“Apple has now released Mac OS X 10.6.8, the eighth maintenance update for Snow Leopard, via Software Update. The update offers a number of fixes implemented since the release of Mac OS X 10.6.7 in late March.”
“Apple has now released Mac OS X 10.6.8, the eighth maintenance update for Snow Leopard, via Software Update. The update offers a number of fixes implemented since the release of Mac OS X 10.6.7 in late March.”
Usually, looking at a list of security fixes in Mac OS X updates is like watching The Three Stooges: You laugh at all the buffoonery that’s happened.
There’s normally a whole bunch of security fixes for things that you’d never believe could make it through quality assurance, such as “Entering a password with three letter A’s causes the user’s privileges to escalate” and “Guest users can use ‘cron’ to run malicious code after they’ve logged out”.
To Apple’s credit, I had a quick scan through the list of fixes, and there were no thigh-slappingly-hilarious ones. This was about the funniest I could see:
Impact: Visiting a malicious website may lead to files being sent from the user’s system to a remote server
Description: A cross-origin issue existed in WebKit’s handling of windows. Visiting a malicious website may lead to files being sent from the user’s system to a remote server. This issue is addressed through improved tracking of origins.
CVE-ID
CVE-2011-0167
Of course, this might just mean that Apple HASN’T fixed the one that allows a maliciously-crafted PDF to set your printer on fire; but I hope this means that OS X is finally maturing as a secure platform. About time, considering it’s over ten years old.
What has always confused me is how Apple is so happy to break compatibility when it comes to adding or enhancing something but apparently it is ‘one step too far’ when it comes to breaking compatibility for the sake of security – implementing ASLR system wide has only just come to Mac OS X Lion for example, something that should have been implemented in Snow Leopard (if you’re going to break a couple of things why not go for gold and smash a few more things whilst you’re at it?).
One thing that has surprised me is how Apple is still supporting 10.5 given how quick they are to throw the old release under the bus and push people onto the next version (especially so given the cheap price of Snow Leopard and same low price repeated again with Lion).
Regarding Webkit, it’ll be interesting to see whether the different parts being isolated off will result in a more secure experience as with the case of webkit2 versus webkit1; hopefully we’ll get to see some security boffins having a good hack away at it to see whether all the hard work has paid off.
Apple have had a pretty consistent policy for a long time of issuing “minor” updates to the current release, and security updates only for the previous release. It’s quite possible (likely?) that 10.6.8 will be the final minor update for 10.6 under this model, and this will be the final security update for Leopard. After this, PPC users are totally screwed.
IMHO the last PPC Mac shipped around 6 years ago – personally I think that is pretty damn good in my books; at some point one has to throw in the towel and say, “yeap, I’ve gotten good mileage out of the machine”.
No, I don’t support that from a consumer’s perspective. You should use a system until its no longer able to do the tasks you require of it. As time progresses there are new tasks that arise that require more computational power (video editing, parallel processing expiraments, virtual machines) which cause machines to be obsoleted. But this is different than just turning to a box and saying ” You’re old I’m not using you any more because of your age.” . I mean people do that, but its a waste of money, IMHO. Now in the past the necessary upgrade cycles were much shorter, but recently we’ve hit a plateau where we can keep machines much longer. My desktop upgrade cycle (from 1991 in years between upgrades 4,3,3,8.
Now, from a OS developer’s perspective sometimes there are things that are beneficial that necessitate raising the hardware requirements. Sometimes its bloat, sometimes its Good stuff, sometimes its cost of development. I don’t blame apple for not wanting to continue to support a six year old processor architecture which doesn’t gain them much in revenues any longer.
You can keep on using your Mac, even without (security) updates.
There aren’t many attacks on OS X, let alone on a minority of Mac owners using an OS version and architecture that will be pretty rare.
Just my theory of course. But I do wonder if you put a Windows NT 3.51 server on-line (for example), will it get hacked by scripts scanning the net for vulnerable systems?
It’s not a likely target you’d come across, nor would you expect it to have any important data/services on it.
So I doubt any hackers or script kiddies would look for those.
I still have a G3 iMac somewhere running Panther (OS X 10.3) and I use it as a SSH terminal, some light surfing, mail and chat.
I think a lot depends on the applications. OS X has always had a good firewall and doesn’t expose ports willy-nilly. If it’s a well firewalled client connecting to SSH or well known mail/chat servers, the risk isn’t very high. Browsing the web (or rendering HTML mail) on Safari 1.2 or FireFox 2 is probably much more risky, since the security holes tend to be cumulative and (for FireFox) frequently cross-platform.
Personally I bought an iMac G5 right at the end of the PPC iMac’s life. I don’t feel like I got good mileage from the machine; actually it feels terrible. Almost overnight the platform became neglected. Leopard was frustratingly slow on it, many app developers shunned it quickly, and apps tended to depend on the CPU performance of Intel so even apps that “ran” didn’t work well.
I bought a PC six months earlier, and I’m still using it. I even upgraded it to Win7, and it’s working fine. The G5 is gathering dust.
I know, I shouldn’t expect so much from Apple. But, particularly since the machine was expensive (Apple tax + integrated monitor etc made it the most expensive computer I’ve ever bought), it definitely left a sour taste and makes me think twice before getting Apple gear again.
Mate, I’ve said this numerous times – you’re comparing apples to oranges; you’re comparing one side of the industry with a constant ISA/architecture to Apple that has moved from PowerPC to Intel. If Apple were using Intel all this time but artificially blocked off all machines from 5 years ago from using Mac OS X then your point would stand but that simply isn’t the situation as it stands today.
There are less and less PowerPC computers out there and to be completely honest if you’ve gotten 5-6 years out of a computer I think you’re doing pretty damn good in my books. I would be saying this even if I owned a PC, I’ve gone from an eMac to an iMac/iBook to a MacBook to a MacBook Pro/iMac – I find it funny that people scream and wail with pain when it comes to computer upgrades but don’t batter and eye lid when it comes to upgrading their car, television or some other piece of equipment of equal or greater value within the same 5-6 year time frame.
That’s true, although note that other vendors are much more reluctant to do things like this. Apple have changed CPUs a couple times (68k->ppc->intel), OSes a couple times (os9->osx->ios), and provided relatively poor compatibility experiences along the way. Apple users should not expect that today’s arch will be tomorrow’s arch, although PC users take that for granted.
My point is that I got around 2, not 5-6. The machine hasn’t been in serious use for a long time.
I’d say the reverse. I’ve never upgraded any of those things in a 5-6 year timeframe. Computer upgrades have always been rapid, often artificially rapid. I’m shocked that many businesses replace PCs every 3-4 years even though the functionality/value that they get barely changes at each cycle. How often do they replace desks?
I have had a re-read with what you said and I feel your pain and if I was Steve Jobs I would have offered a 1/3 trade in programme on new Intel computers (for PowerPC owners) but hey – thats me, Mr Generous.
I feel for you and the transition wasn’t smooth and the support hat Apple claimed they would provide was never something they lived up to but at the same time it is pretty silly to grind an axe over an issue that happened over 4 years ago.
Most companies don’t own the machine, they lease it, the company who owns them can write it off over 2-3 years via the tax system (many countries have favourable tax arrangements that encourage businesses to depreciate their equipment faster).
You maybe the reverse but casual walking around down the road tells a different story.
I think it has to do with the fact that computers are multi-purpose machines which operate on data.
If I replaced my bike with a new one in the same category and price range, I’d just spend an afternoon setting some things up and it’s good to go. The controls and the capabilities of the machine don’t change much. Maybe there’s one more or one less gear on the back, but this you get used to in a week.
For computers, it’s a different story. Computers and their OSs are shipped in a state where they’re not good at anything useful. You need to clean up the mess that the manufacturer has left, install your own software, hope that it works (and, in case of PPC software on x86, it probably won’t), move your data, discover that your data is incompatible with the newer versions of the software you’re using, which you have been forced to buy because your old ones don’t work with your new computers… And once everything is done, you get a machine that works in a significantly different way and have to relearn lots of your everyday habits from the ground up.
Getting a new computer is not like setting up a bike or car and getting used to it. There’s a whole lot of pain and mess involved. That’s why people are not as much willing to do it, I think.
Edited 2011-06-25 08:42 UTC
Or the fact that the majority of people see computers as this magical box that whirls, whizzes and does amazing stuff instead of seeing what it really is, a glorified machine that allows you to achieve certain things.
I can do the same thing; I purchased an iMac just recently, I setup my new machine, hooked up my machine, downloaded the applications I bought on AppStore, and installed some updates – within around 1-2 hours I was up and running.
How has Mac OS X ‘change significantly’ (same can be said for Windows)? minor changes here and there, a few additional features added but more or less the fundamentals haven’t changed. When it comes to applications – the majority of people around the world on their computer don’t run anything fancy; Windows, maybe a copy of Microsoft Office, and if you’re lucky a pirated copy of Photoshop or Photoshop elements they got with their multi-functional printer.
As for pain, there is as much or as little pain as you want to impose upon yourself – I’ve seen experts go to hell and back because their setup was an disorganised mess whilst on the other hand I’ve seen novices following guides, back up their stuff, clean upgrade Windows and then put their stuff back on within a few hours.
What I meant is that the defining characteristic of a general-purpose computer is that it can do a very wide range of totally unrelated things depending on what you ask it to do. The other side of the coin is that since computers are a tool that doesn’t have a single well-defined purpose, they aren’t fine tuned for anything in their initial state. When I buy a bike or a car, it’s shipped in an almost usable state, whereas computers are a different story… Oh, well, you seem to reply in more details in the rest of your post anyway.
Didn’t you get a Dock-full of mess which you never use ? Media files which didn’t play back because nothing was installed to play WMV on your machine ? A reset of the fine-tuned configuration of most apps which you use for work ? Missing software which was not on the Mac App Store because of Apple’s particular licensing terms ?
I mean… I sure get better at setting up computers as time passes, but I often find it to take some time before I feel at home on the machine. During a few weeks, things don’t work as expected, I discover that old stuff from my old machine is missing, etc.
For OSX, I agree that not much seems to have changed with Snow Leopard, but for Windows it’s pretty easy to find UX disturbances related to upgrades… As an example, for the WinXP->Win7 transition, I can think of :
-UAC
-A total Control Panel reorganization (even now I still have a hard time understanding the new logic)
-Much changes in the file explorer, which is the single most used piece of software in a modern OS (Libraries as the non-changeable default folder, tiny breadcrumbs + no up button, no menus, “related task” have been either phased out or mixed with totally unrelated things in the top bar)
-Tray icons which randomly disappear as a default setting (nice once you get used to it, but quite annoying for a while)
-Switching between different windows of the same application via the task bar is now a slow, multi-step process
-Hierarchical view of the start menu sucks, search is more or less mandatory even though its behavior is highly random sometimes
-Media Player doesn’t work in the same way at all
-Lots of distracting translucent effects everywhere, which randomly break and fallback to an opaque light blue theme from time to time. Also, Aero Peek loves to hide all of your windows if your mouse accidentally goes in the lower right corner of the screen, without waiting for you to click (most quickly disabled feature ever).
Guess I could remember more if you asked that from me when I got my computer in June, but right now it’s what remains in my memory as most disturbing things.
The fundamentals haven’t changed, but so much details have been altered that you end up stumbling into a random change regularly in the first few weeks.
Another problem is also that of lost customization and configuration. “Normal” users probably don’t have it as much, but myself when I go to a new version of one of my OSs, I always miss lots of tricks which were so much part of my life that I had totally forgotten about them. Like logging automatically on the wifis of all of my relatives, having a keyboard shortcut to quickly open a terminal and another to xkill a hung program, quick launch icons to my common apps, being able to alt+drag windows on Windows thanks to WinXMove…
Office itself likes to break compatibility with its own file formats on a regular basis. I’d also add some niche, profession-specific software that varies from one person to another. That’s the part which makes supporting newer OS versions most painful actually, because this last kind of software tends to be developed by an unstable team of non-permanent developers, reducing in UX and compatibility breakages with each new release.
It’s true that some setups make migration easier than others.
Edited 2011-06-25 14:20 UTC
I guess they still support 10.5 because that’s where all the G4 and G5 PowerPC based Macs got stuck. The dual CPU editions are still pretty powerful and I can imagine still in serious use.
True, the dual G5’s are still probably being used by many rendering farms but I’d say that long term these organisations will have to find an alternative.
Oh my god, there’s a bug in OS X that will make your printer catch fire? Why am I not hearing about flaming printers all over the planet? Has this ever been a problem? NO
Oh my god, there are bugs in OS X that have been there for 10 years? Why am I not hearing about millions of computers being hacked or taken over or dying or breaking into flames because of these bugs? Have these bugs ever been a problem? NO
Oh my god, OS X is the most insecure OS ever devised by man, with millions of vulnerabilities. Why am I not hearing about every Mac being taken over by malware and viruses that they are supposed to be vulnerable to? Has there EVER been a Mac virus or malware that actually took over millions of Apple computers like several Windows viruses and malware have in the past? NO…..NOT ONE!
I am a Windows user as well as a Mac user. I have had to deal with many virus and malware infections over the years. Thankfully not as many since XP and Win7, so improvements have obviously been made. But by the same token I have NEVER had to deal with ANY problem on ANY of my Macs over the years.
Edited 2011-06-24 10:48 UTC
It’s just an update, nothing special. Why should this be called FUD?
I installed it on my Intel Macs, all went fine. The PowerPC Macs also had a security update without bumping the OS version number.
The original comment to this thread by 3rdalbum made the statement that a bug in OS X could cause a printer to catch fire, when that is simply NOT true. To suggest that that could actually happen is an example of FUD.
Edited 2011-06-24 14:39 UTC
The original comment to this thread by 3rdalbum made the statement that a bug in OS X could cause a printer to catch fire, when that is simply NOT true. To suggest that that could actually happen is an example of FUD.
It sounded like a joke to me – quite funny, btw.
Edited: sorry, cannot fully understand the comment system yet, quotes in particular. Maybe I should just learn to read.
Edited 2011-06-24 17:26 UTC
It’s called humor. You should try it some time. But I know… As an Apple fanboy, you probably call it religious blasphemy instead of humor.
The whole point of his post was that the OS had matured and that embarrassing security issues were becoming less common. The final “not to say” that mentioned fire was clearly intended for levity not hyperbole.
I find your comment more in the FUDish tradition than his. You completely abandoned the context.
Don’t download freaking pr0n and warez and Windows(even unpatched) is as secure as Mac OSX.
I have been owner/manager of a cable TV system for 30 years and have provided internet service to my customers for 10 years. Over that time I have seen MANY of my customers’ machines become infected with viruses and malware, and have been called on to assist them in removing those infections or doing the erase/format/reinstall routine on their machines. I have had customers whose machines have been taken over by what I do not know, with the result being them flooding my upstream provider and my server with hundreds of thousands of spam emails per day and having to deal with their computers and my servers as a result. I am smart enough to not deal with the items you suggest, but my customers are not. Therefore I DO have experience with malware and viruses. Not on my Macs, though, they have NEVER been affected.
Edited 2011-06-24 14:37 UTC
Oh… Are you saying that you’re the parasite – that promotes anti-viruses over due diligence training?
I’ll give you that Macs have far fewer worms/viruses/trojans than even Linux. Though you will never hear about any Linux malware, because it’s not publicly accessible(used in attack operations on datacenters and highly customised). But with the growing popularity, there will be more and more malware for Mac. And given that people with Macs think they are very secure – that puts them at a higher risk level.
The only solution is education. Otherwise, Mac, Windows or Linux are very much the same.
Yeah, the hand-waving melodrama and deliberately-missing-the-point-as-a-debate-tactic kinda gave you away.
I don’t know what the hell that remark meant, I will take it as simply a tactic to demean my statement that I use Macs as well as Windows machines, both at home and at work in my business that deals with internet, and that based on that experience I have a certain amount of knowledge about which types of computers I have worked with that have ever been affected by malware or viruses.
And my original statement still stands and cannot be refuted since it is based on MY experience, which is: In MY experience, I have NEVER owned or seen a Mac that has been affected by malware or viruses, while I have seen MANY Windows machines either die or be rendered inoperable by malware and viruses. NONE of he Windows machines have been mine, all were my customers’ machines. Nice try but it didn’t work.
Actually it was a reference to the standard Apple Apologist debate tactic: when you can’t form a real rebuttal, then deliberately misunderstand one of your opponent’s points and use that as a springboard to a hand-waving “OMG are you really saying that _____” rant.
Hate to break it to you chuckles, but “anecdote” is not the singular form of the word “data”. And even if your unsubstantiated personal anecdote weren’t utterly useless, there’s still the little matter of you being too obtuse to grasp the difference between the presence of good security and the mere absence of compromises. As an obvious Apple fanboy, I doubt you even realize there IS a difference.
I don’t know if anyone remembers that OS X kernel (Darwin) is based on FreeBSD 5.0 and Mach Kernel, is it about time that the FreeBSD part was upgraded too. Apple is making changes on a superficial level ignoring the real changes like the kernel, filesystem etc. Hasn’t it been pretty much the same kernel ever since, may be I’m wrong.
“Based on FreeBSD” is something one shouldn’t take necessarily as being 100% FreeBSD 5.0 given that Snow Leopard conforms to SUS2003 which would require changes in many parts to conform to the specifications. The kernel is being updated but more or less what needs to be changed isn’t the stuff that faces the developer or end user but the underlying code for the sake of optimisations – something they’re already doing.
They also added signatures to detect and remove the latest versions of MacDefender. So by tomorrow, or even by late today, we should see another story about a new version of MacDefender that can bypass the latest update.
Welcome to the big leagues of having to play a constant cat and mouse game with the malware authors Apple.
Either that, or coming up with some real sandboxed security model at the cost of software compatibility. Hard choice, especially considering that Apple haven’t taken the opportunity of iOS’ release to do that vital update on at least part of their ecosystem…
“Entering a password with three letter A’s causes the user’s privileges to escalate” was a joke.
The printer catching fire was a joke.
Guests being able to use cron was not a joke.
Non-root users being able to gain root by using the Apple menu in a setuid root program sounds like a joke, but is not.
My post was rather positive, and not at all FUD – I said that Apple seems to be taking security design seriously nowadays, because there are none of those “sounds like a joke but is not” security flaws that have occurred in Apple software in the past.