Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Businesses Apple

BBC Writer Responds To Mac Security Critiques 306

minimunchkin writes "BBC Correspondent Bill Thompson responds to the flaming he received for an article on the vulnerabilities in Mac security. He knows that there are no Mac OS X viruses in the wild, and he doesn't believe there ever will be." From the article: "However the wider point, that there are exploitable vulnerabilities and sometimes Apple puts them there, remains. Even if I'm careful to apply updates when they are made available, some people might not and their systems could be compromised. And there is always a gap between the discovery of an issue and an available fix, a gap which could be exploited. "
This discussion has been archived. No new comments can be posted.

BBC Writer Responds To Mac Security Critiques

Comments Filter:
  • The Rules (Score:5, Funny)

    by gbulmash ( 688770 ) * <semi_famousNO@SPAMyahoo.com> on Tuesday January 17, 2006 @05:50PM (#14494881) Homepage Journal
    To the old rule that one should never argue politics or religion, because there is no way to win, I believe we must add operating systems as a third thing one should never argue.

    Add to that the following statement (my own): "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

    - Greg

    • Re:The Rules (Score:2, Insightful)

      by spitek ( 942062 )
      Agree here. Even trying to cover this subject in "vendor neutral" manner, pointing out the pros and cons based of what the need or usage of the system would be, still be like the white guy.
      • Thread highjack! (Score:4, Insightful)

        by Retardismo ( 946401 ) on Tuesday January 17, 2006 @10:58PM (#14496669)
        We also expose those who know little about computers but chose the Mac because of its ease of use and elegance a disservice by encouraging them to think that they don't need to think about security at all.

        This is the original sin of mac users. I myself, a mac user, have told someone that it is okay to open an email because they are using a mac. Security needs to be an important consideration in all computer use. In the same way that the /. community has imposed upo the world that good passwords are important, we must impose that good security practices are important.

    • Emacs vs Vi
    • Re:The Rules (Score:3, Interesting)

      by Krach42 ( 227798 )
      Add to that the following statement (my own): "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

      You should pick that up as a sig, it's good :)
    • So you're discriminating against white males by not allowing them to discuss discrimination because they're not discriminated against? But then, because you've discriminate against them, they can discuss it, but then you haven't discriminated against them because you've....
      • Discrimination against white people is still discrimination even if they are the majority. Please read the Civil Rights Act of 1964, it says it is against the law to discriminate against race, religion, creed, color, national origin, and gender. It does not say that only minorities are covered and majorities are not.

        Martin Luther King Jr. talked about everyone being equal and everyone being friendly with each other, not just minorities. He said not to judge someone by the color of their skin but as individu
        • by EggyToast ( 858951 ) on Tuesday January 17, 2006 @07:00PM (#14495504) Homepage
          I agree, although I think it's a much finer line to walk. Ensuring equal rights is one thing; demanding priviledge based on past inequality is another.

          As I'm sure most people have encountered in their lives, it's very easy for a very vocal minority to overwhelm a majority. Look at how many non-Americans believe that the United States is full of evangelical, "fire and brimstone" Christians. They're obviously a majority, but vocal and active enough as to appear to be a majority. They're not the only group in history who as acted as such, either.

          But anyway, majorities are historically awarded rights before minorities, and, due to their majority status, are often reluctant to give up any priviledges which they perceive as rights. It can be rude and backwards, such as the perceived right of not having to hear other languages or introduced to other cultures, or it can be the idea that a company always run by black people should continue to be run by black people. True equality is exceedingly difficult to attain, as that majority you mention is usually the most reluctant to give up their priviledge.

    • Re:The Rules (Score:3, Insightful)

      by MrNougat ( 927651 )
      And yet, being a white male in a discussion about discrimination does not necessarily make your position incorrect.

      But those Microsoft advocates - GOD.
    • Re:The Rules (Score:3, Informative)

      by Bazzalisk ( 869812 )
      As a white male from a poor background I can discuss discrimination a bit at least ;)
    • "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

      Hmmmm... nice analogy but why choose such a complicated topic??? I have found that in order to trigger the unwinnable argument effect it is usually enough (assuming you are a human male) to get into a discussion with a human female as to whether the toilet seat should be left up or down. This argument is actually much more venomous than the one you cited since it tends to go on f
      • I'm a male, and that argument's a non-starter. Of course it should all stay down. That's the "closed" state. Similar to many other household objects, the natural rest state is closed. Doors, windows, etc. They're opened when used; otherwise they wouldn't exist.

        Most males encounter toilet seats that are "down," and have to lift them. Even ones without a proper lid. Why they should assume that leaving them in a state unlike they were found, well, that's just slobbish.

        • Ah, yes, the LID should be down. Then both sexes have to lift the lid.

          The female argument that you should put the SEAT down is interesting. The most common one I hear is that if you don't put the seat down they might fall in. I personally look before I sit down on anything, but to each her own. I think it would be awfully funny to see one fall in!
      • by mike77 ( 519751 )
        to get into a discussion with a human female as to whether the toilet seat should be left up or down.
        I'm a male, and let me tell you, it goes DOWN!
        Your argument is too simplistic, it does not take other factors into account

        For instance, let us hypothesize you have a playful young cat who thinks the toilet is interesting and should be played in.

        Unless you like waking up to a toilet bowl soaked cat at 2 AM when they jump on your head, the argument is already decided.

    • "To the old rule that one should never argue politics or religion, because there is no way to win, I believe we must add operating systems as a third thing one should never argue."

      Being a Mac user is both religion *and* politics! It's religion because you believe in a supreme being (Steve Jobs), have a bunch of people that agree on a set of beliefs (e.g. one button is best) and think that other religions (Linux, Windows) are stupid and false. It's politics because you can only be on one side!

      (Before y

    • by hobbit ( 5915 )

      "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."
      I used to be a white male.

      My name is Jamelia Uwimana, and I'm a "switcher".

    • When you are talking about Mac it is religion, not a third thing. Bill Thompson blasphemed the Mac religion, and they are calling for Jihad! It doesn't matter that what he said might be right.
    • Re:The Rules (Score:3, Insightful)

      by Scudsucker ( 17617 )
      is like being a white male in a discussion on discrimination

      It's fairly easy, actually. For example, prostate cancer kills about as many men as breast cancer kills women, and yet breast cancer gets 3x the funding. Or how men make up at least 35% of the victums of domestic violence, and yet receive virtually no funding, no outreach, and no respect.
    • "Being a Microsoft proponent in an argument about operating systems is like being a white male in a discussion on discrimination."

      You are incorrect. Being a Microsoft proponent in an argument about operating systems is like being a Nazi, KKK member in a discussion on discrimination. White males are born that way and in no way predisposed to being racist. People who argue the superiority of Windows have made a choice to use and extoll that OS.

      People who argue Windows is superior are like KKK members, gen

  • by American AC in Paris ( 230456 ) * on Tuesday January 17, 2006 @05:50PM (#14494887) Homepage
    From Thompson's original article:

    Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised by malicious software and opened up to exploitation by others. It's time they started behaving a bit more responsibly.

    Dear Mr. Thompson:

    When you accuse several million people of demonstrating "indefensible smugness" based solely on the type of computer they're sitting in front of, you must certainly expect something of a backlash from those of us who do, in fact, take security seriously. When you tell the likes of systems administrators and security experts they should behave "a bit more responsibly", they're rightly going to tell you to go piss up a rope.

    On the Internet, we refer to people who make statements such as the one quoted above as "trolls". Engaging in this type of behavior is generally frowned upon. For example, if I were to say "this is the sort of idioctic drivel the world has come to expect from those effete Brits," I, too would be guilty of trolling and would receive untold amounts of well-deserved invective from the readers of this post.

    Fortunately for me, I know better than to make such outrageous statements.

    • Isn't that flamebait rather than trolling?
      • by CyricZ ( 887944 ) on Tuesday January 17, 2006 @06:07PM (#14495040)
        Just because a legitimate, completely truthful opinion angers some, it does not make the opinion "flamebait".

        Words like "flamebait" and "troll" are most often used seriously by those who are trying to incite trouble amongst people who are pointing out real, solid facts.

        We see this today in the media, where various governments label their opponents as "terrorists". Of course, in many cases those governments are partking in the very same actions that may be construed as "terrorism".

        These sorts of labels are useless just because they are misapplied so often, by so many different people and groups.

        • You misunderstand. I was not accusing the BBC guy of flamebaiting. I was just saying, that what the great grandparent was describing (as his opinion of what the guy was trying to do) sounded to me like it was covered by the word, `flamebaiting'. I personally, don't have a problem with the article (except that it is content-free BS like most computing articles by the mainstream press...hey you could never accuse /. of that could you? ;-) ).
        • But there ARE real things which are called trolling and flamebaiting. Trolling is saying something you don't believe, in order to elicit a desired response. Flamebaiting is saying something you do believe, with the express intent to begin a flamewar. Most people don't seem to understand these definitions which is why I have a bunch of Troll mods on my record. I never troll. I might be guilty of the occasional flamebaiting though :)
        • Words like "flamebait" and "troll" are most often used seriously by those who are trying to incite trouble amongst people who are pointing out real, solid facts.

          We see this today in the media, where various governments label their opponents as "terrorists". Of course, in many cases those governments are partking in the very same actions that may be construed as "terrorism".


          You claim that the US government is involved in terrorist activities right after lecturing us on trolls, bravo!
    • "this is the sort of idioctic drivel the world has come to expect from those effete Brits"...

      What was that saying... "Over-paid, over-sexed, and over here"? ;)

    • by CyricZ ( 887944 ) on Tuesday January 17, 2006 @06:03PM (#14495009)
      Please don't misuse the word "troll". Like it or not, he is pointing out a very serious issue that affects all operating systems, be it Windows, Mac OS X, OpenBSD, UnixWare, OS/2, MS-DOS, VMS, or basically any other operating system.

      Frequent updates are necessary, especially when it comes to networked systems. Concurrently, many users (even experienced administrators) fail to keep their systems patched and up to date, be it for a lack of time or due to financial constraints.

      Remember, Mac OS X is often targetted towards more inexperienced users, or those who just want a system that works. For the most part, that is true of Mac OS X. It does often just work. But likewise, it is necessary to keep it updated.

      Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way.

      If your doctor were to diagnose you with AIDS, and you did indeed have the syndrome, he would not be a "troll", regardless of how much you were angered by his diagnosis. In much the same way, this BBC author is not a "troll".

      • by Morky ( 577776 ) on Tuesday January 17, 2006 @06:07PM (#14495038)
        Please mod parent down "-1 Troll".
      • by Moofie ( 22272 ) <.moc.nrutasfognir. .ta. .eel.> on Tuesday January 17, 2006 @06:22PM (#14495178) Homepage
        "Remember, Mac OS X is often targetted towards more inexperienced users"

        Uh, says you. I know exactly what I'm doing, and I think MacOS X is pretty rockin'.
      • by American AC in Paris ( 230456 ) * on Tuesday January 17, 2006 @06:23PM (#14495189) Homepage
        Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way.

        Wait, it's a fact that "Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised"? You'll note that I don't take issue with his assertions that there are very real dangers that all computer users need to be aware of; I take issue with his saying, in essence, "If you use a Mac, you're irresponsible and smug when it comes to security".

        That is indeed trolling--at least, it's either trolling or flaming, depending on how you judge his motives. Had he said, "for many casual computer users, there is a common misconception that the Mac is perfectly secure," I would have absolutely no beef with his statement. As it is, though, you'll generate a lot more attention and traffic if you simply say that Mac users on the whole are smug and irresponsible. If making inflammatory statements for the apparent purpose of drumming up attention and agitating readers doesn't count as trolling, I don't know what does.

        If your doctor were to diagnose you with AIDS, and you did indeed have the syndrome, he would not be a "troll", regardless of how much you were angered by his diagnosis. In much the same way, this BBC author is not a "troll".

        Absolutely true. However, if your doctor were to then go on and say, "so, are you homosexual, or are you a junkie?", would his actions still be defensible, or would you smack him upside the head for making an innacurate and crass assumption about you based on a sweeping generalization?

        • Absolutely true. However, if your doctor were to then go on and say, "so, are you homosexual, or are you a junkie?", would his actions still be defensible, or would you smack him upside the head for making an innacurate and crass assumption about you based on a sweeping generalization?

          Ouch. You are gonna get some nasty responses to that example.

          This is not one of them, though.

        • "Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised"? You'll note that I don't take issue with his assertions that there are very real dangers that all computer users need to be aware of; I take issue with his saying, in essence, "If you use a Mac, you're irresponsible and smug when it comes to security".

          I disagree. I would rather say that this very kind of interpretation, in which you are putting a flamebait into a text where there was none, i
        • by laird ( 2705 )
          "Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way."

          So what was the very real, very serious fact that he pointed out? That there's a hypothetical risk of future security issues? It's true that some day a real Mac OS X virus will emerge, and at that point it'll make sense to do something about it, but until then, as he admits in his follow-up article, there's no point in installing current anti-virus softwa
      • Remember, Mac OS X is often targetted towards more inexperienced users, or those who just want a system that works. For the most part, that is true of Mac OS X. It does often just work. But likewise, it is necessary to keep it updated.

        Now, he isn't a "troll" for pointing out that very real, very serious fact. Sure, it might have angered some people, but that's not his fault in any way.


        He is either an ingorant fool or a troll, take your pick.

        Last time I checked, nearly every UNIX vulnerability was the result
    • by iangoldby ( 552781 ) on Tuesday January 17, 2006 @06:37PM (#14495313) Homepage
      When you accuse several million people of demonstrating "indefensible smugness"...

      Smugness is highly subjective, and says much more about the person making the judgement than the person being judged.

      I doubt that many Mac users think to themselves "I'm very pleased with myself because my Mac is immune from viruses." They just don't really think about the problem at all.

      That isn't smugness in any objective sense.

      The Mac user may appear 'smug' to the embattled Windows user who has just had to do a clean install for the 3rd time due to virus damage. But that's purely subjective.

      I think Bill writes a great deal of excellent stuff in his columns. Let's not get hung up on one sentence and then miss the entire point of the essay.
    • by vague disclaimer ( 861154 ) on Tuesday January 17, 2006 @06:50PM (#14495429)
      Also from TFA: I believe that security through obscurity is no security at all,

      So it's probably just as well that OSX doesn't rely on it then.

    • When you accuse several million people of demonstrating "indefensible smugness" based solely on the type of computer they're sitting in front of, you must certainly expect something of a backlash from those of us who do, in fact, take security seriously.

      Given the vitriolic and indignant responses I read on /. to what was a very reasonable statement by Bill Thompson, I think he was correct in his identification of "indefensible smugness". Mac users need to move past the infatuation phase with OS X and

  • It doesn't matter whether how secure the OS is, all that matters is how secure your data is. You could have an OS with more holes than a sieve, but if for one reason or another your data is less likely to be compromised then that is all that matters. Apple has unfound theoretical vulnerablities. So what, it doesn't matter. All that matters is that my word documents stay mine.
    • by slashname3 ( 739398 ) on Tuesday January 17, 2006 @06:11PM (#14495082)
      The whole matter of computer security comes down to make sure your system is just a little bit harder to exploit than the one down the street. Apple has done this. Microsoft systems are much easier to gain control of than just about any other system out there. Mind you that there are Microsoft Windows systems that are very secure. The admins on those systems have take the time to patch the holes and take measures to secure those systems. Is this true of all Windows systems? No. Are all Apple systems secure? No. It comes down to how much does the end user of that system care about security and how much time, effort, and money do they want to expend securing the system. This is true of all systems.

      As another poster wrote the orginal article is at best flamebait.
      • I would argue that Macs are mcuh easier to exploit, since most people don't bother to patch the OS. Becuase of the small market share there's really no point in wasting your time attacking Macs, though.
    • It does matter (Score:5, Insightful)

      by sterno ( 16320 ) on Tuesday January 17, 2006 @06:17PM (#14495140) Homepage
      Invariably the security of your data is dependent on the security of your OS. If you have some wonderfully encrypted data files you have to interact with them via the OS. So somebody exploits a vulnerability, you end up with a key logger on your machine, and now your intricate password to protect your encrypted files is forfeit.

      As for the article's conclusion that viruses are unlikely, I think he's wrong. What makes Unix safer from viruses, etc, is the isolation between user level activity and administrator activity. Thus while one account may be compromised a whole system isn't. So this makes it harder for viruses, but not impossible by any stretch.

      For example, a virus can be destructive without becoming root. It can, as you allude to, attack only your data, instead of a whole system's data, but in the end, it's still your data getting corrupted. Furthermore, most of the exploits I've seen of Linux systems involve taking a non-root exploit and then using another vulnerability to make it a root exploit.

      Something else to consider on OSX is the sudo. As I understand it, any user on an OSX system can use sudo. So, if an exploit can gain user level privleges, it can then use social engineering, keylogging, etc, to gain the users password and then, in effect, gain root priveleges through sudo.

      What protects OSX for now is that it has a smaller share of the market so there are less people trying to exploit it. Eventually if OSX gains market share, then there will be far more incentive to write malware for it. Certainly it will take greater skill to exploit OSX and it will be easier to defend against those exploits, but it only takes one clever hacker to completely ruin your day.

      • Re:It does matter (Score:2, Interesting)

        by zcat_NZ ( 267672 )
        To some extent this is true. But on the whole it's utter bullshit. If I get a user-level virus that mails itself to all my friends and deletes all my documents, it doesn't make the slightest different if it needs or wants root access. The mail goes out. My files get deleted. Root access isn't required.

        One of the real differences between Windows and more sensible OS's is that Windows actively seeks out and tries to run code from untrusted sources. Screensaver sent in email? LET'S RUN IT!! Code on a web page?
      • Re:It does matter (Score:5, Informative)

        by cmdrbuzz ( 681767 ) <cmdrbuzz@xerocube.com> on Tuesday January 17, 2006 @06:59PM (#14495492)
        As I understand it, any user on an OSX system can use sudo.

        You have to be a member of the admins group in order to use sudo on OS X.
        Ordinary users don't get to play.

    • That's fine if all you want to protect is your data - what about people installing trojans turning your computer into a worm distributor or even someone rebooting your machine remotely everytime you log on?

      Security should also be a function of the OS.
  • by Anonymous Coward on Tuesday January 17, 2006 @06:01PM (#14494990)
    We forgive you on one condition: you admit publicly that emacs is the one true editor. [dina.kvl.dk] Then you won't have to worry about anyone flaming you ever again.
    • You macro-writing emacs-installing COWARD! Behold the simplicity and power of the only true text editor for UNIX, VI. No matter what UNIX machine I log on, in the entire world, I have the power to edit text without installing software, and that matters when I am developing code and fixing code on many dozen machines that I do not even own! That makes me infinitely more powerful that you EMACS users, lower than DIRT ON A WORM.
  • by achesterase ( 918544 ) on Tuesday January 17, 2006 @06:03PM (#14495004)

    But spyware and keyloggers are written for Mac OS as for other Unixes, and could be installed on a compromised system by a worm or even by a Trojan that is installed with user permission.

    Gee, who would think? This statement gives the impression that Unix is especially vulnerable to this issue and that there is some solution to this problem. The fact that Unix's user segregation is one of the cleanest and most secure out there obviously doesn't factor into his security assessment and what I really wonder is what his suggestion for changing this "vulnerability" is. If he's looking for a technical one, I think he'll be looking for a while, since there is none. The human is always a security risk on the system. The question is only to what degree. Technology can help minimize the damage but in the end, it's always the same problem.

    • It's not appropriate to generalize about UNIX these days, considering how many different UNIX-style systems there are.

      Linux might be vulnerable in one case, while Mac OS X, UnixWare, FreeBSD, Solaris, AiX and other such systems are perfectly safe. Likewise, Solaris might be affected, while the other systems are not. And so on, and so forth.

      Now, various UNIX-like systems have run into problems in the past with regards to security. Thanks to the relative degree of fragmentation, such incidents are usually iso
    • "Gee, who would think? This statement gives the impression that Unix is especially vulnerable to this issue and that there is some solution to this problem. The fact that Unix's user segregation is one of the cleanest and most secure out there obviously doesn't factor into his security assessment and what I really wonder is what his suggestion for changing this "vulnerability" is. If he's looking for a technical one, I think he'll be looking for a while, since there is none. The human is always a security r
  • by thewiz ( 24994 ) * on Tuesday January 17, 2006 @06:10PM (#14495073)
    is that nothing is perfect. We flawed humans created flawed machines and flawed software. No matter what OS you run there will always be flaws that someone could exploit. I use Macs but I certainly don't count on OS X being secure enough for me to connect to the internet without using a correctly configured firewall.
    • "I use Macs but I certainly don't count on OS X being secure enough for me to connect to the internet without using a correctly configured firewall."

      oh yeah? first of all, macosx has a built-in firewall you can enable at your leisure, and therefore talking of OS X not being secure enough for you to go online without the use of a firewall as if these two were exclusive different things is nonsense.

      but even if you don't use a firewall, try plugging your up to date mac directly into your internet connect

      • Think for a minuet. What if some malicious individual decides to show those smug bastards how secure OSX really is? Someone in theory could develop a worm or virus to exploit some vulnerability in OSX. Then all the OSX users in there ignorant bliss will finally wake up and realize Internet security is for all to practice not just windows users. The GP poster is taking the preemptive approach and not taking any chances. He also might have a LAN and wants a central point of protection for all his systems. I h
      • '' but even if you don't use a firewall, try plugging your up to date mac directly into your internet connected modem and wait for its security to be compromised.i don't advise you to hold your breath. ''

        Statistically, if you connect a PC with a fresh install of Windows to the internet with a broadband connection, and you hold your breath until it is infected, you will die with a propability of 90 percent.
    • by node 3 ( 115640 ) on Tuesday January 17, 2006 @09:00PM (#14496185)
      nothing is perfect

      Agreed, and for the discussion at hand, this also includes OS X.

      I use Macs but I certainly don't count on OS X being secure enough for me to connect to the internet without using a correctly configured firewall.

      While I don't mean to discourage the use of a firewall, it is wholly unnecessary, at present, with Mac OS X, and is likely to remain that way for quite some time.

      Since I have a LAN, I have a hardware firewall by default (WiFi+10/100 Ethernet router), but I've run with Macs connected directly to the cable modem, and would do so again without fear. I most certainly would not do that with Windows. I would do it with Linux as well, although I'd run a portscan first and make any necessary configuration settings.

      Really, Mac OS X does not need a firewall. But it's still a good habit, it makes it easier to add other computers (especially Windows machines) to your network, and "some day" may even be necessary on OS X (although that mythical "some day" is more theoretical than imminent).

      Is that the "smugness" people are always talking about? It's not that I feel smug, so much as I am unconcerned (based on a rational assessment of the facts). Are Windows users "smug" because they can run the most games? Or are they just taking advantage of the fact that there are more Windows games than Mac games? Sure, one can be smug about these things, but they are true, and acting on those truths does not equate to smugness.
  • >>doesn't believe there ever will be.

    Let's not be too naive and write statements like there will never be a worm for Macs. If someone wanted to they could write a worm to infect them. Saying I don't believe anyone will write one is sticking your head in the sand. You have to assume there will be one and then start to protect yourself, not the opposite.
  • so sayeth Bill Thompson in a fluffy article:

    some people might not update and their systems could be compromised. And there is always a gap between the discovery of an issue and an available fix, a gap which could be exploited.

    (emphasis in italics mine)

    Dear M. Thompson:

    No Shit, Mr. Holmes(ne: Thompson). Welcome to the real world, where there are unscrupulous characters just waiting for you to wander past that allegorical dark alley, and get gobsmacked for doing something unconditionally stupid.

  • defensibility (Score:5, Insightful)

    by abes ( 82351 ) on Tuesday January 17, 2006 @06:17PM (#14495138) Homepage
    Firstly, saying that vunerabilities exist is akin to saying that there are bugs in someone's software. You're just about guaranteed to be right.

    Smugness, I'm not sure about (I'm a linuxite). Certainly there is something that most Windows users don't experience, and that is actual *enjoyment* from their OS. Microsoft has never tried especially hard to make their OS enjoyable, only usable.

    Would things be different if OS X were the predominant OS? Without doubt. However, OS X, both the kernel (Darwin), and user interface, have been precisely engineered. Windows, one might argue, more evolved. They claim complete rewrites of the OS occured, but I'm willing to bet tons of code was copied-and-pasted in the process.

    This does not guarantee it is fool-proof. Only time can tell that. But I would be willing to hedge a bet that less exploits exist for OS X than for Windows.
    • Certainly there is something that most Windows users don't experience, and that is actual *enjoyment* from their OS

      I get plenty of enjoyment from my Windows Experience thank you very much!

      Windows has given me so much porn over the last few years i wouldn't know what to do with myself. I could be working on a stressful Powerpoint presentation for work & then all of a sudden pops up some porn, it always comes in at the right time, it makes the windows experience truley worth it.

      And don't forget clip

    • Re:defensibility (Score:2, Interesting)

      by NorbrookC ( 674063 )

      They claim complete rewrites of the OS occured, but I'm willing to bet tons of code was copied-and-pasted in the process.

      The WMF vulnerability is proof of that. Supposedly Win2K was a "from scratch" OS, which is why they were about 3 years late with it - according to MS at the time.

      Now it seems that (gasp!) they lied! Who would have thought it? (The line starts to the right).

      • They did rewrite significant portions of the OS. I don't believe MS *ever* claimed it would be done from scratch.
      • Nobody ever claimed that Win2k was a "from scratch" OS. That would be a serious wasted effort. I think the last release they put out that comes close to "from scratch" would be the Windows NT 3 kernel, or the Windows NT 4 UI (Windows 2000 is Windows NT 5).

        And besides that, the WMF vulnerability was a design flaw that has been around since WMF was first supported in Windows 3.0. They're probably not still working with code from that time.

  • The only good bug... (Score:5, Interesting)

    by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Tuesday January 17, 2006 @06:34PM (#14495282) Homepage Journal
    ...is a squished bug. (See xroach for details.)


    Seriously, the argument that there are exploits is an important one to keep in mind. Nobody questions that Firefox is so far ahead of IE on security that the difference can be measured in red-shift. However, anybody who then concludes that Firefox users can afford to be complacent is completely outside the Universe entirely. The same is true of OS vulnerabilities. If a vulnerability is detected, it needs fixing. Ideally, you write the software correctly in the first place so that there are extremely few vulnerabilities that ever need to be fixed, but that doesn't generally happen.


    Is Bill Thompson a troll? To a degree. He has absolutely zero diplomatic touch, which is presumably why the BBC put him on the technology desk and not in foreign affairs. If you're in a war-zone, tact is an important skill to have.


    The part that concerns me most, which I'm not seeing enough commentary on, is the extremely serious allegation that Apple have deliberately installed backdoors into their systems. If this allegation has any foundation in fact, Apple should face intense questioning on their conduct. Cisco got burned when the backdoors they installed were discovered and although you can argue that an Apple is not quite as critical a part of the infrastructure, backdoors are certainly not ethical and possibly not legal.


    I've heard people arguing that you can't prove a program bug-free (actually, the Halting Problem only proves you can't do so for the general case, it says nothing about specific cases), but the more I hear of people abusing trust (eg: Sony), wilfully releasing defective software with known and documented bugs on the grounds people will update eventually anyway (Microsoft) and incorporating deliberate backdoors (Cisco), the more I am convinced that there should be consumer protection legislation that forces software companies to maintain certain standards. These sorts of wilfull, knowledgable, abuse of consumers is simply not acceptable.


    And, yes, I don't care if it takes a BBC hack journalist to point this out.

    • From above post:
      The part that concerns me most, which I'm not seeing enough commentary on, is the extremely serious allegation that Apple have deliberately installed backdoors into their systems.

      And from the article:
      Sometimes Apple make things worse. For example, widgets, small programs that can do things like search online dictionaries or let you listen to streamed BBC programs, can be installed without your permission when you visit a website using the Safari browser, just like Windows does with Acti

  • by this great guy ( 922511 ) on Tuesday January 17, 2006 @06:51PM (#14495442)

    The Slashdot story is misleading by saying "[Bill Thompson] knows that there are no Mac OS X viruses in the wild, and he doesn't believe there ever will be.". Actually Bill Thompson thinks it is possible but unlikely, quoting TFA: "I don't believe that Mac viruses already exist, and I think it's very unlikely that they ever will."

    There is a big difference between saying "I don't believe in <foobar>" and "<foobar> is very unlikely". Such subtle differences in phrasing totally explain why some people agree with Bill and some others disagree.

  • OS X and Linux are currently less popular. This means they will be infected with less stuff. They are gaining popularity, though slowly. However, becuase of the nature of open-source software, patches can be applied every time there is a new vulnerability discovered or exploited, so that by the time it is a really big target most of the obvious problems will be fixed. At least that's the theory. I've heard that one current example of this is the fact that MS IIS is a fraction of its market compared to Apach
  • An analogy... (Score:5, Insightful)

    by Macdude ( 23507 ) on Tuesday January 17, 2006 @08:27PM (#14496028)
    On a planet far far away live two races of people; The Gatesians (who make up 90-95% of the poulation) and the Jobsians (who make up the rest).

    The Gatesians have weak immune systems and frequently suffer from viral and bacterial infections, often necessitating a hospital stay. The problem is so bad that almost all Gatesians wear face masks and rubber gloves, use copious amounts of anti-bacterial soap, sterilize all items they come in contact with and get immunisation shots on a weekly basis. And despite all this they continue to get sick.

    Jobsians, on the other hand, have very strong immune systems, so strong that no Jobsian has gotten so much as the sniffles in the last few years. Many Gatesians make the claim that the Jobsians don't get sick simply because there aren't enough of them for an infection to spread. The Jobsians point out that there are no known viruses or bacteria that affect Jobsians (the odd rumoured virus built in a secret government lab aside).

    A few scare mongers (like Bill Thompson) like to argue that the Jobsians need to take the same precautions against disease that the Gatesians do and that if they don't if a virus or bacteria that can infect them ever shows up will wipe them all out. For the most part the Jobsians just ignore the ranting and get on with enjoying their carefree life and laugh at all the sneezing, coughing and hospitalized Gatesians.
  • by McFadden ( 809368 ) on Tuesday January 17, 2006 @08:39PM (#14496091)
    Thompson has a track record of writing articles that are either ill-informed or technically incorrect and then defending himself with the lame excuse that his is an 'opinion piece'. I can never understand why Slashdot (or the BBC for that matter) give him the space he clearly doesn't deserve. He tries to present himself as something of a guru, but probably couldn't get a job as a junior IT helpdesk worker (apologies to all the highly competent helpdesk guys out there).

    He's the poster-boy for the phrase "a little knowledge is a dangerous thing". If you look at his resume it's clear that he tried to make it as a techie, but didn't have what it takes, and so became a "commentator". It's funny - there used to be a feedback section on his BBC column, but it mysteriously disappeared a few months ago, shortly after he posted some badly researched drivel about problems copying his archived email from Windows to OS X and got shot down in flames by almost everyone who responded.
  • by dr2chase ( 653338 ) on Tuesday January 17, 2006 @08:53PM (#14496147) Homepage
    I've never come across perfect software, but at this point (using a Mac) my time is better spent worrying about failing hardware than it is about Mac viruses and worms. I've had failed power supplies, memory gone bad, disks crashed, and three chips smoked into nonfunctioning lumps. I worry that the flight attendent will dump a drink into my laptop on the airplane, or that one of my kids will use my laptop for something Horribly Inappropriate; those are the more likely failures.

    It is also worth noting that "if Macs were as popular as Windows" is one of those hypotheses contrary-to-fact; perhaps, if that were the case, OS X would contain further safeguards. Perhaps Apple would bundle their own antivirus software, and perhaps it would work, and perhaps it would not pester me for yet another year's subscription to continue my protection. Perhaps they would release that information on an RSS feed, and perhaps they would propagate it via a peer-to-peer network. If I can assume that pigs fly (that a false thing is true), there's no limit to the possibilities. We can argue endlessly about what might be; what is, is an OS that is more secure by design (never had ActiveX, root privileges require a password for each activation, ports kept shut by default), that has not been host to anything like all the vermin that infest and attack Windows boxes.

  • what he said... (Score:2, Insightful)

    by Old Fart ( 99472 )
    ...was that Mac users are smug and complacent, that they are ignoring their vulnerabilities. To wit, "I worry that we do not take security seriously enough as a community."

    What, pray tell, are Mac users *not* doing (in their complacency) that they *should* be doing? Are they not updating their software as often as other users? Do they not run firewalls? Do they not backup data? Are they not spending millions of dollars for security software? Are they somehow *more* complacent than other users?

    Where's the
  • Sony's infamously intrusive DRM on their audio CDs hits Macs, too. [slashdot.org] More user interaction is required for the install than on Windows, apparently.

    A question I haven't seen answered: apparently the Windows version installs the spyware and backdoor even if you reject the EULA. Is this true for the Mac version?

  • On the other hand some Mac users are setting themselves up for failure. I have one client who INSISTS on chmod 777 -R / because he finds security "inconvenient" -- and any viruses that DO hit the wild are 100% guaranteed to hit their network. They miss the old MacOS and its total lack of security. I'm sure they're not the only ones with that shortsighted and foolish outlook based on the false sense of security that "if it hasn't happened yet, it never will"

    Not only that, but if you have any shares/dropbox
  • This is an entirely naive question as I have no knowledge of viruses or how they spread, etc. But is it possible that at 3%, there simply aren't enough Macs to support network propagation of a virus? Or rather, that the density of Macs simply won't support it? Just thinking aloud and wanted to put the thought out there.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...