Apple's Exposure to Net Threats Rises

[Deacon]

See http://www.pcmag.com/article2/0,1895,2020601,00.asp for more info.

For more security news regarding browsers/platforms:
http://www.betanews.com/article/Symante ... 1159217023
http://www.informationweek.com/internet ... n=Browsers

[Prospero]

Doesn't surprise me. The more popularity something gains, the more people are going to try and exploit it for maximum damage. Pretty good job on the exposure window though considering the growth of amount of users in recent years. But it's not that far ahead of Microsoft.

Keep in mind that Microsoft has just released their beta 7 version of Internet Explorer... which from what I know is pretty much an entirely new program. (But don't quote me on that) So there are bound to be holes.

[NorthernComfort]

Not much to get worked up about here- the more flaws that get found and patched for Safari just means (in theory) that it's getting safer and safer. Apple's response time to patching flaws has been top-notch, and puts Microsoft to absolute shame. And, in the rare occasion that a "critical" hole is found, which always seems to involve an anti-virus company creating a proof-of-concept virus (I'll need Scooby Doo to solve this mystery), they usually have it patched within a day or two.

Apple's security has been rock-solid over the past few years. Even with the OS getting more users and exposure they're clearly rising to the task.

And, this is coming from a disgruntled user who just switched away from Apple after using them zealously for fifteen years. I can think of plenty of places that Apple could be criticized, and actually deserves to be criticized by somebody who knows the company inside and out, but security really isn't one of them.

[billf]

At least twice a year some article comes out about how "unsafe" OSX is, but if you look closely, the major source in almost every single one of those articles is Symantec... that is if they didn't write the thing themselves.

I'm not trying to say that OSX is invulnerable. Heck, I know of one program that has been known to bring Apple computers to a standstill... but enough about Symantec (Norton really is bad news for Macs, don't ever use it). OSX is certainly exploitable, but it's a drop in the bucket compared to the disasters Windows has seen, and I know plenty of people, myself included, who don't have any virus protection at all on their Windows machines and have no problems because of it.

[dmpotter]

I've had more problems from Norton deleting files out of false positives than I've ever had with viruses. Norton Anti-virus is the single largest drain on my productivity at my job. If I could get away with not running it, I would, but corporate IT checks up on it.

On the other hand, 'net stop "Symantec AntiVirus"' works wonders on making the CPU available for useful tasks again...

[Deacon]

[quote="NorthernComfort";p="677163"]Not much to get worked up about here- the more flaws that get found and patched for Safari just means (in theory) that it's getting safer and safer.[/quote]
Well, technically that can apply to anything, including IE

[dmpotter]

99 little bugs in the code,
99 bugs in the code,
fix one bug, compile it again,
101 little bugs in the code.
101 little bugs in the code,....

(From somewhere out there on the great Internet.)

Fixing security vulnerabilities doesn't necessarily make something more secure. In August, Microsoft had to release a security patch to patch a security flaw opened up by a security patch.

[NorthernComfort]

Fixing security vulnerabilities doesn't necessarily make something more secure. In August, Microsoft had to release a security patch to patch a security flaw opened up by a security patch.

Thank you for reminding us of this simple fact. I thought the implications were clear by my adding an (in theory) to my original post, but, in case somebody didn't catch it, dmpotter has spelled it out quite nicely with a sing-a-long and real-life example! Wow!

At least twice a year some article comes out about how "unsafe" OSX is, but if you look closely, the major source in almost every single one of those articles is Symantec... that is if they didn't write the thing themselves.

And it doesn't stop there- every virus I've seen for Mac OS X originated at Symantec as a proof of concept. But then, of course, the headlines pour out: VIRUS FOR MAC OS X. MAC OS X INSECURE. It's fucking Symantec every time.

That sort of bullshit is what causes people to think the OS X has had any security issues so far, and what causes people to start bullshit threads like these.

[Deacon]

Wait, this is a bullshit thread?

[edge]

[quote="billf";p="677198"]At least twice a year some article comes out about how "unsafe" OSX is, but if you look closely, the major source in almost every single one of those articles is Symantec... that is if they didn't write the thing themselves.

I'm not trying to say that OSX is invulnerable. Heck, I know of one program that has been known to bring Apple computers to a standstill... but enough about Symantec (Norton really is bad news for Macs, don't ever use it). OSX is certainly exploitable, but it's a drop in the bucket compared to the disasters Windows has seen, and I know plenty of people, myself included, who don't have any virus protection at all on their Windows machines and have no problems because of it.[/quote]

Amen to that. I rarely have AV installed on my personal Windows box. I'll install it from time to time if something odd is happening, do a full system scan, and then uninstall it. Furthermore, I won't even touch Symantec products. Just plain horrible. Of course, I know what to stay away from on the Internets to avoid viruses, and about the only thing I ever download on that box are updates for games, XFire, and Firefox.

Back on topic a bit though...
"Symantec says no browser is safe!" O RLY? You think? Maybe because any idiot can go out and download an infected file and then open it? Sure, they all have security issues and risks, but users are the #1 security risk, and the fact is, some browsers are safer than others.

As far as Safari goes...I'm kind of middle of the road on that one. It's fast, looks clean and simple, but it suffers from some of the same annoyances as IE (When I click the stop button, I expect the page to stop loading immediately...not 25 seconds from the time of the click), and something about it just doesn't feel right. I use it for testing, and that's about the extent of it. For the most part, I stick to Firefox and/or Camino.

Of course....real men use Lynx...so I don't see what all the fuss is about

[dmpotter]

[quote="NorthernComfort";p="677256"]

Fixing security vulnerabilities doesn't necessarily make something more secure. In August, Microsoft had to release a security patch to patch a security flaw opened up by a security patch.

Thank you for reminding us of this simple fact. I thought the implications were clear by my adding an (in theory) to my original post, but, in case somebody didn't catch it, dmpotter has spelled it out quite nicely with a sing-a-long and real-life example! Wow![/quote]
It's not even "in theory." It's just flat-out false, especially when new features are being added. It might be true of code that's in pure maintanance mode, but even then I'd doubt it.

In theory, the only way to secure code is to prove (mathematically) that it's secure. That's so impractical in practice (and for most complex problems theoretically impossible) that no one does it.

The best that can be done is code audits like OpenBSD does. Even then, they were still hit by a remote root exploit.

[Prospero]

Out of curiosity, exactly how secure is Linux? Specifically Gentoo and Ubuntu builds.

[dmpotter]

More than Windows XP?

Depends on how you use them and what you've got running on them. Especially in the case of Gentoo where the installed packages and configurations vary wildly between installations.

It depends on the software you're running, the services you're running, the ports you have accessible from the outside, the way you run system accounts, and so many other things.

By default, Ubuntu is fairly secure out-of-the box. If you keep it updated, you'll be fine.

Gentoo doesn't really have a "default install" so I can't say in its case.

Linux is very good at patching flaws that are found, but you need to keep on top of them.

[NorthernComfort]

Wait, this is a bullshit thread?

I thought that the original post/title was bullshit. We have... a link from PC Magazine about browser security, I'm guessing they added the Apple headline just because any article about Apple having security "issues" these days is worthy of being read. And, it's not like PC Magazine tries to take a cheap shot at Apple whenever they can, right? Then we have Symantec once again reminding us that no browsers are secure, which I assume they reminded us of out of the kindness of their hearts. Or because it was 'common sense reminder' day. Or, maybe, just maybe, because they want to boost their dismal Mac sales, because Macs are damned secure and most people know they don't need their bullshit software. They must be taking cues from the Bush administration- just remind people that they aren't safe, and then offer them the promise of safety. Somebody must be stupid enough to fall for it, but I hope that none of us here truly are.

I mean, there's not really any actual news here, right?

It's not even "in theory." It's just flat-out false, especially when new features are being added. It might be true of code that's in pure maintanance mode, but even then I'd doubt it.

It isn't just flat-out false, but if it helps you on your tireless quest for self-validation, go for it. I can't believe this shit has to be spelled out.
It's simply saying, in theory this would be true. It doesn't matter if it is true. It just means it could be true, IN THEORY. In a world where theories are fact, it would be true.

OR BETTER YET IN A PERFECT WORLD WHERE FUCKING IDIOTS LIKE YOU DON'T BITCH AND CRY ABOUT SEMANTICS TO TRY TO FEEL BETTER ABOUT THEMSELVES I WOULNT HAVE TO WORRY ABOUT THIS STUPID SHIT AND WE COULD ACTUALLY DISCUSS THINGS OF IMPORTANCE

Hugs and kisses,
-Alex

[Aerdan]

Gentoo has several "default installs"; security is about the same for each of them [at least for the stage 3 tarballs].

You can also get Gentoo Hardened, which is pretty much the de facto standard for secure Linux boxes at this point in time [IIRC].