gelfling's Journal: Mac security comes from doing insecure things

Note: since I've been targetted by /. modbombers for banning and day by day my karma is being synthetically erased, I've decided to post everything here in duplicate as long as I'm permitted to post. When I'm no longer permitted to post then everything will go here. Until of course, /. admins decide to ban my IP outright. This has already happened to one of the places I commonly post from, but only after I complained to /. admins about being attacked here. That ID that I complained to them, from, has been banned permanently. Word to the wise: /. is rapidly turning into the darkest version of everything they claimed to hate.

I get regular security vulnerability email alerts all the time. Just today there was a long list of potential problems with 10 different flavors of Linux, HP-UX, Cisco, OS/400, Z/OS and of course Windows.

Now the issue is, how bad is that? And the other question is what is the cost - benefit of fixing it?

Many of the vulnerabilities in the alert I alluded have the potential to be serious enough to warrant your attention but this assumes that you already have NOTHING in place to protect yourself, that you've effectively not implemented any security infratrature whatsoever. The probability of this is quite low.

But - and this is the big issue with Windows, your exposures surface out of EVERY SINGLE ordinary everyday common task you employ the machine to do. It would be as if every Cisco vulnerability surfaced specifically and only when it routed packets and only because it routed packets.

Therein lies the difference.

In the Mac world, no one is seriously suggesting that their BSD based OS is defacto immune from problems. What they're arguing convincingly is that those problems when they arise will arise out of non common tasks and obscure problems that typically stem from operating your machines in a very nonstandard way to begin with. For instance the ordinary Mac user could, if they were motivated, run as root all day everyday. But why would they? That's a nonstandard operation mode. Moreover the common problems you do see in the Mac world won't ordinarily occur because of executing common tasks that ordinary users employ their machines to do. You won't see many vulnerabilities exploited the same way that simply using AOLIM or Limewire or reading a rich email or any of the other innumerable problems in Windows stems from.