Fog Creek Software
Discussion Board

Mac OS X security myth exposed

It seems finally someone has put out data on OS X security.

Guys you need to admit, no ones secure in the present OS secenario :-)

sMACk Me
Friday, June 25, 2004

That article states that over a certain period they've logged 48 security issues in Win XP & SUSE Linux and 50 in Red Hat, then says that OS X "isn't significantly better" at 36. Now, obviously OS X isn't impenetrable, but I'd wouldn't consider a 33% difference to be "comparable".

Friday, June 25, 2004

I still don't get all this blahblah about security:
So the Windows world tries to make their leaky software appear not as bad as it is by pointing at others and saying 'they are as bad as we are, and in case they were as widespread as windows, they would suffer the same fate'.

But: first off, it would have to be seen that those other OSes would suffer as much as Windows if they were as widespread. And second off, if the reason why you have actually nada worms and viruses on MacOSX, Linux, BSD and whatever else is that they are not as widespread as windows - why can't I live well and 'secure' with them untl they are as widespread? After all, they tell me that all OSes are as insecure, so why not pick one which was never hit until now by any worm and probably never will in the next few years?

Mac users as well as anyone else will probably laught at this one...

Friday, June 25, 2004

I visited the site, and noticed a few things that indicate this might not be the whole story.

They count the recent kerfufle about the Mac OS X "url vulnerability" as 3 advisories. Maybe they do the same double-counting for Windows too, but I couldn't find an example in a quick scan of the list.

A vulnerabilities in Safari was released in an OS X advisory, but vulnerabilities in IE are counted seperately from Windows. Add another 53 advisories to the Windows side of the balance.

Oh, and this is ironic: the recent OS X panic involved, in part, the combination of multiple vulnerabilities in to get the Help viewer to run untrusted code. On the front page of the site is a newsflash entitled "Zero-day exploit for Internet Explorer, actively exploited to install adware on users PC's." and on clicking the link I find that the exploit uses multiple vulnerabilities to -- yes -- get the Windows Help Viewer to run untrusted code.

Friday, June 25, 2004

Happy Apple Switcher
Friday, June 25, 2004

Nice try Myron.  Windows was, is, and will probably always be swiss cheese.  All operating systems will have problems.  Windows will be worse, more widespread, and MORE easily exploited.

Thanks Microsoft
Friday, June 25, 2004

First off, I haven't posted in this thread until now.  I have never posted here under another name, and I don't intend to start.

Secondly, calling Windows "swiss cheese" is more than a little arbitrary.  Exactly how many security exploits are required before something becomes "swiss chesse"?  Is it one?  Is it 15?  Is it 1,000?

Myron A. Semack
Friday, June 25, 2004

My apologies, Myron.

Thanks Microsoft
Friday, June 25, 2004

"Guys you need to admit, no ones secure in the present OS secenario"

I do?  I've never had any security problems with my machine, and it's been on the internet for about the past 5 years, nearly nonstop.  I'm running Debian (which is pretty much never mentioned in these sort of articles), and I'm not even particularly security-crazy -- I've never figured out how to get the firewall set up here.  (I tried "Firestarter" once, which is supposed to make it simple, but that only shut down all my network traffic, coming and going.)

If I look at my logs, I can see that I'm getting hit all the time from various nefarious programs, but never for any program I've ever used, and usually for Windows / IIS exploits.

Mr. X
Friday, June 25, 2004

"Guys you need to admit, no ones secure in the present OS secenario"

But the zeroes are OK.

Sorry - couldn't resist.

Sunday, June 27, 2004

What myth?

Jonas B.
Wednesday, June 30, 2004

*  Recent Topics

*  Fog Creek Home