+

Quote

I also believe that Mac users tend to be more knowledgeable about their computers than the average Windows user. I have nothing to back up this belief other than anecdotes, but given that Mac users choose to be Mac users implies that they made the choice after putting some thought to it.


Also, Mac users tend to administer their own computers, even in a business environment. While it is true that Apple makes administering Macs easier, you still have to understand your computer, its OS, and how things are generally connected. Mac users generally know what's on their network, because they usually are the ones that put the network together.


In situations where Macs are used in a Windows centric environment, Mac users, not Windows admins, are usually the ones who troubleshoot any connectivity and compatibility problems.


It is by necessity that Mac users become savvy; Apple just makes what it offers easier to understand, in my humble opinion.

I agree completely. When I started working at my day-job (in corporate and marketing communications), I said I had to have a Mac, as that was the standard for graphic design, and especially print production. I was told from Day 1 I was on my own, because no one in IT knew how to work on a Mac. Since then, I've replaced my own hard drives, handled networking issues, installed all software, transitioned from OS 9 to OS X (and from Quark to InDesign as a result), and pretty much handled every software/hardware/networking issue on my own (although our very good IT department, admittedly, helps out with networking issues).

Logistics of IT departments aside, Macs make their users comfortable enough to tackle their own issues. That, plus smart hardware designs (like the G4 tower's easy-open door) make repairs and upgrades far more manageable than that nightmare of beige boxes and Windows registries.

Quote

mrmgraphics wrote:
+
Macs make their users comfortable enough to tackle their own issues. That, plus smart hardware designs (like the G4 tower's easy-open door) make repairs and upgrades far more manageable than that nightmare of beige boxes and Windows registries.

Exactly. I have a reputation among family and some friends that I am some kind of computer whiz. I keep telling them that I just know how to use a Mac because it's easy, and it does what you expect. I barely know how to check my email on Windows!

That said, there are a lot of Mac users I know that really don't know much about their computers, but it's OK. They don't even need to know what admin or root is, really. You need to know what you are doing to even turn root on with a Mac, so that in itself is a level of security.

I personally believe that Mac users DO, in fact, enjoy some security thru obscurity... but most Mac securuty comes through common sense. Common sense of the Mac's architects, and of Mac users. Common sense doesn't apply to Windows at all... at least not in any of MY experiences. (Press the Start button to turn off the computer!)

Hehe when you open that email attachment and an authentication dialog pops up saying that the app is trying to modify your system... well thats probably a good warning sign. Nothing like that exists on Windows!

"He sights the user as being the weak point" should be "He cites"

Mac users are very susceptible to social engineering. For instance, an antivirus company can fool a Mac user into installing software on their hard drive which then deletes their email. (Norton AntiVirus for instance.)

Here is a great article on why the Mac will ALWAYS be more secure than windoze:

http://daringfireball.net/2004/06/broken_windows

... but as a Mac tech at a Mac-centric advertising agency full of mac-based artists, I can tell you it's not all true. We have close to 200 mac users here... and I would estimate over 80% of them are what I would consider to be "functionally computer illiterate". They can run basic programs like mail and word, and can make Photoshop and Illustrator sit up and beg for scraps if they want (really amazing skills!), but anytime the slightest thing goes wrong or unexpected, the blinders come down and the call for a tech goes out.

As an example, we have had to set up a separate opt-out mailing list for email forwards to the entire company and strictly enforce the policy, due mostly to people who can't figure out that they should check snopes.com *before* forwarding the "latest" dire warning to the entire company, no matter how many times we show them how and explain why.

Some people just don't want to "get" computers, mac OR pc. Mac users, I would agree, are indeed somewhat more likely to be somewhat more sophisticated. But there are MORE than enough users out there who refuse to learn anything beyond the bare minimum needed to get their jobs done to be able to make broad categorizations, or think a moderately well-engineered piece of social engineering would fail just because it targeted the mac community.

Interesting article. I think you're on the right track, but I think that
what you've possibly not considered is not that OSes other than Windows
are less likely to be targets not because they are more obscure, but
because Windows is marginally such an easier target (like an unattended
car with the windows down, the keys in it, and a full tank of gas left
overnight in a high crime area) that it is irresistible to hackers,
especially when other systems require direct action by their users in
order to propagate little nasties like viruses and worms.

Yes, OS X and Linux and Unix are not invulnerable. But compared to
Windows, they're bullet-proof. They are inherently more secure because
1) they are specifically designed to be and because 2) they force a
human being to allow or deny activities most likely to be circumvented
in the successful social engineering we've seen occur with Windows
viruses and worms. To revisit my previous metaphor, OS X at least comes
with a bulletproof vest. Users can decide to take it off altogether,
very frequently, sometimes, or not at all without compromising much in
the way of a pleasant user experience. By comparison, Windows doesn't
even come with a suggestion to keep your head down when a firefight
breaks out.

" but
because Windows is marginally such an easier target (like an unattended
car with the windows down, the keys in it, and a full tank of gas left
overnight in a high crime area)"

Hah! That is quite possibly the best description ever of windows!

Quote

Compudude wrote:
...but anytime the slightest thing goes wrong or unexpected, the blinders come down and the call for a tech goes out.

You just described my wife. I love her dearly, but I've lost track of the number of times I've heard, "Steve, what is this?".

Quote

Compudude wrote:
Some people just don't want to "get" computers, mac OR pc. Mac users, I would agree, are indeed somewhat more likely to be somewhat more sophisticated. But there are MORE than enough users out there who refuse to learn anything beyond the bare minimum needed to get their jobs done to be able to make broad categorizations, or think a moderately well-engineered piece of social engineering would fail just because it targeted the mac community.

Agree, and if the Mac community got its wish and OSX somehow got deployed in a large number of corporate settings, you'd see the problem multiply. Of course, as someone else noted, when the dialog box saying that some program wants to do something pops up, the willfully-ignorant might just ask a techie what that means. That, certainly, would be far preferable to the Windows default, which is to not tell the user anything while said program trashes the system.

This is always a funny argument.

When the military builds their secret base in Nevada instead of New York, that is a classic example of security thru obscurity.

When people start deriding Mac security because it is "only security thru obscurity" what they are ultimately saying is "You'll loose your security as soon as Apple outsells windows!"

No other computer is more perfectly designed for those that do not understand computers. Those whose first computers were eMacs because they wanted one the kids could use would be a good example. The eMac would be an excellent choice - especially for those who understand how much kids cost.

The Mac is also perfect for those that simply want to use their computer without any problems, or heavy maintenance tasks. They can be very good on their job related work, and really bad on the technical side.

Fortunately OS X makes it very difficult for malware and expect Apple will make it even more difficult in the future.

I think that some mac users are more technically inclined. they love the unix-y goodness of os x, etc.

But on the counterpoint, the platform tends to attract morons who are blindly zealotous. I'm talking about the "My 1 GHz G4 is closely equivalent to a 3.6GHz Pentium 4" and "That ipod knockoff that does more, is cheaper, and gets 4 times the battery life is obviously worse!"

I have an ipod, but I don't think it's god's gift to consumer electronics. I think I resent the fact that I can't use it as both a music backup device and a player.. all of the hidden F01-FXX directories are offensive to me.

I am also writing this on a powerbook. I love the operating system. And I think the software is written to be mostly just as fast as any other computer (sometimes faster). But this isn't because the G4 is better.. it's because the operating system isn't loading drivers for the usb vibro-dildo that I don't happen to have.

OS X is also highly less offensive in comparison to windows. I resent running through setup wizards that never give me exactly what I want. Try making a direct connection between two windows XP computers via crossover cable, to understand what I mean.

Anyway, I am ranting. But I think that the platform lures all types, just like any other. For every person who looks into the source for whatever software they install, there are 9 who blindly type in their admin password to install the new softwar-y goodness.

I'm done.

Donut

Mac users are complacent because they’ve not had to deal with a major virus or trojan for a long time.

Because of this, I do suspect that malware can get a toehold easily enough. All it takes is a trojan program to plant a back door simply by having its installer prompt for a password.

Really, it’s not a question of if it will happen, but when it will happen.

-Dave V (Mac user since 1992 and former IT desktop service provider)

Quote

usb vibro-dildo

They make that? They sure do.

I'm more optimistic about the lack of malware. Sure, complacency can get you places if you're a bad guy. The difference is that someone has to continue to be complacent on OS X for the thing to really get anyplace.

And when it does happen, fixing it will be fairly straight forward. IMO.

Social Engineering is hacker-speak for tricking a person into revealing their password.

This is the classic con-job which has played out through centuries of Sucker meets Swindler. (Pinnochio got suckered twice in Disney's version).

The only way to counteract this is with Social Behavior Modification, which has nothing to do with Computers.

Like Apple said earlier, "[social engineering] is not a virus, Trojan horse, or worm. It does not propagate itself across a network, through email, or over the Web."

Until someone produces code that can bypass root without human interaction and then autopropagate through networks, everyone else is just blowin' smoke up their own arse.

[quote="mshoaf"]

Quote

mrmgraphics wrote:
+
I personally believe that Mac users DO, in fact, enjoy some security thru obscurity... but most Mac securuty comes through common sense. Common sense of the Mac's architects, and of Mac users. Common sense doesn't apply to Windows at all... at least not in any of MY experiences. (Press the Start button to turn off the computer!)

My first experience with a Mac entailed tracking down its normal user to figure out how to get my floppy disk out: "Do WHAT? Drag it to the Trash?" and go to "Special" to tell it to turn off?"

But I love Macs now and deal with 1700 out of the 25,000 in the county school system running a high school help desk. One of the reasons we DIDN"T use a Windows platform for a 1-to-1 computing initiative were virus/security issues.

http://a772.g.akamai.net/7/2047/1141/300_04/neo.qtv.apple.com/secure/oct/ctia/ctia_300.mov

Quote

Compudude wrote:
...anytime the slightest thing goes wrong or unexpected, the blinders come down and the call for a tech goes out.....Some people just don't want to "get" computers, mac OR pc.

You're so very right, and those two sentences perfectly describe my otherwise very intelligent mom's approach to computers. This very week I spent some 15-30 minutes providing over-the-phone support because she'd made the navigation bar in Netscape go away by accident.

I'd say that there are probably plenty of Mac users like that out there, and that most Mac users are certainly NOT up to the level of someone who's running Linux. To run Linux you still kinda have to really know what you're doing just to get it properly set up and configured, despite the progress they've made with graphical installers. Running a Mac is mostly a no-brainer unless something actually goes wrong.

But I'd also say that even know-nothing Mac users STILL won't get burned as badly by social engineering tricks as their Windows counterparts, simply because the Mac has less holes for those tricks to exploit, and less ways for stuff to happen in the background without the user's knowledge.

I can't tell you HOW many times I've watched the hard drive spin up inexpicably on my Windows machine at work while just doing routine web-surfing or viewing email (the company insists on IE/Outlook), then gone to my Add/Remove Programs and seen some new additions there, or run Spybot and seen all the crap--not just cookies, either--that got put on my computer without so much as a Yes/No box.

On the Mac at least I'd have gotten the request for an admin password and known something was up; and there's a limit to what even an admin account can change in the system. A Mac user has to be pretty savvy to use sudo or enable the root account. And Mail and Safari don't have the same access to the guts of OS X that IE and Outlook have in Windows. There ARE reasons why a Mac is inherently more secure than Windows besides marketshare (you'd think some hacker somewhere would have cracked a Mac just to shut us all up by now, wouldn't you?)

--rueyeet