Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BDFL - Memuneh
60765 posts

Uber Geek
+1 received by user: 11655

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 12522 21-Mar-2007 18:16
Send private message

From Slashdot, not a crowd known for being pro-Microsot:

An anonymous reader sends us to George Ou's blog on ZDNet for a tale of how Apple's PR director reportedly orchestrated a smear campaign against security researchers David Maynor and Jon Ellch last summer. Ou has been sitting on this story ever since and is only now at liberty to tell it. He posits that the Month of Apple Bugs was a direct result of Apple's bad behavior in the Maynor-Ellch affair. From the blog: "Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist).

Apple patched these 'non-existent vulnerabilities' but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification.

The end result is that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007 including last week's megapatch of 45 vulnerabilities."


Er... And then you say Apple Mac OS X is not vulnerable?







View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4
1651 posts

Uber Geek
+1 received by user: 343

Trusted
Subscriber

  Reply # 64559 21-Mar-2007 18:50
Send private message

freitasm: From Slashdot, not a crowd know for being pro-Microsot:

An anonymous reader sends us to George Ou's blog on ZDNet for a tale of how Apple's PR director reportedly orchestrated a smear campaign against security researchers David Maynor and Jon Ellch last summer. Ou has been sitting on this story ever since and is only now at liberty to tell it. He posits that the Month of Apple Bugs was a direct result of Apple's bad behavior in the Maynor-Ellch affair. From the blog: "Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist).

Apple patched these 'non-existent vulnerabilities' but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification.

The end result is that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007 including last week's megapatch of 45 vulnerabilities."


Er... And then you say Apple Mac OS X is not vulnerable?



But Mauricio, the advertising says that Apple doesn't suffer from this. As does Steve Jobs.

Have I been lied to?




________

 

AK

 

 

 

Click to see full size




BDFL - Memuneh
60765 posts

Uber Geek
+1 received by user: 11655

Administrator
Trusted
Geekzone
Lifetime subscriber

32 posts

Geek


Reply # 64565 21-Mar-2007 19:24
Send private message

Steve Jobs is God, and if he says "no vulnerabilities in Mac OS X" there are none.... unless....

4304 posts

Uber Geek
+1 received by user: 152

Mod Emeritus
Trusted
Lifetime subscriber

Reply # 64572 21-Mar-2007 21:10
Send private message

Unless he is really the devil?

643 posts

Ultimate Geek


  Reply # 64574 21-Mar-2007 21:39

and theres an Airport firmware bug older than one year that has not been publicly fixed yet, despite Apple knowing about the problem.




Sniffing the glue holding the Internet together

128 posts

Master Geek


  Reply # 64592 22-Mar-2007 00:01

freitasm: Er... And then you say Apple Mac OS X is not vulnerable?


I say Apple Mac OS X is not *as* vulnerable, and I base this mainly on the economics of the hacker who wants to make as big a splash as possible, thus diving into the Windows pool. Reality has so far confirmed this -- no Mac OSX viruses have been found in the wild yet. (Yet.)

That's not to say that it couldn't change at the drop of a hat. Here's hoping Apple's quick work on patching these vulnerabilities continues.


4304 posts

Uber Geek
+1 received by user: 152

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 64593 22-Mar-2007 00:05
Send private message

Quick work? Did you read the post above yours?

Apple just patched more holes in one go than Microsoft did with Windows over a very long period combined.

128 posts

Master Geek


  Reply # 64594 22-Mar-2007 00:06

Oh yeah, forgot to address this:

freitasm: From Slashdot, not a crowd known for being pro-Microsot:


It's fitting, then, that there is no mention of Microsoft in either the Slashdot blurb or the article it's referring to. Laughing

128 posts

Master Geek


  Reply # 64595 22-Mar-2007 00:07

bradstewart: Quick work? Did you read the post above yours? Apple just patched more holes in one go than Microsoft did with Windows over a very long period combined.


I don't have any data, but that's certainly not my impression. Show me the data and I'll change my mind.

4304 posts

Uber Geek
+1 received by user: 152

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 64597 22-Mar-2007 00:13
Send private message

Microsoft have released 16 updates to XP this year.

128 posts

Master Geek


  Reply # 64598 22-Mar-2007 00:32

bradstewart: Microsoft have released 16 updates to XP this year.


Ah, I think we're struggling with differing procedures and classifications here. Apple has released 3 security updates* and a codebase update* (i.e. 10.4.9) so far this year, which together have patched the said 62 vulnerabilities. My speculation is that the 16 updates you say Microsoft have released to XP this year (link?) patch a different number of vulnerabilities.

Some of the vulnerabilities patched by Apple this year were first made public during the Month of Apple Bugs, although the number will unlikely be great seeing that some of the so-called "Apple Bugs" were bugs in cross-platform third-party software that happened to be available for OSX. However, it is in particular these bugs that I refer to when I say that Apple seem to be quick in patching their bugs. I can't find any reference at all to an Airport vulnerability that remains unpatched after a year; maybe Barf could post a link.

*For a complete list of all Mac OSX patches, visit:
http://docs.info.apple.com/article.html?artnum=61798

Mind you, now that I've typed all of that out, it makes no sense to me to judge an operating system's security by the number of vulnerabilities they patch, because it says nothing about the number of vulnerabilities that actually exist. Seems like a silly comparison.







4304 posts

Uber Geek
+1 received by user: 152

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 64599 22-Mar-2007 00:37
Send private message

Hmm thought I typed that out in full. 16 fixes for 30 vulnerabilities.

It is kind of ironic really that Apple have been digging at Windows for years and saying how secure their OS is and doesn;t need all those updates (on of their Mac/PC ads even has it) now they have to come out and patch a huge number of holes. Nice to see them come down off their high horse. But I'm sure in the end it'll all be Microsofts fault anyway, just like the iPods that shipped with virii, blame Microsoft.

128 posts

Master Geek


  Reply # 64600 22-Mar-2007 00:49

bradstewart: It is kind of ironic really that Apple have been digging at Windows for years and saying how secure their OS is and doesn;t need all those updates (on of their Mac/PC ads even has it) now they have to come out and patch a huge number of holes. Nice to see them come down off their high horse. But I'm sure in the end it'll all be Microsofts fault anyway, just like the iPods that shipped with virii, blame Microsoft.


No no no, you've got it all wrong. Apple has been patching stuff for years -- no question. Security Update 2006-03 in May 2006 patched 25 vulnerabilities, Security Update 2005-05 in May 2005 patched 20, and go back further and you'll find more of the same. Software will have holes.

What the Mac/PC ad gets at is VIRUSES -- specifically that Macs don't get any, because there are none to be had. (Yet.)

Many say that Mac OS X is inherently more secure because of its privileges setup, its firewall, and the lack of malware and virus problems that have plagued other operating systems, and I'd be inclined to agree. But there's no question that software will have holes. Meanwhile, it's fun riding the horse -- even if it is the imaginary one that at least makes us feel that we're cooler than you.



BDFL - Memuneh
60765 posts

Uber Geek
+1 received by user: 11655

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 64605 22-Mar-2007 07:11
Send private message

CrispinMullins: I say Apple Mac OS X is not *as* vulnerable, and I base this mainly on the economics of the hacker who wants to make as big a splash as possible, thus diving into the Windows pool. Reality has so far confirmed this -- no Mac OSX viruses have been found in the wild yet. (Yet.)


Wrong answer. You are mixing apples with oranges (no pun intended). Being vulnerable or not is not related to the impact of being vulnerable. Being vulnerable is an attribute of the software (in this case Mac OS X) and the impact is related to the number of machines affected. Just because the impact is low it doesn't make the OS less vulnerable.

CrispinMullins: Here's hoping Apple's quick work on patching these vulnerabilities continues.


Did you RTFA? They say that "Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist). ". It means denial. Time ticks during the denial stage.

Many say that Mac OS X is inherently more secure because of its privileges setup, its firewall, and the lack of malware and virus problems that have plagued other operating systems, and I'd be inclined to agree. But there's no question that software will have holes.


Here is something to think: vulnerabilities are patched by Apple, Microsoft and the Open Source community. So all software is inherently flawed. We know this. There's no denial since yourself listed a few security patches from Apple.

However most of the malware installed on a Windows-based PC is not installed silently, but because some dumb user was tricked into opening an attachment or downloading and installing an unknown file.

And this is the trick: the wekeast link in the security chain is the user. Social engineering is the easiest way to have anything installed. And even with some different privileges set by default on the OS, which will limit the ability of malware to cause havoc, there's still the possibility that malware are installed everyday and not the fault of the OS.

Blame the "security experts" who allow companies to run laptops in Administrator mode instead of restricting to User mode. Blame the developers who are stupid enough to require their software to run as Administrator because that's how they developed and tested without even thinking of having a second machine (or virtual machine) to test it as a normal user.

But people think it's much easier to say "it's a Windows problem" when it's more an education problem. And generalising as "Windows" withouth recognising that software flaws exist in all platforms is bad. Software flaws exist, but they may not be exploited because of the economics of impact you talked about before.

See my point? All software is flawed by definition because they are written by humans, with flawed logic, and susceptible to social engineering attacks.

The whole objective of my original post was to bring attention to this issue because people stillgo around like lemmings following the mantra "Linux is safer", "Apple Mac OS X is more secure". They are not. They restrict the users in different ways, but they are no safer than any other software.





128 posts

Master Geek


  Reply # 64609 22-Mar-2007 08:01

freitasm: Being vulnerable or not is not related to the impact of being vulnerable.


Of course it is. When was the last time you went to the doctor to immunize yourself against a disease that doesn't exist? I'm sure we'd love to be 100% protected against everything all the time, but because that is entirely impractical, we need to realign our goals.

Did you RTFA? They say that "Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist). ". It means denial. Time ticks during the denial stage.


Apple did a poor job of dealing with Maynor and Ellch, and I'm sure we're not privy to the reasons why. However, we're talking about a month, and we're talking about a vulnerability to users with third-party drivers on their Mac. How many third-party drivers do you have on your Mac?
 
Here is something to think: vulnerabilities are patched by Apple,
Microsoft and the Open Source community. So all software is inherently
flawed. We know this. There's no denial since yourself listed a few
security patches from Apple.


Agreed!

But people think it's much easier to say "it's a Windows problem" when it's more an education problem. And generalising as "Windows" withouth recognising that software flaws exist in all platforms is bad. Software flaws exist, but they may not be exploited because of the economics of impact you talked about before.


To be frank, I see it as being a Windows problem until it actually affects Mac OS X users. When it does, it will become a Mac OS X problem. Call me a denier, a fool, whatever, but the reality is that these are issues that I as a Mac user simply don't have. (Yet.) Again, why educate against something that doesn't exist?

Computer security companies all over the world keep trying to plug their names in reports announcing the discovery of theoretical hacks against Mac OS X in the interest of making as much money as possible if and when a flood of whatever hits. But not one of them has ever reported finding a virus or piece of malware circulating.

The whole objective of my original post was to bring attention to this issue because people stillgo around like lemmings following the mantra "Linux is safer", "Apple Mac OS X is more secure". They are not. They restrict the users in different ways, but they are no safer than any other software.


I respectfully disagree. For the reasons I have already mentioned, Linux and Mac OS X *are* safer -- at least for the time being. Depending on your mileage and requirements, you may even spring to calling them *safe*. What they are NOT is 100% safe.

 1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.