• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

Vista more secure than Mac OS X

M

MacHeadCase

Guest
At least that's what Dino Dai Zovi says in an article posted by Macworld today: Contest winner: Vista more secure than Mac OS:

Dino Dai Zovi, the New York-based security researcher who took home $10,000 in a highly-publicized MacBook Pro hijack on April 20, has been at the center of a week’s worth of controversy about the security of Apple’s operating system. In an e-mail interview with Computerworld, Dai Zovi talked about how finding vulnerabilities is like fishing, the chances that someone else will stumble on the still-unpatched bug, and what operating system — Windows Vista or Mac OS X — is the sturdiest when it comes to security.

Please note that the article, originally posted by ComputerWorld, was reprinted by MacWorld.
 
Joined
Apr 16, 2007
Messages
1,792
Reaction score
67
Points
48
Location
Redwood City, CA / Stanford, CA
Your Mac's Specs
MacBook, Black, 2.0GHz C2D, 2GB RAMs, 160GB HD
hmmm...


Interesting article. But I still don't think Mac OSx is as vulnerable to the point that we should be running scared (Coming from a new Switcher!) And no matter what, even if it comes to the point that Macs are getting to be vulnerable, they are still way ahead of the game in stability. And windows can't touch that no matter what.
 
Joined
May 18, 2006
Messages
90
Reaction score
0
Points
6
Location
Brighton UK
Your Mac's Specs
MBP C2D 2GB, 24" imac 4GB
The thing is, Windows is a heck of alot more mainstream. You probably have 1000 people trying to break Windows Vista to every 1 person trying to break OSX. Thats what it boils down to.

The people out to spoil your day know that the majority of people use Windows, so they will target that.
 
Joined
Dec 18, 2005
Messages
2,288
Reaction score
51
Points
48
Location
Devon, England
Your Mac's Specs
ibook g4, imac 2ghz c2d, mbp 2.4ghz c2d - 10.5.1
its cos not as many ppl r using vista at this very moment compared to os x. because bussinesses (microsofts main customers) take a while to switch.

so it will we wont worry about that lol....
 
Joined
Feb 28, 2005
Messages
198
Reaction score
7
Points
18
Location
Bagshot, Surrey, UK
Your Mac's Specs
Powerbook 17" 1.5GHz, 2GB, 160GB Momentus; iMac 24" 3.06GHz, 2GB; iPhone 2.5G 8GB; iPod 5G 60GB
One reason Vista is supposedly secure is that any time you want to do just about anything at all (install, run programs, move files, delete files, open ZIP files) it asks you for confirmation. I was trying to delete some files the other day, and every time i pressed delete I had to confirm twice that I really wanted to do it.

After not long at all I turned this "feature" off. I suspect most others will too.

There's also the issue that very quickly you get use to clicking "Yes" to anything which pops up on screen, so when something appears saying "Are you sure you want to reformat your hard drive?" you click Yes almost as a reflex action. I'm not really convinced this represents state-of-the-art security.
 
Joined
Feb 28, 2005
Messages
198
Reaction score
7
Points
18
Location
Bagshot, Surrey, UK
Your Mac's Specs
Powerbook 17" 1.5GHz, 2GB, 160GB Momentus; iMac 24" 3.06GHz, 2GB; iPhone 2.5G 8GB; iPod 5G 60GB
Using the airline analogy:
You enter a good looking terminal with the largest planes you have ever seen. Every 10 feet a security officer appears and asks you if you are "sure" you want to continue walking to your plane and if you would like to cancel. Not sure what cancel would do, you continue walking and ask the agent at the desk why the planes are so big. After the security officer making sure you want to ask the question and you want to hear the answer, the agent replies that they are bigger because it makes customers feel better, but the planes are designed to fly twice as slow. Adding the size helped achieve the slow fly goal.

Once on the plane, every passenger has to be asked individually by the flight attendants if they are sure they want to take this flight. Then it is company policy that the captain asks the passengers collectively the same thing. After answering yes to so many questions, you are punched in the face by some stranger who when he asked "Are you sure you want me to punch you in the face? Cancel or Allow?" you instinctively say "Allow".

After takeoff, the pilots realize that the landing gear driver wasn't updated to work with the new plane. Therefore it is always stuck in the down position. This forces the plane to fly even slower, but the pilots are used to it and continue to fly the planes, hoping that soon the landing gear manufacturer will give out a landing gear driver update.

You arrive at your destination wishing you had used your reward miles with XP airlines rather than trying out this new carrier. A close friend, after hearing your story, mentions that Linux Air is a much better alternative and helps.

It really is a lot like this.
 
Joined
Apr 23, 2007
Messages
377
Reaction score
4
Points
18
Location
Coatesville, PA
Your Mac's Specs
MBP 15", 2.33 GHz, 2Gb
Part of the problem with a statement like that is that rating security is subjective. Is an ActiveX security problem in IE equal to a buffer overflow error in QuickTime? Do 5 significant security issues equal 1 critical issue? How about 10? It takes me 20 minutes to retrieve your password in one OS, and 10 in the other: which is better?

And people are going to be biased in one way or another regardless (personal preference, pressure/engagement from OS developers, etc) of how much they try and remain neutral, so you always need to try and assess what all the data says and try to avoid being sucked in by media hype and dramatization.
 
Joined
Jul 18, 2006
Messages
2,180
Reaction score
92
Points
48
Location
Florida
One reason Vista is supposedly secure is that any time you want to do just about anything at all (install, run programs, move files, delete files, open ZIP files) it asks you for confirmation. I was trying to delete some files the other day, and every time i pressed delete I had to confirm twice that I really wanted to do it.

After not long at all I turned this "feature" off. I suspect most others will too.

There's also the issue that very quickly you get use to clicking "Yes" to anything which pops up on screen, so when something appears saying "Are you sure you want to reformat your hard drive?" you click Yes almost as a reflex action. I'm not really convinced this represents state-of-the-art security.

I agree with Thermidor - granting access will either become a reflex action or they will turn if off - either of which puts them right back into harms way.
 
Joined
Mar 9, 2007
Messages
31
Reaction score
1
Points
8
Vista is more secure against external threats? Yeah, sure, maybe....but who protects users from MicroSoft?
 
Joined
Feb 27, 2005
Messages
940
Reaction score
59
Points
28
Location
Framingham, MA
Your Mac's Specs
MacBook C2D 2.4 2GB
The thing is, Windows is a heck of alot more mainstream. You probably have 1000 people trying to break Windows Vista to every 1 person trying to break OSX. Thats what it boils down to.

The people out to spoil your day know that the majority of people use Windows, so they will target that.

This contest proved that even with an incentive of $12000 (converting the laptop into money), even with 2 days of full work, even with extra help (the rules were bended at the end), even with the help of everyone (contest were allowed to ask for external help, even with all this things OSX proved to be fairly safe, even more, this was a problem with Safari, not OSX. This goes against the idea of safety by obscurity.

There is also another detail that makes OSX indirectly safer than Windows, and that is the behavior of Apple against a problem compared to Microsoft's approach. Consider that Windows Vista, after 6 years of development, still has some security problems that are present in XP. Check the story behind Sasser to see how long can it take to MS to find a solution to a problem.

Finally there is the idea of how deep a security problem can be. Who would you call healthier, someone who had a couple of colds during the year or someone who "only" had cancer? There have been several problems related to Tiger's security within its year of live, but no real treats, no treats in the wild, no critical treats or proof of concept. Vista is months old and already has its own worms and viruses, it is true there have been more reports for OSX than for Vista, but those have been far more serious than those for Tiger.
 
Joined
Mar 22, 2007
Messages
1,463
Reaction score
67
Points
48
Location
UK
Your Mac's Specs
Lenovo Z560 Hackintosh -:- '06 iMac -:- iPod Touch 2ndGen
Windows XP was pretty secure and robust when it was first released. Let's return to Vista's security and "rock solid stability" in two or three years' time.
 
Joined
Apr 20, 2006
Messages
2,255
Reaction score
47
Points
48
Your Mac's Specs
Al iMac 20" 2.4Ghz Intel Core 2 Duo
The thing is, Windows is a heck of alot more mainstream. You probably have 1000 people trying to break Windows Vista to every 1 person trying to break OSX. Thats what it boils down to.

I've never understood that though. If all 1000 released something malicious each for XP, they would just disappear into the the mire of Windows viruses.

If one person can release something truly destructive for OS X, they'd be infamous.

So now Vista might possibly be in a similar boat to OS X. If both OS X and Vista can be about as secure as each other, everyone's a winner, and Microsoft should be congratulated for eventually getting their act together.

On the other hand, I'd be more inclined to think they'd done a good job if if all went on in the background. Continous prompts and gimmicky add-ons like Windows Defender might do the job, but in a very clumsy way at the expense of useability.
 
Joined
Apr 23, 2007
Messages
377
Reaction score
4
Points
18
Location
Coatesville, PA
Your Mac's Specs
MBP 15", 2.33 GHz, 2Gb
I've never understood that though. If all 1000 released something malicious each for XP, they would just disappear into the the mire of Windows viruses.

That would actually work to their advantage. Anyone writing a virus has something they are trying to achieve, whether it's a bot-network for hacking, DDoS, or spamming. Being so noticeable as to be known by name won't serve that purpose, as more publicity to their exploit will just make it close that much quicker. What they want is to use some unknown or quiet exploit that will do the job for them.

Having 100x or 1000x the number of Windows systems out there means that they have that many more systems that are problem unpatched, and will be accessible for their dirty work.
 
Joined
Jan 14, 2005
Messages
2,078
Reaction score
155
Points
63
Bottom line is I'm running a Mac right now and I'm not worrying about any attacks. That's all that matters, doesn't it.
 
Joined
Apr 1, 2007
Messages
229
Reaction score
4
Points
18
Your Mac's Specs
2.8ghz iMac 24" 4gbRAM 750gbHD + 650gbExternalHD + 22" LCD
One could be worried that because of Mac raving on about their immunity to viruses and such, that some virus programmer might feel challenged to create a virus just for OSX, become famous for it, and ruin Apple's credibility.
Perhaps Apple gloating about it's immunity will be its downfall?

Just a thought.
 
Joined
Apr 23, 2007
Messages
377
Reaction score
4
Points
18
Location
Coatesville, PA
Your Mac's Specs
MBP 15", 2.33 GHz, 2Gb
One could be worried that because of Mac raving on about their immunity to viruses and such, that some virus programmer might feel challenged to create a virus just for OSX, become famous for it, and ruin Apple's credibility.
Perhaps Apple gloating about it's immunity will be its downfall?

Just a thought.

Certainly, but when you have a spammer offering you cash to write a virus that will allow him to send out his millions of emails, I think gloating will take a back seat.

"Hey, look I wrote a Mac virus!"
"That's great. Look I just bought my second Escalade."
 
Joined
Mar 22, 2007
Messages
1,463
Reaction score
67
Points
48
Location
UK
Your Mac's Specs
Lenovo Z560 Hackintosh -:- '06 iMac -:- iPod Touch 2ndGen
One could be worried that because of Mac raving on about their immunity to viruses and such, that some virus programmer might feel challenged to create a virus just for OSX, become famous for it, and ruin Apple's credibility.
Perhaps Apple gloating about it's immunity will be its downfall?

Just a thought.

If OSX is even half as secure as Apple and Mac owners like to think, then it won't be a problem. That virus programmer might just give up.
 
Joined
Apr 20, 2006
Messages
2,255
Reaction score
47
Points
48
Your Mac's Specs
Al iMac 20" 2.4Ghz Intel Core 2 Duo
That would actually work to their advantage. Anyone writing a virus has something they are trying to achieve, whether it's a bot-network for hacking, DDoS, or spamming. Being so noticeable as to be known by name won't serve that purpose, as more publicity to their exploit will just make it close that much quicker.

You're right in that these people have different purposes, and in a way adware and browser hijacks are the most destructive for the average user. Since it's unscrupulous companies that deal with these, and the commercial factor is the priority, going after the biggest market share is what you would do. I expect these crooks have teams of people hacking away.

The lone virus writer doesn't want to release something into the wild and never hear about it though. What would be the point?
 
Joined
Apr 20, 2006
Messages
2,255
Reaction score
47
Points
48
Your Mac's Specs
Al iMac 20" 2.4Ghz Intel Core 2 Duo
Care to expand?
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top