08-30-2009, 06:38 PM
|
#121 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
Is this implemented yet? If so, could you point me to it's documentation? I'd like to read up a bit on it. I do believe you're on the right track. But I'm not so sure if users want this. Since nobody knows exactly what all the different users in the world are doing with their computer it'll be hard to settle on a default configuration for this. So the default would probably be either too restrictive (and users will start hating it) or too relaxed (and offer too little protection). |
|||||||||||||||||||||||
|
|
|
08-30-2009, 07:34 PM
|
#122 | |||||||||||||||||||||||
|
MVP
Join Date: Jan 2004
Posts: 1,764
|
I think you are dead wrong and it hurts your credibility to state this. I know a true security expert, Jay, that I have worked with in the past and he has whole heartily refute your claim that just because Mac has more market share, they are more vulnerable. His statement is below and I'm sure even you will find this hard to dispute. You are starting to sound more like a novice than an expert. I'll rest my case: " Of course, only time will tell, but I have a *really* hard time buying this argument. I do not believe that the number of installations for a given platform really has any significant bearing on the number of virii or exploits for that platform. **All else being equal**, this argument might work. However, in the real world, "all else" is not equal. Platforms (OS, applications, protocols, whatever) are very different. We can not say that OS X, Windows, Linux, Solaris, etc... are the "same" from a security perspective except for the number of virii for each platform. This would be far from the truth. These platforms are all very different and each has its strengths and weaknesses. Some are better at security than others. All else being equal, more market share equals more security problems. Ok, I will buy that. However, in the real world, that does not seem to hold up. Here are some non-scientific examples: * There are dozens of MILLIONS of non-Windows machines in the world. However, 99.999999% (or some ridiciulous number) of all virii are only Windows specific. If someone could write an effective UNIX virus, they would have the potential of hitting 50+ MILLION (a conservative number) machines. Sounds like a good sized pool of targets to me, but there are effectively no significant UNIX virii. * The Apache web server has well over 65% market share, while IIS has about 20%. However, there are MANY more severe virii/exploits/vulnerabilities in IIS than there are in Apache. Note: I am NOT saying Apache does not have any vulnerabilities. I am simply saying that if the market share argument were accurate in the real world, the number of Apache exploits should be more than triple the number of IIS exploits. This is not even close to being the case. Increased market share does not equal decreased security. * When we look at DNS servers, it is even better. BIND has over 80% market share, but it does not have rampant security problems. Think of all the havoc a little script kiddie could cause by hitting 80% of the world's DNS servers! However, this has not happened. We do not see tons of new BIND virii every day. Why? Increased market share does not equal decreased security. * Sendmail+Qmail+Postfix account for easily 80% of the world's email servers. However, compared to Exchange, the share of security problems is nowhere near proportional to market share. Increased market share does not equal decreased security. Again, only time will tell for sure. ~Jay"
__________________
with warm regards Ronald Cross |
|||||||||||||||||||||||
|
|
|
|
08-30-2009, 08:14 PM
|
#123 | ||||||||||||||||||||||||||||||||||||||||||
|
Prospect
Join Date: May 2009
Posts: 19
|
This seems like one to me:
|
||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
08-30-2009, 09:18 PM
|
#124 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Jan 2005
Posts: 8,475
|
No, you refuse to accept the fact that a flaw which can be abused by software is a bug. Therefore, any successful malware must abuse bugs in the system. Trojans for example abuse the flaw in the design of every current OS which allows any application to disguise itself as any other application. No doubt it will be decades before there is even an attempt to fix this flaw, but that doesn't change the fact that it is a flaw/bug. Of course, I understand that you can't accept this fact. It would require putting the blame for weak security back on the OS and that wouldn't be good for selling useless AV software. Better to blame the users. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 02:09 AM
|
#125 | |||||||||||||||||||||||
|
Moderator
Join Date: Nov 2003
Location: Norway
Posts: 3,152
|
The myth of market share
.
I agree with Ron Cross: You are dead wrong. Market share is not the reason for Mac OS X being virus free to date! Let me just add one small point to Ron’s thorough rebuttal. Many viruses are created by hackers to attain status in their community, hence a natural question is: What do you think would give you most prestige -- designing Virus No. 114,001 for Windows, or designing the very first one for Mac OS X?Since 2001 OS X has been available for Mac desktops (and since 1999 for servers). And yet there is still no self-replicating OS X virus in the wild. Why, even for Classic there is still only a handful! After more than 8 years, no hackers has stepped forward to claim his due fame. I rest my case. .
__________________
. "You say this gadget of yours is for ordinary people. What on earth would ordinary people want with computers?" HP executive to Steve Wozniak Last edited by ArcticStones; 08-31-2009 at 02:12 AM. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 07:18 AM
|
#126 | ||||||||||||||||||||||||||||||||||||||||||||||
|
All Star
Join Date: Feb 2005
Posts: 726
|
Sorry, but there's no implementation of this as far as I am aware. It's just an idea that I had a month or so ago when thinking about some of the "virus free" claims that Google were making about their upcoming Chrome OS.
Indeed. There is always a trade-off between security and useability. There's no point in making a super-secure OS if no-one wants to use it.
__________________
Question everything -- especially that which you already believe to be true. |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:07 AM
|
#127 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
That's not a bug. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:16 AM
|
#128 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Jan 2005
Posts: 8,475
|
lol! Ahahaha! Lol! Ahahaha! Lol! Ahahaha! Lol! Ahahaha! I suppose it's a feature? lol! Ahahaha! Lol! Ahahaha! Lol! Ahahaha! Lol! Ahahaha! |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:17 AM
|
#129 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
It is not a bug. Just because a standard user is able write there doesn't make it a bug. It's similar to an OS-X admin user being able to write to /Applications (and quite a few other directories). Remove the admin/administrator privileges and it won't work anymore. That said removing admin/administrator is no guarantee. If you simply rewrite NetSky to use HKEY_CURRENT_USER instead of HKEY_LOCAL_MACHINE and %APPDATA% instead of %WINDIR%, NetSky won't need administrator privileges and it would just be as potent. Similarly an OS-X variant could use ~/Applications and/or ~/Library/LaunchAgents/. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:21 AM
|
#130 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
This may have been true a couple of years ago, it certainly isn't anymore. These days it's about money, how to get WoW, Steam, whatever accounts. How to get into your bank account, steal your CC information etc.. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:32 AM
|
#131 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Jan 2005
Posts: 8,475
|
 Yeah, so you're saying that for 6 out of the 8 years these guys were dying to write a Mac virus but couldn't? And we're all supposed to ignore the enormous attention (relative to market share) that is paid to the Mac OS at various "Black Hat" conventions and the celebration at the success of a mere proof of concept attack? And Mac users have less money than PC users, so why attack them? No, wait! I've got that backwards, don't I? One more thing: Bugs come in all shapes and sizes. It is not necessary for a bug to cause a buffer overflow or some other error in order to be a bug. There can be, and are, bugs in the overall design of a system. Last edited by cwtnospam; 08-31-2009 at 08:36 AM. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:35 AM
|
#132 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Jan 2005
Posts: 8,475
|
Yeah, so where's the OS X equivalent of these attacks? Answer: nowhere. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:44 AM
|
#133 | ||||||||||||||||||||||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
There have been various attacks. None of them reached a big audience simply because of the numbers involved. As I've said before there's still only a 1 in 10 chance a visitor on your website or a recipient of your email is a Mac user. It simply has more impact to write for the predominant OS on the desktop.
Which only means that OS-X has similar "bugs". Last edited by SirDice; 08-31-2009 at 08:48 AM. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
08-31-2009, 08:55 AM
|
#134 | |||||||||||||||||||||||
|
Moderator
Join Date: Nov 2003
Location: Norway
Posts: 3,152
|
.
Please, gentlemen. Tempting though it may be, no smiling out loud! Oh, heck. I’m grinning from ear to ear myself...  .
__________________
. "You say this gadget of yours is for ordinary people. What on earth would ordinary people want with computers?" HP executive to Steve Wozniak |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 09:58 AM
|
#135 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Jan 2005
Posts: 8,475
|
Which means that your argument fails yet again: there aren't similar successful attacks anywhere near 10% of the scale found in Windows. There aren't even 0.01% of the number of successful attacks. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 11:06 AM
|
#136 |
|
Site Admin
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
|
Since this thread has become a discussion, I moved it to the Coat Room.
__________________
hayne.net/macosx.html |
|
|
|
|
08-31-2009, 11:58 AM
|
#137 |
|
All Star
Join Date: Sep 2006
Posts: 860
|
Thanks hayne, Any way Here is some more fuel for the fire or maybe slightly interesting.
http://www.informationweek.com/news/...leID=219500492 |
|
|
|
|
08-31-2009, 12:10 PM
|
#138 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
League Commissioner
Join Date: Jan 2005
Posts: 8,475
|
Well that really captures the essence of what's going on here:
and:
Prediction: No matter what any OS vendor does to their system, "security" companies will always claim that it's not enough, and that their users are too complacent. That is of course only if they feel they aren't making enough sales to users of that OS. If they're making good sales, then all is as it should be. Quantity and quality of actual exploits is irrelevant. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
08-31-2009, 12:45 PM
|
#139 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
Because the security features (or bugs depending on your view) of both OS-X and Windows are similar this discrepancy must have a different underlying reason. Simply stating there's less malware for OS-X because of it's security features uses circular reasoning and adds nothing to the question: What makes OS-X less attractive for malware writers? There are plenty of opportunities (and I don't mean bugs) for malware to infect OS-X. I see no reason why the number of OS-X malware wouldn't rise when it's market share will be at 90% (opposite to what it is now). Given enough years at that level I'm quite sure the total amount will equal or perhaps surpass the numbers we see now attacking Windows. |
|||||||||||||||||||||||
|
|
|
|
08-31-2009, 12:56 PM
|
#140 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
League Commissioner
Join Date: Jan 2005
Posts: 8,475
|
The answer is obvious: degree of difficulty. Every announced exploit for OS X to date requires too many special circumstances to be successful. There's no reason to think that will change.
You do mean bugs. There's no other way to infect any system of any kind than to exploit a bug in the system. Of course the amount of malware will rise over time! It's impossible to stay at zero forever. The question is, how much time? At the current rate, I'd expect the Sun to vaporize us first.
Sure, but by that time our civilization will have long since vanished. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
 |
|
|
Linear Mode
