# So, Apple security.



## Runefox (Apr 16, 2009)

Everyone knows that Macs are impervious to viruses and stuff.

Right?

... Right?

Well, no. They aren't. And they never have been, as I've long been trying to tell people. Nothing can describe the sheer amount of sick (and completely wrong) glee I feel knowing that out there, somewhere, there operates a botnet made entirely of Macs, spread much in the same way as many Windows-based viruses are - Through P2P. And so, without remorse, I say,

*JOIN ME IN MY UNHOLY GLEE!*

... And protect yourself by not downloading random shit through P2P.


----------



## Adelio Altomar (Apr 16, 2009)

And what about Linux? :V


----------



## Shindo (Apr 16, 2009)

ive p2p'd alot but from demonoid so i trust it

muh mac is still healthy


----------



## Carenath (Apr 17, 2009)

Runefox said:


> Everyone knows that Macs are impervious to viruses and stuff.
> 
> Right?
> 
> ...


*joins you* Even though I own a macbook, and I think its a pretty decent computer compared to your average Windows machine, I was not under the illusion that mac's are immune to viruses or malware. However like their Linux cousins, the Mac OS, is certainly better hardened against viruses compared to their windows counterparts.


----------



## net-cat (Apr 17, 2009)

Adelio Altomar said:


> And what about Linux? :V


Linux insecurity stems more from the number of misconfigured systems out there. And the number of people and companies who don't update their systems.

Seriously. If your hosting company is bragging about their cutting edge, up-to-date technology, Apache 1.3 and PHP 4.3.10, find another hosting company.


----------



## Captain Howdy (Apr 17, 2009)

\o/


----------



## Endless Humiliation (Apr 17, 2009)

STILL DOESN'T STOP ME FROM HAVIN A MAC


----------



## Shindo (Apr 17, 2009)

MAC-USERS UNITE!!


----------



## Runefox (Apr 17, 2009)

AND DDOS RANDOM SITES OFF THE INTERNET BY JOINING A BOTNET LIKE ALL THOSE WINDOWS BOXEN THAT CAME BEFORE!


----------



## WarMocK (Apr 17, 2009)

Captain Caps and his Shift crew struck again. 

This year's PWN2OWN competition has proven how secure mac really is atm. ;-)


----------



## Shino (Apr 17, 2009)

Heh. I've been telling people for years that the only reason why macs are so clean is 'cause no one cares about them enough to infect them. True hackers and script kiddies alike aim for the biggest target, which at this point is x86 versions of Windows based on the DOS and NT cores. Most aren't going to waste their time coding something that will only be effective on a small minority of the computing cloud. Unfortunately, most Mac and some Li/Unix users seem to be under the impression that their comptuers are bulletproof. Not so. It's just no one's bothered to aim at them yet.

I'm currently running a x64 version of Windows 7 (with an x86 AV just to be safe), and my system is about equally, if not slightly less, vulnerable as an out-of-the-box Mac running 10.5.

Hmm... I'm rambling again, aren't I?

*wanders off aimlessly*


----------



## Stratelier (Apr 17, 2009)

Small target or not, there are apparently enough infected Macs to make a decent botnet.

But ahem:



> _http://notahat.com/posts/28/_
> 
> My copy of the iWork 09 trial installer contained a trojan.
> 
> This copy was passed to me through multiple hands. If I'd done the smart thing, *and got my copy straight from Apple*, I wouldn't have had this problem.



This is why you don't trust torrent networks.  Even though it was a legally free trial version, somebody still managed to hack it and add a trojan payload.


----------



## Zero_Point (Apr 17, 2009)

While it's true that most hackers/script-kiddies don't bother with Macs because of their small market-share, imagine, if you will, the chaos that would ensue if every Mac just started shitting themselves inside-out 4 months from now.


----------



## Irreverent (Apr 17, 2009)

> My copy of the iWork 09 trial installer contained a trojan.



And it may have been infected right from the source.  Back in late '06, early 07, Apple was shipping video iPods with a PC virus preloaded.   There's lots of links that document this.  http://www.securityfocus.com/brief/332

I believe that Lotus, Adobe and PageMaker all fell victim to this sort of thing too.  Its more common than you'd think.


----------



## ArielMT (Apr 17, 2009)

As I recall, the first personal computer virus was written for the Mac, not the IBM.



Zero_Point said:


> imagine, if you will, the chaos that would ensue if every Mac just started shitting themselves inside-out 4 months from now.



Some of my customers use Macs, and I have to answer the support calls.  I'd rather not imagine the chaos from that sort of thing.



Irreverent said:


> And it may have been infected right from the source.  Back in late '06, early 07, Apple was shipping video iPods with a PC virus preloaded.   There's lots of links that document this.  http://www.securityfocus.com/brief/332
> 
> I believe that Lotus, Adobe and PageMaker all fell victim to this sort of thing too.  Its more common than you'd think.



All it takes is a brief lapse in in-house security combined with a brief lapse in quality control.  The boxed software industry is full of embarrassing moments like that.


----------



## Bellini Tabloid (Apr 17, 2009)

Mac doesent sell their hardware to anyone like Windows and Linux. Macs are more impervious to viruses than the other two. Plus, hackers love Mac too much :3



Shindo said:


> MAC-USERS UNITE!!



TWIN POWERS ACTIVATE... FORM OF STEVE JOBS!!! Now to kick some Window ass >:3


----------



## lilEmber (Apr 17, 2009)

Ark said:


> TWIN POWERS ACTIVATE... FORM OF STEVE JOBS!!! Now to kick some Window ass >:3


He's never done anything. Just like Macs.


----------



## Pi (Apr 17, 2009)

Runefox said:


> spread much in the same way as many Windows-based viruses are - Through P2P



Not really. A lot of them are spread through vulnerabilities both undiscovered and unpatched. "Buffer-overflow and infect and move on" style.


----------



## net-cat (Apr 17, 2009)

Shino said:


> ...Windows based on the DOS...


Actually, I'd be shocked if Win9x is explicitly targeted much these days. Incidentally targeted, sure. But I doubt there's many virus writers out there saying "Gee we'd better make sure this works on Win98 before releasing it into the wild." (Of course, the difference between Win9x and Mac/Linux is that Win9x already has a large catalog of exploits and viruses from when it _was_ popular.)


----------



## Carenath (Apr 17, 2009)

net-cat said:


> Linux insecurity stems more from the number of misconfigured systems out there. And the number of people and companies who don't update their systems.
> 
> Seriously. If your hosting company is bragging about their cutting edge, up-to-date technology, Apache 1.3 and PHP 4.3.10, find another hosting company.


Agreed

And THIS is why I have my own server.. PHP 5 and nginx. 


WarMocK said:


> Captain Caps and his Shift crew struck again.
> 
> This year's PWN2OWN competition has proven how secure mac really is atm. ;-)


Yep


----------



## net-cat (Apr 17, 2009)

And how many years did this one go unpatched?


```
osascript -e 'tell application "ARDAgent" to do shell script "whoami"'
```


----------



## WarMocK (Apr 17, 2009)

Irreverent said:


> And it may have been infected right from the source.  Back in late '06, early 07, Apple was shipping video iPods with a PC virus preloaded.   There's lots of links that document this.  http://www.securityfocus.com/brief/332
> 
> I believe that Lotus, Adobe and PageMaker all fell victim to this sort of thing too.  Its more common than you'd think.


iPods, USB sticks, SD cards, harddrives ... soon I need to reformat my USB coffee warmer before I can put a mug on it.


----------



## Runefox (Apr 17, 2009)

Ark said:


> Mac doesent sell their hardware to anyone like Windows and Linux. Macs are more impervious to viruses than the other two. Plus, hackers love Mac too much :3


Neh? Mac hardware is precisely the same hardware as is found in every other cookie-cutter PC (like Dells), except for the omission of BIOS in favour of EFI, which is going to happen on the PC end very soon. There is nothing about Mac hardware that makes anything any more secure - Just install Windows XP service pack nothing on a Mac and see how long it lasts on an open connection.



Ark said:


> TWIN POWERS ACTIVATE... FORM OF STEVE JOBS!!! Now to kick some Window ass >:3


*little girl scream* It's Jobs! Overbearing... Turtleneck... Can't... Breathe... Must... ... Install... Hacked... iLife... Destroy... Apple...



Pi said:


> Not really. A lot of them are spread through vulnerabilities both undiscovered and unpatched. "Buffer-overflow and infect and move on" style.


That's how a lot of malware is dragged around, but quite honestly, in my experience, a lot of the time social engineering proves easier and just as effective in getting people to infect their own computers. Sure, there's the whole drive-by-download thing in IE, and there's also service vulnerabilities on unfirewalled systems (who runs unfirewalled, anyway?), but those aren't used as often to infect consumer PC's. Viruses, in my experience, typically take the shape of a trojan horse nowadays, and most people get infected by running the file in question. MSN viruses, e-mail viruses, P2P viruses, all quite common. It's not as common for someone to be blasted from the deepest nethers of the internet nowadays, and as Firefox adoption keeps growing, the threat of drive-by-downloads (typically used by spyware/adware, not viruses) will hopefully at least shrink slightly.


----------



## Shino (Apr 17, 2009)

Runefox said:


> *little girl scream* It's Jobs! Overbearing... Turtleneck... Can't... Breathe... Must... ... Install... Hacked... iLife... Destroy... Apple...


 
LOLed. Thank you.



> _Mac doesent sell their hardware to anyone like Windows and Linux. Macs are more impervious to viruses than the other two. Plus, hackers love Mac too much :3_


You, my friend, need to be slapped.


----------



## Eevee (Apr 17, 2009)

Runefox said:


> Everyone knows that Macs are impervious to viruses and stuff.


no, everyone knows that Macs have a significantly better track record when it comes to working exploits in the wild.  and they still do!

some people deliberately installed software from an untrusted source and confirmed multiple times to their computers that this is what they wanted to do.  this isn't really new, and you know it has nothing to do with security at all.


----------



## Runefox (Apr 17, 2009)

> some people deliberately installed software from an untrusted source and confirmed multiple times to their computers that this is what they wanted to do. this isn't really new, and you know it has nothing to do with security at all.


Actually, social engineering has everything to do with security, and because Mac users tend to have a feeling of invulnerability (and perhaps because virus scanners aren't typically used/necessary on Macs), they installed tainted software with the assumption that their computer would be just fine. Apple, themselves, keep saying that Macs don't get viruses because they're magical and their power supplies run on pixie dust, so why would a Mac user have anything to worry about?

That's by definition a security issue, and one that's being exploited in the same way as Windows machines are. Windows machines naturally have more holes to poke at (proprietary kernel versus BSD/*NIX-based - *NIX systems have about a three decades head start in that department), but a properly firewalled system making use of third-party web browsers (or no browsers at all) should never have an issue with a virus that attacks some obscure vulnerability in Windows code - If the user gets hit, they'll get hit by tainted software or other trojan horses, the same way these Macs got hit.

What IS new about this is the fact that these are OS X computers comprising a complete botnet, which , AFAIK, hasn't been done before, barring a short mention of several Linux/OS X computers being controlled via PHP exploits. What this proves is that, like I keep trying to tell people, being smug about your choice of computer is pretty much the most idiotic thing you can do. Which is of course true, but try telling a luddite Mac owner that without them spewing Apple PR about how it's all lies.


----------



## Shino (Apr 18, 2009)

Runefox said:


> ...but try telling a luddite Mac owner that without them spewing Apple PR about how it's all lies.


 
Tried doing that for years at the IT helpdesk.
They'd always complain about it not acting right after they downloaded a free trial of something, then after listening to them defend themselves and spout bull like they were Job's prodigal child, I'd always counter with one sentence:

"If they're so safe, then why are you talking to me?"

Needless to say, the Mac fanatics were never too thrilled with my logic. Don't ever put an obsessed Mac user and a Vulcan in the same room.


----------



## Armaetus (Apr 18, 2009)

Adelio Altomar said:


> And what about Linux? :V



I'm sure there ARE some sorts of virii for Linux but the market share for *nix is tiny compared to Windows (90%?)


----------



## WarMocK (Apr 18, 2009)

Glaice said:


> I'm sure there ARE some sorts of virii for Linux but the market share for *nix is tiny compared to Windows (90%?)


Desktop: yes
Servers: vice versa (ok not quite, but *NIX beats the hell out of Windows )


----------



## Irreverent (Apr 18, 2009)

WarMocK said:


> soon I need to reformat my USB coffee warmer before I can put a mug on it.



Heh.  Pretty much.  Anything not confirmed as known good is suspect until proven otherwise.

And not so far fetched.  A usb toy could be used to deliver a virus.  There was a batch of those usb powered fans handed out by a vendor at work.  They were configured to deliver a vendor message via auto-run and flash every time they were plugged in ("Stay cool with us....") so its possible in theory

Besides.....coffee warmers are for coders!  Real network nerds (C) heat their coffee on top of a cisco GSR12000.


----------



## Zero_Point (Apr 18, 2009)

Runefox said:


> Actually, social engineering has everything to do with security, and because Mac users tend to have a feeling of invulnerability (and perhaps because virus scanners aren't typically used/necessary on Macs), they installed tainted software with the assumption that their computer would be just fine. Apple, themselves, keep saying that Macs don't get viruses because they're magical and their power supplies run on pixie dust, so why would a Mac user have anything to worry about?
> 
> That's by definition a security issue, and one that's being exploited in the same way as Windows machines are. Windows machines naturally have more holes to poke at (proprietary kernel versus BSD/*NIX-based - *NIX systems have about a three decades head start in that department), but a properly firewalled system making use of third-party web browsers (or no browsers at all) should never have an issue with a virus that attacks some obscure vulnerability in Windows code - If the user gets hit, they'll get hit by tainted software or other trojan horses, the same way these Macs got hit.
> 
> What IS new about this is the fact that these are OS X computers comprising a complete botnet, which , AFAIK, hasn't been done before, barring a short mention of several Linux/OS X computers being controlled via PHP exploits. What this proves is that, like I keep trying to tell people, being smug about your choice of computer is pretty much the most idiotic thing you can do. Which is of course true, but try telling a luddite Mac owner that without them spewing Apple PR about how it's all lies.



My computer is a Babbage Analytical Engine. Let's see someone bot-net THAT.


----------



## WarMocK (Apr 18, 2009)

Irreverent said:


> Real network nerds (C) heat their coffee on top of a cisco GSR12000.


*Puts a few pizzas in the p5* ;-)


----------



## Carenath (Apr 18, 2009)

Irreverent said:


> Besides.....coffee warmers are for coders!  Real network nerds (C) heat their coffee on top of a cisco GSR12000.


Real network nerds dont use Cisco


----------



## Runefox (Apr 18, 2009)

Carenath said:


> Real network nerds dont use Cisco



That's why they warm their coffee on Cisco gear. =D


----------



## Bellini Tabloid (Apr 18, 2009)

WarMocK said:


> Desktop: yes
> Servers: vice versa (ok not quite, but *NIX beats the hell out of Windows )



Are you trying to say Linux is the best?


----------



## WarMocK (Apr 18, 2009)

Ark said:


> Are you trying to say Linux is the best?


Sorry, no flamewars today. It's already warm enough outside. :3


----------



## Bellini Tabloid (Apr 18, 2009)

WarMocK said:


> Sorry, no flamewars today. It's already warm enough outside. :3



I'll take that as a yes ;3


----------



## Carenath (Apr 18, 2009)

Runefox said:


> That's why they warm their coffee on Cisco gear. =D


TouchÃ©



Ark said:


> Are you trying to say Linux is the best?


Generally speaking Unix based operating systems, make a better server platform than Windows based systems..

Unix was designed to be a multiuser operating system.. it was originally written to be used on expensive mainframes to share expensive-at-the-time computing resources among many users at universities and such. Linux itself is a unix clone, and by and large is compatible with BSD.

Windows was designed to be a desktop operating system, as such, networking in Windows lagged along with security. Recent versions have slowly fixed these faults and the server editions of Windows tend to be more efficent than their desktop counterparts. Windows Server 2003 is where I believe Windows graduated into a decent server operating system for more than just file-print sharing and Login Domains.
Windows is borrowing more and more traits from its unix counterparts which have helped to make it a more secure operating system.. and Windows Server 2008 furthers this with ServerCore... but that's for another thread.

Both operating systems have their strengths and weaknesses, which make them better suited to some tasks over others. Windows is easy to use, since everything is done from the same familier desktop 90% of the worlds computer users know how to use, but its incredibly expensive and not very good value for money. Linux isnt as easy to use, the command line can be intimidating to new users, and different distributions can have different commands for managing packages, starting-stopping services, controlling the boot scripts, and even user management. Linux however is free by and large, and its easy to install, takes up considerably less space than Windows, and is very easy to secure. There are a ton of server programmes that can be installed from the command line, also for free, allowing you to get a linux server up and running pretty easily.

For me, the advantage to using Unix based servers is the cost.. since I dont have to pay $999 for a copy of Windows server, plus the additional fees for every client/user who has to connect to the server... and additional fees for terminal services and every client/user of the terminal server.. lets just say right now, even if Windows was every bit as good as Unix.. its not enough for me to justifiy that kind of pricetag, just for an operating system, when CentOS and FreeBSD are perfectly free with a lot of good support online.
YMMV.


----------



## Bellini Tabloid (Apr 18, 2009)

I got my contacts for free OS's, so thats not a problem. Have you used Yoper before, Carenath?


----------



## ZentratheFox (Apr 19, 2009)

This thread makes me happy.


----------



## Eevee (Apr 20, 2009)

Runefox said:


> Actually, social engineering has everything to do with security, and because Mac users tend to have a feeling of invulnerability (and perhaps because virus scanners aren't typically used/necessary on Macs), they installed tainted software with the assumption that their computer would be just fine.


I really can't imagine that a Windows user would give it a second thought either.  It _says_ it's Photoshop; it's right in the filename!  Why would it be anything else?



Runefox said:


> What this proves is that, like I keep trying to tell people, being smug about your choice of computer is pretty much the most idiotic thing you can do.


Yes, thinking owning a Mac makes you completely invulnerable demonstrates a huge lack of understanding of security.
But saying this incident makes much difference as to the security of the _actual system_ isn't much better.




Glaice said:


> I'm sure there ARE some sorts of virii for Linux but the market share for *nix is tiny compared to Windows (90%?)


Incidental, but: Windows dropped below 90% for the first time in ages fairly recently.

Linux is slightly under 1%, giving it 1/100 the market share of Windows.  The rest is Apple platforms.


----------



## verix (Apr 20, 2009)

heh, another operating system gaining marketshare that's not Linux? better crack this one wide open

*hugs Tux, cracks knuckles, starts typing*


----------



## WarMocK (Apr 20, 2009)

verix said:


> heh, another operating system gaining marketshare that's not Linux? better crack this one wide open
> 
> *hugs Tux, cracks knuckles, starts typing*


You have exactly ten seconds ... 8) better get your howto for the exploit for Safari before it's fixed


----------



## Runefox (Apr 20, 2009)

WarMocK said:


> better get your howto for the exploit for Safari before it's fixed



Hehehe, yeah, like that's going to happen. Apple prefers to call exploits like that "expected behaviour," "intentional," and "features".


----------



## Robian (Apr 20, 2009)

Adelio Altomar said:


> And what about Linux? :V


Eevee wrote a virus for it, didn't he?



Zero_Point said:


> My computer is a Babbage Analytical Engine. Let's see someone bot-net THAT.


Y'know, I've been wanting one of those for a while now. Know any good vendors?



SmallLittleKid said:


> Mac doesent sell their hardware to anyone like Windows and Linux. Macs are more impervious to viruses than the other two. Plus, hackers love Mac too much :3



(1) As far as I'm aware, real hackers use Linux and maybe BSD. An assassin tends to protect himself from his colleagues, wouldn't you think?
(2) Windows and Linux aren't companies. Windows is an operating system and Linux is a kernel.
(3) Microsoft doesn't own any patents on the PC.
(4) The PC is an open platform. The Mac isn't--thus far, only Apple has the right to distribute them, though Intel's now allowed to make hardware for the things.
(5) All the circuitboards and chips in an Intel-based Mac are the same as that in a PC. The only significant difference lies in the BIOS.
(6) Really? For one thing, "impervious" isn't the kind of adjective that _has_ varying degrees. Either something's impervious, or it isn't. What's in the code itself to make the Mac OS "impervious"? Nothing--and, to paraphrase Shino, if they're so impervious, why was this thread made?


----------



## Carenath (Apr 20, 2009)

Ark said:


> I got my contacts for free OS's, so thats not a problem. Have you used Yoper before, Carenath?


Nope *greps*

I run Windows Server 2003 on my desktop, and its installation is imaged to my file-server.. I dont run an Antivirus on it, because Eset Smart Security wont install on server editions... it insists on me paying for the business edition.. and I never bothered to look for an alternative free antivirus program that would work on it. Since the installation is imaged.. I have a known-good, clean, install, which has all the application software I use. I should really update that image at some point though, so that it will include the latest updates.
I also have an imaged installation of Windows XP Pro.. which I had installed to rule out the OS when I had issues with the network card. Switching between the two only takes an hour for the image to be written to the hard disc.

My laptop runs Vista.. and a hidden partition on the laptop contains an image of the operating system with all the crapware that comes with it.. the same image is also burned to a pair of recovery CDs.. that said, I have the original installation discs for Vista.. so losing the recovery image is a minor issue. I could image just that partition, so I could replace it should the hard drive in the laptop ever fail.. or should I ever decide that 250GB isnt big enough.

My two servers (here and Canada), run CentOS 5.3 (64bit and 32bit respectivly) and they are rock-solid reliable. I do all the configuration and management through SSH, and I find it a lot faster than messing with a GUI over an internet connection.

My old macbook runs OS X Leopard 10.5, and I love it, the only reason I dont use it right now.. was that the charger is knackered and I wanted to buy a windows laptop.. I didnt want to have to mess around with dual-boots or VMWare.

I've used just about every version of Windows from 3.1 to Vista, and tried many different Linux distributions from Red Hat, Fedora and Cent... to Xandros, Lycoris, Mandriva... to SuSE Ubuntu and Debian. I've tried FreeBSD and I've tried lesser known projects like ReactOS.. so I've become pretty sure of myself and my choice in the right OS for the right role.
I dont believe that Linux is ready for the desktop, so long as it cannot do the same arguably basic things that a Windows machine can, out of the box.


----------



## verix (Apr 20, 2009)

Runefox said:


> Hehehe, yeah, like that's going to happen. Apple prefers to call exploits like that "expected behaviour," "intentional," and "features".



i'm gonna ride this penguin til cum is coming out of its ears unnngh


----------



## verix (Apr 20, 2009)

Robian said:


> (1) As far as I'm aware, real hackers use Linux and maybe BSD. An assassin tends to protect himself from his colleagues, wouldn't you think?


some of the best hackers I know use Windows though


----------



## Carenath (Apr 20, 2009)

That's a given I suppose, if you want to study the flaws and cracks in Windows security, it helps to have a windows system to test it out on.. but hacking is essentially programming knowledge of how a system works.. that's probably why the term hacker, which originally and genuinely applies to a skilled computer programmer.. has become synonymous with cracker.. since the skills of the former are required to be the latter...


----------



## CodArk2 (Apr 21, 2009)

While it's notable to discover a zombie Mac infection, keep in mind that this wasn't an OS exlpoit. It was an install virus like the ones you used to see back in the 90's. People who download and install pirate software should expect their computers to be compromised by a virus.
I'm sure there are a few idiotic PC users snickering at this news. But MOST Mac users, like myself, don't have to worry about this. Mainly because I, personally, have no use for iWork, especially pirated software requiring 'Admin Access'!!(you have to put in your password, usually twice to install anything on a mac, then go through another check to see if you want to run it. Its not like they had no warning the program was on there) . I'm sure most Mac users don't either. Who wants a cracked version of iWork anyway? 
 Macs aren't invulnerable to virii, but all the gloating i see from PC users is unwarranted. Considering you have to download(pirated) software and have admin access where you have to put in your password and knowingly put the software on there, its not an OS problem, its a user problem.


----------



## Runefox (Apr 21, 2009)

Yes, and I've been over this - It highlights a very important issue with the users in general. Most people (even PC users), thanks to Apple's misinformation campaign, think that Macs are magically impervious to viruses altogether, and as such throw caution to the wind when using one, thinking it as some sort of Interwebs supertank. While it wasn't an exploit that did it, many exploits do already exist. However, it's easier at this stage in the game to try and pull some social engineering on a piece of software specifically designed for a Mac than try and infect a comparatively very small audience en masse by poisoning websites or what have you. There's a much higher Internet Explorer audience to infect in that regard.

Do keep in mind that such types of attacks work the same way on a Windows or Linux-based PC. They still require administrative privileges for a system-wide infection (or a buffer overflow or something similar, which is completely possible as long as you've run the program to begin with, which is required on Windows, too (a virus won't infect your computer just by sitting there)), and in many cases, they still masquerade as or attach themselves to legitimate software. While there do exist exploits for Internet Explorer and other Windows services, that happens specifically because they are widespread. There are also holes in Firefox and other browsers, but they are not yet utilized in large numbers due to their lack of penetration by comparison. Rest assured that as OS X rises to parity with Windows (as if that'll happen; Microsoft's got lock-in all over the place), so, too, will the rate at which exploits are found in it. It's much like the open source mantra - With many eyes, a bug can always be found. No software is perfect, much less an operating system.


----------



## verix (Apr 21, 2009)

does the FSF pay you by the word


----------



## Runefox (Apr 21, 2009)

verix said:


> does the FSF pay you by the word



Do you often ask questions without punctuation?


----------



## verix (Apr 21, 2009)

Runefox said:


> Do you often ask questions without punctuation?


yes

you can improve the efficiency of your posting by typing C-r M-s

this will give you a terminal dialog and allow you to fill in various arguments, comments, criticisms and chuckleworthy-statements regarding operating systems who have larger market shares than 1%

you should try it

it will change your life


----------



## Carenath (Apr 21, 2009)

Runefox said:


> With many eyes, a bug can always be found. No software is perfect, much less an operating system.


Open Source != Better software. I say this, as an advocate of open-source and free software, its a delusion that just because the source-code is also available, that its more secure and has less bugs.
That isnt to say that open-source programmes cant be better than their proprietary counterparts however, just that, being open source doesnt automatically confer excellent security, better written code and fewer bugs.

Also, its a fallacy to state, that Internet Explorer is targeted because if its popularity.. Linux is by far the most popular operating system for servers, particularly in webhosting, yet sites hosted on windows were targed by the Code Red and Blaster Worms, and infected websites for DbD's are often running on Windows Servers..
Popularity is a factor yes, but not the prime factor.. the general (in)security of windows plays a huge role. MacOS X is a more secure operating system because it inherits FreeBSD's security since OS X is basically a modified FreeBSD with a fancy desktop and window manager running on top of it.
Does that make MacOS X or Linux servers immune to viruses and malware? Not at all, as you said yourself, there are exploits out there that  target these operating systems.

What happened with these botnets.. was purely a Layer 8 issue. But yes, I still agree with you that Mac and Linux users who ponce around saying they dont have to worry about viruses, are silly.


verix said:


> you can improve the efficiency of your posting by typing C-r M-s
> 
> you should try it
> it will change your life


That assumes she writes her posts in emacs

You should try using something other than Windows.. it will change yours.


----------



## Runefox (Apr 21, 2009)

> Open Source != Better software. I say this, as an advocate of open-source and free software, its a delusion that just because the source-code is also available, that its more secure and has less bugs.
> That isnt to say that open-source programmes cant be better than their proprietary counterparts however, just that, being open source doesnt automatically confer excellent security, better written code and fewer bugs.


Wait, what? I wasn't saying - What? ... What? I was making a comparison between the open source mantra and the idea that more people looking for exploits on a certain piece of software over another will likely find more of them on that piece of software, with few exceptions.

As for Windows-based servers being targeted by worms, aren't they using the same technology as their desktop counterparts? There's no real reason to target the servers specifically (Code Red was one of those older worms that didn't really set out to accomplish anything in particular), though I wouldn't run IIS on a web-facing server if you paid me.


----------



## verix (Apr 21, 2009)

Carenath said:


> That assumes she writes her posts in emacs
> 
> You should try using something other than Windows.. it will change yours.



are you for real? I made an emacs joke and you think I use _Windows_?

so if I were to talk about the absolutely retarded naming conventions of some functions in Windows like ZwMoveFileSomewhereImNotExactlySureWhereItsGoingButHopefullyYoullFigureItOut you'd pump your fist in the air and say HELL YEAH BROTHER THAT'S RIGHT, *FUCK* LINUX


----------



## Carenath (Apr 21, 2009)

Runefox said:


> Wait, what? I wasn't saying - What? ... What? I was making a comparison between the open source mantra and the idea that more people looking for exploits on a certain piece of software over another will likely find more of them on that piece of software, with few exceptions.


I misunderstood you then, apologies.


> As for Windows-based servers being targeted by worms, aren't they using the same technology as their desktop counterparts? There's no real reason to target the servers specifically (Code Red was one of those older worms that didn't really set out to accomplish anything in particular), though I wouldn't run IIS on a web-facing server if you paid me.


Yes they are.. and there are reasons to specifically target servers.. if you want to use them to exploit flaws in IE for example... drive-by-downloads..



verix said:


> are you for real? I made an emacs joke and you think I use _Windows_?
> 
> so if I were to talk about the absolutely retarded naming conventions of some functions in Windows like ZwMoveFileSomewhereImNotExactlySureWhereItsGoingButHopefullyYoullFigureItOut you'd pump your fist in the air and say HELL YEAH BROTHER THAT'S RIGHT, *FUCK* LINUX


It wasnt that.. I took your earlier post about hackers and windows as a sign that you used windows and were supporting it.. I then took your emax joke as being a pisstake..

My bad..


----------

