Comments on: Apple plugs 25 Mac OS X flaws

Fourth security update this year addresses vulnerabilities that could let attackers hit Macs.

[Siegfried Schtauffen]

The Mac Lost the challenge

http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow

[OS11]

no it didn't -

but now CNET has reported they bent the rules to make this hack work:

From CNET: "The successful attack on the second and final day of the contest required participants to surf to a malicious Web site using Safari--a type of attack familiar to Windows users. CanSecWest organizers relaxed the rules Friday after nobody at the event had breached either of the Macs on the previous day."

So it wasn't a break-in as first believed... which is "priceless" since it shows OSX remains unhacked.

[Mark Greene]

Zero Real Exploits for OSX, Countless for Windows

That's all that matters.


With the old Mac OS, there were many more viruses than there are
now (now being zero, of course).

The marketshare argument holds no water.

[Fil0403]

Around 5 Security Vulnerabilities for Vista, Countless for OSX

That's the truth that hurts you Apple fanboys. With the old Mac OS, Mac users were more secure with PowerPC arquitecture and had much less vulnerabilities (now being dozens every month, of course).
The marketshare argument is, in reality, a fact that shows how superior Windows is in comparison to Macs.

[Fil0403]

Around 5 Security Vulnerabilities for Vista, Countless for OSX

That's the truth that hurts you Apple fanboys. With the old Mac OS, Mac users were more secure with PowerPC arquitecture and had much less vulnerabilities (now being dozens every month, of course).
The marketshare argument is, in reality, a fact that shows how superior Windows is in comparison to Macs.

[mikesims10670]

Who cares ... OSX is much more effecient

I've been a Microsoft fan since DOS 5.0 ... I fiddled to the Microsoft tune ever since, getting my MCSE, SBS cert ... spending the last 15 years as a professional NT / Active Directory administrator ... Hell, I am currently an independent owner of a Microsoft consulting company.

However, when I need to get serious work done ... I use my MacBook Pro. Why? It never locks up. It never blue screens, it always runs at top performance no matter how much I install on it ... OSX is a very powerful, very effecient, very "Power User" friendly operating system.

My workstation is a 100% name brand (Asus, nVidia, Maxtor, Kingston, Sony (dvd) ) computer that is less than 8 months old. It has Vista installed with Office 2007 and QuickBooks 2007, Firefox, Gaim and WinCSP. When I have more than 15 or 20 windows open on my Vista machine (and I frequently work with 30+ windows up at a time) ... Vista often looses its ability to right click (which sometimes returns when I close some windows). It also blue screens once a week on average ... and it REGULARLY freezez up so that I have to hard boot it (when waiting more than 10 minutes doesnt return it to a usable state).

All of the drivers (and bios's) are current as well as the patches ... and I spent more than $3,000 in hardware, purchasing the best I could get for the sake of stability.

I have kernel paniced my OSX machine once with a beta version of Parallels (and I actually don't use Parallels any more unless I need my Cent OS VM or I need to run a quick utility for a client that only runs in Windows) ... 98% of everything I do (and remember, I'm a Microsoft consultant) I accomplish using OSX. It is a power users operating system.

The bottom line is simple ... Windows causes me headaches. OSX makes me smile constantly. I can't count how often I have sat back after 10 to 15 hours of hard OSX usage and I just have this huge grin on my face because I realize that I have actually been working and hammering the tar out of my mac and all along it's been performing at top speed without any issues AT ALL.

I actually get more done with my OSX machine than I can with my Windows machine. When I'm working with linux servers, my OSX machine has native utilities that let me work with them. With windows, I am forced to download tools (and we all know that installing more software into Windows adds to its registry and file clutter ultimately increasing its eventual performance degredation that only a reinstall will fix).

No thank you ... I'll stay with OSX. Windows (and especially Vista) just plain sucks.

Mike

[Siegfried Schtauffen]

Please do

Blue screens once a week! Freezes under Vista! I use Vista RC1 on a machine with only 512 MB and I never have a freeze or even a slowdown under normal usage. The problem is obviously you. The more people like you that leave the Windows world the better.

[smilin:)]

I led you to water - here drink

Why ask me for an example when you don't actually read what I provide?

If you want an actual working exploit, here is one you can play with yourself:
http://secunia.com/mac_os_x_command_execution_vulnerability_test/

If you think this is only some demo and doesn't exist in the wild all you have to do is look at the results of that $10,000 hack a mac contest. (article appeared here on CNet since my previous post). The same vulnerability was used to win the contest.

note: this exploit was in the link I sent you already. All you had to do was scroll down the page.

If you want a working exploit that does something malicious I'm simply not going to provide it to you. I'll abandon this debate before I stoop to providing malicous code to prove my point.

[Macsaresafer]

Tried to drink but nothing happened.

Heck of an exploit you've got there Brownie.

[mikesims10670]

Didnt work on my mac ...

You loose!

[mikesims10670]

This didnt work on my OSX machine ...

You loose.

[smilin:)]

Lets use your words then..

http://www.sophos.com/virusinfo/analyses/osxleapa.html

http://www.sophos.com/virusinfo/analyses/osxinqtanaa.html




First I commented about the vulnerabilities and I get corrected saying they aren't the same as exploits. Fine. I then provide an exploit... http://secunia.com/mac_os_x_command_execution_vulnerability_test/

"Heck of an exploit you've got there Brownie."

I then explain it's an exploit that's been patched (quite irresponsible to provide one that works to a public discussion)

"So you found a year old 'exploit' that didn't do much of anything and never affected Mac users in the real world. Congratulations. What's your point?"

(more on "my point" in a bit)

"If on the other hand, you're trying to show that there are real exploits that affect real Mac users, then you're not even close."

I then argue that if by that argument it doesn't affect users then it must not be an exploit...hence no Windows exploits since I've never been affected by one...after all I'm a "real user" (my silly point made to emphasise yours)

You then said I'm bending your words so here you are all quoted for the world to see. Here is your latest quote:

"I said it wasn't a real exploit because a) it didn't do much of anything to begin with and b) NO Mac users were affected, not just me."

Strange that the quote above doesn't quite match the previous one...you aren't bending your own are you? You said "real mac users" before and are now saying "no mac users"

"If you knew of a real exploit that affected real Mac users, you'd have brought it out by now. You don't know of one because there aren't any."

Ah. There you go. "there aren't any". You put that own hook in your mouth. What are these then:

http://www.sophos.com/virusinfo/analyses/osxleapa.html

http://www.sophos.com/virusinfo/analyses/osxinqtanaa.html


...Now back to "my point"...

"Nothing created by humans is, ever was, or ever will be 100% secure."

Exactly. You said my exact point. If you and I agree on this then there isn't much point in discussing further. It's the only point I wish to make.

If on the other hand you wish to keep discussing how secure Macs are ***while sitting under a news story about 25 Mac OS X flaws*** (????) then reality is going to keep biting you.