digg

Facebook Connect Join Digg About

Mac OSX safe as houses not Windows

itwire.com.au The recent ruckus about the claimed growing vulnerability of Mac OSX from certain sources has caused an indignant outcry from Mac advocates who claim the stories are mostly media hype. According to an expert in Unix and Linux systems, the outcry is not without justification.

Who dugg this? Made popular May 4, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

123 Comments

show profanity settings
expand all
  • mark1372, on 10/12/2007, -7/+74OS X has been around for a long time, and you'd think that a virus writer would want the "prestige" of being the first one to bring it down, so the whole market share argument is hardly accurate. OS X is built not only to have many potential exploits turned-off by default, but also to compartmentalize its users in a way that Windows can't. Plus, a huge amount of Windows viruses arrive via Outlook and Internet Explorer, both of which were until recently wiiiiide open.

    Any user can be tricked into entering their password to install stuff or not reading the EULA, but Windows tends to allow nasty stuff in the background that the user needs to take no action to implement. It has very little to do with the red-herring market share theory.
  • crythias, on 10/12/2007, -2/+36I'm a native English speaker and I just don't understand the title.
    Is it
    "Mac OSX is safe as it doesn't house (contain) Windows" or
    "Mac OSX is as safe as a house, but Windows isn't safe as a house" or
    "Mac OSX is as safe as a house without windows" or ???

    OK, I realize the title was swiped from TFA, but it still has a problem being parsed into some semblance as English.
  • mark1372, on 10/12/2007, -2/+35That headline is horrible.
  • zaguar, on 10/12/2007, -6/+35When else have I heard that?

    Maybe for the past 10 years about every single product. Firefox, Thunderbird, OS X, it's all the same. Good security is independant of the usage levels
  • b04155, on 10/12/2007, -2/+26which still requires the user to install the faulty software to begin with... the point was about the security of a system itself... how can apple or windows, etc be at fault for 3rd party software being bad?
  • mark1372, on 10/12/2007, -7/+28People, there is no such word as "virii." It's "viruses."

    As for root, Mac OS X has root turned-off by default. You have to go and manually enable it. That is not to say that anyone with admin access can't be tricked.
  • tobsterius, on 10/12/2007, -7/+26While Apple might not have the experience in security areas, they sure as hell can learn from all the mistakes Microsoft made with Windows..
  • TheTankengine, on 10/12/2007, -4/+22MrUnderbridge: Instead of making yourself look like a jackass and get buried, perhaps you could have taken the intellectual way out of the argument and actually prove him wrong, instead of whining.

    For instance, you could have provided this link: http://en.wikipedia.org/wiki/Plural_of_virus or this one: http://vrs-net.sourceforge.net/ or this one: http://www.virii.net/

    Then you could simply point out that while "virii" may not be the correct formal plural of the word "virus", it is still a word.

    This lesson of how to pointlessly argue on a thread was brought to you by the number 1234.
  • volcompimp, on 10/12/2007, -1/+19They're trying to be witty saying it's safer than Windows XP because windows break and Windows XP breaks like windows because of security issues. If I met the guy who wrote that I'd just stare at him for a couple seconds and then punch him in the face and leave.
  • OperatorNo9, on 10/12/2007, -5/+23@hankyone,

    Microsoft did do a great job. They did an absolutely fantastic job of making development for their platform cake easy. They did this to win 3rd party support because they knew that 3rd party support makes or breaks a platform. The unfortunate consequence is that in doing so, they took shortcuts in security that made it just as cake easy for miscreants to hack their system.

    At this point, I'm still locked in to Windows for reasons I won't go in to, but I have to agree that it comes down to the user. I have been virus/spyware/malware free for years. And every time I have to deal with someone's broke ass windows machine, it is the same story--they have installed bear share or this great waterfall screensaver or that IE plugin needed to browse a website or they clicked on an email because the subject was "Hey sexy!".

    The unfortunate reality is that the majority of computers users aren't savvy enough to avoid the troubled waters of computer usage and Windows does little to protect them.
  • mark1372, on 10/12/2007, -5/+22Geterix: There's a difference between the admin and root passwords. To enable to root password, you have to intentionally go into the NetInfo Manager app, authenticate, and then enable root. If an individual user account was compromised by a virus, it would likely infect only one user's account rather than the entire system (like Windows).

    I'm sure there are exceptions to this, but it's generally accurate that OS X forces a user through a bunch of explicit actions to allow malevolent behaviour. The vast majority of OS X users have no reason to have root enabled.
  • mark1372, on 10/12/2007, -3/+19- edit

    Digg needs a "cancel post" option. Argh.
  • eddieroger, on 10/12/2007, -5/+21"So whats stopping a Mac user from getting a message from a piece of malware to please type in your root password so that their free wallpaper/screensaver/casino app can install properly?"

    Because I'm yet to meet a Mac user who wouldn't wonder why Party Poker would need administrative access. We're used to apps being drag and drop from the image, so this would throw up a flag.
  • inactive, on 10/12/2007, -13/+26I dont get it.....

    One one hand they say that Windows users are so stupid that they just allow malware and viruses on their machines by just blindly clicking the "install now" button. But then they say that Macs are solid because you have to enable root so that changes can be made to the system. So whats stopping a Mac user from getting a message from a piece of malware to please type in your root password so that their free wallpaper/screensaver/casino app can install properly? It dosent matter what OS you use, it all comes down to the end user as the weakest link in the chain.
  • MrUnderbridge, on 10/12/2007, -5/+18Some of his arguments are weak. He says that windows virii can propagate because the clueless user says "yes" when asked to run a Word macro. But then he says it's nearly impossible that a virus could trick a Mac user into typing their root password (something they're conditioned to do a LOT through Update).

    Which is it? Before you flame, folks, I own a PB, but I don't think that makes me bulletproof.
  • zengonzo, on 10/12/2007, -4/+15
    What does it even mean? Is it code? Must I RTFA?
  • althe3rduww, on 10/12/2007, -1/+11As a beta tester for Vista I can tell you that UAP has some severe issues right now. I hope they fix them.

    The issues so far are...

    1. UAP in vista does not require a user name or password it simply gives you a dialog box with the options "allow" or "do not allow". In the initial betas with UAP it was quickly found how someone could spoof the user hitting the allow button.

    2. The user is still running as an administrator so there still isn't that gap of administrator to root that OS X has.

    3. Since the underpinnings of windows make it hard for vista to distinguish between voluntary harmless action and system altering action the UAP dialog box popups every time you want to do anything including deleting a shortcut from your desktop.

    I think implementing UAP in vista will help its security but unfortunatly microsoft is designing its implementation horribly.
  • starmanjones, on 10/12/2007, -7/+16>that would be so funny since apple do not have any experience in security (or maybe a little)
    >then this is where people will finnaly see that Microsoft is doing a grea

    maybe a little? they built classic as an absolutely un hackable OS. i'd say they have plenty of experience. *windows people*
  • Simen, on 10/12/2007, -0/+9Yes.
    My initial reaction was to read the "not" as "without"...which actually made more sense.
  • trylleklovn, on 10/12/2007, -1/+10Everyone knows that it takes a lot more to infect Mac OSX with malware, than it takes to infect Windows XP for instance.
    The question is not whether Mac OSX is safer now, but whether it'll be it in the future.

    I, for one, belive that Mac OSX is safer, even in the future.
    The basic stuff that everyone points out, really matters, like:

    1. In OSX one is not root per default.
    2. Permissions in filesystem makes it harder to do some real damage.
    3. This is a rather relative one, but bugs and half finished software seems to cause a lot of trouble to Windows users.

    The obvious reply from Windows seems to be that Windows only is the target of a lot of malware because it has the largest marketshare. While this may be true some of the way, I would still rather trust Mac OSX if the marketshare was equal to MS Windows.
  • theplayfulcat, on 10/12/2007, -4/+12Good intelligent article simply stating the facts. Recently I changed my parents computer from a windows box to an iMac exactly because of these reasons. They were forever getting malware installed either on there own or when one of their grand-children came over and I was the one having to fix the problems now they are running OS X and I sleep more comfortably.
  • Micrll, on 10/12/2007, -2/+10I agree I don't get the name either. Its not just you.
  • GreatDrok, on 10/12/2007, -0/+7The problem for Windows isn't just that there are a lot of machines out there. They are all very similar configurations. Frankly, the big mistake MS makes is that they intermingle parts from their applications into the OS. Every PC has IE, you can't remove it, almost every PC has Office too. Media Player, Outlook Express etc etc. Windows isn't just a monoculture at the OS level, it is close to a monoculture at the applications level so any virus/trojan writer has a very good idea of exactly what is going to be installed on a PC. Strangely, moving everyone onto automatic updates could actually make it worse because it would get everyone in lock step so any zero day exploits would be able to hit every single Windows PC out there.

    As for all the holes in the open source software, granted there are holes, but you don't tend to have everything installed. Often times there are so many alternatives that malware isn't going to know which software to target. Diversity is the key. Computers should talk to each other in standard ways but the implementations should be from many different sources as that provides protection. MS just doesn't get that.
  • NicP, on 10/12/2007, -1/+8I'm not sure what you mean by not supported by hardware manufacturers, for stuff like graphics cards maybe but for external peripherals not so much, printers, scanners, mice, keyboards, disk drives (and devices that act as disk drives, mp3 players, cameras etc.) all work fine (apart from very few). Just because there aren't lots of mac drivers does not mean that the hardware is not supported, very few devices actually need them. For example, i plugged in my bluetooth dongle to an old mac mini (one without bluetooth) and to my supprise a little bluetooth icon appeared, it was all setup and ready to use!

    Also i think they are targeting expert users, system admin types like the unix foundation its build on. Just because the interface appears simple does not mean it isnt powerful if you know what youre doing, some pretty cool stuff can be done with bash scripting and applescript, plus being unix based gives you a huge range of open source apps, i downloaded a command line utility to recover the data off a failed flash drive the other day!
  • panique, on 10/12/2007, -0/+6The weakest argument he makes is about containment via file system permissions. Sure, under ordinary circumstances, where there are no local privilege escalation exploits available, his argument is correct. In other cases, however, your local user privileges are enough to execute a program from a foreign source. Said program could then attempt to utilize any known exploits to gain root privileges, then it's game over.

    Being the source allegedly has 15 years experience with Unix-based systems, I have to conclude either the source is disingenuous, or the author has conveniently censored his source. Not a very good article overall.

    What Apple needs to do is add some [optional] protection where it will only launch executables that reside in a administrator-configurable list of paths (e.g., /Applications /bin /usr/bin etc.) (add /sbin /usr/sbin to the list for "admin" users). ~/Applications should not be on that list. This way, an admin can lock down a machine so that it will only execute programs that reside in directories that have read-only privileges for users, meaning the admin can control what programs a user gets to execute. This would go a very long way to making OS X nearly invulnerable.

    PS Save your ad hominem attacks for someone else. I own many more Macs than I do PCs. My daily driver is a G5.
  • atariby, on 10/12/2007, -1/+7I'm British and I still think its a terrible title!
  • Razerious, on 10/12/2007, -1/+7Yeah, it's a very bad title.
  • briareus, on 10/12/2007, -0/+6Some good points in the article but what does Zymaris mean by:

    "So now it comes back and asks you: 'Do you want to run this macro?' That's a big mistake. It should not ask you and it should not allow any macros to run at all ever without you specifying yes run this macro."

    how are you supposed to say yes if it doesn't ask you?
  • mark1372, on 10/12/2007, -3/+9Windows is an enormous, gas-guzzling, rolling-over 1996 SUV with the smell of wet dog, whereas Macs are sleek little hybrid-electrics with side-curtain airbags, all-leather interior, and brand-new snow tires. Not everyone has one, but they're safer, sexier, and everyone looks at them at the stoplight.
  • althe3rduww, on 10/12/2007, -2/+8Operatorno9 hit the nail on the head.

    "Microsoft did do a great job. They did an absolutely fantastic job of making development for their platform cake easy. They did this to win 3rd party support because they knew that 3rd party support makes or breaks a platform. The unfortunate consequence is that in doing so, they took shortcuts in security that made it just as cake easy for miscreants to hack their system.

    At this point, I'm still locked in to Windows for reasons I won't go in to, but I have to agree that it comes down to the user. I have been virus/spyware/malware free for years. And every time I have to deal with someone's broke ass windows machine, it is the same story--they have installed bear share or this great waterfall screensaver or that IE plugin needed to browse a website or they clicked on an email because the subject was "Hey sexy!".

    The unfortunate reality is that the majority of computers users aren't savvy enough to avoid the troubled waters of computer usage and Windows does little to protect them."
  • mickoes, on 10/12/2007, -3/+8@operator09 ; You have a point, computer savvy know how to avoid nasty spyware/virus/adware/malware/trojan. BUT the point is that you are maybe running 3rd party products not coming from Microsoft like AVG, spybot or Avast (those are examples, I took them because they are free). Remember that a PC absolutely CANNOT run without them otherwise you will have plenty of spyware/virus/adware/malware/trojan. Microsoft didn't make those tools and they exist because Windows is simply without this additional protection, not secure at all.
  • hisjap2003, on 10/12/2007, -0/+5yeah, i must have read it about 10 times. i was beginning to formulate something equating to a thief breaking into a house, but then i just confused myself more.
  • frem001, on 10/12/2007, -2/+7well yeah, wouldn't you want to protect something that you believe is great but everyone keeps on bitchin about.
  • mark1372, on 10/12/2007, -2/+7Volcompimp: "Safe as houses" is a colloquial expression. I think the headline was supposed to mean "Mac OS X safe as houses; not Windows."

    "...promises me I'm safe as houses, as long as I remember who's wearing the trousers..."
    /Depeche
  • eddieroger, on 10/12/2007, -1/+6They are stealing away the expert users slowly but surely. The UNIX center is appealing to many sysadmins as it will allow their personal computer to act like the work environments, while still having a pretty Mac face. It must be working since my university's IT office is switching.
  • starmanjones, on 10/12/2007, -1/+6>apple's problem is they'd have a better shot at stealing away expert users,

    if you've been to conferences of expert computer users who can look at it from a technical point of view... you'll notice that most are carrying Mac laptops. no... apple has already won the expert users. its the novice and "all i know is microsoft rhetoric" people that are confused. people like you. :D that is a harder sell because microsoft FUD is confusing to people who know squat about computers. they don't have the expertise to... say *****.
  • spectre_25gt, on 10/12/2007, -0/+5You're right. People get accustomed to putting in their password when installing software. So when Joe user goes to a website and it suddenly asks him for a password, he may wonder if something strange is going on (don't forget, users are paranoid by nature). On the other hand, Joe Windows user is very accustomed to clicking yes on every pop-up he encounters. That one time that he's clicking yes to a program installation isn't going to be any different from the others in his eyes. This brings up another good point, though. Go work on a Mac and see how many Yes/No pop-ups you get. You'll probably notice that you don't find any. Those dialogs on OS X use verbs to tell you what the machine is going to do rather than just a simple yes or no. Also, the safest answer is generally the default, whereas with windows, yes is usually the default (and usually not the safest answer).
  • skyhighrockets, on 10/12/2007, -0/+5It's a fairly good article, but it fails to mention anything about virii or other malware infecting you by simply having a open connection to the internet, they should've mentioned the strengths/weaknesses of each OS and explained in more detailed as to why each OS is strong in those areas
  • ditangquan, on 10/12/2007, -1/+6yeah but its all those virus ridden bots that suck up bandwidth and send spam. Think about it.

    Maybe if only real traffic was on the 'net we wouldn't have ISPs working on packet shaping and bandwidth throttling, killing my BT downloads and horking my ping times in CounterStrike:Source not to mention the ton of crap that loads in my mailbox like a full toilet every day. Flush.
  • kickarse, on 10/12/2007, -0/+5You can remove IE not Explorer...
  • alecks, on 10/12/2007, -4/+8"Remember that a PC absolutely CANNOT run without them otherwise you will have plenty of spyware/virus/adware/malware/trojan. Microsoft didn't make those tools and they exist because Windows is simply without this additional protection, not secure at all."

    I can't stand comments like this. I have been running windows (2000 & XP) with NONE of these installed... just my linksys router, and have NEVER had a virus, spyware or malware.....

    If you're too stupid to know what you're executing, then feel free to clutter your system with all kinds of processes and services that "protect" you from your own stupid mistakes, but don't say that PC cannot run with these.
  • threepio, on 10/12/2007, -2/+6@LowenSoDium
    "I'm yet to meet a Mac user who knows what administrative access is, or why it could be dangerous if it were compromised.
    This is not a dig at Mac user, as Windows user are about the same. That is the core problem."

    Don't know many Mac users, eh? They don't put terminal in there just for looks.

    In other words - "It's a Unix system! I know this!"
  • node3, on 10/12/2007, -3/+7If someone asked you if OS X was a safe as Windows (which is what people are starting to ask), you might reply (if you were trying to be clever), "no, it's as safe as houses," playing off the pun of Windows as an OS vs windows as a pane in the glass (sorry :-)).
  • pkulak, on 10/12/2007, -1/+5Your parents are the perfect candidates for OSX. My philosopy is that if you don't know anything about computers, get a Mac. It will have everything you need and you're going to have a good computing experience. If you do know computers, even at all, throw some Linux flavor on there. There's really very few people who should be using Windows at this point. Maybe Vista will turn it around, but I doubt it will even catch up to Ubuntu and OSX.
  • CatfishJones, on 10/12/2007, -2/+6I would have called it defending my free choice. Six or a half dozen. I used my intelligence to make a choice and I'll defend that choice, it doesn't have anything to do with blind faith as many seem to insinuate.
  • RyeBrye, on 10/12/2007, -1/+5Prior to OS X - the Mac, despite it's pathetic market share, DID have viruses. There were at least 30 real viruses on the Mac prior ot OS X - not just lame "proof of concept" viruses. (See http://www.faqs.org/faqs/computer-virus/macintosh-faq/ )

    To say that the Mac has no viruses now because it has low market share is a convenient argument - but it is obviously not true.
  • combatchuck, on 10/12/2007, -0/+4I think it's kind of like comparing one computer system with another computer system.
  • mattp, on 10/12/2007, -0/+4While it doesn't do much in the way of protecting you, Safari does have a "feature" where it always asks you to confirm that you want to download something that might be an application. Thus, on the Mac its hard to have something download in the background without you knowing about it. If you don't recognize the app that is downloading, you just hit 'cancel', and its gone.
  • jspsh, on 10/12/2007, -4/+7@mickoes:
    Uhh, a Windows machine can run fine without any antispyware, antivirus software as long as its behind a firewall. It's up to the user to mess things up
  • RyeBrye, on 10/12/2007, -0/+3I hate that feature. It makes me want to break things. I know damn well when I am downloading an executable. (Gee... the ".dmg" file I downloaded MAY contain an executable?)... I wish there was an easy way to turn it off for certain file extensions.
  • Fetching more discussions...
    Show 51 - 100 of 123 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.