Ummm... Ok... That's enough... Stop buying macs...

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 03:56 AM) [snapback]529501[/snapback]</div>

Organized cybercrime isn't about virusses at all. A little bit trojan horses maybe, but the vast majority is spam, scam mail, phishing, social engineering and attacks on servers. None of them have anything to do with the robustness of your local OS. On OSX, you need a good phishing filter, connected to a reputation server just as much as you need it on a PC. Your OS doesn't help naive people in any way against those "make money fast" emails.


<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 03:56 AM) [snapback]529501[/snapback]</div>

Sorry, but I get the impression that you are confusing a lot of things, all lumping them together in some kind of chaotic heap, somehow blaming it all on Microsoft.

Hacking is not the same as writing viruses. Hacking usually has nothing to do with vulnerabilities in the OS itself, but with vulnerabilities in the server software, such as IIS, the Apache web server (PHP!), or database engines (think about the famous SQL injection). Hacking isn't oriented against a desktop PC.
And cybercrime is a big business indeed, but this has nothing to do with writing viruses. It's about hacking large servers with valuable information, or about phishing. In neither case does the OS on your local desktop make any difference.

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 03:56 AM) [snapback]529501[/snapback]</div>

Another flawed logic, resulting in a false accusation. The only directly responsible for spam are the spammers in the first place. In a good second place comes the outdated email protocol itself. It was designed in a time no one even thought about spam. In a third place comes the huge amount of old computers with an outdated OS and no active security policy. Amongst them, MS Windows is of course in the vast majority indeed. After all, Windows simply does have a >90% market share so it is just a matter of statistics. This effect is further enhanced because for spammers it is so much easier to focus on a single system.
But, essentially, this is just a legacy of the past, and not even one that MS created. Not so long ago, even the so much praized Unix was totally vulnerable to this practice, at the moment when internet wasn't as penetrated as now, and usually only universities had it. I remember that I once "cleaned" the unix machines of our local department, and ps -aux immediately showed that the majority of CPU usage on most machines wasn't even by their legitimate owners! Most processes were password cracking routines, chewing on passwords for more important server machines (a popular practice at that time). This was a very common situation at that time, and a logical consequence of the fact that Unix was silly enough to send it's password as plain text over the internet (e.g. during a telnet session initialization). Talk about an insecure OS!
Any OS that MS has shipped recently has sufficient protection against this by itself. But the problem are the huge amount of old computers with old OS'es, that were designed at a moment when this wasn't so much of an issue yet. We have seen this with Unix, and we see this with MS Windows.

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 03:56 AM) [snapback]529501[/snapback]</div>

Not impressed. Compare OS X to Vista, and it's just wrong. I start to have the impression that you don't have the knowledge to back up such statements, and that it is more some kind of emotional thing for you. It always amused me that so many Mac users fail to think about the whole MS/Apple issue in a logical, cerebral way. Many Apple users seem to feel the moral obligation to counter just any argument in favor of MS, regardless of whether it makes sense or not. Perhaps it is some kind of animal-like subconscious need for self-confirmation because of an unhappy feeling by leaving the pack?

 

<div class='quotetop'>QUOTE(apriusfan @ Oct 23 2007, 07:17 PM) [snapback]529507[/snapback]</div>

I think "festering" more or less covers "putrid."

<div class='quotetop'>QUOTE(vtie @ Oct 24 2007, 02:08 AM) [snapback]529611[/snapback]</div>

Spam distribution relies on hijacked computers. Windows requires sophisticated security software to avoid being hijacked, and most users don't even understand that they need it. I finally dumped Windows when the security software began to eat more of the resources of my computer than my programs did.

"Responsibility" is a multi-faceted word. Sure, spammers are responsible for spam, just as burglars are responsible for burglary. But a developer in a high-crime neighborhood who builds houses that are easy to break into is irresponsible. The net is a high-crime neighborhood, and it is irresponsible of MS to market an OS that is so easy to break into that security software over the life of a low-end computer costs more than the computer itself.

And yes, Unix in the early days was vulnerable to a threat that didn't yet exist. But its fundamental architecture made it possible to plug those security holes. Windows requires a collection of patches every month, and even then is vulnerable between whiles.

I had Windows XP Home on my laptop before I put Linux on it. I only used the laptop for travel. It took me most of a day before every trip just updating all the accumulated security patches on my laptop. With Linux I plug it in, check for updates, and maybe there is a ten-minute download, and maybe there isn't, and it's ready to go.

I don't know Vista. I've read good stuff and bad stuff about it. But XP certainly did not have "sufficient protection [...] by itself." I had XP Pro on my desktop computer, and XP Home on the laptop. I had to run a third-party anti-virus program, a third-party firewall program, and a third-party spyware program. And based on the reviews in PC Magazine, no single spyware program was adequate: I really should have been running two of them simultaneously.

Yes, it has become an emotional issue for me because I resent the sloppy way Windows was created and the slick way it was marketed. If they had been as sophisticated in their programming as they are in their marketing, we wouldn't need to have this conversation.

 

vtie, you have a good explanation, but i have to disagree with some of it - a lot of the cybercrime is about viruses. It's through viruses that these criminals get their trojans and such installed. It's through these viruses that they develop bot-nets of millions of computers that can send out the phishing e-mails, spam, junk, DoS attacks, at the like. These are only made possible through the vulnerabilities in the OS.

Your sidebar on the former robustness of Unix based servers is interesting, but not really applicable in todays world. Sure, things weren't as secure back then, but thats because security wasn't a concern. Today, it is. Today, it's flaws in the OS security that allows these cybercriminals to do their "job". Yes, some/many of these bot-net enabled computers are running and outdated OS. However, i saw a graphic a while ago (can't find it now) that showed the percentage of Macs running older OS's - it's a very small percentage. Why is that? Well, i'd say it's partly pricing, partly distribution, and partly compatibility.

Apple has strived to make their OS upgrades compatible with older computers as much as possible. Tiger was compatible with G3's, Leopard is compatible with most G4's, even though those computers are several years old at this point (and, arguably, it's in Apple's best interest to obsolete those so people will buy new computers to get the new OS). There's one Leopard distribution. One price. and you get everything. There are a dozen different Vista distributions, with a dozen different prices. And worst of all, Vista only barely runs on older machines - you get something 2 years old, and i say good luck - you're better off sticking with XP.

The approach both companies take towards this is astounding. Apple has does a much better job not only in securing their OS, but in ensuring that the most secure OS is out there on users boxes, instead of leaving them using an outdated one filled with security holes.

 

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 11:51 AM) [snapback]529711[/snapback]</div>

Maybe, but probably not. There's also an OSX Server distribution, and while it may not be Tiger or leopard, you can bet it shares a lot with them.

And what's this everything you get? When I upgraded my mac to Tiger, I spent a lot of time downloading various shareware and freeware packages to fill in the holes.

 

<div class='quotetop'>QUOTE(Jonnycat26 @ Oct 24 2007, 11:18 AM) [snapback]529724[/snapback]</div>

Everything refers to everything the OS provides. Yes, when upgrading an OS you usually do have to go out and get various packages and programs that you use. Thats true with OSX and Windows both. However, with OSX, you don't have to sit there and wonder "Should i get Ultimate for $259, Premium for $159, or Home for $99?" Instead, you get everything they have to offer in one package, at one price: $129.

Your point about the server software is well taken, however i don't think it's really applicable. Server software is a completely different arena than PC software. It's much more heavy weight, and has to do a lot more. Everyone separates out their server distro's from their PC distro's. In my view, the "server version" is really a separate beast, almost a separate business unit than the PC version(s)

 

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 12:30 PM) [snapback]529735[/snapback]</div>

The kernel is the same... it may have some different packages included in the distro, but the kernel is almost always the same.

 

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 05:51 PM) [snapback]529711[/snapback]</div>

Maybe it's a semantic difference. To me, a traditional virus focuses on maximally distributing itself, sometimes doing some harm or showing some message but nothing else. A Trojan horse is a piece of software that the user willingly or unwillingly installed on their computer, and that develops some secret, unwanted activity like sending passwords. That's why I included Trojans on my list of organized cybercrime. But, apart from semantics, I totally agree with what you say.

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 05:51 PM) [snapback]529711[/snapback]</div>

Again, I totally agree here. But the majority of them problems with zombie PC's is just the same like with Unix: they are still running as they were meant to in the past. This concerns OS as well as general security measures (logins with blank passwords, etc...). Microsoft did a reasonable (although clearly imperfect) attempt to follow trends and make their OS'es secure, but the real problem is this huge legacy of badly configured PC's with outdated software. And this is a consequence of their success, because lots and lots of IT-uneducated people purchased them. This is especially true for the domestic market, but also for the corporate market in many cases. Mac people usually are more computer aware (after all, they made a deliberate choice of not following the masses), and tend to be much more up-to-date with their computers.

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 05:51 PM) [snapback]529711[/snapback]</div>

I agree to a large extent. But there are some important differences: first of all, unlike Apple, Microsoft does not have computers. They only have software that should run on a very wide variety of platforms from different vendors, with huge amounts of possible hardware choices and peripherals. Nobody should underestimate the complexity of that situation when it comes to upgrading software for existing hardware. Apple is in a much more comfortable position here. But I agree with you that the product offering of MS is confusing to say the least (and there is much worse than their OS!). And you can run Vista on older machines, but without the Aero look.

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 05:51 PM) [snapback]529711[/snapback]</div>

Yes. But, again, to a large extent, this is a consequence of their totally different business model. You can't directly compare them. Apple makes the total box, including hardware, preloaded software, bundled software, default settings, manuals, etc... They know exactly what configurations they have on the field. PC's follow a totally different approach. It is Dell or HP or Lenovo or whatever who decides how the hardware is configured, what is preloaded, what default settings are chosen, what is bundled, etc...
Apple traditionally has been a one-stop-shop, providing an essentially closed system that they fully control. This obviously has advantages when it comes to coherency, security and user-friendlyness. And Apple has done a tremendous job in taking advantage of this.
In the PC world, the situation is totally different. As a consequence, PC's are often more clumsy, and less secure indeed. But the openness of the system brought it market dominance.

 

<div class='quotetop'>QUOTE(Jonnycat26 @ Oct 24 2007, 11:34 AM) [snapback]529737[/snapback]</div>

So what point are you trying to make? That everyone should get the server version? The last thing i want, on my personal boxes, is to be running a server or any form of server software. It opens you up to additional security risks, and is something that should be kept away from your average user.

 

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 05:26 PM) [snapback]529698[/snapback]</div>

I disagree. In fact, the firewall that is built-in in the vast majority of today's $75 consumer broadband modem/router combo's is up to the task, provided that it is properly configured. But there we come again at the problem that most vendors don't do this by default, and most consumers never do it (just like the Wifi routers)

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 05:26 PM) [snapback]529698[/snapback]</div>

As I argues in my previous post, MS does a reasonable (although admittedly imperfect) attempt to catch up with today's threats in their modern OS'es. But the biggest problem is outdated configurations and people knowing nothing about about computers. A lot of people always work under the admin account, with a blank password. Try to secure that.

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 05:26 PM) [snapback]529698[/snapback]</div>

Many of these holes were only fixed after years of exploiting. Some of them still exist. If MS would ever have done that, Bill Gates would have been lynched years ago. BTW the fundamental architecture of Unix is actually a nightmare. In fact, there isn't even an architecture at all.

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 05:26 PM) [snapback]529698[/snapback]</div>

Let me tell you a little secret: I don't use a virus scan program. I don't have anything running, except of a properly configured firewall (which each system should have, regardless of the OS). And I haven't had a single virus ever. There are a few rules that you need to obey which I consider just common sense, but most people seem not. Some of them are never to use an admin account for normal usage, block all scripting possibilities, maximise the security settings in your web browser, never run any programs you don't know... Any good IT department of a decent company knows those rules, and actively enforces it on all their computers (using MS's nice computer group managing tool )

Vista's major advantage over XP is that it actively encourages you to use a lower-unprivileged account for normal usage. As soon as any piece of software tries to do a task that falls outside the normal activities, it is suspended and the user warned and prompted for approval. The major problem with XP was that the vast majority of users let the config program create a default account with admin rights, and never use anything else.

<div class='quotetop'>QUOTE(daniel @ Oct 24 2007, 05:26 PM) [snapback]529698[/snapback]</div>

It's not just marketing that made MS dominant. If it were, that would actually be the biggest joke of the last 20 years. But somehow I feel that I will never be able to get this point through.

 

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 12:43 PM) [snapback]529742[/snapback]</div>

That the core of software between the OSX desktop and OSX server is the same. There is no "one" version of OSX.

 

<div class='quotetop'>QUOTE(Jonnycat26 @ Oct 24 2007, 01:13 PM) [snapback]529789[/snapback]</div>

but there is one consumer version - server distro's aren't considered consumer software - they're business or developer software, which is really a whole different arena.

 

<div class='quotetop'>QUOTE(eagle33199 @ Oct 24 2007, 03:26 PM) [snapback]529814[/snapback]</div>

Not to defend Microsoft, because I really don't like them, and haven't used Windows in... a long while.. but maybe Apple should look towards creating different versions of OSX. I'd certainly be happier buying a version bundled with more powerful applications (iWork).

 

<div class='quotetop'>QUOTE(vtie @ Oct 24 2007, 09:42 AM) [snapback]529741[/snapback]</div>

Windows XP out of the box requires the end user to add security measures AND keep up-to-date with patches for the million security holes which turn up, half a dozen or so every month. And as I mentioned elsewhere, a Windows computer that is not turned on for a few months can take several hours to download and install all the new patches.

A Linux box or an OS X machine works from the start. And if it's left off for months, needs little or no updating.

My point exactly: A home user, who knows nothing about computers, must buy a router, which he doesn't know he needs because he's just got the one computer, and then he must know how to configure it. All because of the security holes built into Windows.

I recently bought a wireless travel router so I can use my mini-tablet in hotels that have ethernet but no wi-fi. I consider myself above the average computer user in knowledge about computers, but I had great difficulty configuring the router, and probably could not have done it without help from a kindly person here on PriusChat. An OS that requires you to buy and configure a router is unacceptable. A router should be for when you need a router. Not in order to cover up for an OS that is fundamentally insecure. And the average home user does not know how to properly configure a firewall-router.

This is good. One more security flaw partially covered up. (Only partially if it encourages rather than requires proper procedure.) Now only 9,999,999,999 more security holes to fill.

 

I'm not a big fan of Microsoft so don't take this the wrong way but I think you are getting some terms and idea's mixed up.

A WIFI card for you lap top is a hardware issue, nothing to do with the op system, so if it's missing bad on the manufacture for not pre-installing it as part of the package.

If the WIFI card has a router built in that has a NAT and DHCP etc, that is still not an issue with the OP system because any op system that needs to send packets from one subnet to another such as your privet subnet IP address to the internet, you need a router. Subnet work on MAC (Media Access Control) addresses but to get from on sub net to another you need an IP address.

Now most people use the NAT network address translation, a function of a router to act as a hardware "firewall" and perhaps that is what you are thinking about as far as Windows security shortfalls.

You can plug your LAN card directly into your cable modem and bypass the router and it's NAT, and the IP provider will route for you, but that is asking for trouble, no matter what OP system you use.

BTW the first computer virus was made for a MAC.
Windows is the king of the hill so everyone is looking to hack-it 24/7 unlike other op systems.
So you see Microsoft XP isn't that bad after all, VISTA on the other hand, that's another story.

Hope this helps.

<div class='quotetop'>QUOTE(daniel @ Oct 25 2007, 10:48 AM) [snapback]530246[/snapback]</div>

 

<div class='quotetop'>QUOTE(fairclge @ Oct 25 2007, 08:20 AM) [snapback]530260[/snapback]</div>

Actually the first home computer virus (ElkCloner) was made for an Apple II, the Mac wasn't invented yet.

 

fairclge, i think you misunderstood his point. Routers are confusing for the average person. A previous poster attempted to explain that a properly configured router was an essential part of any computers security at home, and daniel was using this tidbit to show that it really shouldn't be. An OS that relies on an external and separately sold and configured piece of hardware for its security is essentially flawed.

As daniel said, a router is for situations where you need a router - not for situations where you need security. he bought his for hotels that have no built in wifi, so he can travel around his room without being tethered to their provided Ethernet cable - not because his computer was lacking a wireless card (in fact, he implies that he has one).

 

<div class='quotetop'>QUOTE(dogfriend @ Oct 25 2007, 11:25 AM) [snapback]530263[/snapback]</div>

I stand corrected.. MAC / APPLE all the same to a PC user..

 

<div class='quotetop'>QUOTE(fairclge @ Oct 25 2007, 10:27 AM) [snapback]530267[/snapback]</div>

Considering the PC was invented a scant 6 months before the computer virus, it really wasn't "all the same" at the time

 

<div class='quotetop'>QUOTE(eagle33199 @ Oct 25 2007, 11:26 AM) [snapback]530264[/snapback]</div>

Doesn't Apples and other op systems use routers?
Don't these router have thier own built in interface software and or operating sytem software such as CISCO routers?
Doesn't XP sp2 use NAT for a firewall for protection... same as low-end routers.

I understand now about the WIFI statement, but you would still need a WIFI Router to use the WIFI card on the laptop if the room did not have access to a WIFI / hotspot signal regardless of security.

Thanks for the clarification though.

 

Yes, you would - but in that case you would be using the router for it's actual purpose - splitting and distributing an internet connection.

I have a router at home. Many people do. I took the time to properly configure mine as part of my security setup. Many people don't. A few years ago, i worked for a small startup. When i started there, they wanted to set up a videoconferencing unit that required me to set up some port forwarding in their router. Guess how easy it was to guess the password and gain full access to the router remotely? A simple google search for the router brand/model gave me the manual, and trying the default username/password worked. And the ladies at this start up are, unfortunately, your average american when it comes to understanding tech stuff.


When it comes to routers, you should only depend on them to properly distribute your internet connecting and provide a hub for your home network. The average user out there doesn't know how to properly configure them for security, so most of them aren't as secure as they could/should be.

When we get down to OS's, they are the very first step in system security. They control what privileges programs have when they run. While it's an improvement in Vista that they recommend you don't run as root, It's not even remotely possible for someone to do so unless they really want to in OSX. I do a lot to my OS 9i am a programmer, after all). In Windows, nothing even tries to stop me or any program i have from doing whatever the heck it wants. In OSX, i have to sudo every time i want to touch an area that your average user wouldn't touch, or perform any operation that effects the OS. That is an inherently more secure system than what Windows provides.