A few questions for the Mac Users

[Perrone]

This is false. I dont know how many times I have to point people to the data, there are more security vulnerabilities in Mac OSX when compared to Windows 7. And as Mac gains market share, they will become a bigger target.

If anyone would like to argue that, search Mac OSX vulnerabilities.

gsarg, the type of exploits you would be concerned with arent out of malice. They are out of financial gain.



It does, because it simply isnt true. Its hypaghanda that the mac fanboys eat up like tofu bars in their ed hardy shirts.

There is only 1 reason to get a mac, its what you like. If people have a problem with what you like, piz on them, theyre jealous. But dont try to justify the reason you like Mac using unrealistic and baseless claims.

Weird...my search for Windows 7 vulnerabilities showed a WHOLE lot more results than Mac... Why are you SO defensive about this topic? Does it make you feel good or something?

 

[WhiteyMacD]

Weird...my search for Windows 7 vulnerabilities showed a WHOLE lot more results than Mac... Why are you SO defensive about this topic? Does it make you feel good or something?

Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: "Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it's easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn't much risk of being exploited or installing malware.

"This safeness is purely a function of market share. Since Macs are only around 10 percent of computers out there, and it takes just as much effort for bad guys to write malware or exploits, they tend to spend all of their time targeting PCs. In other words, despite the fact that Macs are less secure than PCs, if you give one teenager a Mac and another a PC and come back in a month, the odds are the Mac will have no problems and the PC will be infected with malware. At some point the market share of Macs will reach a threshold to interest attackers, and then things will quickly turn bad for Mac users."

If you google this guy, you will find he is a huge mac security guru. This is the guy that won $10,000 at the Pwn2Own in 2008.

If you had said, "At this time, you are safer on a Mac." I would agree. But when you say there are more vulnerabilities on Windows than Mac, I would say you are talking out your rump.

This isn't about defensiveness, or my preference to an operating system, as I prefer neither Mac nor Windows. This is about what the truth is. If you are happy believing hype and fallacies, by all means do so.



FWIW, I dont know your search competancies, but there are tons of articles out there about this. All say the same thing, regardless of what perspective they are coming from.

 

[VitruvianDoc]

This is false. I dont know how many times I have to point people to the data, there are more security vulnerabilities in Mac OSX when compared to Windows 7. And as Mac gains market share, they will become a bigger target.

If anyone would like to argue that, search Mac OSX vulnerabilities.

gsarg, the type of exploits you would be concerned with arent out of malice. They are out of financial gain.



It does, because it simply isnt true. Its hypaghanda that the mac fanboys eat up like tofu bars in their ed hardy shirts.

There is only 1 reason to get a mac, its what you like. If people have a problem with what you like, piz on them, theyre jealous. But dont try to justify the reason you like Mac using unrealistic and baseless claims.

Pointing to OSX in general is Like pointing to Windows in general. Talk about a specific version of OSX such as Leopard, Snow Leopard, etc if you're going to refer to Windows 7. Need i mention the beta version of Windows 7 known as Vista? Seriously, Vista. The name wreaks of a swish cheese operating system wreaking with security holes. Instead of doing the right thing and doing a huge overhaul service pack, windows decided to profit off of it and release the service pack as Windows 7 and charge for it!

If you compare apples to apples, Snow Leopard vs Windows 7, Windows 7 is much more buggy.

 

[poopgiggle]

Most of these exploits have resided within programs running within the OSX environment such as Safari. In fact, even more of them actually lie within the adobe flash player that is integrated within the safari browser.

*sigh*

OK you're missing the point. The point of this argument isn't "how secure is the Mac OS X operating system," even though the answer is "not as much as you think." (Operating systems themselves are rarely exploited* but you rely on them to provide things like ASLR, which Mac OS doesn't do very well)

The point is, "how likely is it that malware can find its way onto your Mac computer?" Safari and Flash Player are both widely deployed and used on Macs. If they're vulnerable, someone can take control of your computer. They're certainly not uncommon, and I've already described a likely attack vector that would circumvent even reasonably safe browsing habits.

I own a Mac. I like it for several reasons. I also run AV software because I understand the threats that I need to mitigate.

Very few root or zero day exploits have been found within OSX itself.

Please explain what a "root exploit" and a "zero day exploit" are because the way you're using them I believe that they don't mean what you think they mean. In particular, "root exploit" isn't really a thing; it's sort of a fuzzy term that could refer to a few different things.

*(EDIT) Before you say "b-b-but Windows": on Windows the line between operating system and userland is blurry depending on context. DCOM has had the hell exploited out of it, but it's not really analogous to anything on *nix that you would call "part of the operating system." The design philosophy of the two is different enough that any comparison of how-secure-is-this-operating-system-compared-to-that-one is sort of apples-and-oranges.

 

[Perrone]

FWIW, I dont know your search competancies, but there are tons of articles out there about this. All say the same thing, regardless of what perspective they are coming from.

I've done tons of research over the years about this stuff. Read many articles. I'm not saying the vulnerabilities in Mac don't exist, I'm saying they are not as big a deal if that makes sense. I know what I want to say I just can't figure out how to say it. I'll think on it and get back with you later. Or I'll forget what we were talking about. Most likely I'll forget.

 

[1shot(bob)]

"This safeness is purely a function of market share. Since Macs are only around 10 percent of computers out there, and it takes just as much effort for bad guys to write malware or exploits, they tend to spend all of their time targeting PCs. In other words, despite the fact that Macs are less secure than PCs, if you give one teenager a Mac and another a PC and come back in a month, the odds are the Mac will have no problems and the PC will be infected with malware. At some point the market share of Macs will reach a threshold to interest attackers, and then things will quickly turn bad for Mac users."

This sounds a lot like some preachers always saying the lord is coming back any day, and have ben saying that since they started preaching in the 60s. It's always going to happen soon.

Macs will never have that market share as long as there are Best Buy or Circuit City pubes selling PCs.

 

[VitruvianDoc]

*sigh*

OK you're missing the point. The point of this argument isn't "how secure is the Mac OS X operating system," even though the answer is "not as much as you think." (Operating systems themselves are rarely exploited but you rely on them to provide things like ASLR, which Mac OS doesn't do very well)

The point is, "how likely is it that malware can find its way onto your Mac computer?" Safari and Flash Player are both widely deployed and used on Macs. If they're vulnerable, someone can take control of your computer. They're certainly not uncommon, and I've already described a likely attack vector that would circumvent even reasonably safe browsing habits.

I own a Mac. I like it for several reasons. I also run AV software because I understand the threats that I need to mitigate.



Please explain what a "root exploit" and a "zero day exploit" are because the way you're using them I believe that they don't mean what you think they mean. In particular, "root exploit" isn't really a thing; it's sort of a fuzzy term that could refer to a few different things.

Root exploit is an exploit that allows a rogue program, hacker, etc to gain full root aka administrator access to the computer via remote connection or by residing on the system itself. A zero day is a new exploit that is used to typically gain root access before the public and/or distributor becomes aware the exploit.

 

[Perrone]

This sounds a lot like some preachers always saying the lord is coming back any day, and have ben saying that since they started preaching in the 60s. It's always going to happen soon.

Macs will never have that market share as long as there are Best Buy or Circuit City pubes selling PCs.

Circuit City is still in business? I thought they went out a while back.

 

[VitruvianDoc]

Circuit City is still in business? I thought they went out a while back.

They are online only now, no physical stores.

 

[poopgiggle]

Root exploit is an exploit that allows a rogue program, hacker, etc to gain full root aka administrator access to the computer via remote connection or by residing on the system itself. A zero day is a new exploit that is used to typically gain root access before the public and/or distributor becomes aware the exploit.

OK good.

I'm gonna jump back in on this argument later but I have to go to work. Those vulnerabilities won't find themselves