I need cheap Apple/Mac mouses

[Rich]

Big deal, he doesn't discern between a virus and a worm. Why should he?

Because his original statement implied that it was a perfect OS, which it's not. His quote from Symantec was a mis-quote. Yes, there are no current viruses, when virus is used properly. However, since Virus is used by so many (myself included at times) to describe any vulnerability or exploit, what he was saying is akin to "There are no cars in the parking lot" when infact, it should have said "There are no German cars in the parking lot". That make sense? it's splitting hairs, but it's real.

On a Mac, the OS prompts you for your admin password when a worm tries to install itself. Remember Grandma from earlier? She's going to see that password prompt and say, "I've been using the machine for 6 months, and it's never done *this* before. Maybe I should call Richie-poo and see what this password mess is all about before I click on anything else."
Compare that with the MySpace virus from a few weeks ago that installed a worm on your machine from a jpg advertisement in the sidebar. They infected a million machines with that shit. And all you had to do was load a web page.

Actually, it was less of a worm, and more like adware. It didn't try and replicate itself.
But even the "deckoutmydeck" thing prompted users if they want to accept and download a file. It would NOT install if the choice was not clicked "YES". Just like Granny entering her password when prompted.. 1.07 million people said "sure!". The act of entering a password rather than accepting a pop-up most likely would have reduced the number infected, but honestly, it's a different flavor of the same thing.
But the password prompt is easily circumvented. read this, from a recent sans newsletter.

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Apple Releases Update for Mac OS X
(3 & 2 August 2006)
An update for Apple Computer's Mac OS X addresses 26 security flaws, 17
of which could allow remote code execution. The other flaws could be
exploited to cause denial-of-service conditions, expose data and
escalate privileges. The vulnerabilities exist in the way Mac OS X
handles images, as well as file sharing and the Fetchmail and DHCP
networking functionality. Most of the flaws affect both the client and
server versions of Mac OS X.
http://www.zdnetasia.com/news/security/0,39044215,39379346,00.htm
http://www.vnunet.com/vnunet/news/2161483/apple-patches-26-security-flaws
Internet Storm Center posting: http://isc.sans.org/diary.php?storyid=1534
[Editor's Note (Ullrich): Apple manages to "reinvent" old and long-fixed
flaws from open source packages. A serious example: the fetchmail flaw.
An exploit was available the day of Apple released a patch. OS X exploit
development can borrow heavily from Unix exploits written for these
flaws back when the flaw was originally discovered in other BSD
variants.]

Cliff's notes on the above: Escalate privileges = Granny doesn't have to enter the password for bad things to happen.

My point is simply this: Nothing is perfect. Right now, the best security the Mac has is obscurity. Many times that's enough. Whether it's 5 layers of security that stops an attacker or 1, as long as it stops 'em.

I'm not waving the MS banner in any way. As soon as I can get out of IT, I'm gone. No loyality at all. But go look at nc4x4's own logs, and see what browser and what OS has hit the site by a LANDSLIDE.. You don't have to be the best to be the most popular... Ford trucks, Jeep 4wd's, and Microsoft OS's all prove this. (had to stir THAT pot a little)

 

[shawn]

But even the "deckoutmydeck" thing prompted users if they want to accept and download a file. It would NOT install if the choice was not clicked "YES". Just like Granny entering her password when prompted.

Come on.... that's just ignorance of the subject matter. It was an unpatched wmf exploit. No prompt. It just installed itself. The more telling issue here is that you'd consider entering an administrator password to be the same thing as clicking "OK" in a prompt. It's another excellent example of bad UI on Microsoft's part. If you want to cut down on the dumb user factor, give your users clear options that include verbs. Submit reply, Run this program, etc. It makes a huge difference in cases where you have to click through to run malicious code.

 

[hobie]

Depending on how this story unfolds, it may turn out that Apple is hiding bugs in its own code to keep up its image (under the auspisces of protecting users).

J

 

[jeep9mm]

Rich, you are right. If you read my comment under the assumption that I meant all things that can affect a computer then making the distinction between viruses and worms is splitting hairs. I said it in a kind of gimmick line...something like NO viruses, two Operating systems, whatever...so I actually did mean the fact that as of now there are no viruses and that was the point I was trying to make.
There is other bad stuff out there but taking viruses out of the equation does, in my opinion, make my computer safer. Whether it be by code or obscurity...my point was that there are no viruses.

Also, how many of you mac users love scrolling with two fingers. I love that feature. I love spotlight. I love Expose. OS X does have flaws, but I know more about OS X in a year than I learned about windows in 13 or however long 3.1 was released.

 

[Tradarcher]

Wow you guys seem to be enjoying yourself.

Check your PM's Brent. Thanks again.

 

[Rich]

Come on.... that's just ignorance of the subject matter. .

On whose part?

 

[shawn]

LOL... on yours. You apparently know little about Macs or OSX, you said things in bold print that are plainly false, and then you disqualified everything you said by insisting that you really didn't care, and you didn't have a dog in this fight, and it really didn't matter at all.

If it doesn't matter, why do you keep replying with 3-page posts?

 

[Blkvoodoo]

 

[hobie]

Wow you guys seem to be enjoying yourself.

It's the 4x4 equivalent of Manufacturer loyalty. (I'm a Ford man... Toyotas only!!! It's a Jeep thing... blah blah blah). I'm just saying, use what works. OS'es are as strong as their users/admins/app developers. Once someone decides there is money in Mac users, then we'll see what happens.

J

 

[hobie]

It's the 4x4 equivalent of Manufacturer loyalty. (I'm a Ford man... Toyotas only!!! It's a Jeep thing... blah blah blah). I'm just saying, use what works. OS'es are as strong as their users/admins/app developers. Once someone decides there is money in Mac users, then we'll see what happens.
J

I should shut up tho... Talking to Mac people about computers is like talking Jeeps in a toyota forum.

-- I use a computer, not Windows
J

 

[Rich]

Tell me what's "plainly false".

There is nothing "plainly false" about ANY of those statements, when in fact, you're the one who is ignorant of the subject matter, by incorrectly stating that no acceptance was required.

It was an unpatched wmf exploit. No prompt. It just installed itself.

MS06-001 would beg to differ.. It was released in January.

The more telling issue here is that you'd consider entering an administrator password to be the same thing as clicking "OK" in a prompt.

Someone clicking "yes" to opening a file is easier and more less secure than entering a password. I never said it's not. It's a different take on the same idea: "Please do this to install this"

Take this shit to PM, unless you like to continue pushing the limits of your own rules.

 

[Rob]

I love the debate, as long as we can stay civil.

 

[jeep9mm]

NO WAY RICH. NO PMs..I kinda started this, Im enjoying reading it...and chiming in occasionally. Plus...this is actually a very civil debate, no rule breaking, right?