How safe are apples?

JustPassingBy

PrinceGaz wrote: »

Most non-technical computer owners have heard about viruses, and know they are a bad thing. Most non-technical computer owners have NOT heard of trojans, so a non self-replicating key-logger, or downloader (which is usually pre-programmed to download and install other malware from a specific location, some of which may be true viruses) is best referred to as a virus, unless you're prepared to give them a mini-lecture on the various types of malware.

Many people find the range of financial products confusing and are unfamiliar with the terminology involved. But they do know saving is a good thing. How about making no distinction between ISAs, bonds, share investments etc and lumping them all together under saving plans? I can see that going down well in another place.

I would say that everything a technical person considers as malware, is best related to non-technical people as a virus, as they will know that is a bad thing and something to avoid ever letting onto their machine in future. Viruses and trojans tend to come from similar sources after all, so if you get one, you are likely to end up with the other sooner or later (even if the trojan doesn't download a virus itself).

The PC World adverts on TV take that approach. Surely non-technical (whatever that means) people can think for themselves?

Brian.

JustPassingBy

Omertron wrote: »

In the OP, the exploit used was a 0 day attack possibly (due to the non-disclosure agreement, we won't know for sure) via Safari on a fully patched system. User interaction was required to click on or visit a website with the exploit code on it.
The risk was minimised by "good engineering design" (I won't debate that here), but the weakest link in the chain still would click on the "See the new MacBook Fire* here" link in a forum or spam email.
* Fictional product name for illustration purposes only.

I'll just expand on the remark you quoted: Vista is shipped with UAC. I am not familiar with it but presumably all sorts of nice things which enhance the security of a machine are provided. If a user turns them off and dispenses with them entirely she can hardly claim Vista is insecure. That's what I meant by interaction in the context it was used.

To return to your point: the interaction here is not one which is intended to alter the status of the system. It is conducted as a part of its normal use. Unfortunately, clicking on a particular link exposed the application to an exploit. There is no way to guard against an unknown vulnerability. Let's assume it was a very serious one. What you want is for it to be fixed and the now secure application distributed, preferably within hours.

At the Pwn2Own event the Vista machine has succumbed. Does that make it the second most secure OS in the world? (That's rhetorical).

Uffe Seerup has an interesting comment at

http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/comments/

Here's the assumption that perhaps needs to be validated:
Are Mac users less bothered about security because they believe they run a more secure OS and/or because they run an OS with a smaller market share and therefore are less targeted?

If a [Mac] user believes they are safe from attack because of either of the two options above it will make them an easier target for malware (of whatever definition) as their market share increases.

An analogous comparison might be on Windows machines and IE / Firefox / Opera. Originally there were few exploits available for Firefox because their market share was so low it was not economically viable for hackers to exploit it.
Now that the market share of Firefox is increasing the number of exploits taking advantage of flaws is greater (I'm not getting into the safer because it's open source and patched quicker).

So if a user thinks they are secure, why should they patch their systems / software to keep it secure? If you believe you're safe (because you are told so by the media and other techies) wouldn't you just update when you can be bothered?

That would be very unwise. Updating is the only way to be safe from software exploits, irrespective of what market share is or the extent of the targeting. And if you do not update you gradually transform your basically secure system into one which is insecure. As to what to believe: scepticism and thinking for yourself take you a long way.

I run several home windows machines and make sure that the firewalls, virus checkers and anti-spam are all update date and working. With two teenagers who will visit all sorts of undesirable sites we have yet to contract a virus or malware.

That's fine. It's what you are supposed to do with Windows machines. If you were using Linux boxes I'd suggest not bothering with virus checkers and, unless you have particular requirements to control outgoing traffic, dispensing with the firewall.

Brian.

isofa

The usual baiting Mac vs PC thread :whistle:

In my experience which spans almost the entire product lifetime of the Macintosh platform and PCs since early versions of DOS, both up to current OS versions today - I've never once experienced a virus on a Mac, and I've had about 10 in the past 15-20 years on PCs.

I use both platforms, daily, in personal and large office and corporate environments.

However if you visit insecure sites, download dodgy attachments and run the content, then unless you have a very good preventative virus utility, you'll put yourself at risk. The user is always the key risk element.

The only viruses on PCs I've "contracted" were from floppies in the old days, and from very occasional odd e-mails, nothing actually became infected, the virus scanners doing their job. Last I had was a few months ago, instantly weeded out by the virus scanner.

As for Vista's UAC - it's a joke, a poor insecure implementation, it should have been cast iron strong, with total insistence for driver and other item signing IMO - which no doubt the initial idea was - with the majority of users actually switching it off to avoid the alerts, it's as good as useless. The Unix kernal of the Mac does make this side more secure IMO, any installations prompt the requirement of the Admin username/password.

PrinceGaz

Whilst you may not have experienced a virus on a Mac, that doesn't make them safe.

It couldn't really have come at a better time given this thread, but at a recent black-hat hackers' conference, an Apple running Mac OS X faired far worse than a PC running Vista SP1 in every attempt to hack it, which did very well but not so well as the PC running the Ubuntu linux distro which survived intact.

http://www.eweek.com/c/a/Security/Bad-Security-Week-For-Apple/

That's probably not such a surprising result. Linux has very solid foundations which are very difficult to breach with user-mode software. Microsoft have made major improvements in security and the usability of UAC in Vista SP1 such that it is pretty solid and there is no longer any reason to turn it off (it works much more in the background). Meanwhile Apple have many unfixed flaws in their OS X applications which can be used as an attack vector. Apple have become complacent, whilst Microsoft are learning from past mistakes. It will be a long time before either can match the inherent security of Unix/Linux though.

superscaper

alexjohnson wrote: »

But we all know the real point of these discussions: jealousy. Sure I'm baiting but there is a germ of truth - the PC people obviously can't bear our superior user experience, the lovely award-winning design of the products we use, and that most of us are so happy most of the time that like religious nutcases we can't stop telling people about it. Not for us hideous cheap plastic boxes almost indistinguishable from the polystyrene boxes they came in. Not for us an operating system with the aesthetic sensibility of a 1980's graphic equalizer with even more flashing things. Not for us endless crapware free trials and the aforementioned security software acting like a speed camera on your PC's potential. No, not content with being happy that they may have paid less or played more games, they seem to need us actually to suffer too. We Forgive You. :A

Rather a false dichotomy. I don't believe Windows PCs are the only types of computers in existence in addition to Macs. I didn't learn my computing or programming on a Windows PC and neither was it a Mac. Why is it any thread that's negative of Macs in any way is assumed to be pro Wintel? Or that the idea of someone using both a Mac and a PC is impossible? I admit Apple are good at marketing but don't think for one second that they've done that much that's innovative or been the progenitors of the hardware and software technologies they use. All computer manufacturers and operating systems steal ideas off each other and Apple is no different. There's very little they came up with themselves, same can be said of Microsoft but it's funny that everything a staunch Apple supporter (I'm avoiding the use of fanboy) can only concentrate on comparisons with Windows and PCs.

As for jealousy, personally I've not had a "beige box" in about a decade. And operating systems, there are plenty that have been years ahead of Apple and Windows. I mean how many years was it before Apple decided to add the Dock? It seems arguments can only be made on the assumption that if you don't use an Apple or you make a criticism of them you must solely be a Windows PC user.

Blacksheep1979

hmmm and yet more people who seem to side on the fact that apples will probably sooner than later start to suffer major issues

http://www.theregister.co.uk/2008/03/31/apple_security_response_pants/

PrinceGaz

alexjohnson wrote: »

First the link: you do realise that this is the same story that the OP linked to, right?

It was a story covering the same conference, but unlike the original, the one I linked to showed the end results after the hackers had been attempting to break into the various computers.

The Mac succumbed first, quite early on the first day because of a vulnerability in its bundled Safari web-browser. Vista SP1 survived far longer than most people expected, much longer than the Mac, and only succumbed to a complex attack which targetted third-party products (in this case Adobe Flash itself using another third-party install). The PC running Ubuntu was not breached at all throughout the entire event despite US$10,000 being up for grabs for whoever did so first.

You should read the report I linked to in full before assuming it was just a repeat of the original one. The one I linked to gave the final results of what happened, not just the first results. Just because you don't like what it says can't change the truth. Linux distros are pretty solid because of their UNIX foundation, Vista is pretty good these days, and Apple are becoming complacent and leaving issues unfixed for far too long.

BillScarab

Well my ST is better than your Amiga.

Ooops wrong argument, if people like Macs good luck to them. They are currently 'safer' but then I've never actually been infected with any PC malware in all the years I've been using them and PCs do what I want very well.

Why do Mac owners always trot out the 'sexy' desgin of their Macs as being so great? It's a computer! I couldn't really care less what my PC case looks like as long as it allows plenty of airflow and plenty of room in it. It's just sitting under the desk, I can see why it might be nice to have a nicely designed monitor though. Having said that there are plenty of good looking cases available now anyway and a huge number of vile ones.

Isofa is rtight though if you compare Macs with similar spec PCs there is little price difference nowadays. But then all they are now is PC's in a pretty box with a different OS.

unrich

So whilst we wait for major problems to occur on OSX for real, ...
...and for all the expertise developed for securing windows to be ported to OSX ...

... we can assume that Apples are safer than MS windows OSs.

QED Apples are pretty safe.

Stephen_Leak

"Apples? They're f*cking lethal, they are". Isaac Newton, 1666.