backtop


Print 124 comment(s) - last by ersts.. on Sep 7 at 4:14 PM


Apple's Snow Leopard shipped with an outdated vulnerable version of Flash. If these users don't upgrade to the latest version immediately, they give hackers a golden opportunity to exploit their machines -- so upgrade now if you bought OS X 10.6. Yes, you too.  (Source: AP)
Fortress Apple is compromised by one of its residents

Increasingly, it is exploits of application vulnerabilities that are used to gain access to and control of modern operating systems, not attacks on the OS itself.  With Apple relenting and allowing more third party software on its computers in a bid to appeal to a broader consumer market, it's finding it hard to maintain the image of security that its ads claim, when its applications frequently develop exploitable vulnerabilities.

It was discovered this week that Apple's new operating system, OS X 10.6 "Snow Leopard" shipped with an outdated, vulnerable version of Flash -- 10.0.23.1.  An upgrade to Snow Leopard downgrades the Flash from the current version (10.0.32.18) without prompting the user, according to security firm Sophos.

In doing so, the new OS puts customers at risk, as the older version of Flash had several widely known vulnerabilities.  Adobe is a popular target for hackers, with Flash, Acrobat and Reader (used for PDF -- Portable Document Format -- files), all being frequently used to attack systems.

In July alone, Adobe was forced to issue 12 updates for its Flash player -- updates that were included in the latest version of the player, but not in the version Snow Leopard shipped with.  Ten of those vulnerabilities could be used to execute arbitrary code on the machine.

By default Adobe's flash player only updates once every 30 days.  That gives hackers a wonderful window to attack new Macs and Macs upgrading to the new OS over the next month, unless Apple or its users act. 

Adobe's update settings are not configurable on the physical machine, but savvy users can safeguard themselves by going to the "Settings Manager" page on Adobe's website, and setting their updates to seven day intervals (7, 14, 30 (default), and 60 day intervals are available).  More importantly, they should upgrade immediately to the latest version of Flash.

Apple would not respond for comment about the development.  The revelation of the vulnerability came as Apple shipped with its first ever free malware detection software, capable of detecting two common Apple malware programs -- "RSPlug.a" and "Iservice".  Apple's press releases also bragged of several other security improvements in Snow Leopard.  Nonetheless, security firms remain skeptical and these efforts, saying the OS still has many security flaws.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

New Commercials
By clovell on 9/3/2009 10:51:48 AM , Rating: 5
So, does that open Apple up to a class ation suit for false advertising of 'No Viruses'?




RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Motoman on 9/3/2009 11:44:15 AM , Rating: 5
Step off, fanboy. You can direct everyone to a page on the Apple website where they say "PC viruses" all you want...that has not the slightest bearing on the fact that their TV ads are what the VAST majority of people see, and those ads explicitly DO NOT specify any such thing as "they don't get PC viruses."

...which is a dumb enough thing to say anyway. You may as well try to promote your car by spouting "Teh new Chebby Malliboo does not get Swine Flu!"


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Motoman on 9/3/2009 12:00:21 PM , Rating: 5
No, I never in any way said I doubted that the page you linked to said what you said it said. I know, for a fact, that on that page they say "PC viruses" specifically.

What I'm taking issue with is that your rabid fanboyism is compelling you to try to use that one, isolated piece of information that differs from the vast majority of Apple ads that people see, as some kind of justification.

Which it isn't. That page is utterly useless as a counterweight to their TV ads. And it's not clever at all...although it is misleading.

The problem is that you keep bringing this up as some kind of defense for Apple, and it is no defense...if you found some guy that is a serial ass-rapist, you don't get to point at the one person he didn't ass-rape and go "see, it's OK...he didn't rape this person!"


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Motoman on 9/3/2009 12:47:04 PM , Rating: 5
...what you are trying to do is to give some absolution to Apple for it's deceptive marketing by pointing out one spot where they say "PC virus."

I'm not going to give you that absolution.

I'm also not going to entertain your issues with "your customers." The experience you describe is not the average PC experience, and there's no reason I can't go out and find plenty of horror stories with Macs blowing up and doing stupid things.

In the end, the "security" of the Mac is fundamentally an artifact of their inability to gain significant marketshare, and therefore the utter irrelevance the Mac user base has to a hacker.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By mechBgon on 9/3/2009 1:43:10 PM , Rating: 5
Unfortunately, Apple's ASLR is still reportedly half-baked:

http://www.channelregister.co.uk/2009/08/29/snow_l...

quote:
"ASLR is really only useful if EVERYTHING is randomized," Charlie Miller, co-author of The Mac Hacker's Handbook, wrote in an email to The Register. "If there is anything that is not randomized, it defeats the purpose mostly. This is a major shortcoming of Apple, and I'm disappointed they didn't take this opportunity to implement full ASLR."


quote:
It wasn't until the end of Vista's life cycle that the rest of the market found out how to work with admin/user/UAC properly.


I think you meant "WinNT," since we've been separating admin/root and user powers at least that long. Bridging the gap all over the UI using UAC does make it simpler, but prior to that, I simply used RunAs or RunAs /savecred.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Motoman on 9/3/2009 1:50:12 PM , Rating: 4
...thank you, FanBoy. Here's your sign.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Hyperion1400 on 9/3/09, Rating: 0
RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By seamonkey79 on 9/3/2009 7:49:42 PM , Rating: 3
Try doing that if you don't now what you're doing... just because Linux may make things 'easier' once you know how to do it does not mean that Windows is 'harder' to do the same thing in...

It's all knowledge people, of particular things.

They're all buggy and broken, and trying to defend any of them is so ludicrous it's laughable.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By MrPoletski on 9/4/2009 4:52:40 AM , Rating: 3
Well this was the Mac-daddy of OS arguments...


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Pirks on 9/4/2009 12:17:13 AM , Rating: 2
"Pirks, is that you?" ;)


RE: New Commercials
By themaster08 on 9/4/09, Rating: 0
RE: New Commercials
By sprockkets on 9/4/09, Rating: -1
RE: New Commercials
By shazbotron on 9/4/2009 10:25:24 AM , Rating: 3
Wow, he's loaded?! He must be smart!

And the indigent? Clearly morons because they allow themselves to be poor.


RE: New Commercials
By sprockkets on 9/4/2009 1:31:38 PM , Rating: 2
Wow! Another straw man argument! Is that all you got?


RE: New Commercials
By dark matter on 9/5/2009 12:46:27 PM , Rating: 1
You know something, I haven't bothered to read any of your comments.

I have had a couple of -1's in the past, and I admit it was through being a stubborn jackass and spouting shite. One thing I didn't do is have a string of them like you have.

Why don't you realise WHY you are getting so many -1 reps. Its because what you are saying is utter shite and nobody, and I mean nobody believes you enough to rep you back up to zero.

Its one thing to stick to your opinion but something else to repeatedly try and force your opinion down the throats of others. Take it from me, no-one believes you and the more -1 you get the more of a jerk you look.

Just give it up.


RE: New Commercials
By sprockkets on 9/6/09, Rating: 0
RE: New Commercials
By omnicronx on 9/3/2009 1:57:50 PM , Rating: 4
By definition, Mac's are PC's. It does not matter that when the average person says PC they are talking about a Windows machine. As such they could easily be held liable in a court of law where Apples 'definition' of PC has absolutely no standing.

Apple saying they don't get Viruses (PC or not) is misleading, plain and simple.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Hyperion1400 on 9/3/2009 4:24:10 PM , Rating: 3
What the FUCK?!?

Are you just pulling shit out of your ass now? EVERY computer that uses a microprocessor since the early 80's has had a BIOS. It is REQUIRED to boot the machine. Just because you can't access it doesn't mean that it isn't there.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Hyperion1400 on 9/3/2009 4:46:14 PM , Rating: 5
Sigh, perhaps you should do some educating(like reading the EFI whitepaper) instead of reading Wikipedia. EFI runs on top of the BIOS between the kernel and BIOS. The BIOS is still required to do the POST and low level boot procedures(such as starting up the hardware) but EFI handles OS startup and kernel loading procedures(something the BIOS is terribly slow at).


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Hyperion1400 on 9/3/2009 5:15:22 PM , Rating: 4
*Sigh* I hate talking with someone that doesn't get it.

The fact that Apple programmed there version of EFI to only work with their kernel is WHY it is incompatible. All EFI is, is a piece of software. What determines whether or not it is x86 compatible (and therefore a "PC") is processor architecture and BIOS construction(the two of which are inseparable).

And, contrary to your misguided understanding, the BIOS will always be required. It is the only piece of code and hardware capable of operating at a lower enough level to start the system from a cold state. No matter how awesome EFI is or will be, it cannot replace the BIOS because it requires the BIOS to start EFI; it can only replace certain high level functions.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By Hyperion1400 on 9/3/2009 4:48:27 PM , Rating: 3
I can't even tell what you are trying to say in that one?


RE: New Commercials
By sprockkets on 9/3/09, Rating: 0
RE: New Commercials
By Hyperion1400 on 9/3/2009 5:01:20 PM , Rating: 2
If it uses an IBM BIOS(all x86 processors use some form of the IBM 8086 BIOS now owned by Pheonix) it is a PC. Just b/c the BIOS has been written is such a way as to only be compatible with an EFI enabled boot procedure and the EFI software found in Macs is only compatible with the Mac kernel(after all, you wouldn't boot an Intel x86 processor on a SPARC BIOS?) does not mean that is not a PC.

EFI has to be written to work with the individual kernels and boot procedures of the individual OSes. The added performance and complexity come at a price. All a BIOS needs to do when it is in control is execute a generic boot sector seek.


RE: New Commercials
By sprockkets on 9/3/09, Rating: 0
RE: New Commercials
By Hyperion1400 on 9/3/2009 5:29:14 PM , Rating: 3
Nice try with the flame. The IBM BIOS didn't come out 'till 1981 with the release of the IBM PC. Yet another failed assumption on your part.

Oh, and if you consider half of your Intel processor's architecture to be "legacy crap" I will gladly take it :)


RE: New Commercials
By sprockkets on 9/3/09, Rating: 0
RE: New Commercials
By Hyperion1400 on 9/3/2009 6:00:22 PM , Rating: 2
I still fire up the odd game of Rainbow 6/Delta Force/Doom/Hexen. A lot of older games are better than most of the newer stuff coming out.


RE: New Commercials
By sprockkets on 9/3/2009 6:05:49 PM , Rating: 2
Well, that isn't like 80s tech :)

But I like the old games too. You also probably use DOS Box or something like it. Useful for me for replaying Commander Keen.


RE: New Commercials
By Hyperion1400 on 9/3/2009 6:14:41 PM , Rating: 2
I'm still running XP x86 so I only have to use DOS Box to run pre 95 soft. Can't wait for Windows 7; I can have my cake and eat it too.


RE: New Commercials
By sprockkets on 9/3/2009 6:26:44 PM , Rating: 2
I have nothing against the new versions of Windows, and I like Win7 too, and just like you I've installed it.

I have to still run XP for my old tuner card because it works better in XP than in Vista.

And I just received my new video card via UPS to upgrade in my Shuttle SG321G2S :) It's for better x264 support via VDPAU.


RE: New Commercials
By Pirks on 9/4/2009 12:38:21 AM , Rating: 3
yo sprockkets, I like you Mac posts, but you keep spewing obvious BS about Windows not being bootbale on modern Macs. this is a lie so please stop spreading it, Windows installs perfectly on modern Macs even without BootCamp, I did it myself once on an intel plastic MacBook at my workplace. please read this: http://en.wikipedia.org/wiki/Extensible_Firmware_I... and get enlightened about BIOS support in Mac EFI. thanks and good luck in weathering the downrating storm heheh ;))


RE: New Commercials
By dark matter on 9/5/2009 12:54:12 PM , Rating: 2
Hey Pirks,

You know something I didn't even realise this was you until I had read your post and was laughing at the end. Not at you, but with you. Your last comment about weathering to downrating start really did make me laugh.

You're actually a decent guy given the post above. I was wrong about you, and I take back any previous insults I may have given you. I was wrong.

You just got mucho kudos from me. I totally respect where you are coming from now. Nice one.


RE: New Commercials
By dark matter on 9/5/2009 1:00:24 PM , Rating: 2
Bah, don't try and post a bit drunk. ha ha ha. Its my b'day weekend and I am off out in a moment. My last post had too many errors in it, but the sentiment still remains.

:D


RE: New Commercials
By plouf34 on 9/7/2009 1:03:37 PM , Rating: 2
"Just b/c the BIOS has been written is such a way as to only be compatible with an EFI enabled boot procedure and the EFI software found in Macs is only compatible with the Mac kernel"

rofl, this is the stupidest argument I've read in this thread and yet it gets a +2 ranting?

http://lifehacker.com/348653/install-os-x-on-your-...

http://www.thetechguide.com/howto/hackintosh.html


RE: New Commercials
By sprockkets on 9/7/2009 3:52:00 PM , Rating: 2
Hackintosh has been hacked to work with PCs. Those people spend countless hours putting in PC drivers in their builds from freeBSD so that it can work without an EFI bios, and have decrypted the encyrpted binaries so as to boot properly without an Apple EFI.

But if you care to read any hackintosh forum, you can read about how many people try to boot after installation, and see just a blank screen, which means your computer just isn't supported, and there is nothing you can do about it. I've tried it on my Intel G31 system and got a blank screen after installation. Which is ironic, because years ago I was able to run it on an AMD nforce4 system.


RE: New Commercials
By Hyperion1400 on 9/3/2009 5:02:09 PM , Rating: 2
If it uses an IBM BIOS(all x86 processors use some form of the IBM 8086 BIOS now owned by Pheonix) it is a PC. Just b/c the BIOS has been written is such a way as to only be compatible with an EFI enabled boot procedure and the EFI software found in Macs is only compatible with the Mac kernel(after all, you wouldn't boot an Intel x86 processor on a SPARC BIOS?) does not mean that is not a PC.

EFI has to be written to work with the individual kernels and boot procedures of the individual OSes. The added performance and complexity come at a price. All a BIOS needs to do when it is in control is execute a generic boot sector seek.


RE: New Commercials
By sigmatau on 9/3/2009 6:31:19 PM , Rating: 1
Don't bother, even if he gets it he won't admit it.


RE: New Commercials
By emboss on 9/3/2009 11:20:02 PM , Rating: 2
quote:
all x86 processors use some form of the IBM 8086 BIOS now owned by Pheonix


Umm, nope. If you define "BIOS" as some piece of software that implements the various interrupt interfaces in same way as the original IBM PC, then lots of computers don't have a BIOS. I've got several x86 machines here that are completely BIOS-free. One runs firmware of my own. Another runs coreboot.

And Apple machines don't have a "native" BIOS either. Their native firmware - the bit of code that initializes the various components and hands off control to the OS - is EFI. They have a BIOS emulation layer that can run on top of EFI to allow booting of non-EFI-compatible OSes, but OS X boots up without any BIOS involved.

quote:
EFI has to be written to work with the individual kernels and boot procedures of the individual OSes.


Other way around - OSes need to be written to work with EFI. EFI provides a number of services (disk I/O, memory map querying, etc) through standardized interfaces and can load files off of various filesystems. A typical EFI-supporting OS uses an EFI program (stored in a small FAT partition on the disk) that uses the EFI disk I/O services to load the kernel, core drivers/modules, etc, and then hands over to the OS.


RE: New Commercials
By juuvan on 9/4/2009 2:07:12 AM , Rating: 2
why, why won't they cut off the extra FAT off the computing world? I go berserk sometimes as I need to make archaic FAT partitions for things like suspend-to-disk or higher level boot manager.

Maybe I need to make my own cpu, os and peripherals to get rid of all the junk inherited form the dark ages of IT industry.


RE: New Commercials
By noirsoft on 9/4/2009 12:03:28 AM , Rating: 3
quote:
If you can't run Windows natively on a Mac, you can't call it a PC.

I can't run Windows on the original IBM PC. Does that mean it's not a PC? Or does it mean you don't know what ou are talking about (hint: it's the latter)

They are all Personal Computers. Saying that a Mac can't get a "PC Virus" is 100% false. They don't get Windows viruses (or Linux viruses or BeOS viruses, etc) but they are still a PC.


RE: New Commercials
By sprockkets on 9/4/2009 10:07:23 AM , Rating: 1
You could run Microsoft DOS on it. DUH.


RE: New Commercials
By leexgx on 9/4/2009 11:58:58 AM , Rating: 2
i think a lot have ran out of rate downs for you now Sprockkets, most of your stuff your talking about is bull or twisted, as the comment you posted that was rated down again

an MAC is an X86 based system or PowerPC CPU is an PC, just the only OS that work on it was apple, linux, as you do not go around calling linux an penguin system as thats what is uses as its logo, windows (any) is PC or windows and OSX is apple/mac)


RE: New Commercials
By sprockkets on 9/4/2009 12:22:13 PM , Rating: 2
Right. Like how in my first post I agreed by saying Apple marketing was sly, if not misleading.

Motoman must be a scarecrow because he is full of straw man arguments over me.

You might be surprised to see how many idiots down rate people for agreeing with them.


RE: New Commercials
By omnicronx on 9/3/2009 4:55:22 PM , Rating: 5
By THE definition of a personal computer. Apple computers were marketed and sold as personal computers (PC's) for a long time. It was not until their OSX commercials that they tried to set themselves apart from Windows with a clever marketing ploy.

Linux, Windows, OSX in a non server environment = PC.

THere are many kinds of PC's, ranging from workstation, to desktop computer, to laptop, to netbook, but regardless of OS, they are all PC's.

Apple does know they sell PC's, thus it would be pretty hard for them to prove otherwise in court.


RE: New Commercials
By sprockkets on 9/3/09, Rating: -1
RE: New Commercials
By omnicronx on 9/3/2009 6:46:49 PM , Rating: 4
*FISHSLAP*

The OP said apple said that Apple products won't get 'PC Viruses'.
He didnt say 'IBM COMPATIBLE PC VIRUSES', so please redirect yourself to this page.

http://www.apple.com/getamac/

'Why your next PC should be a Mac."

Do you have an angle for that too?


RE: New Commercials
By sprockkets on 9/3/09, Rating: 0
RE: New Commercials
By TheMan876 on 9/3/2009 8:24:39 PM , Rating: 2
You remind me of a friend that I have that also can't put together a coherent argument or admit when he's wrong.

Taking the term "IBM PC" would refer to a PC that is of IBM or if you extend it, "IBM compatible." This doesn't mean that all PC's are "IBM PC's."


RE: New Commercials
By sprockkets on 9/3/2009 8:53:19 PM , Rating: 2
He probably has AS :)

quote:
Taking the term "IBM PC" would refer to a PC that is of IBM or if you extend it, "IBM compatible." This doesn't mean that all PC's are "IBM PC's."


Look this whole PC vs PC thing is gotten out of hand. This is what happened to hacker vs. cracker. Nobody uses the proper term anymore; the general public just does what they want with it. Just like NASA doesn't call the orbiter a "shuttle." And you can't tell me otherwise about that, because I worked there from the VAB to the launch pads on their telephony equipment.


RE: New Commercials
By sprockkets on 9/4/2009 10:12:35 AM , Rating: 1
Oh, and btw, here's another angle for you: Ever heard of a Mac owner referring to their computer as a PC? You don't, because the average person will then interpret that as "Oh, you run Windows?"

They are always elitist of them when saying they don't run a notebook, they run a "Macbook." Oh, and un, how does each actor id themselves in the commercial, especially the one where the Mac says he is a PC because he can install Windows?


RE: New Commercials
By natehow on 9/4/2009 10:22:49 AM , Rating: 2
It is a simple definition its a PERSONAL COMPUTER


RE: New Commercials
By TheMan876 on 9/3/2009 8:18:07 PM , Rating: 2
This is exactly what I wanted to say. Darn you for beating me too it. 8)

Any computer that is meant to be used by a single person with a terminal that they sit in front of is a Personal Computer (PC)


RE: New Commercials
By headbox on 9/3/09, Rating: 0
RE: New Commercials
By CGfreak102 on 9/3/2009 11:57:31 AM , Rating: 2
that is a good question, But Most home users that use their computers that run PC to check bank accounts, purchase things online by using credit cards. Those are still probably the most targeted by hackers. Where as most college students don't buy stuff online they go to the store and might check a bank account here and there. But most average home users with a PC would still be the main target.


RE: New Commercials
By Motoman on 9/3/2009 12:03:27 PM , Rating: 5
quote:
So why doesn't one hacker bring Apple to its knees?


...because you're so far off on your assertions above that it's not even funny.

Apple's marketshare is still vastly too low for any hacker to care about. VASTLY. They're hovering somewhere around 5%, and the actual number doesn't really matter...the "success" of Apple in terms of being "secure" is an artifact of their failure to gain significant marketshare. Success by failure. Gotta love it...they're slogan should be "so few people are dumb enough to buy our crap that no one bothers to attack us!"


RE: New Commercials
By omnicronx on 9/3/2009 2:06:14 PM , Rating: 2
quote:
Apple's marketshare is still vastly too low for any hacker to care about. VASTLY. They're hovering somewhere around 5%
Its not even just that, I find that Mac users are far less likely to network their computers with other Mac's. That removes one of the main transportation methods for many worms and viruses. Of course as share increases and as Mac's become a second or third machine in the house this could change, and I guess this also tied into marketshare.


RE: New Commercials
By ZachDontScare on 9/3/2009 2:40:34 PM , Rating: 3
Thats the trick right there. Enough of their friends need to be running macs as well so that when the virus/trojan sends a copy of itself to that other machine, there's a reasonable chance that the program will be executed. If 5% of of your address book is running a mac, and only 1% of people are dumb enough to open a trojan attachment, you have to have, what 2000 people on your address list to guarantee that a single copy of the trojan gets spread. Macs just dont have the critical mass necessary for that yet.


RE: New Commercials
By sprockkets on 9/4/2009 12:37:51 PM , Rating: 2
Yeah, OSX is sooooo not targeted; that'd why there was a 20k Mac botnet running this year.

http://www.networkworld.com/news/2009/041709-first...

Or porn4mac, which conveniently needs to install to do anything. Classic "You need to download a codec to view this video" trick.

http://www.macworld.com/article/60819/2007/10/troj...


RE: New Commercials
By EasyC on 9/3/2009 12:41:14 PM , Rating: 3
It is Apples responsibility to ensure that any third party software the approve to be released with their os works within their claims. If you buy a Sony stereo that advertises AM/FM radio on it from Walmart and its missing the antenna...is it Walmarts responsibility, or Sony's?


RE: New Commercials
By Trailmixxx on 9/3/2009 1:03:02 PM , Rating: 3
Well, I would have to say that most malware writers cannot afford Apple products. The majority of the punks that generate (using kits) malware varients are not profesional and also live in countries where they can only afford old, genaric or used pc hardware, running windows. Those people are also all about the numbers of infected systems. They arent always even out to cause havok, only cred. Because you have your blinders on, you also do not relise that viral outbreaks are the least common affliction these days. Most malware is trojan based and is used for botnets and detail gathering, and is not self replicating. You also need to understand that the web useage of Mac and "PC" users is prolly different. It would be interesting to see what percentage of Mac users use Limewire (notoriously adept at malware delivery) as opposed to PC users. Anyway, you know not of what you speak. Many apple products available via bit torrent have trojans preloaded these days. If you download Snow Leopard illegaly, you most assuredly be infected. Its only a matter of time before someone decides to focus on Macs. Dont forget, Apple machines are the first to go down in hacker competitions, but Im sure you either never heard that or ignore it. Your day will come. Read this book, and temper your opinions....
http://www.amazon.com/CYBERPUNK-Outlaws-Hackers-Co...


RE: New Commercials
By ShaolinSoccer on 9/3/2009 9:24:04 PM , Rating: 2
I have yet to get a virus or even a single problem on my Mac. Had it for a couple years, too. I have both a PC and Mac and the PC definitely gets problems a lot easier than a Mac.


RE: New Commercials
By foolsgambit11 on 9/4/2009 2:07:05 AM , Rating: 3
And I have yet to get a virus on a Windows box. And I've been using Windows for 20 years. Sure, I've had my share of problems with Winboxes - most often due to shoddy drivers or cheap hardware, two areas where Mac's business model gives them a distinct advantage - but not viruses. I used to get other malware fairly often, though. Those problems ended with Vista. I praise Apple for their UIC equivalent, which came out well before MS's. It's funny that Apple's market share shot up only after these issues with Windows were resolved, though. Different strokes for different folks.


RE: New Commercials
By Tony Swash on 9/3/09, Rating: -1
RE: New Commercials
By Goldfish92 on 9/3/2009 7:00:19 PM , Rating: 5
You use no facts but then ask for them in return?!!? shut the f**k up :D
Have a nice day :)


RE: New Commercials
By Tony Swash on 9/4/2009 6:00:42 AM , Rating: 2
OK I will try to make clear the facts I am referring to in a simple fashion that you may be able to understand:

a) FACT - In the real world thousands of Window PC are infected, and continue to be infected, with contagious spreading malware.

b) FACT - In the real world no Mac running Mac OS X (thats none) have ever been infected with a contagious spreading malware.

If either of these facts are wrong please feel free to offer a factual correction. Unfortunately saying "shut the f**k up" doesn't constitute a factual correction so you will have to do better than that.


RE: New Commercials
By shazbotron on 9/4/2009 10:33:44 AM , Rating: 2
quote:
contagious spreading malware


By my understanding contagious is indicative of communicability and spreading is indicative of active propagation.

Using that criteria mac botnets were written about in the Washington Post as early as 2006

http://voices.washingtonpost.com/securityfix/2006/...

Though the implication of your factual statement is self-propagating malware, the factual content is in fact wrong as the infection method is irrelevant in that the malware itself is contagious and has spread.


RE: New Commercials
By Tony Swash on 9/4/2009 6:29:50 PM , Rating: 2
If you read the comments section of the article your link points to you will find the author being challenged to offer proof that there are botnets made up entirely of Linux and Apple Mac OS X machines. Leaving aside that what was actually being described in the article in question was a vulnerability in the cross platform PHP language what the author said in defence of his article, when pressed, was as follows (This is a word for word quote):

"We had a Mac OS X system that WAS a botnet member. Most of the time we see Windows systems. Most of those are from 'Windows' vulnerabilities but some end up there from vulnerabilities from Dameware, Veritas, IIS, etc."

So the botnet made up entirely of Linux and Mac OS X machines becomes a single mac - a machine which he claims to know about but which he doesn't actually identify. Doesn't this seem a bit like shoddy journalism to you?

In the real world if you had to suggest the safest computer set up for some one who was not particularly geeky and not particularly technical and who wanted to go online would you suggest a Windows PC or Mac OS X?

I understand that people with an emotional, financial or skill investment in Windows systems must get fed up because its Windows PCs that get infected all the time with bad stuff but talking up every theoretical security flaw in the mac operating system into scare stories is just plain tiresome. Its the swine flu hysteria of the tech world.


RE: New Commercials
By wetwareinterface on 9/6/2009 3:35:19 AM , Rating: 2
yes and you will find that clueless people often respond to blog posts (hint ^) so what does that exactly prove or disprove? that's right nothing.

the fact is that there are several sources that have reported on mac botnets, especially the recent "ilife / photoshop bit torrrent download variant". if you want to stick your head in the sand or cover your ears and shout "nyah nyah nyah" then no macs have been infected yet.

if on the other hand you want to realize that yes the botnets have started already then we can start to have a discussion on security on the mac.

also your incendental and irrelevant qualifier of a self spreading virus means nothing as does the need for the vulnerability to be in the os itself instead of a third party vector for infection.

simple sad facts...
you want to surf to a web page and actually see the content there? better have the plugins for that web page loaded. doesn't matter at that point if the attack is through IE, Safari or FF or instead through a loaded plugin. similarly doesn't matter one bit if you get an infection through a kernal vulnerability or an exploit of third party priveledged code or an elevation exploit. same result.

same thing goes toward user run event vs. self spreading code. disguise the infection vector well enough with social engineering or exploit a vulnerability through software reverse engineering. same result.

all operating systems have several vulnerabilities in common;
they are controlled and influenced by people.
they are connected to a network.
they have software running that is of a third party nature.
they are written by individuals who are not perfect nor can generate the "perfect, secure under any circumstances" code.


RE: New Commercials
By Tony Swash on 9/6/2009 11:08:44 AM , Rating: 2
I think the point I was making was that the author of the referenced news story about a bot net of compromised Mac OS X machines, when challenged, retreated and started talking about ONE mac running a botnet that he knew about. As I said this makes his original article look like shoddy (and cheap) sensationalist journalism.

As to your other comments I again reiterate that in the real world there are tens of thousands of infected windows PCs and that many new infections of window PCs happen every day. Pro-window people (or perhaps just ant-apple people) often counter by pointing out possible security holes in the Mac OS X system. But such comments are moot as outside of specially set up demos there are so few (I suspect no) examples of Macs being adversely affected by any exploits of such security holes during ordinary use. If you have evidence of any macs being exploited by the use of security holes during ordinary use by ordinary users then please feel free to present it here. Until someone presents such evidence I remain convinced that stories about security holes in the mac system are the equivalent of the swine flu hysteria - i.e. lots of hot air.


RE: New Commercials
By sprockkets on 9/6/2009 7:49:24 PM , Rating: 2
Yeah, that stupid poster who also posted this:

http://www.networkworld.com/news/2009/041709-first...

"Cheers, little fella."


RE: New Commercials
By Tony Swash on 9/7/2009 6:49:03 AM , Rating: 2
The story you reference is typical of the sort of second rate writing that passes for journalism on a lot of sites. The story says that "according to reports filtering out across the Internet" a mac based botnet has been activated. No reference to these original stories or their sources so no way to confirm whether there is any substance in the claim.

Then there is a reference, including quotes, to a single example of someone whose mac was infected. Again no references to original sources so one cannot check their validity or worth.

Then the real clincher, lots of seemingly robust technical comments from security software companies seeking to expand their sales in the growing mac market. This references a real Trojan found in some pirated mac software on the net. Then the ludicrous quote from Intego saying the infected software has been downloaded 20,000 times. How could they possible know that! Its just a wild, scary sounding, number plucked out of the air.

When you get a scare story about Mac security you can often trace it back to a press release by a security company which, surprise, surprise, happens to have a security software product for mac (a market they have had trouble selling into for obvious reasons).

This is a perfect example of the low standards that we all seem to tolerate in technical journalism.


RE: New Commercials
By sprockkets on 9/7/2009 3:58:28 PM , Rating: 2
Look, I don't personally believe that Macs are going to suffer any mushroom cloud anytime soon, because OSX never had such security blunders like XP did.

But, the report is there for you to see. I think you can count the amount of malware for OSX on the amount of fingers and toes a person has.

http://arstechnica.com/apple/news/2009/07/black-ha...

Read the article, then read how one poster in the article said how the "Machiavelli" trick required a already compromised mac to begin with.


RE: New Commercials
By sprockkets on 9/6/2009 8:34:44 PM , Rating: 2
Oh, and if this makes you feel better, Linux got infected too. The exploit was used mostly to deface web sites. It didn't completely own the OS at all, as PHP never runs as root anyhow in any *nix system. However, it did compromise the web server, thus again, making it part of a bot net. Since PHP and the web server in *nix run in their own folders owned only to them, it is an easy fix.

Of course, all the Windows fanbois look at this and say, "OMG OSX/LINUX sux!" when in reality it has nothing to do with the OS.

Since most malware writers know that the OS itself, especially with Vista finally enforcing security, are hard to attack or even if attacked limit the infection due to lowered permissions (ie XP making the rpc protocol no longer run with system level permission), they are attacking the apps instead.

Hence this whole thread about a Flash plugin problem. So if you don't want to get pwned by it, don't run as root or run with UAC off, and keep your system up to date.


RE: New Commercials
By ersts on 9/7/2009 4:14:00 PM , Rating: 2
Guys, I think what sprockkets is referring to is something called "puffery." It's a legal term which allows the content of commercials to "puff" up their products just like how GM made the "wide track" Grand Prix look wider in the commercial than it really was.

You can read how Papa John's was sued by Pizza Hut for false advertising, but was overturned because Pizza Hut didn't prove that the slogan "Better Ingredients Better Pizza" violated the Landham Act.

quote:
We conclude that (1) the slogan, standing alone, is not an objectifiable statement of fact upon which consumers would be justified in relying, and thus not actionable under section 43(a); and (2) while the slogan, when utilized in connection with some of the post-May 1997 comparative advertising--specifically, the sauce and dough campaigns--conveyed objectifiable and misleading facts, Pizza Hut has failed to adduce any evidence demonstrating that the facts conveyed by the slogan were material to the purchasing decisions of the consumers to which the slogan was directed. —Summary statement from appellate decision in Pizza Hut, Inc. v. Papa John’s Int’l, Inc.


Apple's legal department knows this and that's how they get away with "puffing" the virus angle. Puffery covers subjective stuff that cannot be precisely determined. It's also why when sprockkets says they post the objective information on their website, which even recommends a/v because they admit OSX like any OS, isn't 100 percent secure.

ersts


Upgrade your Mac...
By jiminicriquet on 9/3/2009 11:04:57 AM , Rating: 3
only $29 and you get a shiny "new" OS complete with a free security hole...




RE: Upgrade your Mac...
By Iaiken on 9/3/2009 11:28:00 AM , Rating: 5
It's not a security hole... it's a speed hole... makes OS go faster... :D


RE: Upgrade your Mac...
By jiminicriquet on 9/3/2009 12:12:07 PM , Rating: 2
Ahh thanks for the clarification... I was confused.


RE: Upgrade your Mac...
By MrBlastman on 9/3/2009 1:42:00 PM , Rating: 3
... Not to be confused a Glory Hole that has Steve Jobs on the other side of it.

Wait, oh yes, it _is_ a glory hole. Just look at all the smug looks on Apple users faces. If only they knew...


RE: Upgrade your Mac...
By Fenixgoon on 9/3/2009 6:30:52 PM , Rating: 2
6 for the Simpson's reference. Well played, sir. Very well played!


The real issue...
By gstrickler on 9/3/2009 12:23:06 PM , Rating: 3
The issue is not that OS X 10.6 ships with Flash, or that it ships with an outdated and now known to be insecure version of Flash. Golden Master's have to be prepared weeks to months in advance, these types of problems WILL occur. The issue is also not Apple's advertising.

The REAL issue is that the installer overwrites a newer version with an older one, AND does so without any prompt or notification. If not for that flaw, there would be no problem.

I know that the Snow Leopard installer checks for updates while installing if it has an internet connection during the installation, so potentially Apple can correct this for future installations by updating their online list. What I don't know if they can update any part of the Snow Leopard installation via that process, or if it's only selected parts that can be updated.




RE: The real issue...
By heulenwolf on 9/3/2009 1:30:20 PM , Rating: 2
I wonder who to hold responsible for this issue of overwriting an newer version of Flash with an older version. Is Adobe obliged to provide such a smart installer? Is Apple obliged to require that they do so? Perhaps they did provide that installer and Apple didn't use it? Any ideas?

If the SL installer were smart enough to detect a newer version of Flash in place, since it had not been qualified for Snow Leopard, they'd risk leaving incompatible software in place by default. Changes made between going with the gold disk and the current version could have caused incompatibilities.


RE: The real issue...
By gstrickler on 9/3/2009 2:39:59 PM , Rating: 2
I don't know for certain, but I'll bet Flash is installed by Apple's Mac OS X installer, not a separate Adobe installer. As much as I love to bash Adobe's software, I suspect this one isn't their "fault". I could be wrong.

It doesn't matter, the problem is still that the installer overwrote a newer version with no warning, prompt, or notification, and unless the newer version is known to cause problems, that is not acceptable.

While the installer wouldn't necessarily know that a newer version has been certified with Snow Leopard (it might be able to determine that from an online lookup), it is a reasonable assumption that if version x.y.23 is compatible, then version x.y.32 will also be compatible. It's also reasonable to assume that if x.y is compatible with what I'm installing, and x.z (minor version) or y.z (major version) is already installed, then the newer version works with the system I'm upgrading from, and therefore, should work with the system I'm upgrading to (i.e. it's unlikely that the newer software already installed will be compatible with the older OS I'm upgrading from but not the OS I'm upgrading to). In this case, it wasn't even a minor version change, both are 10.0.x, so it was clearly a revision/build/service pack update and should be presumed to be compatible.


RE: The real issue...
By sprockkets on 9/6/2009 7:59:36 PM , Rating: 2
Let me give you another example. In SuSE Linux 11.1, Firefox is still at version 3.0 because of compatibility issues. I've installed 3.5 via the Mozilla repository, but the security updater keeps wanting to put the most up to date 3.0.x version because of compatibility.

Because I upgraded to 3.5, Gnome's Epiphany browser can no longer go to any urls in the address bar.

Here is the very important part: When you upgrade SuSE, it checks to see what you have installed, and if your package doesn't work with other packages due to age or compatibility, it will downgrade it automatically, even if older. This is perhaps MIGHT be the reason for the downgrade on OSX.

I'm not sure of OSX, but SuSE can check for updates even before the installation finishes, so it is a non issue anyhow. Besides, plug-ins are run in separate processes, and I believe arstechnica said by default they are sandboxed, just like the iphone.


Savvy Users?
By safcman84 on 9/4/2009 7:24:49 AM , Rating: 4
" but savvy users can safeguard themselves by going to the "Settings Manager" page on Adobe's website, and setting their updates to seven day intervals (7, 14, 30 (default) "

Savvy users? I thought Mac was supposed to be easier to use than a windows PC, and hence all people who use Macs are inherently unsavvy?

One of the most common arguments I hear from Mac users is: PCs are harder to use, cos you have to change systems settings etc and you need a deeper knowledge of what you are doing in order to maintain a stable environment (due to extra hardware choices, drivers etc) - which is why people who havent got a clue find Macs easier to use.

Therefore I expect 0.01% of mac users to know how to change the update settings of Adobe on their Macs. The rest are going to get gate crashed by hackers.

*puts on tin hat and waits for flames*




By XZerg on 9/3/2009 11:18:16 AM , Rating: 2
quote:
“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads


LOL




By raabscuttle on 9/3/2009 11:39:58 AM , Rating: 2
oh my, how the trolls will feast tonight...




Rest of the article aside...
By smartalco on 9/3/2009 12:34:43 PM , Rating: 2
quote:
With Apple relenting and allowing more third party software on its computers in a bid to appeal to a broader consumer market,

Umm... what? Is that suggesting that Apple at one point didn't want third party apps on its platform? (are we going back to the Apple ||?)




Personal experiences...
By Goldfish92 on 9/3/2009 6:43:51 PM , Rating: 2
(Un-related-ish...)
You may have noticed how some people use their own personal experiences as proof of their arguments and one very common example of this is people talking of their roles as tech support and how all they ever see is windows (or mac) computers with problems.
That kinda goes with the teritory of being tech support doesnt it? Its almost like saying that you are a vet and that all you ever see is people with sick and injured pets ergo all pets must be like that... stupid pets!

There should be some form of filtering that only allows people to use opinions to back-up an argument if they state it as one and not allow people trying to pass it off as fact... don't get me wrong... I love opinions, they cause tension.




Good to know
By bernardl on 9/3/2009 8:46:29 PM , Rating: 2
I don't believe that migrating to a new OS days after it is relased is a smart move in the first place...

Same thing for Win 7, OS 10.6 and any new version of Linux.

The rewards are always an order of magnitude lower than the possible issues.

Just wait a few months folks, there is zero reason to upgrade to a new OS this fast. Zero.

Cheers,
Bernard




omg
By bradmshannon on 9/3/2009 10:39:53 AM , Rating: 1
APPLE IS SO INSECURE!!! OMGWTF!!!!123 :)




cumon
By Alphafox78 on 9/3/09, Rating: -1
RE: cumon
By mfed3 on 9/3/2009 10:55:37 AM , Rating: 5
fuck you


RE: cumon
By StraightCashHomey on 9/3/2009 11:05:19 AM , Rating: 5
Well said, sir.


RE: cumon
By Maxima2k2se on 9/3/2009 2:01:19 PM , Rating: 2
This made me LOL IRL.

To Alphafox, I would have to say that we would see an article on Windows 7 if something similar were to happen. Based on new software always being buggy or having some security flaw that was missed I am sure there will be one come October.


RE: cumon
By Titanius on 9/3/2009 10:57:50 AM , Rating: 4
Jason Mick is simply making people that have upgraded to Mac OS X 10.6 aware of this security flaw that is easily fixed...but users need to know about it! This as nothing to do with Windows 7 or whatnot.

Thanks for the warning, Jason.


RE: cumon
By Helbore on 9/3/2009 11:01:07 AM , Rating: 3
Considering we often see articles about bugs/security flaws in Windows, I expect the answer is yes, we would see an article like this.

Besides, its not relavent anyway. Whether errors in Microsoft software are reported or not does not change the accuracy of any errors reported in Apple software.

Personally, I would have hoped Apple owners would be glad to be informed about security flaws. That way they can go about getting them patched, instead of remaining oblivious to their existence.


RE: cumon
By HrilL on 9/3/2009 11:10:29 AM , Rating: 2
He just wants to live in this fantasy world where Apples advertising is the word of god.

OP we read Microsoft security vulnerabilities all the time on this site. Maybe the brainwashing you received makes it so you can't see them?


RE: cumon
By Alphafox78 on 9/3/09, Rating: -1
RE: cumon
By amanojaku on 9/3/2009 11:25:09 AM , Rating: 4
It's not hate, it's incredulity.
quote:
If microsoft shipped windows 7 with flash that had this problem, would we see an article like this? unlikely... why the bias?
1) "If Microsoft" - MS doesn't include Flash in Windows, you have to screw that up yourself
2) "would we see an article like this?" - Yes, only Adobe would be in focus not MS, because
3) "why the bias?" - MS doesn't say Windows is better than the MacOS, or that it's more secure, so you can't call shenanigans on MS


RE: cumon
By bldckstark on 9/3/2009 11:25:55 AM , Rating: 2
You will find in this life that stupidity is often rewarded with hate. More often though, it is met with more stupidity.


RE: cumon
By Misty Dingos on 9/3/2009 11:26:58 AM , Rating: 2
I have to agree with you. This is starting to get out of hand. Discussion with some civility would be nice. If you have a point please make it in a way that you could say to your grandmother.

Well as long as your grandmother wasn't a crack smoking whore with the vocabulary of a drunken sailor with a bad case of the clap.


RE: cumon
By Iaiken on 9/3/09, Rating: -1
RE: cumon
By CGfreak102 on 9/3/2009 11:53:12 AM , Rating: 1
Well for one, Win7 has not really shipped yet and if i remember was there not a flaw caught in the RTM version?

anyways like posters had said he is letting people with the OS know and not bashing mac, its the posters that.

And its "Come on" moron.

Also i don't think windows ships with flash, don't you have to install adobe by your self... wait never mind i bet the Manufacture that you buy it from does.


RE: cumon
By Proxes on 9/3/2009 12:02:05 PM , Rating: 2
Windows 7 does NOT ship with Flash Player installed.


RE: cumon
By CGfreak102 on 9/3/2009 12:42:54 PM , Rating: 2
I know why i said the manufacturer like dell or HP installs it? Personally not sure i haven't bought a computer from them in over 3 years. Building your own is so nicer.


RE: cumon
By gstrickler on 9/3/2009 1:46:50 PM , Rating: 2
quote:
Building your own is so nicer.
Only the first few times, then it gets boring. If you're going for the absolute lowest cost (and you don't include the value of the time you spent researching, locating, buying, and testing the compatibility of each component), or you need specific components for performance or compatibility reasons, then building your own may make sense. If you're a hardcore gamer, overclocker, or in any other "extreme" computing, building your own is usually best.

If you just need a machine with xGB RAM, yGHz n-core CPU, zGB HD, and maybe w video card, then go to Dell Small Business, custom configure a system with what you need and let them spend their time building it. If you want, install the OS from scratch when you receive it (The OS/software installations from the Small Business division don't include all the "crapware" that the "home" machines do). They've already addressed the compatibility issues, and the cost is usually pretty close to buying quality components and building it yourself. I know I don't speak for everyone, but my time is worth too much to spend it building machines that I can spec and buy for close to the same price that I can build them.


RE: cumon
By juuvan on 9/4/2009 2:14:36 AM , Rating: 2
or you can check the specs from Dell, go and by the same stuff for 25% off and assemble it by yourself.

This is the cheaper way only when you have the OS license ready at hand. Sometimes the cheapest vendor build PC's comes at with only slight premium over the price of M$ Windows license. That is of course if Windows is your cup of tea to begin with.


RE: cumon
By PorreKaj on 9/4/2009 3:18:34 AM , Rating: 3
If 7 shipped it with Silverlight we'd have an article about the EU crying.


"I modded down, down, down, and the flames went higher." -- Sven Olsen














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki