Uh so is Apple. They don't make components. In fact for a long time Asus was making all of Apple's logic boards. Probably still are.

Except for the A4 in the current iPhones (and iPad?). And all the R&D that they put into developing new hardware designs and components. The actual manufacturing of those components may be performed by other companies, but Apple tech is far more than just other's components.

Several of their old inkjet printers were indeed just re-branded HP DeskJets.

So does HP and everyone else. They have engineers design the hardware to specification and then hand those specs to a company like Asus and they manufacture the parts. If you crack open a HP computer you will see that Asus silk screen stamp on the boards, and it is a board you cannot buy retail.

The only real difference is that Apple definitely has their "own way," of engineering their products, and they also write all the software for it. Where as HP is purely hardware and they have other companies code software for their product.

I was a warranty repair tech for years for a company that did consumer and business sales of technology. We did all the warranty work for our clients. I have probably done hardware repair on over 20,000 machines in my life time. No company actually make parts. They provide specifications to the manufacturers that make them. They may specify I want this type of capacitor, this type of resistor, and this type of wiring, but they don't actually make anything tangible. They do it through CAD-like programs to engineer hardware components.

You crack open an Apple product you will see LG, Hitachi, and Asus stamped all over their parts. I will say that no one designs anything like Apple. They are definitely unique, but higher quality of components is a very moot argument. They all use the same components. I can't tell you how many HDs I have fail every week in our macbooks here at work.

Absolutely.

But, the point being made was that Dell is a brand slapped on top of commodity components that they've assembled, but had no part in designing. Apple and, as you point out, many others have a hand in the design of those components.

No one is saying that Apple is designing and manufacturing their own hard drives, RAM, LCDs, etc. Or even manufacturing their own motherboards. The claim was that Dell doesn't do either. (Though I'd be marginally surprised if even the motherboards were COTS.)

Plus, it's an incredible stretch to claim that the A4 or Unibody case and manufacturing process aren't "Apple's" own components.

I wasn't counting cosmetic parts. Like I said, Apple engineers their products in their own unique way, but the actual components are the same as any other computer. Whether or not Apple hardware engineers are better and making combination of specifications work better on a greater scale compared to any other major manufacturer is probably up for debate.

I am biased though, and have been repairing all sorts of electronics for years (11 years now to be exact) and I have seen many models of many different manufacturers have high failure rates. I can think of 4 different models of Macs in the past 6 years I'd never own due to their rate of hardware failure.

I think Apple makes a great product, and I think their laptops are the best out there period. Having owned, repaired, maintained, and given tech support for every major brand of laptop, the Macbook Pro is currently my favorite. It is also, I think, the best laptop I have ever owned. It is a work horse. However, on a component level it is the same as every other laptop out there. The design makes up some of the differences and the engineering. However, as far as parts go, it has the same "guts," as every other laptop out there. That is a fallacy in logic many people have when looking at Apple products. It is a sales pitch I often hear that is totally incorrect is all. Many companies have the same business model as Apple when it comes to hardware design. However, I think Apple does the design part a lot better. Apple also puts in tons of "little things," that make an overall big difference.

A mac is a tool just like a PC. you use your tools to get the task done. Different tools for different jobs, and different people prefer different tools.

To be honest the era of the virus is probably gone. Most malicious attacks use user interactions, since they are now the weakest link in security of a computer user.

I also think Apple has a higher quality control, when releasing their products (minus the iPhone thing, and a few models of macs that were very prone to fail) and if you buy 2nd or 3rd generation of a model of a Mac, it is going to be solid. Just try not to buy 1st gen stuff is my advice.

Since when is the A4 a cosmetic part?

I meant the unibody case for cosmetic part:D The A4 I believe is manufactured by Samsung, so it sort of falls under what I have been saying. Though, the A4 is completely designed by Apple as far as I can tell. I haven't read too much into it. ARM architecture though was not designed by Apple.

You're splitting hairs.

The original claim was that Dell simply slaps a label on commodity hardware.
You said Apple does the same because they don't make their own components. I take it you were arguing the manufacturing quality point more than the in house component development?
I think there's quite a bit of difference between assembling COTS components and putting R&D into new technology, even if that technology is eventually built by other companies.

If you're talking about the physical build quality, sure, technology is pretty advanced and everybody generally makes quality products with the occasional bad batch, design flaw, etc. In that sense, Apple is going to sometimes run into the same problem that Dell might, when quality control fails to catch manufacturing defects.

Just as users, to bring this back to spyware, are a greater threat than is the OS.

Granted, this article isn't about Windows 7 per se, but I found it fairly informative: Is Windows inherently more vulnerable to malware attacks than OS X?

Spoiler: the answer is yes.

"Launchd."

Spoiler: the admin doesn't know what the hell he's doing.

Ah. Dumbass forgot to install the latest patches.

No admin in their right mind would do such a stupid thing.

All *nix processes/daemons are spawned from a single hyper-privileged process called init. What's the difference?

Wrong. Even in the W2000/XP days.

Wrong.

Wrong. Even in the W2K/XP days.

Wrong because of the bad assumption everything runs as SYSTEM.

True but MS doesn't advise third parties to do that. They do that on their own accord. That's hardly MS's fault.

Wrong. Probably never heard of Windows File Protection. OS-X certainly doesn't protect anything.

Wrong, everything is signed.

There's no need for it. And why would Windows check third-party software?

Yes, that's how it's supposed to work, except using privileged accounts for d2d usage. On the other hand OS-X allows admin users to add applications to /Applications without authentication. And that's supposed to be better?

It's freaking easy to do. Never heard of netstat?

Not really.
Go blame the DMCA.

Yes. And plists and dictionaries are sooo much easier. NOT.

Taking ownership of the key resets the ACL. Big deal.

Yes, because secondary streams shouldn't be needed. And it's actually a feature to make Windows servers more Mac friendly!

They are not difficult to employ. They are however difficult to understand by a n00b sysadmin. I'd say get some training!

You don't need anything exceeding root. Root can do everything. Try keeping root out of something. It's rather easy to block access to administrators on Windows.

Wrong, services.exe has absolutely no problems running services on different accounts with different profiles/logins/resource limits/whatever.

Go visit MSDN.

Unless the man page is out of date or otherwise incomplete (it happens).

Windows File Protection

Wrong on so many levels I don't even know where to begin.

Which is easily edited/modified/deleted by anyone with enough privileges.

Another lovely file that can easily be modified/deleted by an attacker.

And how many people will actually know what's supposed to be in there so they can detect what's new?

And how does this increase security?

Not always.

Great, same as on Windows.

Very, very wrong. Guess where 'rootkits' started and guess why they're called "root" kits? Exactly, the technique originated on Unix.

It's also fairly trivial to write something that doesn't show up in that list. It's also trivial to hook the APIs needed to get that info. This can be used to hide processes and other things.

Unless the infection went unnoticed for some time. Rendering all your backups useless.


The clueless moron does nothing but spread false and inaccurate information.

For my nickel, from the day they decided to put the Window Manager and the GDI into Ring 0 (in NT 4, via the Win32 API, done so the graphics performance could equal DOS and surpass OS/2), Microsoft was walking down the malware path.

GDI+ has improved on this, and DWI further, by catching up with the hardware and making it do more of the work. But since the legacy code is still there they have had to jump through a lot of extra hoops to deal with it, and finally Windows 7 has pushed all the GDI-related code into software abstracted rendering only.

Apple did not make that choice, and as a consequence the gaming performance of Mac OS X has suffered, but many other headaches have been avoided.

There are very sound historical reasons that things have turned out the way they are.

Feel free to Google up a storm for references; you can start here.

And then compare it with the XNU kernel of Mac OS X, perhaps starting here.

Apple (and NeXT) had the benefit of seeing other peoples' mistakes. ;)

Change some words and that looks like a ton of proverbs: "a fool spreads folly"

And I thought the file Lock (uchg) from Terminal kept root out too.

Nope, root can set that flag but it can also be removed again.

Also note that in 10.5 (I don't know about 10.6), even the 'schg' and 'sappnd' flags can be unset by "root", without booting into "single-user mode" because 10.5 runs at a lower "securelevel" than in the past (you can bump it back up if you are aware of the need to).

It's funny because the author of the article gushes about Apple's documentation, yet where did Apple document this significant change to the treatment of these flags, to warn admins that might be using them as a part of their security strategy?

You know what? I feel the same way. I read through the Directory Services book for the ACSA certs, and thought I had a pretty good understanding of how Directory Services works. Then I have an issue an use Apple Enterprise support and we are running commands involving slapd, slurp, and taking peeks at all these combined services and files under-the-hood the book never touches on. I think I learned more from that enterprise support call than I did reading the book.

Some of the Apple specific manuals for their specific Unix binaries are unclear or perhaps even completely lacking at times.

While, I think Apple makes a great product, in fact it is my favorite commercial OS, I do think they are lacking in some areas. Security documentation is one of them. I usually read the NSA security guides and try to teach my users best practices when using their computers.

I however, have yet to see, any OS X servers infected due to lack of security patches or documentation that a sys admin may over look. Apple keeps it simple on the top level, so sys admins of OS X server usually have simple set ups. The more you complicate it, the bigger security risk you are taking, in my opinion.

These days it's not the server itself that gets attacked, it's the (web) applications that are running on it that are the most vulnerable. Web applications like CMS or forum software regularly have big holes in them. Custom made web applications are even worse.

Usually those servers are infected in such a way that it doesn't 'damage' the server. However any unsuspecting (windows) user that browses to that site gets a crap load of malware installed. Sure, it's mainly windows users that get attacked this way but there's no reason why a similar attack vector couldn't also attack Mac users. There are plenty of bugs to exploit.

And yes, I agree. Documentation is sparse. Especially good, detailed, technical, information.

Yeah I agree with you. However, some things aren't necessarily the fault of Apple and Microsoft. Some of them are the fault of whatever web based product or API, or application they are using. Java is filled with security holes that only Java can fix.