yeah so wut. people who sit in dank dark basements playing Everquest and writing trojans listen to music that is most likely recorded and produced or in some way shape or form done on a Mac. Why would you reeeek havoc on the people who entertain us? They dont, they go after the big guys who run the corportate world and rely on WinTel machines to serve them. Hackers say F*em and have a field day with anarchy run amok. Ummm basically macs are "impervious" because no one wants to waste their time.

Quote

Guest wrote:
Ummm basically macs are "impervious" because no one wants to waste their time.

Mr/Ms Ummm, This is an old line that just doesn't fly anymore. Catch up with current postings before wasting our time with such sophmoric drivel.

Macs have a lower share of viruses (0%) then their share of the computer market as a whole (which indicates something else is going on here). There are real technical reasons that the Mac is less impervious to viruses and security threats than Windows. Unlike Windows, Macs have an open source core that has many eyes reviewing it and trying to find potential threats before they happen. Unlike Windows, Macs are implemented with a real multi-user environment that reduces the risk of anyone having write-access to your core OS. Unlike Windows, Macs have simpler directory structures so it's easier to find malware and get it off your system if you have to. Unlike Windows, Macs have a browser that disables pop up windows and the bad things they encourage. Unlike Windows, Macs have a mail program that doesn't run unwanted scripts that have become a scourge on mankind. Unlike WIndows, Macs have a real up-to-date software mechanism that has worked reliably since the launch of Mac OS X. And, unlike Windows, the Mac OS has been updated frequently for many security threats as they are still theoretical, thus BEFORE they happen.

And on the off chance that you understand none of this and think the fact that Mac OS X systems have had no threats due to viruses, spyware, trojans, worms, etc. and you believe it is all because hackers hate Micorosft and love Apple I say "great" that still makes the Mac a better, happier place to compute and I'll take it.

Whoops typo. That of course should have read "more impervious" - it's been a long day.

I briefly talked about this in a comment for another column but maybe it's worth stating again in more detail. We're witnessing the approach to a tipping point in the industry. Put simply, the effects of a tipping point is an apparently sudden shift in behavior or opinion -- one day hardly anyone (relatively speaking) is talking about buying a Mac and the next day it seems like lots of people are. One year Apple has a fairly steady 2% market share and a year later they're pushing 10%.

There are precursors to such a shift, some that are necessary for it to happen, others that are signs it's beginning to happen. On the "necessary" side, there has to be both a push and a pull to get people to change their behavior. Apple has been providing the "pull" for many years and doing a great job of making it stronger (great products, cool designs, ...).

But they can't do much about providing the push, and the push has to be stronger than the pull because it has to overcome people's natural inertia (our xenophobic attachment to the status quo). The "push" isn't Windows itself, but what Windows in conjunction with the internet has become: an environment for viruses, spy-bots, "zombies" and intrusive content (spam, pop-ups, ...).

Signs that a tipping point has been reached are harder to identify. There are a lot of forces at work and a lot of instability. Because we're in an information based society, though, and because the media often drives (or at least steers) the "popular opinion" you can often see things begin to change there first.

There's been a notable change in recent months (and more so in the past weeks) in what's happening in the media. News about the security issues on Windows has shifted from a "what can we do about it?" point of view to a "we're stuck with it, so now what?" view. As that "we're stuck with it" message has begun to sink in, along with the general consensus that things are only going to get worse, answers to the "so now what?" question have finally begun to break with the "status quo." Windows advocates in the media have, directly or indirectly, begun to say, "Abandon ship!"

Not coincidentally, Apple has situated itself as the best (and best known) answer to that "so now what?" question. (Say, doesn't that new iMac look a little like a life preserver?)

or else I will not be able to buy a Mac. For now I must suffer with my PC AMD 1600. I get automatic virus updates from Norton, and updates all the time from MS. I would like to try the Mac out especially the 2.5G Power Mac.

I am a bench tech (electronics) 20 years. All those jobs are going south and outsourced. I play a mean keyboard (Technics PR902) I love snmooth jazz, and if it sounds good I like it. I am hoping that music will become my livelyhood and I won't have to go back to to the saltmines and sweatshops of lowerclass America..Temp Agencies..no healthcare...what is this county coming to?

Looking for a really good keyboard player..here I am hanging out at the TMO.

Will Apple be able to supply 10%+ of marketshare. They won't buy it if its not there!

Quote

Guest wrote:
Will Apple be able to supply 10%+ of marketshare. They won't buy it if its not there!

10% was probably overstating things a bit ... but hey, won't it be fun to watch them try?

Monoculture is a bad thing. When you rely heavily on one source, you set yourself up for disaster. This is the bad thing that is happening in the computer environment: if the Mac were more common, it might well be getting attacked more often (though probably will less success), but if there were a broader division of OS platforms and a standard way to develop cross-platform, it would be much more difficult for malware to gain traction.

Quote

Unlike Windows, Macs are implemented with a real multi-user environment that reduces the risk of anyone having write-access to your core OS

Ermmm.... NT is a 'real multi-user environment' - and one with access controls significantly more sophisticated than those of UNIX. And anyway, how carefully do most people think before supplying their admin password? Furthermore, I don't care about the core OS. That's on CD. It's my files which need protecting.

Quote

Unlike Windows, Macs have simpler directory structures so it's easier to find malware and get it off your system if you have to

So, can you give a brief description of the purpose of every file in /dev, /etc, and /var? In any case, I believe that most rootkits will modify top etc. so that they do not show the inserted programs. Once a program has started running as superuser, the only way to get rid of it is nuke-and-pave. And that's true on any operating system.

Quote

RGE wrote:

Quote

Unlike Windows, Macs are implemented with a real multi-user environment that reduces the risk of anyone having write-access to your core OS

Ermmm.... NT is a 'real multi-user environment' - and one with access controls significantly more sophisticated than those of UNIX. And anyway, how carefully do most people think before supplying their admin password? Furthermore, I don't care about the core OS. That's on CD. It's my files which need protecting.

What I think he meant was that NT is a single user centric OS: meaning that it is geared to be used by one person at a time. OS X is also a single user centric OS but less so. Like OS X, NT OSes (2000 and XP) have the ability to allow more than one person to run on a PC, but there are few easily accessible features in the OS that allows this, like UNIX and OS X has. For instance, without adding anything, you cannot SSH into a NT PC while you can on OS X. The only readily available way (that I'm aware of so I could be wrong) for more than one user to access a single PC is to use MS's Remote Desktop. In OS X, there are several ways to access a single Mac by multiple users simultaneously.

Quote

RGE wrote:

Quote

Unlike Windows, Macs have simpler directory structures so it's easier to find malware and get it off your system if you have to

So, can you give a brief description of the purpose of every file in /dev, /etc, and /var? In any case, I believe that most rootkits will modify top etc. so that they do not show the inserted programs. Once a program has started running as superuser, the only way to get rid of it is nuke-and-pave. And that's true on any operating system.

Here, I believe he is referring to how user applications are loaded and stored. Most apps get stored in the Applications folder or in that folder under the user's home dir. Even in UNIX, apps usually go to very specific,easily accessible places. Windows apps, for the most part, do the same, but also must rely on that silly REG DB. Users looking to fiddle with files in Windows also must understand the REG DB, in OS X user must understand the package system used (Apps usually have an executable and supporting conf files in a hidden dir. Users don't normally see this, they just see the app dir and a single app. Other files get stored in the Lib dir and possibly Var). Generally speaking, if you are mucking around at the REG DB level you should be familiar enough with it to know what not to muck with. the same holds true with fiddling with the underlying conf files for an OS X app. If there is any advantage one system has over another is that screwing with REG can cause serious damage to the OS if you do something stupid, while screwing with the conf files of an OS X app only screws up the app.

Vern Seward

A major diffrence is that Windows has the Registry, a maze-like nightmare.

Quote

What I think he meant was that NT is a single user centric OS

In that case, I think he's wrong.

Quote

Here, I believe he is referring to how user applications are loaded and stored. Most apps get stored in the Applications folder or in that folder under the user's home dir. Even in UNIX, apps usually go to very specific,easily accessible places

And you expect malevolent code to follow these nice conventions, do you? You expect that an application called 'rootkit' will appear on the dock, and quit on request?

This rootkit has to be installed first to be effective. How is it going to modify the system binaries without any user intervention (ie asking for the root password before modification)? Since root is not enabled by default on an OSX machine, permission must be given before any system-level modifications can be made. And we're not talking about having physical access to the machine, as nothing is immune to attack if the attacker has physical access.

I'm not a wiz on rootkits, so please help me to understand how it would happen without the user's knowledge.

Like I said, how many people think twice about supplying their admin password when prompted by a nice installer? The no-auto execution behaviour is good, but it's hardly foolproof. In any case, nothing can happen on a machine without the user's implicit knowledge. The "I didn't know my machine was a zombie" phrase is only for those who expect sympathy for willful stupidity.

I think one thing that everyone's overlooking is that a zombie machine doesn't have to be infected by something that requires root access.

All a zombie has to have is a way to listen for UDP packets and its own SMTP engine. A simple utility or game that *in itself* is perfectly legitimate can drop a zombie maker on your OS/X machine during installation and you'd never know it--especially if the designer was clever enough to make the zombie stealthy (ie not make a spectacle of itself during operation).

This is especially true of most Mac users--who pride themselves on having a machine where it "just works". They don't want to know anything about how, just that it does.

Sounds to me like a flock of lambs waiting for the slaughter... Sigh.

Zombie nets are all about money. Like *any* for profit action (criminal or legal) zombie net sellers want the most bang for their buck. With less than 3% of machines world-wide that isn't Macs.

Should Macs become 25% of the market that would change--in a hurry. And there is NOTHING in any consumer OS that protects against the machine becoming a zombie, if the criminal has half a brain.

Quote

And there is NOTHING in any consumer OS that protects against the machine becoming a zombie, if the criminal has half a brain

Not just any consumer OS... any (general purpose) OS can be compromised by someone willing to hand over the superuser password.

Quote

RGE wrote:
Furthermore, I don't care about the core OS. That's on CD. It's my files which need protecting.

You don't back up your files? Besides, protecting the OS can mean protecting your files as well, if it keeps you from having to reformat your HD / reinstall the OS.

Quote

RGE wrote:
Not just any consumer OS... any (general purpose) OS can be compromised by someone willing to hand over the superuser password.

Well no duh. Nothing is idiotproof. But we're talking about OSes; what you're talking about is the fault of a stupid/careless/ignorant user, not an OS flaw. You can't possibly argue that the Windows Registry is a good thing.

In the end, it is up to the user to keep his computer safe. But the unbelievably crappy design of Windows only makes matters more difficult.

Quote

You don't back up your files?

Of course I do. The point is, the OS files are rather less important to me.

Quote

In the end, it is up to the user to keep his computer safe

Correct.

Quote

But the unbelievably crappy design of Windows only makes matters more difficult

That is hardly relevant. People chose to use Windows, so therefore they chose to shoulder that burden.

One final point, to my knowledge, it is the implementation of Windows which is bad, not its design (at least for NT). If it had been implemented properly, it should have avoided achieving the near-impossible task of making UNIX security look good.

Quote

Roger Plowman wrote:
I think one thing that everyone's overlooking is that a zombie machine doesn't have to be infected by something that requires root access.

All a zombie has to have is a way to listen for UDP packets and its own SMTP engine. A simple utility or game that *in itself* is perfectly legitimate can drop a zombie maker on your OS/X machine during installation and you'd never know it--especially if the designer was clever enough to make the zombie stealthy (ie not make a spectacle of itself during operation).

This is especially true of most Mac users--who pride themselves on having a machine where it "just works". They don't want to know anything about how, just that it does.

Sounds to me like a flock of lambs waiting for the slaughter... Sigh.

Zombie nets are all about money. Like *any* for profit action (criminal or legal) zombie net sellers want the most bang for their buck. With less than 3% of machines world-wide that isn't Macs.

Should Macs become 25% of the market that would change--in a hurry. And there is NOTHING in any consumer OS that protects against the machine becoming a zombie, if the criminal has half a brain.

So, you're saying that there is nothing, no firewall, no scanning, no security measure that anyone can do to prevent someone from putting malicious code onto your computer.

To a point, I agree with that, and to a point I don't.

Back in the early days of the Internet Trojans were all the rage. People would go download stuff from anywhere and run the apps that would then do nasty things to their computers. Trojans can be very effctive until someone finds out about it, then it doesn't do much at all because it has no way to spread itself. Also, trojans use to be machine specific; that's not true anymore with the proliferation of cross-platform run-time languages like JAVA.

Viruses, on the other hand, require participation of the user to infect a PC; I don't know of any virus that does not require an action of a person to infect. Security against viruses hinges primarily on user knowledge; ignorant user= virus infection. It is likely the reason why there will always be viruses. (especially on PCs

So, while I agree that trojans could be made to infect any computer, including Macs, the threat of trojans is minimal and likely not worth the efforts of a Botnet maker.

Viruses (and possibly worms) are the better choice because they rely on the ignorance of people. And since money in botnet making depends on numbers, Mac users present too small a pool to try to infect. Also Macs, like all UNIX systems do require root access to automatically access and run files, directories that are not in your immediate ownership; they can be called or accessed, but OS X flags it and asks for a password. So, unless the virus is a self contained Apple script, or JAVA applet, I'd say a virus writer would have a tough time getting a viable, spreadable virus to work in OS X. Again, it is about the numbers, and even at 25% of the market, I don't believe botnet makers would get adequate numbers zombie-fying Macs.

But then, since G5 Macs are some powerful, maybe they don't need a huge network of zombie-Macs as they would of PCs, just a small handful of G5 Macs could do the work of hundreds of PCs zombies. Oh Boy!

Vern Seward

Quote

Also Macs, like all UNIX systems do require root access to automatically access and run files, directories that are not in your immediate ownership; they can be called or accessed, but OS X flags it and asks for a password

You are making two assumptions
1) That damaging material can't just be kept in a user's home directory
2) That no priviledge escalation holes exist in OSX
Neither assumption is particularly good.

Quote

But then, since G5 Macs are some powerful, maybe they don't need a huge network of zombie-Macs as they would of PCs, just a small handful of G5 Macs could do the work of hundreds of PCs zombies

So, you think that most 'zombie' machines get used for cracking RC5, do you?