swajames

It isn't, I agree with you.

UUronL

Understood - that was more a question I was putting out there, not for you specifically since you already stated that you don't buy the no risk position.

BetterMakeWay

Yes yes yes you both are right...in your own way. You may call OS X security by obscurity, and other ways it has been called, but let me tell you this:

1. There is no active virus in the wild for OS X. You may call in different malware like trojans and worms but that's a completely different story, and please bear with me: Do you agree that no OS out there is safe from such malware like trojans and worms? I ask you this because for example recently there was the Trojan in the pirated version of the iWork suite running around torrents, and the user wouldn't even know it was there because it never existed till then. Also the user took it's own risk when installing crap from the internet. So in a way there is no AV solution out there and no OS security that can protect from stupidity or ignorance.
And i'm sure you know as an IT security professional, you know that professionally would be incorrect to put viruses with other malware into the same basket. It's not at all an argument of semantics, and yes it does really matter, since in the history of the PC industry viruses did the most damage, and mostly not because of the code itself but because of it's own unique ability to self replicate. A trojan that would get installed by an ignorant Mac user wouldn't infect others with it. So don't get me wrong, i know very well with what i'm dealing it, and i'm not being ignorant.

2. Opposite to being ignorant, would be, as a Mac user, to start mitigate all potential future threats with tons of software TODAY, when clearly there is no need in doing so. The same judgement can be applied to our BMW cars. So i ask you this: DO you really think we should start looking for AV solutions for our BMW cars, for iDrive, so to avoid any potential virus in the next 5-10 years? A virus that security analysts fear it could very well start spreading to cars via the internet or the auto update process? If your answer is NO i rest my case.

And as a joke, one may very well argue with using a condom for a man that's sterile, just in case that in the future one little guy would brake free in case fertility may come back. That's exactly the case

UUronL

I initially said AV/AS (antivirus/antispyware). This covers more than traditional "viruses", because viruses alone don't represent the worst things that are out there today. You are the one who narrowed the focus to just viruses, presumably so you could make the "zero wild" claim.

I agree that we need to secure all network-enabled devices (cars too). Mobile devices have huge gaping security holes. There was a recent iPhone exploit (among many) that permitted an SMS message to execute things as root on the device. Security is a problem for all handsets as they begin to hold more and more information. Browsers also represent a huge set of attack vectors, regardless of the OS. Browsers need more security, and several third party solutions are very promising in this regard (Zonelabs ForceField) - but they're not coded for OS X yet.

ShadeZeRO

http://www.msnbc.msn.com/id/32210255/ns/te...ience-security/

More lies being spread on MSNBC.

swajames

Again, though, the devil's in the detail...

This particular "exploit" only works on machines that had fallen foul to a previous hack. That hack relied on the user installing and downloading pirated software which had been maliciously modified. The majority of users don't do this, and thus would not be vulnerable to this attack.

From the MSNBC article:

"Some hackers have already released programs that attack Macs, including one earlier this year that was spread to a small number of machines via pirated software."

"The technique ? dubbed "Machiavelli" ? exploits a vulnerability in the Mac OS X kernel, the heart of the machine's operating system. It only works on machines that have already been victimized, such as ones attacked with the pirated software"

mrfva

I was a Windows guy for around 8-9 years until I bought my 17" Mac Book Pro last year.

First thing I did was maxed out the RAM. When the 1 yr warranty expire on my MBP, I
upgraded the hard-drive from 80GB to 500GB.

Been hooked ever since. I'm in the process of replacing all of the computers at home with Macs ...
- Mac Book for my wife
- Mac Book to replace my 6 yo. daughter's 15" Sony Vaio laptop
- Mac mini to replace my home-theater PC

I still have XP running under parallels on my MBP, mostly for IE browser testing. But to be
honest, I hate firing it up. I have Vista on my home-theater PC, but it's such a memory hog.

Yup, I like Apple ... 2 iPhones (me and my wife) and an iPod Touch for the little one.
Convinced my friends and relatives to buy some AAPL stock, glad they did.

Oh yeah ... I was out to lunch on Wednesday and noticed that of the 6 people sitting around
us (including my buddy and I), 4 had iPhones ~ 67%. Just thought that was interesting.

UUronL

God bless the goons at DEFCON...


This one is -ugly-... Apple keyboards (the hardware itself) are open to an attack that will keylog.


Before anyone defends this by saying that it's not released and unknown, that's standard practice and not a reason to take this lightly. Information about attacks gets released very slowly in the security community, so as not to cause a stampede of issues. DEFCON is where a lot of preliminary discovery gets announced. This will likely evolve into something dangerous as the info spreads.



http://www.dailytech.com/New+Attack+Compro...rticle15863.htm

swajames

That's an interesting one (and I do indeed use the bluetooth keyboard and mouse that are the subject of this proof of concept). Hopefully Apple will release a fix. I certainly agree that users benefit when stuff like this gets discovered provided the holes get patched quickly and effectively.

I'm still back to one of my earlier points, though. Important as some of it is, it's largely because attacks on Apple are comparatively rare (and because the company itself is comparatively sanctimonious on security) that this stuff makes the news. As a contrast, we don't have to wade through a bunch of news articles every time a security alert hit the Wintel scene largely because it's so much more commonplace.

UUronL

Well, yes and no. I think that the way Apple treats security, patches, and the topic itself is counterproductive and gets in the way of security. That's why a lot of security practitioners think this sort of thing is news. Security flaws haven't really been novel in the Apple space for some time now.

If you think something is secure and it's not, that's actually more dangerous than operating something that you know isn't secure. You'll take measures to secure the latter, you won't for the former.

Hopefully they'll wise up as the threats grow.