Linked by Hadrien Grasland on Sat 25th Jun 2011 08:55 UTC, submitted by John
Mac OS X "Using a Mac may certainly be a safer choice for a lot of people as despite being vulnerable they are not targeted. However this is not the same as Macs being secure, something Eric Schmidt erroneously advised recently. I may be able to browse impervious to malware on a Mac at the moment, however I personally would not be comfortable using a platform so easily compromised if someone had the motivation to do so. In this article I address just why OS X is so insecure including the technical shortcomings of OS X as well as Apples policies as a company that contribute to the situation."
Thread beginning with comment 478587
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Just another article
by brichpmr on Sat 25th Jun 2011 19:36 UTC in reply to "RE: Just another article"
brichpmr
Member since:
2006-04-22

"I think the simple fact that you have to enter an Administrator password for these things to gain access to your Mac is a pretty good deterrent against a widespread attack.


Except you don't have to enter the admin password for many attacks to work on a Mac. For example, I could send you a trojan'd executable that when you run it, will email me everything in your Documents directory. You wouldn't be required to enter any password because it does not need admin permission to do that. I could also email your Apple Mail folders to myself and then harvest email addresses, emails from your bank, etc. Again, no admin permission required because these directories and files only need user permission to be able to access.

Also, keep in mind that the latest versions of MacDefender do not require you to enter the admin password in order to do their dirty work.

I may be wrong, but I think Mac users are pretty wise to such tactics.


You actually are wrong about that. A study conducted by Evan's Data I think it was found that Mac users are actually more vulnerable to being tricked by social engineering attempts than Windows users are. They are more likely to fall for phishing attempts for example. The reason appears to be that many Mac users don't seem to realize the difference between phishing scams, trojans that try trick you into entering admin passwords, etc., and actual "viruses". And Apple has been spending so long telling them that their Macs don't get viruses, and are secure, that many Mac users believe they are immune from phishing attacks and trojans as well.

There definitely needs to be more education of Mac users when it comes to this.

One can ramble all one wants to about technical shortcomings, architecture flaws, anything you want as a reason an OS is "insecure", but the fact there are and has never been, any attacks, trumps all that hoohaa.
" [/q]


Most Mac users are either former Windows users or current users of both platforms....nothing to indicate that a Mac user is less savvy.

Reply Parent Score: 0

RE[3]: Just another article
by mutantsushi on Sat 25th Jun 2011 21:02 in reply to "RE[2]: Just another article"
mutantsushi Member since:
2006-08-18

Most Mac users are either former Windows users or current users of both platforms. ...nothing to indicate that a Mac user is less savvy.
How lovely , you can keep holding on to your lovely sense of superiority.

As for real-world concerns about security, OSX fails to implement techniques that other OS successfully deploy to reduce vulnerabilities. Whatever other platforms a good number of OSX users use/have used, whatever lack of savvy these `lesser Mac users` possess, they comprise the majority of OSX users, and as such should be reflected in the operational use scenarios that security features take into account.

And if you`re aware of the hacking contest being discussed, the test is simply visiting a webpage, no entry of user passwords or any other user intervention required... But I guess researchers who focus all of their time on mattes of computer security just are wasting their time and don`t know what they are talking about. If only they `understood` the Apple way.

(BTW, I like the OSX user experience at large, and think it`s the best out there... I don`t think that means Apple is flawless or that they are excused from having top-notch security methods. I would be glad if/when they do so, but until then it`s a valid criticism)

Reply Parent Score: 3

RE[4]: Just another article
by Alfman on Sat 25th Jun 2011 21:32 in reply to "RE[3]: Just another article"
Alfman Member since:
2011-01-28

mutantsushi,

"And if you`re aware of the hacking contest being discussed, the test is simply visiting a webpage, no entry of user passwords or any other user intervention required..."

I assume your talking about pawn2own? If I recall, in the last competition mac os failed on day two via an email exploit, not a web page. You are correct there was no interaction except for viewing the email.


"How lovely , you can keep holding on to your lovely sense of superiority."

I don't think this is fair to the poster you responded to. I believe he was suggesting that mac users have security competency at levels similar to windows users. He didn't provide any evidence to support the claim, but then nobody provided evidence to the contrary. I don't think he was trying to be smug.

Reply Parent Score: 2

RE[4]: Just another article
by brichpmr on Sun 26th Jun 2011 13:11 in reply to "RE[3]: Just another article"
brichpmr Member since:
2006-04-22

"Most Mac users are either former Windows users or current users of both platforms. ...nothing to indicate that a Mac user is less savvy.
How lovely , you can keep holding on to your lovely sense of superiority.

As for real-world concerns about security, OSX fails to implement techniques that other OS successfully deploy to reduce vulnerabilities. Whatever other platforms a good number of OSX users use/have used, whatever lack of savvy these `lesser Mac users` possess, they comprise the majority of OSX users, and as such should be reflected in the operational use scenarios that security features take into account.

And if you`re aware of the hacking contest being discussed, the test is simply visiting a webpage, no entry of user passwords or any other user intervention required... But I guess researchers who focus all of their time on mattes of computer security just are wasting their time and don`t know what they are talking about. If only they `understood` the Apple way.

(BTW, I like the OSX user experience at large, and think it`s the best out there... I don`t think that means Apple is flawless or that they are excused from having top-notch security methods. I would be glad if/when they do so, but until then it`s a valid criticism)
"



I use and appreciate both OSX and Win 7...neither are perfected. There is a slight learning curve with either platform to run it intelligently and safely. Almost all Mac users I know are using Windows at work, so they have some familiarity with both systems. The idea that Mac users are simpletons who swallow the Apple koolaid is tribal wisdom for some here and elsewhere, but doesn't pass the giggle test for truth.

What mutantsushi ascribes as 'lovely sense of superiority' could also be described as someone's lack of accurate perspective.

Edited 2011-06-26 13:15 UTC

Reply Parent Score: 1