Attack Code Out For Apple Flaw

http://news.com.com/2100-1002_3-6089630.html?part=rss&tag=6089630&subj=news



Jay

And while FreeBSD OS X is inherantly more secure than Windows, possibilities can still be found.

This doesn't mean everybody should keep using Windows; that platform is an open invitation for malware by comparison.

I just can't help but stir the World v. Windows pot every once in a while. :evilgrin:

Jay

These numbers were compiled from Qualys, Inc. security vulnerability alerts 1/31/06 - 6/27/06

Vulnerabilities:

Windows 11
Linux 72
BSD 12
Unix 39
MacOS 13


NOTE: These numbers were taken over a 25-week period of which I am missing weeks 1-3 and 5-7

June 13, 2006 – Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 12 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Vulnerability Details
Microsoft has released 12 security patches to fix 21 newly discovered flaws in Microsoft Windows, Microsoft Exchange, and Microsoft Office.

----

May 9, 2006 – Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 3 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Vulnerability Details
Microsoft has released 3 security patches to fix 3 newly discovered flaws in Microsoft Windows, and Microsoft Exchange.

----

April 11, 2006 – Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 5 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Vulnerability Details
Microsoft has released 5 security patches to fix 5 newly discovered flaws in Microsoft Windows, and Microsoft Office.

----

There were 11 more from earlier in the year from the same source, but I think the point has been made. Windows/Office/Exchange is a more fair comparison with Mac, Unix, BSD, Linux, since the sum of issues causes the problems.

I have to fix infected Win machines at work all day long. Come home to my Mac, and none of the drama of the day follows me home.

but I disagree. Office is a distinct application purchased separately from the OS and Exchange is a server application. Windows users can send mail from the Windows SMTP stack alone and you can use Wordpad for basic word processing. Also, computers you have to fix in an uncontrolled environment(work)are oranges to your home PCs apple.(pun intended) BTW, why are you fixing so may PC's at work?

Jay

With let's say Linux, the reason is because they AREN'T testing Linux alone, that's just a kernel, but also a shitload of third party apps like OpenOffice, e-mail programs like Evolution, and browsers like Firefox. Most of which are usually standard on installs of a distribution. Probably the fairest comparison is if they compared it to let's say DSL or Austrami, which are minimal distributions, and usually never need patching except to add new features. The Linux Kernel is the OS, the GNU software that is also distributed with the Kernel isn't controlled by Kernel.org, but by third parties.

ON EDIT: Another consideration is this, GNU software in general is patched much more often than propretary software, the reason is because any security or feature flaws are viewable by the users themselves, if they have the coding skills, and are usually patched in days, a week at most, to prevent the system from being vulnerable. This contrasts with Microsoft products, where it could be months between security patches, usually only AFTER the vulnerability is exposed by successful virus or hacking attacks.

Most of us use more than the Kernel/core OS, wouldn't you agree? :)

The apps make the environment. Mac OS X has had patches for the underlying open source software, say OpenSSH, that directly affect ME as an enduser. Since it's part of my operating environment it's a concern, even though it's not my OS that has the hole. Same goes for connecting systems.

Windows is absolutely secure, if you never plug it into a network and don't let anyone near the hardware. This is why the whole environment is important to discuss. Just picking and choosing what constitutes a flaw distorts the picture. Flaws in Quicktime show in both Win/Mac, and should be counted on both sides.

Work environments are supposed to be controlled (sigh), though patching and active monitoring. The main issue is spyware and worms, coming in through other components (like MS Messenger) or un-patched developer systems that get on-net for any period of time (VMware/VirtualPC hurts more than helps...). Then there is lots of people with local admin privs because of work/application requirements. It's a challenge.... one of these days I'm sure we'll get to a CMM level 1, but it's lots of pain until then.

Except for the Mac users at work, they remain productive. LoL

:rofl:

I installed the patch eariler this week; have my system to check for updates daily.

Preferably a DELL!

did the pc explode? Or was it the batteries which are manufactured by some of the same companies that provide mac laptop batteries?

They now hold enough energy that they are effectively small bombs.

And even if well manufactured, can be damaged through rough use such that what you see here results.

a manufacturing flaw could HEAT things up rather drastically, burned laps and all that, wonder what such overheating would do to the battery?

I think so. Dell does not use anything but Intel last I looked.

The remote looked funny when I got home,warped on the sides. It also stained my coffee table.

:thumbsup:

...none of my macs have bluetooth.

And this worm cannot spread unless you have all the bluetooth security turned off, which you have to choose to do as it is not that way by default.

Every chance they can get. Pretty pathetic actually. I never knew how vane some people could be until I started cruising the net and found so many folks stiring up shit about Apple products. It's hilarious but also a bit annoying. It's like having sales persons bug you while you are just walking down the street, or a fake christian knocking on your door.

Anyway... I am glad they dealt with this, as they always do.

That's hilarious. I don't think I've ever heard anyone bash MAC ever. Sure some people prefer other platforms, but Mac bashing? The only bashers I have ever seen are Microsoft bashers.

Jay

Wow... never huh?

I've just never seen it.

Jay

http://www.computer-guru.com/macbash.html

Also... read post 16. Happens all the time around here.

I wouldn't count that.

Jay

I slam all those systems controlled by anal companies equally, Microsoft Windows is a buggy, insecure, soon to be DRMed piece of crap. Dell is easy, they make crap computers, and no I don't really care that they put Linux on their business servers by default, they still use crap hardware. Apple uses decent hardware, I love their OS design, but the damn thing isn't worth 1200 bucks, not even 500 bucks, make the OS independent of that dumbassed proprietary chip on Intel motherboards, or hell, just sell those Intel motherboards, and then I might change my opinion. Either way, I would be MORE than happy to buy MacOS X, till that happens, forget about it!

Get Linux!

:thumbsup:

There's a few of us around.

All for many different reasons, Apple for being anal about hardware control, Dell for using crap parts in their PCs, and donating to Republicans, and Microsoft Windows for being crap. I'm always amused at Mac people for saying "Get a Mac!", yeah, right, can I get one with the perfomance of TOP line computers for 250-300 bucks(approx. price of Mobo/CPU upgrade)? I don't think so.

It can soar or it can flop (megaflop?) the final result is in one's own hands.

That is freedom!

than in the past. I've always been a DIY when it comes to computers, and I have installed various OSes on PCs, even a few Macs as well(MacOS 8.1 through emulation, curious :)), and let me just say, Linux today, the user friendly distros, like Ubuntu, are actually EASIER to install than Windows XP or any other previous version, in addition to that, I would say MacOS 8.1 was a little bit easier, in that their were less choices to pick from.

Installation is a breeze!

I may hold off until I'm done with whatever I'm doing (usually color correcting/cropping a photo), cause it always requires a re-start, but it's too simple to do not not do it.:hi:

the 10.4.7 update fixes it. i know it's in the quote above, but just reminding people. One of the things that I like about apple's software updating style, allows them to issue small fixes whenever necessary.

certain way, according to macsonly.com. The easiest way to prevent problems is to use the Software Update feature in the OSX operating system.

(On a side note, I wonder if the Intel processors will eventually make Macs more vunerable to attacks)

Hardware architecture has little to do with the vulnerability of computers, rather its OS design and flaws that are MOST likely to create such problems. Now, CERTAIN hardware techniques, such as "Wake up on LAN" could make a computer vulnerable, but then again, this is only true if the OS is ALSO vulnerable on boot, for example a Password-less Windows Account login. To think of it another way, LAMP(Linux, Apache, MySQL, PHP/Perl/Python) configurations for web hosts is REALLY common on the Internet, and most run off of x86 achitectures because its the cheapest solution, yet we rarely hear about virus attacks and vulnerabilities on these web hosts. This isn't to say they are immune, but a Windows XP/IIS configuration, on default settings at least, IS more vulnerable on average.

You could pick up a virus or worm. Would that only affect the Windows portion of the computer, or could it screw the whole thing up?

There are exceptions, for example, the Master Boot Record could be affected by a virus, this is the menu that comes up to choose OSes, also another problem would be if Windows XP has full Read/Write Access to the HFS+ partition where MacOSX resides. If I wrote a Windows virus to wipe ALL harddrives on your computer that Windows Recognizes and can write to, then the Mac part of the system can be wiped really easily IF Windows can write to it. Now, there are solutions to this problem, like only allowing the Read Only access to the HFS+ partition(s), and Limiting Windows XP from any type of access to the MBR, etc. These are software solutions for software vulnerabilities in Windows.