Comments on: Apple patches a batch of Mac OS X flaws

Computer maker issues 20 patches aimed at pre-Tiger versions of its operating system.

Just for the record

Say it ain't so, Joe. So, that was 12 fixes last month, 20 this month & they won't even fix the problems with Tiger until August - hey this is way more secure than Winblows......how ?

I currently use 98SE, XP, OS X and Red Hat - so I'm not a single-OS bigot. But let me once again repeat RULE #1 - ALL SOFTWARE HAS BUGS.

He was a good man, an honest man.

I forsee a huge flamewar in your future... It's sad to see an honest man destroyed so :)

[catchall]

It will be interesting to see

how well Apple can push the patches out, and actually get folks to apply them. It has been one of the big problems for Microsoft. Patches are useless if your user base won?t get them or install them.

[Byronic]

Just for the record...

Did you just make up the part about not fixing Tiger until
August (or whatever month you said?) Because the story said
that these minor vulnerabilities had already been fixed.

Maybe you are thinking of a Microsoft news story you just read?
That would be typical for them to wait that long or at least until
after it had been exploited many times (then the patch would
create even worse problems.)

[M C]

And yet Mac OS X is still more secure...

As tested by objective observers.

[MadKiwi]

Perhaps because...

... the patches came out before any exploits were developed in the wild...?

[Sboston]

Interesting

I think it's a wise move to go to monthly updates.

I found the Apple script issue to be very reminiscent of the VBScript issue a while back.

Monthly updates could be less disruptive

I use various vendor software/hardware for security - so sure, unless there's a consistant bug that crashes my machine, I can wait for a quiet time, to schedule a monthly update.

But if M$, Apple etc break down their OS's at a macro functional level & can apply patches in the background, and can guarantee no down time, I'd prefer to get things fixed ASAP. It's just that I don't trust them to make the updates transparent to current machine activity.

[privatec]

Why are they monthly?

Operating on the assumption that Apple releases updates when
it fixes the problems I'd rather have that than a monthly
schedule. Maybe I'm being too charitable of course.

[aemarques]

The usual double standard

So now, because it comes from Apple, monthly updates are a good thing?
Gee, I guess it is just a bad think when Microsoft does it...

[Byronic]

What double standard?

Monthly updates are good. What is expecially good is when the
OS vendor can keep up with all vulnerabilities so well there there
are NEVER any EXPLOITS. Also, most of the vulns are local
exploits, and not network ones, not spyware, not adware, etc...
this is also a GREAT thing WHEN YOUR VENDOR can do this!

[Steve Bryan]

Try reading that article again

Here is the relevant quote:

Apple has no fixed schedule for issuing patches. By contrast, Microsoft in late 2003 moved to a monthly release of security fixes

I hope you don't actually froth at the mouth when reading articles about Apple looking for things to complain about. Just for the record all software will have bugs and vulnerabilities. Most companies, including Apple and Microsoft, will issue patches and updates to address these shortcomings. The company with the better record of avoiding actual exploits is the company with better security. Period. If there are other factors that may contribute to this result, so what? No amount of FUD is going to change actual experience.

[Thomas, David]

I have one request for Tiger

Most users who went out and bought the first release of Tiger
could care less about the VPN issues. Those who know about
will wait to upgrade to Tiger. For me, however, I have one
request.

They introduced an RSS feed screen saver. Its awesome, its
useful, its functional. But why does it limit me to choosing only
one RSS feed for the screen saver?

This new feature is not only aesthetically pleasing, but very
useful, AND i prefer to have my screen saver running full time to
give me useful information that is only a single keystroke away
to read an article. Since I have multiple CPUs, and a KVM switch,
I use my iBook for this feature more as an application rather a
screen saver. Soooo ... PLEASE CHANGE the RSS feed screen
saver to support multiple selection of RSS feeds.

FYI, my network of computers don't use a VPN so I had no
problem with installing Tiger on my two macs. My 2003, 2000
and XP machines all play nicely with my mini-mac and ibook.

[Jon Skillings]

Correction on update schedule

The original version of this story was incorrect about the frequency with which Apple issues patches. The company has no fixed schedule for releasing security updates for its software.

[M C]

More CNet flaws found -- no patches in sight.

CNet is fast becoming my favorite humor site, the way they make a concerted effort to spin the facts.

In this article, "Apple released 20 patches" (in reality, one update) with the details explained in an "advisory" (in fact the ReadMe for the update).

The flaws could "catch users off-guard" (in fact, no one has seen even the very first instance of a user being "caught off-guard" by a security issue on the Mac).

And three paragraphs are taken up with threats of an "attack" due to an Apache issue ("ALERT! YOUR MAC WEB SERVER IS TOAST!!"), but even Secunia, who makes their living by making people fearful of security issues, pretty much says this one is a non-issue. (Of course, in CNet-speak, they "downplayed" it.)

Then, one of the greatest fact-twists of all: CNet implies that by having "no fixed schedule" for patches, Apple is less responsible than Microsoft or Oracle, when in fact Apple has issued patches MORE frequently than either, when needed.

This kind of stuff is done by enough writers to lead one to believe that CNet tells them to write stories this way. Notice that Mac stories are usually in the "Most Popular Headlines."

[Thomas, David]

In Defense of CNET

In fact, I am only defending them on one issue.

For some reason, any story regarding Apple is read
overwhelming number of CNet readers. Secondly, they almost
always generate the most comments.

Because of this, it can be easy to argue that CNet would always
put a "twist" in a story regarding Apple. In fact, just to include
any popular Mac product in a headline, generates a lot of links
being selected, and comments posted to it.

Bottom-line, the stories with the most hits, and comments are
placed in the "Top" headlines. There is nothing nefarious about
the one, single point. Though I do wonder about the rest of
what you pointed out. ;-)

Reply

I am repling this history.. dã