Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Does Sophos' Switch Argument Hold Water?

timothy posted more than 8 years ago | from the 40-lashes-with-a-willow-switch-story dept.

249

Wednesday's press-release-borne message from security firm Sophos that the best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X drew more than 500 comments; read on for the Backslash summary of the conversation.

Several readers pointed suspicious fingers at Sophos' motive for issuing the message in the first place; no one can call a company whose products are meant to offer "protection from viruses, Trojans, worms, spyware and spam" a disinterested party in evaluating OSes. Techguy666, for instance, writes "We use Sophos at our workplace. I also use other antivirus and antispyware — often to clean up the crap that Sophos doesn't find. Speaking as someone who's familiar with Sophos, I think it's curious that Sophos is telling home users to consider buying Macs. Go to Sophos' website and try to find a home user product ... They don't seem to promote any. If I were a conspiracy theorist, I would think this is a warning shot aimed at Microsoft because of MS's sudden focus on security, to the detriment of companies such as Sophos; send Microsoft's small clientele to the enemy &mdash it's no skin off of Sophos' corporate nose. ... They're talking to an audience that they don't serve or interact with."

(To this, an anonymous reader writes "Sophos has a number of fat contracts with institutes of higher learning, like mine. Every student has access to a fully licensed copy of Sophos if they so choose — available for Windows 98-XP, Linux, and OS X.")

A subtler gripe comes from Kope, who calls the metrics used by Sophos "misleading," and writes that "[s]aying that the most common malware only effects Windows, therefore Macs are more secure is simply bad reasoning. ... I'm sure that 'out of the box' Macs are better. But it's not 'out of the box' that I care about. My concern is level of security during actual operation. I have no problem believing that Macs are more resistant to malware, but this measure doesn't show that to necessarily be the case."

ZachPruckowski agrees that Sophos's claim is based on a "dumb study," but not that there's an easy line to draw between out-of-box and long-term use: "For 75 percent of the world, 'out-of-the-box' == 'during actual operation.' It's those people who get infected by malware. Don't expect users to do any extra work beyond going straight to Office or IE or their email app. Thus, 'out-of-the-box' is a pretty important state."

Whatever the company's reason for issuing what many Slashdot readers would consider the farthest thing from a discovery, no reader's comments seemed to cast doubt on the conventional wisdom that Mac users are at present far safer from malware than are typical Windows users — the reasons behind that situation, though, are hotly contested. One version of the story is that OS X, by dint of its design (including UNIX-style multi-user orientation and compartmentalization generally) simply can't help being more resistant to viruses and spyware; Windows intentional integration of operating system components has let security flaws in one small part of the operating system (such as Internet Explorer or Outlook) become flaws in all the others, too.

Reader cwgmpls, for instance, doesn't buy the argument that OS X is safe only because it's more obscure than are the various versions of Windows.

"Even if OS X is only 5% of all PCs in the world, surely there are a good number of hackers out there who would love to release an OS X virus into the wild, just to prove it can be done. Besides, the total number of OS X installs today is certainly greater than the total number of Windows installs that existed at the time the first Windows virus was released.

Most hackers don't need a huge number of installs to stroke their ego. The opportunity to prove that OS X is just as vulnerable as Windows should be more than enough to motivate someone to release an OS X virus into the wild. Yet no one has done it.

There must be more at work here than OS X's small market share. OS X must be inherently more secure than Windows to not have a virus in the wild six years after its release. Certainly there are enough hackers out there who would love to show their prowess by writing an OS X virus, even for the relatively small number of OS X installs that exist; but nobody has been able to do it yet."

Several readers assert that the real reason has little to do with the hardware or the software used by the rival camps, and is mostly an issue of user education and sophistication. Typifying this argument is reader WombatControl's (unsurprisingly contested) conclusion that "the Mac userbase tends to be a lot more savvy than the Windows userbase." His argument, in short:

"I'd hazard a guess that the vast majority of Windows malware comes not from the inherent insecurity of the Windows platform but from users doing dumb things. Someone who installs some stupid little weather applet and gets infected with spyware got infected not because of a flaw in the system, but because they didn't bother to determine whether or not the source of their software was credible or not. Even if they got a prompt like Vista and OS X present they'll still authorize the program. There's no patch that can be applied to a system to prevent stupid users from mucking it up. ...

Macs are more secure because Mac users have a much tougher stance towards crapware. Mac users tend to be much more technically proficient than the average. If that "zero-tolerance" policy changes, I'm not so sure we'll see an increase in the amount of malware targeting Macs.

OS X does a great job of providing technical barriers against malware, but nothing can prevent malware that uses social engineering to do its work. Mac users are safer because they choose to be - but if you get a group of users who have no awareness of security and will blindly execute anything they come across, even if the system specifically tells them not to, that could change very quickly."

Several Windows users agreed with the thrust of this argument — namely, that no system is truly safe from a determined, malicious attacker unless users (or their trustworthy proxies) head off not just automated attacks, but social-engineering tricks that really have little to do with the OS a user is interacting with. Their approach is based on heading off malware.

Readers like snwod (a sometimes user of Mac, Linux, and Windows) offered a level-headed synopsis of this approach: "I run a good firewall/anti-virus combo along with using Ad-aware and the rest. I don't click on banner adds and I don't install strange pop-up programs. Pretty simple really." Result? "[I] haven't had a virus or malware problem in years."

To this line of reasoning, though, aphor says "My grandma's Mac isn't infected, and she clicks on everything! I'm calling bullshit. Please produce the infected Mac. One synthetic test does not make a real-world case. I run the system updater on my grandma's Mac about 3-4 times a year. That's probably 1/10th (liberal estimate) of the exposed vulnerability that a [Windows] box has."

Even if sophisticated trickery might fool any user, Savage-Rabbit thinks avoiding mechanically the more widespread script-kiddy attacks is nothing to sneeze at: "I bet there still is a fair number of Windows users who envy the Mac zealots for not having to waste their time pruning Norton/Panda/Macaffee/etc... anti-malware suites with monotonous regularity never mind the endless nag screens these anti-malware suites throw at you."

The status quo has a way of not staying that way in the long term, though, and reader spyrochaete contributed one of the several (and sane) cautions against hubris on the part of OS X users, though the same logic applies to Linux and other systems whose security may be real and considerable but is grounded in part on being a smaller target for online vandals and thieves than is Windows. As he writes, "They said the same thing about Firefox, but that's starting to change. Mozilla is fixing holes all the time and I'm starting to see ads that get through Adblock (stupid Mediaplex). This is just an article about security through obscurity — the best kind of security according to too many Apple fans I've talked to. ... Faith in obscurity means you'll be totally unprepared when disaster strikes."

Amen!


Thanks to all who took part in the discussion, especially those readers quoted above.

cancel ×

249 comments

Sorry! There are no comments related to the filter you selected.

Oh. (-1, Offtopic)

anti-human 1 (911677) | more than 8 years ago | (#15670921)

Umm, I read the Comments in the original story... Thanks though.

Re:Oh. (2, Insightful)

jasonwc (939262) | more than 8 years ago | (#15671003)

Very interesting synopsis of the arguments presented without BS. It's definitely worth a read.

One thing does hold water... (0, Flamebait)

AssCork (769414) | more than 8 years ago | (#15671152)

...My Ass - I'm currently up to 3 gallons and counting!

Re:Oh. (0)

Anonymous Coward | more than 8 years ago | (#15671453)

Apparently this is some sort of "Publicity stunt".

I hear these "Publicity stunts" are used to provide the company with free press and thereby they increase sales.

Slashdot now run by pointy-headed managers (5, Funny)

Anonymous Coward | more than 8 years ago | (#15670933)

This story-about-a-slashdot-story idea must have come from 'management'. Soon to be featured in Dilbert.

Re:Slashdot now run by pointy-headed managers (2, Funny)

Anonymous Coward | more than 8 years ago | (#15670970)

There's a story-about-a-slashdot-comment idea [seenonslash.com] that came from fans and not management.

No, it's better than that (0, Redundant)

rsilvergun (571051) | more than 8 years ago | (#15671229)

if we can do a /. story about a /. story, then next thing we'll have a /. story about the /. story about the /. story. From there it's just one small step to perpertual motion, clean energy and breaking the lightspeed barrier! Excelsior!

Re:No, it's better than that (1)

Chysn (898420) | more than 8 years ago | (#15671543)

Nobody can accuse us of not being in an echo chamber!

An echo chamber!

An echo chamber!

Re:No, it's better than that (1)

Kehvarl (812337) | more than 8 years ago | (#15671593)

I'm just waiting for the /. story about /. having stories about /. stories.

Re:Slashdot now run by pointy-headed managers (0)

Anonymous Coward | more than 8 years ago | (#15671604)

In a not so distant future, Slashdot will not need any news as they will only promote /. news about /. stories which relate to each others.

Captcha: Unions

Out of the box is one thing (4, Informative)

Saven Marek (739395) | more than 8 years ago | (#15670936)

Out of the box may be one thing, but continuing use is something else.

Don't let anyone tell you macs have no malware, it's just not true. from Renepo the rootkit, to php worms that send out spam infecting message boards, to word macro viruses to the recent oompaloompa, they affect macs as badly as they can affect windows.

One thing that tells mac users they have fewer viruses is poor antivirus software. A friend of mine works in a mac shop and often people will come in with bizarre problems with their macs. No networking working, slow networking, random crashes, won't wake properly from sleep. Scanning with an antivirus package shows no viruses, yet a software reinstall fresh from scratch fixes many of those problems. What does that tell you caused the problems? Some malware running on the machine is what.

When mac software gets up to scratch in detecting the worms that are out there for macs, that is the only time people will get the truth about maleware infections. Sophos need to get off their ass and make something more worthwhile for macs and then we'll see who goes saying what about security.

Piss off moderators. (3, Interesting)

Anonymous Coward | more than 8 years ago | (#15671031)

Goddammit moderators, it's this kind of moderating that makes the problem worse. I run a mac house, and word macro viruses are the bane of my existence. Word is absolutely ESSENTIAL to our business, and currently no mac antivirus software properly rids a mac of word macro viruses, fullstop. We've been through them all, and over & over we end up with client documents coming in, infecting other client documents, leaving us sending out infected files.

It's not a nothing problem you can just sweep under the carpet with a quick moderation, people, it's going to come up and bite you in the ass, and bite HARD.

Don't be ignorant shits.

* swearing included so you can have a reason to mod me down. bah.

Re:Piss off moderators. (0)

vertinox (846076) | more than 8 years ago | (#15671681)

Um... First of all you could have your Word security settings set to High if you don't trust you users to do the right thing or Medium if you trust your users to do the right thing. Secondly, you could have an email scanner program that cleans word viruses as they come in

And lastly... Ever think about using Apple's office products instead of MS word? ;) I know I sort of jest but MS put such as piss poor job into their office products for the mac, they might as well not have made them.

Heck even Open Office is a bit better than Office 2004.

Re:Out of the box is one thing (-1)

Anonymous Coward | more than 8 years ago | (#15671630)

Ahahaahahhahaah look at all the neckbearded cheeto dust covered fanboys vote down an anti-mac point of view even when its true.
Isnt it about time you realise your life isnt worth living because you chose the wrong OS?
No one will care when you are gone much like your OS.

news? (4, Insightful)

Bakadan (987312) | more than 8 years ago | (#15670969)

This isn't news. It's just pulp to get people riled up and screaming. Besides, it's nothing we haven't seen before.

Re:news? (4, Funny)

garcia (6573) | more than 8 years ago | (#15671045)

Besides, it's nothing we haven't seen before.

Oh come on now. It's not like this exact story and many of the comments were just posted earlier this week or anything.

Dude... WHO CARES!!! (1)

Savage-Rabbit (308260) | more than 8 years ago | (#15671499)

Oh come on now. It's not like this exact story and many of the comments were just posted earlier this week or anything.

Begun the flamewars have! I hope you remembered to charge your lightsaber... here comes the Microsoft droid army and they are pissed!!

Re:news? (2, Funny)

eclectro (227083) | more than 8 years ago | (#15671156)

It's just pulp to get people riled up and screaming.

It's not pulp, but small reusable pellets. Remember that slashdot is green.

Spyware and spam will remain (2, Insightful)

LiquidCoooled (634315) | more than 8 years ago | (#15670971)

No matter what OS exists.

I believe the anti virus firms are doing normal users a service by keeping lists of known bad software and preventing its spread.
That software might come in from an exploitable hole in the OS or it can come just as easily by invitation through the front door because the user believed the catch line.

3 simple words: i love you have been enough in the past, what will it take in future...

Spyware and spam will NOT remain to be problems (0)

Anonymous Coward | more than 8 years ago | (#15671073)

They may continue to exist, but Spyware and Spam do not have to be harmful, though, with the appropriate OS features.


With a reasonably sandboxed (virtual machine / chrooted jail / or simply separate unix account) environment for a web browser opening even the most malicious executable file could at most destroy your sandbox and mess up your browser.


I've long read all my porn & spam this way - under a separate user who doesn't have permissions to see any of my data that I don't explicitly copy to a /share directory.
Sure, I still see some spam and viruses; but they can't do any harm to my system nor access any private data.

Re:Spyware and spam will NOT remain to be problems (2, Insightful)

WilliamSChips (793741) | more than 8 years ago | (#15671207)

Unfortunately, we don't have capabilities yet. Capabilities would allow everything to be sandboxed like that for free performance-wise, and you would see "Do you want ZOMG_TEH_EVIL_VIRUS to be able to see your address book?" and "Do you want ZOMG_TEH_EVIL_VIRUS to connect to your email account?"

Re:Spyware and spam will remain (1)

Spy der Mann (805235) | more than 8 years ago | (#15671081)

...because the user believed the catch line.

3 simple words: i love you have been enough in the past

So THAT's why slashdot users' machines are so secure... They would never believe such a catch line!

Re:Spyware and spam will remain (2, Interesting)

varmittang (849469) | more than 8 years ago | (#15671145)

Spyware and Spam would be a maybe, but so far the Mac or Linux/*nix computers don't have any, only Windows. And what happens is a computer gets infected with malware/spyware, and then it becomes a spam bot. But if a computer can be made safe from getting malware first, which again Mac and Linux/*nix are, then spam operators wont have any spam bots, and hopefully we can then track down the sources of spam a lot easier to the server of the spammer. And yes, there are stupid users, my parents are a couple of them. But hey, got them a Mac and didn't need to worry after that. Hell, I came home from school one weekend and my dad was telling me he had trouble opening an attachment. I laughed because it was a virus and he couldn't get it to work after getting it in an email. He has become smarter about it but he sometimes just wants to click away.

Re:Spyware and spam will remain (1)

penix1 (722987) | more than 8 years ago | (#15671465)

Umm....You didn't pay attention to this part...

"Faith in obscurity means you'll be totally unprepared when disaster strikes."

Your post indicates that you think there will never be an attack on a Mac box. Never is a very long time you know.

"-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----"

Damn....Remind me to change the combination on my luggage!

B.

I would but... (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15670982)

I'm a SQL Server DBA.

My parents would but they do not like change. They had enough issues upgrading from Windows 98 to Windows XP.

My brother would but he plays WoW and he is not texh savy to get OSX to run on his PC.

Re:I would but... (2, Insightful)

47Ronin (39566) | more than 8 years ago | (#15671391)

I'm a SQL Server DBA.
Install the free Aqua Data Studio database admin tool. [aquafold.com]

My parents would but they do not like change. They had enough issues upgrading from Windows 98 to Windows XP.
This is more a matter of social engineering. Some people fear change, while other are taught only applications, not resourceful thinking.

My brother would but he plays WoW and he is not texh savy to get OSX to run on his PC.
Take the same WOW cds and put into your Mac. Double-click the install icon. Did you forget that WOW (and pretty much every Blizzard title) is cross-platform? ... enjoy!

Well grandma... (4, Insightful)

dedazo (737510) | more than 8 years ago | (#15670987)

aphor's "Grandma" needs another 150 million or so people to join her in order for someone to develop an interest in creating malware for her operating system. Then it's all just a friendly "Please provide your root password" dialog away.

Is OS X's attack surface smaller than Windows? Sure it is. Is it impervious to user stupidity? Absolutely not. No operating system is. Linux and OS X will probably eventually get there, and the complain we'll be hearing instead of M$ is teh fuxxorz will be well, what do you expect? users are stupid!!.

Just wait, and you'll get there eventually.

[This post is brought to you courtesy of the 300 million absolutely clueless Windows users who think it's OK to run executables in password-protected ZIP files that arrive in their inboxes with lead-ins such as "hello, teh info yuo requesteded is in the attachments". We can't wait for you to take them away]

Re:Well grandma... (4, Insightful)

rjstanford (69735) | more than 8 years ago | (#15671070)

Disclaimer: I use Windows/UNIX/OSX. I like OSX, but even with IE7 on Windows I haven't been infected. So...

Then it's all just a friendly "Please provide your root password" dialog away.

Hmm. I just realized that this is a potential problem -- a major potential problem -- with the OSX and now Vista (and, I believe, some Linux) GUI security paradigms. We're training people to be ready to enter their administrator passwords whenever they're prompted to. And Ma & Pa User won't know when this is a good thing. Especially when badly behaved programs like Adobe's suite raise dialog after dialog during updating. What's to stop EvilSoftCo from creating a program that, during its first-time startup, just creates a dialog box that matches the standard one, and gathers your password?

Hmm. Not great, methinks. Although surely someone must have thought of this already...

Re:Well grandma... (1)

Knuckles (8964) | more than 8 years ago | (#15671272)

We're training people to be ready to enter their administrator passwords whenever they're prompted to

I can only speak for Ubuntu, which is the most significant Linux Distro that does this, and IIRC I am only prompted after I actively clicked on an entry in the Administration menu.

Re:Well grandma... (2, Insightful)

forkazoo (138186) | more than 8 years ago | (#15671351)

Hmm. I just realized that this is a potential problem -- a major potential problem -- with the OSX and now Vista (and, I believe, some Linux) GUI security paradigms. We're training people to be ready to enter their administrator passwords whenever they're prompted to. And Ma & Pa User won't know when this is a good thing. Especially when badly behaved programs like Adobe's suite raise dialog after dialog during updating. What's to stop EvilSoftCo from creating a program that, during its first-time startup, just creates a dialog box that matches the standard one, and gathers your password?
Bah, you think too hard. Take a screenshot of the Vista authentication dialog box, and put it as a form on a website. Most users wouldn't even realise it isn't a real window. No need to go to the bother of having them download a binary. Then, just install whatever you want remotely.

Re:Well grandma... (1)

Todd Knarr (15451) | more than 8 years ago | (#15671460)

Nope. On modern GUIs you only get prompted for the admin password when you directly try to perform an administrative task. If I click on the printer management item in the administration menu, I expect to be asked for the root password. On the other hand, if I try to run a game I do not expect to be asked for the root password and I'm going to be alarmed if that dialog pops up. Thus my advice to people running various Linux distros or OSX with this facility: if you don't know that what you just tried to do requires admin privileges, the correct button is the one labelled "Cancel". The times this advice is wrong are rare indeed.

Re:Well grandma... (0)

Anonymous Coward | more than 8 years ago | (#15671523)

Again, easier said than done. The point is that the general populace will enter their info whenever prompted. It won't be in their head "This prompt appeared when I clicked this random thing I wanted to do... is it trying to trick me?", it will be "I'm trying to do this task. This prompt appeared. I must need to provide it info so I can do the task I want to do NOW."

Re:Well grandma... (1)

dedazo (737510) | more than 8 years ago | (#15671528)

Thus my advice to people running various Linux distros or OSX with this facility: if you don't know that what you just tried to do requires admin privileges, the correct button is the one labelled "Cancel". The times this advice is wrong are rare indeed.
I don't want to sound rude but you have absolutely no idea whatsoever how a typical user's mind works. They are alarmed at everything and they are not able to tell the difference between a "task" that requires admin access and one that doesn't. When in doubt they will click "OK" every time, because that's what they're accustomed to do to make messages go away as quickly as possible. If that involves typing a password then they will do that without hesitation as well.

Perhaps this is a result of problems with how UIs are designed, but all operating systems do it the same way anyway.

Certainly I'd like to say that the number of times someone has ignored my advice to never click something under certain circumstances are "rare", but of course that's not the case. The buttons on IE's ActiveX control installation warning dialog is the archetypal example of this problem.

Neither Linux nor OS X impregnate users with an extra 50 IQ points at boot time, no matter how much everyone wishes that were the case.

Re:Well grandma... (4, Insightful)

TheRaven64 (641858) | more than 8 years ago | (#15671506)

Microsoft are the only people who ever solved this problem sensibly, to my knowledge. On Windows NT, you were (I don't believe you are with XP, and it's an option with 2K) required to hit control-alt-delete before you entered your password. This key sequence sent a hardware interrupt which only something running in ring-0 (i.e. the OS) could catch. This meant that it was impossible to spoof the NT login box; as soon as the user hit control-alt-delete, control would be returned to the real login prompt (or a system dialog).

I proposed two years ago that Apple implement something similar. Create a special key combination that would be caught by the OS and passed to WindowServer, which would then spawn an alert if the app presenting the dialog was not authorised to. This is particularly useful for Keychain access, for example. I don't mind an IM program having access to my login details, but I do object to it having root access. When I install a new version of it, I have to enter my keychain password (which is my login password, by default) in a dialog box that (hopefully) the system presents, but I have no way of verifying that it is the Keychain subsystem that is going to get the password, not the application.

Re:Well grandma... (2, Insightful)

cyber-vandal (148830) | more than 8 years ago | (#15671283)

Reader cwgmpls, for instance, doesn't buy the argument that OS X is safe only because it's more obscure than are the various versions of Windows.
"Even if OS X is only 5% of all PCs in the world, surely there are a good number of hackers out there who would love to release an OS X virus into the wild, just to prove it can be done. Besides, the total number of OS X installs today is certainly greater than the total number of Windows installs that existed at the time the first Windows virus was released.

Most hackers don't need a huge number of installs to stroke their ego. The opportunity to prove that OS X is just as vulnerable as Windows should be more than enough to motivate someone to release an OS X virus into the wild. Yet no one has done it.


Re:Well grandma... (1)

dedazo (737510) | more than 8 years ago | (#15671359)

Most hackers don't need a huge number of installs to stroke their ego
Well, since cwgmpls said so I guess this must be absolutely true. Of course the problem with that truism is that is automatically makes OS X safer than Linux and *BSD.

Re:So? Grandma isn't my problem (1)

vertinox (846076) | more than 8 years ago | (#15671515)

Is OS X's attack surface smaller than Windows? Sure it is. Is it impervious to user stupidity? Absolutely not.

Again... Not my problem. Social engineering tricks are only the fault of the user and never the OS.

The point being is that it is very hard to hit you with invisible or automatic attacks with OS X.

Sure I might put in an admin password or run a fungame.app which clears out my user directory, but you know... That was my fault and I should hold the blame.

Other user's stupidity isn't my problem and if it becomes my problem (as in a relative keeps installing spyware by visiting porn sites) I would lock down everything on their machine, blacklist all their porn sites in the OS firewall, and say "here! can't get infected now!" (they might not like that answer, but again... not my problem if they can't educate themselves)

My problem and my responsiblity is to be educated about my boxes... Whether they are OS, WinXp, or Linux. If I do something stupid then I'm to blame, but if I plug up a fresh install of my box to the internet and it gets infected in 90 seconds then there is something horribly wrong with the OS that really needs to be fixed. Secondly, the OS needs to minimize damage of unintended and commonly don't activities.

To invisibly and automatically install spyware, rootkits, or viruses without any yes/no/put in your admin password is what made Windows so insecure. Heck, hit up the wrong site in a google search and you can get screwed. But with OS X at least I know if I type in my password or click "yes, run this program for the first time" it is completley my fault that I allowed the program to run.

That is why OS X is more secure than Windows.

Again... Social engineering of other people isn't my fault...

Re:So? Grandma isn't my problem (1)

dedazo (737510) | more than 8 years ago | (#15671561)

To invisibly and automatically install spyware, rootkits, or viruses without any yes/no/put in your admin password is what made Windows so insecure.
Please provide examples of this. I've been using Windows for more than 12 years and I've never had this happen to any of my boxes, and after all these years I've never had anyone I know ever be surrepticiously infected by anything that wasn't their fault. Also, if you will please dig up some statistics that prove that the vast majority of infected Windows boxes are in that state because of these types of mysterious events, as opposed to user intervention.

Other than that, you're right about social engineering.

The frustrating part... (2, Insightful)

AKAImBatman (238306) | more than 8 years ago | (#15670992)

...is that their argument would have held water if they had done a bit more work. i.e. Instead of saying, "the top 10 viruses only work on Windows", performing an analysis of what flaws were exploited would have been more useful. Then they could have claimed that, "based on the flaws exploited by the most dangerous viruses today, it seems that Mac users will remain more secure for the time being."

Re:The frustrating part... (1)

at_slashdot (674436) | more than 8 years ago | (#15671192)

Correction: "the top 100,000 viruses only work on Windows"

Yes to caution, no to being silly: you can get killed in a good neighborhood, however if someone suggests you move from let's say Harlem to Beverly Hills you don't come with "Beverly Hills could be unsafe too" argument.

Yes. (1)

Thaidog (235587) | more than 8 years ago | (#15671022)

There will always be security problems. At least your mind will be off them with all the promises of OS X.

Network effects (2, Insightful)

ThousandStars (556222) | more than 8 years ago | (#15671024)

I doubt Mac users are any better with computers. The more likely scenario is that it's just too hard to get a Mac virus going. If I wanted to, I could write a small program to completely overwrite a user's directory. But to get it from user to user, I'd have to use social engineering methods via e-mail or IM, and the majority of people in both mediums won't be using Macs. So even if five other people try to open Britney_Spears_naked.dmg, which will e-mail itself to everyone in their address book and then wipe their home directory, if none of those people use OS X the virus stops spreading.

Obviously it helps that there haven't been any worms on OS X, but in principle writing OS X viruses isn't technically difficult. Spreading them is.

In addition, Microsoft finally appears to be concerned about security, as demonstrated with XP2 and as will probably be demonstrated in Vista. So the security advantage of OS X is, I suspect, likely to dissipate over time. Still, I plan on using OS X for the foreseeable future.

Re:Network effects (2, Interesting)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#15671166)

Obviously it helps that there haven't been any worms on OS X, but in principle writing OS X viruses isn't technically difficult. Spreading them is.

This is true for all OS's. It is the propagation mechanism(s) that are the hard part. Most malware by infection number is not spread as trojans. Especially, most is not spread as trojans not disguised as data. With Windows, it is easier to disguise a program as data and it is easier to find a remote vulnerability to exploit. As you mentioned, it is also easier to find targets to propagate, but in this day and age of worms with many different propagation techniques built in, it would be easy to add another to attack macs as well as Windows machines, were such a vulnerability easy to find and exploit.

In addition, Microsoft finally appears to be concerned about security, as demonstrated with XP2 and as will probably be demonstrated in Vista.

There is a difference between "concerned" and doing what the hundreds of screaming security experts have been asking you to for ages. XP SP2 still runs RPC on a network port, even when it is a local service. It still runs the Web browser in privileged space. It still hides file extensions by default. Sure they've made a few improvements, but they are merely convenient, minor hacks. The main thing they ahve done is, the same as every other new OS release, announced that this time it is super-duper secure in every paper, interview, and industry rag they can in the hopes that some idiots will believe it this time too. It worked.

the security advantage of OS X is, I suspect, likely to dissipate over time.

That depends upon if Apple stands still on the security front (they don't have a big problem now so they might) or if they move forward and implement some of the new security technologies being pioneered in secure Linux variants, OpenBSD, and Solaris. MS is not quite standing still, but they are close and only grabbing fruit so low hanging it has been rotting on the ground for years. Apple is an unknown quantity.

Re:Network effects (1)

jltnol (827919) | more than 8 years ago | (#15671300)

wellll kinda' sorta' your right... but on OSX, EVERY user would have to click on Britney.....dmg, and open the file to have any affect. So even if I did open it, and it went to my 200 e-mail addresses, everone on my list would have to do open it for it to have any real effect. However, on XP, couldn't you EASILY write a script that bypasses the human engineering part and auto execute once it's received and read by the 200 users ? I don't buy the "Obscurity" arguement. With all the talk about OSX being virus free, I can't think of a BETTER target. Don't forget, script kiddies don't really want to do dmange, they just want the fame. How could you be more famous than to bring OSX down? No one has tried, because I doubt it can be done nearly as easily as on XP.

The reason for sex (3, Interesting)

Colin Smith (2679) | more than 8 years ago | (#15671416)

I'd have to use social engineering methods via e-mail or IM, and the majority of people in both mediums won't be using Macs.


There you go. The reason sex exist at all and why monocultures are dumb. Diversity and variation makes life very difficult for diseases.

In fact the security advantage of OSX isn't likely to dissipate all that much, a monoculture will always be more likely to spread diseases, all it takes is a single flaw and there are going to be plenty of flaws in millions of lines of code.

 

I switched (0, Offtopic)

Umbral Blot (737704) | more than 8 years ago | (#15671032)

I recently switched to mac OSX, partly because my windows machine finally gave up the ghost. I have to admit that the mac is much smoother than windows, and it's nice to not have to worry about maleware and run and anti-virus constantly. However in my experiance OSX is a little less stable than XP, my mac system crashes or locks up about every other week, while windows crashed on me about once every 4 months. Maybe I'm doing something wrong. Its also a pain in the arse to have to re-learn everything, for example I still can't figure out how to get an equation to pretty print to a jpg on a mac.

Re:I switched (2, Informative)

larkost (79011) | more than 8 years ago | (#15671133)

On the last you might want to look into PDF Equation [metaquark.de] . If you then need it in jpeg (or PNG) format, then Preview.app can help you out with that.

And a crash a week is too much. You probably have something gone wrong there.. like bad memory or a peripheral that is not happy.

Re:I switched (1)

aibrahim (59031) | more than 8 years ago | (#15671273)

You may also want to know that if all you want is a jpg, OS X has a built in screen grabber. You can find it under the services menu in your application menu. Also Shift+Command+4 gives you a crosshair cursor you can use to select a screen region for immediate capture.

Re:I switched (1)

forkazoo (138186) | more than 8 years ago | (#15671324)

I recently switched to mac OSX, partly because my windows machine finally gave up the ghost. I have to admit that the mac is much smoother than windows, and it's nice to not have to worry about maleware and run and anti-virus constantly. However in my experiance OSX is a little less stable than XP, my mac system crashes or locks up about every other week, while windows crashed on me about once every 4 months. Maybe I'm doing something wrong. Its also a pain in the arse to have to re-learn everything, for example I still can't figure out how to get an equation to pretty print to a jpg on a mac.
It's entirely possible that your particular usage pattern is tickling a particular bug in OS-X, but you may also have some sort of a hardware issue. OS-X shouldn't be any less stable than XP. My OS-X boxes actually stay up longer than my XP box. (Though, that XP box also has some issues when under Linux, so I don't know that I can blame XP. My current hunch is overheating, probably related to the video card...) Anyhow, you may want to see if you have any hardware diagnostic disks or something to test your Mac. Especially the RAM. RAM makes annoying intermittent seemingly random crashes. And, it's easy to replace.

Re:I switched (1)

Akaihiryuu (786040) | more than 8 years ago | (#15671424)

Speaking of weird crashes...I have an XP machine at home (haven't put Gentoo on it yet, gotta get a second hard drive first, but that's beside the point. Anyway, I was having all kinds of random crashes on this machine since I upgraded from an Duron 750 to an Athlon XP 3200+. At first I figured CPU, but the CPU worked fine in another machine, and this machine worked fine with the other processor. Then I figured RAM...tried changing it, same problems. Then I figured video card, changed it...it helped but I still had random crashes. Got a new video card (Radeon X850XT), computer just about died...would only boot maybe 10% of the time. Windows wouldn't reinstall, it would get a fatal error at the exact same spot every time. I finally figured out what the problem was...the power supply! It was supposedly a 350W power supply, but when I swapped it with a new 410W, all the problems instantly vanished. It was apparently dying, and it was probably a cheap power supply to begin with (it came with the case).

Re:I switched (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15671358)

I still can't figure out how to get an equation to pretty print to a jpg on a mac.
The only thing more pathetic than a PC user is a PC user trying to be a Mac user. We have a name for you people: switcheurs.

There's a good reason for your vexation at the Mac's user interface: You don't speak its language. Remember that the Mac was designed by artists [atspace.com] , for artists [atspace.com] , be they poets [atspace.com] , musicians [atspace.com] , or avant-garde mathematicians [atspace.com] . A shiny new Mac can introduce your frathouse hovel to a modicum of good taste, but it can't make Mac users out of dweebs [atspace.com] and squares [atspace.com] like you.

So don't force what doesn't come naturally. You'll be much happier if you stick to an OS that matches your personality. And you'll be doing the rest of us a favor, too; you leave Macs to Mac users, and we'll leave beige to you.

Re:I switched (0)

Anonymous Coward | more than 8 years ago | (#15671386)

>my mac system crashes or locks up about every other week

that's not normal, you should have it checked.

Re:I switched (1)

EasyT (749945) | more than 8 years ago | (#15671403)

Maybe I'm doing something wrong. Its also a pain in the arse to have to re-learn everything, for example I still can't figure out how to get an equation to pretty print to a jpg on a mac.

To capture an equation as an image (or capture anything else on your screen as an image for that matter), here are a couple quick shortcuts. One way is to press "Cmnd+Shift+3". This will take a screen shot in .png format and place it on the desktop. Another way is to press "Cmnd+Shift+4". This will give you cursor crosshairs which you can use to drag a selection box for capturing a specific portion of the screen. This will also result in a .png placed on your desktop. If you really need your images in .jpg, you can open the .png files in Preview and then select Save As... and resave them as .jpgs.

Hopefully that will serve for your purposes. MacOS has a huge amount of non-obvious functionality. You can learn more by going into the Help Viewer and searching on Keyboard Shortcuts. Scroll down in the results until you get to the Support Articles and read "Mac OS X keyboard shortcuts". Very useful list for any Mac user.

on x86? (1)

pikine (771084) | more than 8 years ago | (#15671457)

Maybe I'm reading between the lines, but you didn't say you're switching to a Mac. Instead, you said your Windows machine gave up, and you switched to Mac OS X.

If you're using Mac OS X on a PC, you need to know that most (illegal) images you grab on the net has some sort of patch applied to it in order to make it install and run on non-Apple hardware. The patches do not come with any reliability guanratee.

Furthermore, the "original image" was most likely grabbed by Disk Utility on OS X, which results in a .dmg file. A third party program on Windows is used to convert .dmg to an .iso before patches are applied, so you can burn the resulting image under Windows. This conversion is error prone, probably more so than the patches themselves. Some people have had to try it a few times before they get a good "checksum."

Sometimes the "original image" came from a developer snapshot (DTK) rather than an official release. A developer snapshot is inherently unstable.

Considering all the disadvantages I mentioned above, if you're using Mac OS X on a non-Apple computer, you should not use this experience against Mac OS X itself.

Re:on x86? (1)

Umbral Blot (737704) | more than 8 years ago | (#15671473)

No I'm running on a powerbook G4. Give up the ghost = hardware broken.

Try memtest (1)

SuperKendall (25149) | more than 8 years ago | (#15671537)

You may want to try running the Memtest [memtestosx.org] application to see if you have faulty RAM.

Equation to jpg (2, Informative)

astrosmash (3561) | more than 8 years ago | (#15671590)

I still can't figure out how to get an equation to pretty print to a jpg on a mac

Create your equation in either Grapher.app or the Equation Editor tool that comes bundled with Appleworks. (Equation Editor is more powerful and flexible and has a certain classic charm, but it's very old and a little clunky. Grapher is newer and easier to use).

Select and copy the equation to the clipboard. Open Preview.app. Select File->New (or hit Cmd+N); this creates a new document containing the image in your clipboard. Select File->Save As (or Cmd+Shift+S) and save as the filetype of your choice.

You can also paste equation as PDF directly into TextEdit, or Pages, or OmniOutliner, or any other fine application.

Re:I switched (1)

tronbradia (961235) | more than 8 years ago | (#15671680)

My mac almost never crashes. Unfortunately, it was also built in 2003 and has a whopping 384MB of RAM, with the finest 18GB laptop hard drive 2003 had to offer. Also, I don't like to quit programs if I'll be coming back to them soon enough. So what happens to me constantly is that the computer pretends to die. If I try and paste the mouse's Chromosome 10 into Word, It will take a clean minute or two or three to start working again. The virtual memory sucks that much. When I get my new computer the first thing that's going in is 2 GB of RAM. But anyway, maybe that's your problem.

Fu34... (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15671036)

Like a hypodermic needle (0, Offtopic)

Quiberon (633716) | more than 8 years ago | (#15671061)

That broadband Internet cable, it's like a hypodermic needle. Used right and with the correct stuff in the syringe, it will enhance the quality of life. But you'd better hope that someone knows what they are doing !

Yeah... (0)

Anonymous Coward | more than 8 years ago | (#15671251)

...you better hope that nobody is filling your tubes full of Internets or you'll experience delays that'll last for days.

Re:Like a hypodermic needle (0)

Anonymous Coward | more than 8 years ago | (#15671278)

No it is like a tube... not a truck.

Maybe, but they're still right. (3, Insightful)

spykemail (983593) | more than 8 years ago | (#15671078)

Their motives were questionable. Their evidence was lacking. But they were right. No matter how much the Microsoft trolls talk the fact remains that there is far less malicious software for OS X, even if you take into account its relatively tiny market share. It's also more secure by design, no matter how many minor flaws they find they haven't even come close to what has been (and is currently) wrong with Windows.

I'm not really surprised that everyone supporting an illegal monopoly has been brainwashed, but it's still kind of sad.

No. really. . . (1, Insightful)

treeves (963993) | more than 8 years ago | (#15671080)

. . . the best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X. . .


the best way to avoid malware is (like abstinence is the best [most reliable] way to avoid pregnancy and STDs) is to stay off the internet completely and never install new software.

Re:No. really. . . (0)

Anonymous Coward | more than 8 years ago | (#15671340)

I say the best way to keep all those clueless schmo's from getting bombarded by spyware, malware, adware, etc... is to provide every one of them with an SELinux workstation without any root level capabilities.

Hold water? (1)

Rabbitgod (923989) | more than 8 years ago | (#15671085)

When is comes to MS and holding water I can't help but picture a screen mesh. But is OS/Unix any better? Lets face it one of the reason holes in MS are found so often is because their are a lot more people, from securty experts to lowly script kitties, looking for them. Would the world be a safer place if we all used OS/UNIT starting tomorrow? Yes it would, but only until the next wave of script kitties, black hats, and malware devs got back up to speed.

damn it slashdot... (0, Redundant)

WhitePanther5000 (766529) | more than 8 years ago | (#15671089)

Stop repeating yourself!

Dear Taco (-1, Troll)

Stalyn (662) | more than 8 years ago | (#15671093)

Look I think it's about time you just admit that slashdot has pretty much degraded from a news site to basically a bbs. Why not just have open threads and the like so we can troll each other to our hearts' content. Yes yes, I know there is trolltalk [slashdot.org] But ever since you and CowboyNeal started flooding it, it hasn't been the same. So either stop flooding trolltalk or give us open threads.

Best way to compute untroubled (1, Insightful)

ChrisGilliard (913445) | more than 8 years ago | (#15671120)

The best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X

Or in a more general sense: the best way to be safer from viruses is to use a platform that is not the mainstream one. Mac OS X is one example of something that could be used. Also, Linux, Free BSD, Solaris and various other platforms would work.

Cool (1)

lusotech (979700) | more than 8 years ago | (#15671123)

I already done it long time ago!

Why some OSes are more resistant (5, Insightful)

Todd Knarr (15451) | more than 8 years ago | (#15671143)

My thought is that there's three reasons Macs and *nixen have fewer viruses.

  • It's partly the lack of market share. That's offset to a large degree by the extra l33t points accruing to the guy who manages to release the first malware to get widespread penetration into those "invulnerable" systems.
  • It's partly user sophistication. Except that Macs are targeted at people who're even less sophisticated than Windows users, who don't want to deal with things like the problems added new hardware to a Windows system. You might be able to argue that a Linux or FreeBSD user's more likely to be a geek, but not a Mac user.
  • It's in large part inherent system design. The basic design point: the seperation between ordinary users and the administrative user (root). That seperation means that, even if you do get infected with malware, the malware can't spread into the system itself. It can't tie into system libraries, it can't have itself started at system startup, it can't disable system services (like the firewall or the malware scanner) and it can't hide itself from the administrative user. This provides a two-layer defense similar to the layout of a medieval castle: once the attackers break through the outer wall, they have to start all over again breaking through the defenses of the inner keep (while being stuck in the yard between the keep and the wall, easy prey for the defenders in the keep). Changes in market share and declining user sophistication won't have any effect on this aspect of things.

Re:Why some OSes are more resistant (2, Informative)

devjj (956776) | more than 8 years ago | (#15671348)

Umm.. no. Check out a lot of major tech conference, especially in OS and Rails circles. You would be surprised how many geeks use Macs. You'd be even more surprised to hear why. Hint: It's got nothing to do with malware.

Re:Why some OSes are more resistant (0)

Anonymous Coward | more than 8 years ago | (#15671396)

What's the matter? Can't deal with the fact that your beloved platform (even though it is a nice one) is still aimed at the less computer savvy audience?

And Rails? You should have probably brought up a better example than that overhyped retardware.

Re:Why some OSes are more resistant (1)

Oriumpor (446718) | more than 8 years ago | (#15671459)

It's in large part inherent system design. The basic design point: the seperation between ordinary users and the administrative user (root). That seperation means that, even if you do get infected with malware, the malware can't spread into the system itself. It can't tie into system libraries, it can't have itself started at system startup, it can't disable system services (like the firewall or the malware scanner) and it can't hide itself from the administrative user. This provides a two-layer defense similar to the layout of a medieval castle: once the attackers break through the outer wall, they have to start all over again breaking through the defenses of the inner keep (while being stuck in the yard between the keep and the wall, easy prey for the defenders in the keep). Changes in market share and declining user sophistication won't have any effect on this aspect of things.


Yes. Security in rings means doing things right on every layer. In past Microsoft has had to apply security to where things should have been secure to begin with. If UAC [microsoft.com] (aka gui sudo/runas)is enabled by default in vista with the default user a standard user their security planning *might* be pointed in the right direction.

In my experience (1)

Sycraft-fu (314770) | more than 8 years ago | (#15671564)

The type of attacks follow what the system is usde for and good at. Windows is most widely used as a desktop. Lots of clueless users that will exectue software without thinking. Ok, so target that way, send e-mail, ride on top of apps they want, etc. Come in via the front door since there's lots of software flowing in that way. Also Windows hasn't historicly had good remote administration built in and it's still not really the same level as UNIX (and is usually off by default on home machines).

UNIX systems are most widely used as servers. Generally you aren't installing new, random shit on your servers, you only put something on when you need it. However, servers do have lots of services listening, that's their job. So you go in through the back door, bugs in the services, instead. Because of the excellent remote access capabilities, it's easy tog et what you need done once you are in, just get a command line and you are golden, and they are useful to stage attacks from once you have control.

I certianly see that at work. We have got things pretty well locked down, but some groups (we are a university) insist on doing their own thing. The Windows boxes get owned by the user running something, either a virus e-mail or installing software with spyware. It's almost never a network exploit since they are all firewalled off on the system. Linux and OS-X systems get owned via network exploits. The users will do something stupid like run an FTP server with no passwords and write access (an OS-X box got owned like that receantly and was being used to do IRC attacks) or run an old version of Linux and not patch.

That's not to say there isn't crossover, but in general you are going to see attacks targeted at what you find the most and is the most useful. Writing Linux spyware wouldn't really get you much of anywhere. Not enough Linux desktops. Likewise you aren't likely to see scripts for exploiting the Microsoft telnet server because nobody ever turns it on, or indeed even knows about it.

Great Idea (0)

Anonymous Coward | more than 8 years ago | (#15671177)

Make stories from comments to other stories.

Please do it for all stories. Then I only need to read the follow up stories to get the best arguments from the discussion. It'll save me *hours*.

Oh sure, Mac OSX is more secure... (1, Flamebait)

rehtonAesoohC (954490) | more than 8 years ago | (#15671191)

... and then you plug in the network cable.

Re:Oh sure, Mac OSX is more secure... (1)

the_brobdingnagian (917699) | more than 8 years ago | (#15671308)

You mean....... there are hole in those shiny Macs?

Re:Oh sure, Mac OSX is more secure... (1)

dr_turgeon (469852) | more than 8 years ago | (#15671452)

... and then you plug in the network cable.
...then what? You continue to be more secure?

I don't get it. Some posts here still suggest that Windows doesn't have more than it's fair share of security problems. This is the OS equivalent of global-warning. First, ignore it. Second, officially deny it. Third, assert nothing can be done about it. Now, suggest the alternatives will amount to the same thing anyway. What next?

Stay with Windows, please.
These are not the droids you are looking for...

Yes but (1)

SuperKendall (25149) | more than 8 years ago | (#15671468)

Oh sure, Mac OSX is more secure...... and then you plug in the network cable.

Yes, at that point the Mac and Windows box are equally secure.

Then you turn both of them on...

Re:Oh sure, Mac OSX is more secure... (0)

Anonymous Coward | more than 8 years ago | (#15671591)

Nope. I port scanned my Mac out of the box. Number of open ports: 0.

I would have no trouble plugging a Mac into the net, unprotected, to download patches. I wouldn't even think about doing the same on an XP system.

A briliant mac review ;-) (1)

grrrgrrr (945173) | more than 8 years ago | (#15671231)

http://www.divisiontwo.com/articles/MacMini2.html [divisiontwo.com] " My Office 2003 CD would not install, despite claims I had heard from Mac fanboys that OS X is compatible with Office. Heck, the Internet Explorer icon isn't even out on the taskbar by default, it's buried in the c:\applications folder" "but Apple includes a program called Mail, which is like a stripped-down email client that can't execute scripts or open attachments without user intervention. " mac users are clearly smarter then windows users. (I am not sure if the reviewer serious or not)

Re:A briliant mac review ;-) (1)

zedturtle (987328) | more than 8 years ago | (#15671494)

From the site, "When I consider that a good deal of my time is spent running applications like Disk Defragmenter, Scandisk, Norton AV, Windows Update and Ad-Aware--none of which are available for the Mac platform--it doesn't make sense for me to "switch" to a Mac at this time." Either the whole review is tongue in cheek, or it is the most factually inaccurate review ever (using the Shuffle marketing language for the mini, etc.)

Re:A briliant mac review ;-) (1)

astrosmash (3561) | more than 8 years ago | (#15671637)

I am not sure if the reviewer serious or not

Obviously not. No one who expects to be taken seriously uses the term "fan-boy" anymore.

My girlfriend's computer is infected... (4, Funny)

TexasDex (709519) | more than 8 years ago | (#15671262)

...with anti-spyware programs!

She currently runs:
  • a-squared
  • xoft spy
  • Ad-aware
  • Windows Defender
  • Symantec anti-virus corporate edition
  • spybot S&D
  • BigFix
and her computer runs almost as slowly as it would with a nasty case of malware. She doesn't want to uninstall any of the programs, so she has the cleanest, and possibly the slowest, windows XP machine I've seen. You just can't win. *sigh*

Re:My girlfriend's computer is infected... (1)

Procyon101 (61366) | more than 8 years ago | (#15671332)

spybot is one of the worst. I had to disable it on my GF's computer because it was making it slower than the spyware was.

Re:My girlfriend's computer is infected... (1)

pete-classic (75983) | more than 8 years ago | (#15671400)

I am the cheese?

That's a weird Elementary School flashback.

-Peter

Re:My girlfriend's computer is infected... (1)

AlgorithMan (937244) | more than 8 years ago | (#15671562)

my girlfriends father used "norton antivirus", "norton internet security" and the "t-online dsl software". He didn't beleive his eyes how fast his PC got after I freshly installed winXP and set it up to connect to t-online without the software

I installed him "AVG free", "zone alarm" (I don't use that personally, but read it was easy to use for unexperienced users), "ad-aware" and "hijackthis" and his system is MUCH faster now. I also installed firefox, thunderbird and openoffice =)

It's hard to measure what they are saying. (4, Interesting)

Anonymous Coward | more than 8 years ago | (#15671282)

Well we're talking about relative amounts. I'm a linux zeolot that owns a few macs and loves them, just for the record.

When you talk about security things and security software people like to have numbers, it makes them feel good. Like the Snort IDS has 3000 signatures (I'm not sure what the latest number is but I imagine it's around 3k) or Norton AV detects 50,000 viruses where non-Norton AV may only detect 20,000 known viruses and some other IDS may only have 100 signatures. Does that make Snort and Norton AV better because they have bigger numbers? For certain types of audits it might be better but for real security it doesn't matter that much. At any given time you're probably only realistically concerned with a smallish handful of IDS signatures or viruses. The old "stoned" viruses for example (of which there are dozens of variants) simply aren't interesting or even terribly important today. This has a direct correlation to desktop security. Basically, the number of holes as a raw metric isn't so interesting, you're really concerned about the holes you have that people don't know about (or maybe they do) Fundamentally though, at any given time there are only a handful of interesting viruses that are active or interesting exploits that people are really using, big databases of them look better but don't mean much.

Mac OS X isn't built using some exotic technology (or maybe not exotic, Ada or Java would be exotic for an OS) that somehow creates fewer bugs. It's in C, C++ and Objective-C, not that different from windows. It has gone through some porting which might lead to better code and coding practices. Relatively speaking the bug densities should be fairly similar. Apple is different from MS in a somewhat larger way though, they don't have the same resources and so they probably generate a lot less code. They also have to please Steve and rather than adding feature after feature which has kind of been the MS way, they've taken a much more simple route. Less code is less bugs. More features probably does mean more bugs but I'm not sure I've seen that really established as a general truth anywhere.

The crapware point is an interesting one. Personally, since I've been Mac OS Xing it, my taste and tollerance has changed. I don't know that it's particularly more secure but I do expect things to work and I think I have a higher standard than I have in the past. I know on windows (which I don't use much) I've been less expectent of things working. In the wildwildwest days of Linux I got really use to v0.4 and 0.7 of various things working enough to get some stuff done. On OSX I pretty much demand that things work, I demand that apps are "good." (TM) There are some emotional things that may result in better security, I don't just willy-nilly install stuff, I like some vendors better than others, Apple for example has a track record of building really good software for OS X, I'm more likely to use their shit. Nagware is simply a no-go. To be completely honest, there isn't that much stuff that I really *have* to install on it to get it up and running and productive. I can't remember not "enhancing" a Linux install or windows install before it was "useable"

Maybe the other biggest thing and I couldn't back this up with real science anywhere, MS has a tremendous legacy to support. Simply removing DCOM or OLE or Active-X might fix a ton of security problems but windows wouldn't keep working. I think Apple may have learned some of those lessons form AppleTalk back in the day; I don't even know if you can make OS X do it, I really have no need.

Perhaps not watertight, but not a sieve, either. (2, Insightful)

mengel (13619) | more than 8 years ago | (#15671352)

I think there are good technical reasons why MacOS/X is more secure than MSWindows. (the fact that Sophos didn't bother to cite them nonwithstanding).

The fact of the matter is that more people are going to believe a simple quantified statement than an abstract technical discussion; so Sophos is making the argument that will convince the most people, rather than an argument that would convince, say, the more technical folks on Slashdot.

Oh, you want the technical reasons? Okay, here goes my list:

  • MacOS/X has a much more stable and mature core Operating System base (Mach). Mach is MUCH older (circa 1985) than the windows NT core (circa 1993), and has been changed less. For example NextStep, released in 1989, was based on Mach, and already did much of what MacOS/X does.
  • Mach (the underlying OS) was designed with security in mind. Note however, the Mach layer doesn't define security policy, it just gives you tools with which to implement such policies. That said, if the current MacOS upper layers [apple.com] get the policies wrong, flexible tools are there to fix it. Contrast that with Windows which has serious design flaws [com.com] in its interprocess communication mechanism.
  • The MacOS command-line code, so far, also seems to have a lower bug-density (similar to Linux) in fuzz testing [wisc.edu] than the MS code, although GUI code is unfortunately sucky in both OS-es.

Re:Perhaps not watertight, but not a sieve, either (3, Informative)

TheRaven64 (641858) | more than 8 years ago | (#15671574)

Mach does very little in XNU (the OS X kernel). It handles threading, scheduling, and VM. Everything else is handled by IOKit (device access) or the BSD subsystem. The BSD subsystem is a weird hybrid, originally forked from 4.2BSD (I believe) and recently injected with NetBSD (in the Rhapsody era) and FreeBSD (more recently) code.

The fact that Mach was designed with security in mind is why no one sane used it. Mach checked port rights on every message send, which made a Mach system call and order of magnitude slower than a BSD system call. While people might be willing to sacrifice 10-20% of their power for security, 90% is too expensive. This was exacerbated by the fact that Mach required a lot of context switches to get anything done. On OS X, this is irrelevant. The entire XNU kernel runs in a single address space, losing the memory protection benefit that a multi-server Mach-based OS (like Mach/HURD) gains. In addition, Mach messages are only used at the Mach layer (and for a few low-performance things, like notifying the GUI of kernel-related changes), removing this benefit.

Let's take a look at the arguments. (4, Informative)

Anonymous Coward | more than 8 years ago | (#15671426)

The article and the thread still spout the same uninformed reasoning about why there aren't OS X viruses. Let's take a look at each of the bogus reasons.

"It's because there aren't many OS X machines."
Bogus. 4% might be a small percentage, but there are tens of millions of Macs out there. Not only that, Apple users tend to be smug and Apple itself puts out a constant vibe of superiority, plus a very visible chain of elitist boutique retail stores. Is there not a hacker on Earth motivated to take down those arrogant Mac users?
On top of that, with millions of OS X machines out there, the number of self-propagating viruses in the wild should be greater than zero. But the number is actually zero.
Surely something more than "security through obscurity" is at work here.

"Mac users are more sophisticated."
Bogus. Aren't Macs supposed to be the computer "for the rest of us," the non-technical, the artsy-fartsy, the writers, the musicians, the English majors? Those people are NOT technically savvy, yet they are the Mac's core users.
Macs have fewer viruses even though their users are not technically oriented and are not security savvy.

"All you have to do is trick a Mac user into entering their root password."
Bogus. The root user is not enabled by default in OS X. The non-technical users mentioned above are not going to know how to turn it on.
You might be confusing the root and administrative passwords, since there isn't that much of a barrier between the two in Windows.

The Mac is safer because of the nature of Unix architecture and Apple's own safeguards, not because of obscurity or user sophistication. There are things you can get away with in Windows, like certain e-mail-based viruses, that are simply not allowed in OS X. Mac OS X is not invincible, but clearly there are structural advantages to how OS X is set up for security.

Remember, the number of viruses in the wild for Mac OS X is not proportional to market share, user base sophistication, or anything. It's pretty hard to correlate the number of viruses to any single cause when the number is ZERO.

Mac users are unable to identify hax anyway (1)

BadassJesus (939844) | more than 8 years ago | (#15671492)

Considering that the average Mac user is the least tech-savvy user of all OS users (FreeBDS or SUSE desktop user will most likely marked as a geek, but not a Mac user). So there is no way possible for Mac user without proper tools (which he dont have and dont want to use) to identify and report any intrusion.

Re:Mac users are unable to identify hax anyway (3, Informative)

vertinox (846076) | more than 8 years ago | (#15671610)

So there is no way possible for Mac user without proper tools (which he dont have and dont want to use) to identify and report any intrusion.

Huh? What's wrong with typing "netstat -a" and "ps -aux" in the console?

Thats all the tools I need to detect unathorized connections and programs.

Re:Mac users are unable to identify hax anyway (1)

BadassJesus (939844) | more than 8 years ago | (#15671675)

yep, but do you think that "average" Mac user do this on regular basis? Is he "typing netstats" into the console every five minutes ? And of course, netstats doesnt show sub-processes in the programs that you deem "safe". Most hacks go through Safari and other common executables. In netstats you can only say: ok thats the app I know, so that is not a intrusion, obviously... how wrong you are.

Intel switch resets clock on Mac viruses (4, Insightful)

SuperKendall (25149) | more than 8 years ago | (#15671518)

We all know a lot of exploits make use of weaknesses in code like buffer overflows to run the attackers code instead.

Well what happens now that the whole Mac architecture is shifting to Intel? It's substially harder (almost impossible) to write a buffer overflow attack that works on two different processor architectures. You have to choose which architecture your attack is going to execute code for.

So then if there are not enough Macs around to write exploits for today, it stands to reason that there will not be any significant Mac exploits until the number of mac users at least doubles from current figures, possibly even more.

Yes there are also attacks that attempt social engineering on a user but they often work in conjuction with more classic code exploits to gain more permission than they would have otherwise.

hackers writing virus code for Macs? (0)

Anonymous Coward | more than 8 years ago | (#15671522)

In actuality, most hackers don't crap where the eat. So there probably it's likely they are not going to take a dump on OSX when a large percentage use it... just a 2 pennies worth...

Most Secure (1)

Aqws (932918) | more than 8 years ago | (#15671550)

OpenBSD for the desktop! Yay!

I'm in the "Macs are better designed" camp (4, Insightful)

MBCook (132727) | more than 8 years ago | (#15671621)

No question in my mind. I'm not saying they are invulnerable. Heck, the community is so tight knit that if you could get something downloaded (say that MacSaber program a few weeks ago) and put something in it, you could get the virus out there. It may be found fast, but you got it out there and by then you may have done damage.

That said, if I were to run MacSaber for the first time (or some little game or widget or whatever) and I suddenly got a box asking for my root password, you can bet I would be stopped dead in my tracks. You just DON'T SEE those boxes unless you are doing system updates or installing software like Office. If you just download a program and double click on it and get that, you have to wonder what it's doing.

Now before I switched last year, I had a PC and I ran AV and all that stuff, but it never did any good. The fact is I had a clue and could have run with nothing but my firewall and been fine. You are not guaranteed to get malware on Windows. But let's talk about my little sister and my parents. They download stuff. And since they don't know where the reputable sites are, who to trust, which programs are good, etc... they find that stuff easily. Every time "the computer is broken", it is almost inevitably malware. That or they turned something off I installed they shouldn't have (Disk Keeper, for example, which is practically required to run Windows IMHO). Same thing with neighbors I help. Even if they are somewhat savvy and can use the computer and install hardware, it still happens to them. It's pathetic. There have been viruses that you just have to preview in Outlook to get your OS infested. That is just plain bad design.

After using my Mac, it is clear to me that any idiot who sits down and uses a Mac day to day is less likely to end up with Malware. From the root prompts, to the fewer security holes, I think there is a clear reason for this divide. Mac users are not smarter. There is a very sizable portion of them that are just like introductory Windows users. They do the same stupid things. The fact they aren't ravaged by malware says something.

Now I won't deny that the Mac's market share has played a part, you'd be an idiot not to. However, I think the virus-in-the-wild count for OS X (hint: 0) means something. It means instant fame for the first person to make a good virus for OS X. You get it out there, even if it doesn't do much but change people's wallpaper or whatever and you get your name EVERYWHERE. Slashdot, Digg, all the Apple sites, the mainstream computer media (PC World, et all). That is a REAL tempting target. Let's not forget that every time a story like that gets published, it is just someone publishing a big bulls-eye on the Mac. But the market share helps with the pop-up ad problem. How many ads do you see on the 'net that look like a Windows dialog box telling you "Your computer is infected, click here". Guess what, people do. In my house people do, my neighbors have. It tricks 'em. Most people on a Mac wouldn't be fooled by that (just because it looks different). So that kind of thing does make a difference. That report the other day that 80% of users can't tell the difference between a real toolbar and a picture of one was scary.

Macs aren't immune. The OS is better designed.

As for Linux, it's better designed too, but it also has some other influences (for example, it would be tough to make a virus that worked reliably across different kernel versions and distro configurations). But again, there are SO MANY Linux servers out there that there must be enough run by idiots that if it was just as bad as Windows we would see a reasonable number of viruses out there (ie.. more than next to none).

There was a report in my PC World today (I think it was) that was basically scare tactics about viruses ("10 Myths That Make You Vulnerable" or some such). The one about Macs and Linux being safe really made me mad. While they are not immune, Windows for the average computer user is a leaper colony compared to running Mac or Linux.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?