do you suppose turn on Apache and this module and make use of it on a Web page they're hosting from their home computer? I mean these tools are great for Web developers that want to test stuff on their workstation, but that is likely about all they are used for, in the very rare cases that they are used. That particular module accounts for 8 of the "vulnerabilities" in OS X listed.
It is fine to list these as vulnerabilities, but for a comparison to vulnerabilities in Windows, well they're pretty useless because of the use case as well as the dozens of other things wrong with this study. I mean, the OSS team developing this module lists each and every potential hole they an find on a public Website and it is counted by Secunia. Their list for MS includes only holes that have been discovered by the public and which MS has acknowledged. Since MS does not publish most of the bugs they find, none of those are counted against MS, including the ones they don't bother to fix (more than 50% according to an ex-MS developer I know).
Secunia knows this. Every respectable security expert knows this. The only problem is, random bloggers don't seem to know this, and write "articles" about it which get widespread readership, misinforming large numbers of people and leading them to make incorrect decisions that end up causing problems for everyone.
It's not size that counts... (Score:5, Funny)
So let me see, we will have:
Re:It's not size that counts... (Score:5, Funny)
So let me see, we will have:
Re:It's not size that counts... (Score:5, Funny)
- People who don't know how to make bullet points
Yawn (Score:3, Insightful)
I am personally tired of the stupid "insecure" talk. My iMac runs my servers with ports 80, 443, 22, 5900 open. I watch my logs and have not seen any bad stuff.
On the other hand, I once opened my XP boxes IIS server and saw a crap load of hits in the web logs trying to break it within 48 hours. Thankfully I was running IIS lockdown which really helps.
Comparing XP in 2007 to OS X 10.4 or 10.5 is just stupid. XP has been around for a long, long time. Do a fresh install of XP home SP0 and see how many security updates you need to download.
As a programmer with more than a decade of experience, I don't care about the number of releases for an OS. I care about the timely releases. From my experience, Apple and especially Linux will release a fix as soon as they have it. MS on the other hand seems to go through a PR machine.
Microsoft, I don't care if your product XYZ has a flaw, trust me as a programmer, there will always be flaws. Just release the damn info on the flaw and the URL to the fix. I don't think XP is "crap" because I have had to download more than a GB of updates since SP0. Really, I don't care. As a geek, I actually get excited about a new update from MS. I usually hope for new features, etc.
So, please MS, just publish and release the fixes. 95%+ of people out there don't care if you have 150 "vulnerabilities" or 20. We just want the fix. Give us our "fix" bro!
Re:Yawn (Score:5, Insightful)
I don't get it. You opened port 80 on different machines, and saw different traffic, none of which managed to exploit the web server.
I'm sceptical this tells us much about anything, beyond maybe the set up of your NAT/DMZ. Otherwise you should have received exactly the same traffic on both web servers. Bots don't check the OS before sending their exploitable GET requests.
Re:Yawn (Score:5, Insightful)
This kind of cavalier attitude is what gets people hacked. Clearly you aren't watching your logs very carefully (or you're blocking those ports externally with some kind of firewall), because anyone who runs an SSH server (which is presumably what you're doing on port 22) knows that you get TONS of dictionary attacks. Before I disabled password authentication (and switched to using key-based authentication exclusively), I would sometimes get 20-30MiB of logs, all failed PAM logins with common usernames and from a variety of hosts. Clearly I'm not alone [google.com] either.
From your experience? How do you even know when Apple has a fix? How do you know when the vulnerability has been reported? Are you basing this opinion on fact, or is it your "feel" that Apple is better than Microsoft about this?
Microsoft releases most patches during the Tuesday release cycle.
As someone who works in IT, I can tell you that we don't want patches released "as soon as they are ready". Patches need to be tested, and they need to be tested with other patches. You may not think that Apple patches cause issues, and usually they don't - but even one incompatibility could result in thousands of our users being down for hours or even days. 1000 employees being down costs us $1000000 per day. That's a damn big incentive to get it right.
With the Tuesday cycle, we can test ALL of the critical patches at once, together (about 2 weeks of both automated and manual testing). Then we can roll them ALL out to a pioneer group for a week, and see if any problems arise. If they don't, everyone gets the patch on the 4th week - and the process restarts. Our IT department has people dedicated to doing this cycle.
Guess what? We use the same Tuesday cycle for Mac and Linux patches. So what does Apple's "when it's ready" release process buy us? More time for the script kiddies to reverse-engineer the patch and exploit the vulnerability.
Agreed. Why don't we compare something like Windows Vista? Oh, wait, they did. Vista has fewer reported vulnerabilities than XP now, and far fewer than XP had in its first year of release. Not to mention far, far fewer than Mac OS X.
So, what does this mean? Do these numbers mean that Vista is more secure than Mac OS? No. The number of vulnerabilities is a poor measure for how secure an operating system is.
What it does mean, though, is that all is not well in Wonderland. Security is a process, and that process needs to be well-developed regardless of the software used. Mac OS X is not a silver bullet. Neither is Linux.
Depends on the severity (Score:3, Insightful)
In fact you could make the argument the other way around: the reason there are so few fixes with Windows is because the problems are so big and far reaching that it takes a lot longer to patch them. This conclusion is also probably wrong but is just as valid as the one in the original post.
heh? (Score:1)
Flaming Article (Score:5, Funny)
Reissue only counts once? (Score:4, Informative)
The July patch closed that CVE, and the November patched more of it... It should count both times, since they said it was closed.
I'd be interested to analyze them all next to each other, but not interested enough to actually dig into it myself =-)
What's the point? (Score:1)
Patching is good... duh (Score:2)
Frankly, I would LIKE a product to ship flawless but realize I dont live in a fantasy world so prefer them to fix their flaws in a timely fashion as they find them and am happy that the Mac, Linux and BSD communities respond in such a fashion.
Well.... (Score:1)
In other news.. (Score:5, Insightful)
Security advisories (Score:1)
It is far more critical to have a Microsoft Windows flaw than a Mac or a Linux flaw, since the product is more widespread, so more likely to be actively and successfully exploited. Dumbly counting the numbers is a strange way to say that a product is more secure. Do I have to remember anybody that most viruses and spywares are
Wonder why... (Score:1)
Several problems (Score:3, Interesting)
In the end, it is impossible to analyze the security of software by means of analyzing second-hand or third-hand reports, and extremely difficult to do so by means of black-box testing by means of probably incomplete documentation. However, I cannot seriously imagine Apple or Microsoft conducting a thorough security audit and software analysis. For that matter, I don't believe either could afford to do so. Microsoft may be rich, but Vista is big and the kind of skills required to conduct a comprehensive audit wouldn't come cheap, certainly not in the volume needed to conduct such an audit fast enough to get the results before software changes invalidated said audit.
(Having said that, given that the world economy is so utterly dependent on the reliability of the IT infrastructure these days, there is also the question of how long it will be before it is uneconomic at a global level for there not to be such an audit. If an audit would cost a trillion dollars over the course of a year, then it only requires the total direct and indirect cost to business and government over the entire globe from such flaws to be a trillion and one dollars over the course of a year for it to be worth it almost instantly. However, the costs of flaws will always add up with interest but a single audit might easily be sufficient for the lifetime of an OS, if it's good enough. Given a long enough shelf-life and a high enough interest rate, how unreliable can we afford to have any software these days?)
Only 3.67 a month? (Score:1)
Microsoft SDL is making a difference (Score:2, Flamebait)
Broken study? (Score:3, Interesting)
I clicked through a bunch of the vulnerabilities, and a lot of them are marked as reserved for future use. What's up with that? I think whatever script the dude used to compile this table, didn't work - either that or I don't understand the CVE process being used, because I don't see any indication of which systems are affected by them.
Anyway. Such a study is ultimately pointless, we already know that MacOS X and Windows are both seriously insecure. A single vulnerability in the tangled morass of code making up modern web browsers is typically enough to compromise the entire machine (Vista being an exception to this). A single vulnerability in *any* app which talks over the network is usually enough to get your code onto the machine, and from there you have free reign to do more or less whatever you want. Requiring root is no panacea, you don't need root to do the things modern malware wants to do anyway. As that's the entire OS X desktop security system right there, we can surmise that the primary advantage it has security-wise is just obscurity. (yeah, i know 10.5 is supposed to have MAC for some basic daemons etc .... wake me up when it is properly and widely applied to desktop apps).
What a joke! (Score:5, Insightful)
So I took a look at a few sample vulnerabilities and it leaves me Flabbergasted. The person who wrote this article and composed the data should be beaten. The ones listed as OS X vulnerabilities are primarily holes in software that runs on OS X, much of which does not even ship with OS X by default. A lot of it is holes in various Web server modules, some of which do ship with OS X, but are disabled by default. Some of them are NOT EVEN VULNERABILITIES... like CVE-2007-3876 which is a number reserved for use by an organization for the next time they report a vulnerability, but they haven't assigned it to anything yet. Whole ranges of numbers listed are like that. I mean did the author even click on the links he's providing? I tried, I was more than twenty items into the list of "highly critical OS X vulnerabilities" before I found one that actually affected a default install of OS X, and it was a potential denial of service for SSL Web sites if you have a machine in the middle. Of the first 30, 12 were reserved for future use and not real vulnerabilities, 7 were holes in the same Perl library, and 5 were holes in tcpdump. Only one was a real, hole that could be exploited on a default install without additional software being added, or it being reconfigured as Web server or something.
Another question is, for the real vulnerabilities to the OS's, how do they decide what the danger level is for a vulnerability? For example, one low rated one for WinXP (CVE-2007-2228) was a possible remote exploit, whereas a Highly cCritical one for OS X (CVE-2007-0267) was a denial of service on a machine, requiring a local user account. Does this make any sense to anyone?
I'm all for pointing out security problems in OS X and other OS's and doing comparisons of relative security, but this is just a sad joke. Please, can we at least get articles by someone with the tiniest bit of a clue instead of the number game from someone who might be able to count, but apparently can't be bothered to read his subject matter.
I know that OS X is more secure (Score:2)
OSX has more open source (Score:2)
The fact there are more security holes being patches can also indicate there's more pro-active review.
Two Words (Score:2)
Ya but. (Score:2, Insightful)
Are there Vista exploits in the wild (Score:1)
Front Loaded (Score:1)
The Windows security problem count is front loaded by several years.
A similar argument can be made that there are more Mac security flaws this last year than Windows 95.
Instead of counting the number of security flaws over the last year, what happens to the number if the count is over that last two years. Three years. (You get the idea.)
"inherently insecure" (Score:2)
Is Windows inherently more insecure than OSX for example?
True, you can say "security holes fixed != number of security holes", but then to even be equal on the score cards, Windows, as entire eco-system (Vista + XP) would still need 5 times more the number of vulnerabilities.
I put it to you my techie friends, Windows security isn't so bad after all and has evolved from non-existent to at least on the same footing with it's rivals (that's to say, I agree that I don't think this study can conclude much at all ultimately).
No point in comparing 'vulnerabilities'... (Score:5, Insightful)
It's just Secunia again. Proceed with the ignoring (Score:3, Insightful)
Some glorious day, perhaps slashdot will learn to ignore this variety of trolling (I'm looking at you, Cringely and Dvorak.). But until then, we'll all just need to ignore them individually.
Secunia advises against what he did (Score:2, Insightful)
third party open source software (Score:4, Informative)
Mac OS X contains many third-party open source software packages. The bugs are found through source code auditing. These bugs may or may not become exploitable depends on how the code is used.
Just take a quick look at the bugs list. Most of them are found in third-party code like PCRE library. These are labeled "highly critical" without a demonstrable proof that it can be exploited. The software using PCRE is vulnerable to malformed regular expression strings, but I've never seen any software accepting arbitrary regular expression strings from another machine. (A web browser interprets JavaScript code from another machine, which may contain regular expressions, but JavaScript regular expression definitely isn't Perl compatible, so that's not PCRE.) Those same bugs also affect Linux. If you use Cygwin on Windows, these bugs also affect you, so they can be Windows bugs too.
On the other hand, since we can't audit proprietary Windows code, we only find bugs that are actually exploitable, in contrast to the open source bugs that are only potentially exploitable. Therefore, the severity of Windows bugs are vastly underrated compared to open source bugs. And there are more potentially exploitable bugs in Windows that we don't find, which aren't being counted.
That said, if you rely on bug counts and decide that Windows is more secure for you, I'd call you crazy.
Finally, why would Adobe Flash player bugs be counted as a Mac OS X bug?
Stop bashing windows (Score:1)
It's full of annoying bugs, stupid ideas etc, But unsecure? Far from it(Assuming the user has at least a bit of a common sense and logical thinking).
I've been using my Vista without any anti-virus anti-spyware etc stuff all the time without problems.
Now, i do scan my machine from time to time throughly, but i don't keep the software constantly monitoring etc.
Basically, the way i see it, Vista is at least as secure as any other OS out there,
assuming the user doesn't download and run any strange niceboobs.jpg.exe files(The same goes to linux with shell scripts for example(assuming chmod +x)).
Anyway, what i really wanted to point out is, Vista is crap, it's resource hungry and annoying sometimes but it sure as hell ain't that unsecure as most of you seem to think.
This ain't 2003 anymore and it ain't XP without service packs.
So what we have learned... (Score:2)
- If a bank leaves the vault open and doesn't lock the front door, but only has 10 banks located randomly around the country, it is still the best and most secure bank, especially if they have pretty iMarble on the floors.
From the OSS-Fans...
- OS X sucks as much as Vista and everyone is evil.
From the Win-Fans...
- Holy Shit, we thought our crap sucked more than this.
Build with bricks not wood (Score:2)
What does your OS come with??? (Score:2)
While Windows has a fair amount of stuff in it (and apart from WMP, the quality is often somewhat disheartening, I must say - *Movie Maker* seems to be a typical Microsoft throw away application) and the amount and quality is improving, OSX simply has far far more. A lot of that stuff is 3rd party code, such as perl, tcpdump etc (these two feature prominently in the latest security patch) for which Apple is not really responsible, except, of course, for security updates to them as they become available.
Thus, I would say that a good portion of the Apple patches are to underlying Unix tools.
That doesn't of course excuse Apple or make Apple magically more secure than Windows, but it does show a decent sense of security responsibility. That said, even Microsoft is much better in the last year or so at providing security updates to its system. They have also deactivated things like the gaping holes in automatic macro execution in Outlook and Office in general, and even IE7 is no longer the bug magnet that IE6 used to be. BUT, Windows, by design, still has some flaws that are simply not present on other systems. The worst of the lot is ActiveX. The fact that Windows Update runs in the browser with an ActiveX control having direct access to your machine is something that simply should not be allowed to happen. Taking over a Mac remotely is not something that you often hear about.
I suspect however, that Vista, with its massive overkill in the security department, will mostly be better in terms of security as years go by. It's just a pity that Microsoft's implementation of sudo (UAC) as opposed to Apple's only using it for truly sensitive tasks makes users become desensitised to security.
Of Course They are Shills (Score:1)
Accurate vs. Useful (Score:2)
IF all the vulnerabilities are counted... (Score:1)
hacker blame Vista (Score:1)
Title stated as question attempt to mask trolling? (Score:1)
The only content of this post that wasn't quoted was in the form of the question "Is this report card's implication accurate, or is this a symptom of one company turning a blind eye [1]while the other concentrates on timely bugfixes," which is actually not a question.
One side of this supposed question, "Is this report card's implication accurate," suggests the data is flawed. OK, we can consider that good, yet obvious question, but I hope they back it up (they did not). The other side begins by accusing "one company" as "turning a blind eye (to problems)." This side of the question has already validated the first part of this supposed question, because this claim, if true, would invalidate any study that relies on such a company such as this to report security flaws without silently fixing them. I wonder which company they mean? The second part of the "question" continues, glorifying the "timely bugfixes" of the "other" company. Which company is which, here, slashdotter? You might as well come out and clearly accuse who you accuse so we can see how baised and unfounded those claims are without backup, no matter what name you put on these companies. Adding question marks at the end of a sentence doesn't always make it a question, but does sometimes help in evoking a lean in support toward a statement hidden inside a valid question, as the slashdotter did here. Also, notice the "[1]" citation's placement (on the "timely bugfixes" company's side). Citations/footnotes (unfortunately) add an immediate, and in this case, false sense of validity to information they're placed on. A reader could be misled to believe what the slashdotter wrote as a statement of fact if they did not notice this was simply linking to the article they read, in which case it belongs at the beginning of this "question." However, the entire statement portion of the question, including claims toward both of these ambiguous companies, is subjective, coming completely from the mind of the slashdotter, with no support to them, so validates no usage of any citation at all.
The slashdotter goes on to quote the author's statements against Windows Vista. The author failed to provide any details of Mac OS vulnerabilities, instead showcasing Apple's generosity in paying hackers to "hack" a Macbook, then give them a bunch of money and a free Macbook (thanks Apple! *ding!*). Herein lies both the author and the slashdotter's bais. I can't fault the slashdotter for reporting what they read, and not being objective about it, but this is clearly flame fodder to post like they have.
This slashdotter seems to have already made up his mind, but I hope you would read the article, and try to gather some more information from other sources. Citing some more sources that analyze the same data, or back up the seemingly baised statements made in the post, would have been helpful.
Re:Macs cannot be critiqued (Score:4, Insightful)
I know you put a lot of work into what you feel is a clever post, but all you did was come across as the exact kind of poster you are describing. And your link is really irrelevant as it was Apple supporters (mostly) who over-played the outsider status, not Apple itself. What kind of half-baked value system do you employ when you decide who is cool by what OS they use? An OS is a tool and you should use what fits your needs best. I'm a media junky and like to dabble in editing, that makes OS X my best choice. If I were still a PC gamer, you can bet I would use Windows. But that doesn't excuse the long history of Windows security issues, and an article that spins a a year where Windows finally has fewer vulnerabilities than another OS as proof of progress is really just proof how many people don't get it. The bigger question is how those vulnerabilities were handled, from point of discovery to solution, and that is where MS always breaks down.
Re:Steve Jobs and Security (Score:2)
Re:Steve Jobs and Security (Score:2)
Right?
And people wonder why our country is going to hell....
Re:The Real Problem (Score:2)
Re:Steve Jobs and Security (Score:3, Informative)
Re:Repeat something false often enough... (Score:3, Insightful)
Re:Repeat something false often enough... (Score:1)
I use Vista by choice, and I have used OSX 10.3, 10.4, Solaris, Ubuntu, and openSUSE. If you're competant in the windows environment, you know how to do everything you can in the *nix environment in windows -- including a proper terminal shell (UNIX subsytem anyone? And I swear by EMACS for coding/scripting). Vista is flat-out better than OSX. Sorry to say it. The interface is better (though I wish they had a non-alpha implementation of multiple desktops). Explorer is more powerful than Finder. The searches are essentially equivalent. Widget implementation is poor on both systems.
I used an iPod for four years, and during that time, my family bought and used three generations of iPods. I upgraded to a Zune recently, and my family and friends all agree the interface and device as a whole is better than an iPod. That's real people, folks.
As to ODF vs. OOXML
IE is mediocre. FF memory leaks. Opera for the win. I wish FF or Opera had native 64-bit though.
And finally, why do you give a damn if MS is a "good" company or not? Everyone is in it for themselves. Everyone. And so long as I am satisfied with their product, I don't care if its made by MS, Apple, or the Cookie Monster. Heh. Time to see how much karma-dinging I get for this.
Re:Now I understand.... (Score:2)
Only takes one vulnerability. Couple that with a market penetration that at one point approached 95% of desktops (and is still well over 75%), Macs simply aren't a decent target. There aren't enough of them out there to make writing viruses for them profitable, though proof of concept have already been demonstrated. Likewise for Linux.
I'm not saying that security through obscurity is the only thing keeping OS/X and Linux machines safe, but it's a major factor. Another major factor is the knowledge level of the users... and lemme let you in on a secret: if you know what you're doing it's entirely possible to secure a Windows box. I have had one or two in my house since the days of Windows 1.0, and have been on high speed Internet since 1995. My notebook is the one right now, my desktop on Linux. Despite that, I've *never* had a virus. Idiot users are what makes an OS insecure, and secret #2: they exist on OS/X and Linux platforms, too.