Piper Jaffray analyst Gene Munster said that Apple retail stores are having a very hard time keeping up with demand for the new Mac mini and iPod shuffle. Elsewhere, C|NET News.com has a two-page report on the much-anticipated PowerBook G5 and the fact that it will take a while to materialize in the market.
Apple Stores show zero availability of Mac mini, iPod shuffle
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
127 Comments
2005-02-03 3:50 am
Anonymous
Wrong. You can have a windows machine just sit connected to the net and get infected.
Connecting an *unpatched*, *unfirewalled* computer to a hostile network *is* an end user ignorance problem.
You are saying coding bugs are exempt from the security exploits list, which is absolute bollocks.
I’m saying they’re exempt from criticism on OS security *design*. Code bugs are an *implementation* issue. Other platforms get coding bugs as well. Windows doesn’t have a higher concentration of them, there’s just so many more Windows machines out there than anything else, any that do occur take much longer to have fixes propogated and have a much larger, much more visibile impact.
A buffer overflow exploit is preciselt a coding bud and is most certainly a security hole if it allows arbitrary code to execute and can cause privilege escalation. The *very* short list on windows is usually longer than the longest list on other OSes.
Right. Because the list of buffer overflow exploits on, say, unix, is just *so* short, isn’t it ?
You are just handwaving. Also your approach to security is “if I close my eyes it will go away”.
My approach is that if I take the same precautions on all platforms – mainly running with reduced privileges, filtering and blocking external network connections, not running suspicious code and applying patches promptly – then the “secureness” of those platforms is very similar.
More importantly, my approach secures my systems independently of their prevalence, the proportion of attacks and the relative expertise of my end users.
I would like you to prove this. OS X ships more secure than windows by default. SP2 finally got XP a little closer to OS X’s default shipping level.
By changing minor configuration details, not inherent aspects of the design.
One more thing the word Obscurity applies more to Windows than OS X.
~95 out of every 100 computers is a Windows machine.
~1 out of every 100 computers is a Mac.
Which definition of “obscurity” are you using here ?
Darwin is entirely opensource so are many of the daemons and services OS X is built on.
Ah, I see, you’re talking about GNU/obscurity.
One of the things the OSS community has right is that access to source code has bugger all impact on platform vulnerability. I am surprised you disagree with that.
2005-02-03 5:18 am
Anonymous
There are a few things implied here:
a) that the Pentium M can’t really be regards as a better chip; because
b) you either run it a full speed or 600Mhz; and
c) that you can’t change this behaviour.
Based on these flawed assumptions, he concludes:
d) that this “defeats the purpose of a portable”
The only flawed assumpton here is that you have half a brain.
I never said the Pentium M isn’t faster than a G4. Read the paragraph again.
Additionally, this behaviour is end-user configurable or can happen dynamically depending on system load (the PowerBooks and iBooks change their power saving mode only when the AC adapter is plugged in or removed).
Another flawed assumption about the powerbook.
In his defence the original poster draws his conclusions based on his experience with the Pentium 4-M. However, as I pointed out, this assumption of equivalence is wrong because the P4-M and the P-M are completely different chips.
I know the difference between the P4-M and P-M. I did not base my conclusion on my experience with the P4-M. That was another flawed assumption on your part.
I went by this intel site:
http://support.intel.com/support/processors/mobile/pm/sb/CS-007981….
2005-02-03 5:30 am
Anonymous
Connecting an *unpatched*, *unfirewalled* computer to a hostile network *is* an end user ignorance problem.
I don’t think the original poster ever claimed that the box was unpatched. Why did you assume that?
I’m saying they’re exempt from criticism on OS security *design*. Code bugs are an *implementation* issue.
No they are not. The entire OS is an implementation issue. Unless you take a public spec and implement it you can talk about implementation issues.
Microsoft designed and implemented Windows. If thier code has bugs that can be exploited it is an issue.
Other platforms get coding bugs as well.
But not all of them are as vulnerable as windows.
Windows doesn’t have a higher concentration of them, there’s just so many more Windows machines out there than anything else, any that do occur take much longer to have fixes propogated and have a much larger, much more visibile impact.
That’s crap. more servers run other Oses and you don’t see worms and viruses on them.
~95 out of every 100 computers is a Windows machine.
~1 out of every 100 computers is a Mac.
Which definition of “obscurity” are you using here ?
Which one are you using? that is not the definition of obscure.
If you are saying that Apple is an obscure brand, I have bad news for you about santa claus and the tooth fairy.
Apple and Google are the most recognized brands in the world. hardly obsure.
adj. ob·scur·er, ob·scur·est
Deficient in light; dark.
So faintly perceptible as to lack clear delineation; indistinct. See Synonyms at dark.
Indistinctly heard; faint.
Linguistics. Having the reduced, neutral sound represented by schwa ().
Far from centers of human population: an obscure village.
Out of sight; hidden: an obscure retreat.
Not readily noticed or seen; inconspicuous: an obscure flaw.
Of undistinguished or humble station or reputation: an obscure poet; an obscure family.
Not clearly understood or expressed; ambiguous or vague: “an impulse to go off and fight certain obscure battles of his own spirit” (Anatole Broyard). See Synonyms at ambiguous.
ob·scu·ri·ty P Pronunciation Key (b-skyr-t, b-)
n. pl. ob·scu·ri·ties
Deficiency or absence of light; darkness.
The quality or condition of being unknown: “Even utter obscurity need not be an obstacle to [political] success” (New Republic).
One that is unknown.
The quality or condition of being imperfectly known or difficult to understand: “writings meant to be understood… by all, composed without deliberate obscurity or hidden motives” (National Review).
An instance of being imperfectly known or difficult to understand.
[/i]
2005-02-03 5:32 am
Anonymous
One of the things the OSS community has right is that access to source code has bugger all impact on platform vulnerability. I am surprised you disagree with that.
They claim that the more eyes that see the code the less bugs there are. You claimed OS X was obscure, being opensourced it can’t be.
A hacker so inclined may very well find something to exploit.
2005-02-03 9:40 am
Anonymous
I never said the Pentium M isn’t faster than a G4.
Fortunately, I never said you did.
You stated you wouldn’t consider the Pentium M a “g4 destroyer” (my colloquialism used to describe its relative performance) based on the assumption that Pentium M based machines throttle down to 600Mhz when not on AC power and that this cannot be changed (“defeating the purpose”). Your assumption was incorrect.
Incidentally, a 600Mhz Pentium M is probably about as fast as an ~800Mhz G4 *anyway*.
Another flawed assumption about the powerbook.
Yes, my bad. After going and reading up it would appear the PowerBooks do indeed bounce between their “slow” and “fast” states depending on whether or not the system is being used or not (keyboard/network activity, CPU activity, etc). I was basing my comments on hearsay, my apologies.
I don’t think the original poster ever claimed that the box was unpatched. Why did you assume that?
As far as I know there aren’t any unpatched remote exploits for XP at the moment, so if it was exploited remotely simply by being attached to the network, the probably is extremely high that it was unpatched.
Certainly, most every other comparison doing this silly little trial likes to use a freshly installed version of XP RTM.
No they are not.
Yes, they are. Design and implementation (both high and low level implementation) are two very different aspects of any piece of software.
Microsoft designed and implemented Windows. If thier code has bugs that can be exploited it is an issue.
Certainly, but it’s not a *design* issue.
But not all of them are as vulnerable as windows.
Why not ?
That’s crap. more servers run other Oses and you don’t see worms and viruses on them.
That’s because “servers” are in themselves a minority share of the internet. “Servers not running Windows” a smaller minority yet.
Most exploit[er]s don’t target servers. Indeed, given the opportunity, the astute skriptkiddie will *avoid* “servers” like the plague.
Servers are generally at least somewhat properly configured and constantly monitored by relatively experienced users. An incredibly poor choice for a spam bot or other automated remote exploit tool as abnormal behaviour will be noticed quickly and an unlikely victim of any social engineering/trojan style attacks (via email or some other vector).
The vast bulk of “attacks” don’t target servers. They target typical home and business users – ie: they optmise for the common case (both in terms of what the target is and the probability of a successful attack).
Which one are you using? that is not the definition of obscure.
“Not readily noticed or seen””
“Not clearly understood or expressed”
“One that is unknown.”
“An instance of being imperfectly known or difficult to understand.”
Apple and Google are the most recognized brands in the world. hardly obsure.
And, naturally, just having heard of Apple endows the average person with not only an ability for advanced programming, but an interest in exploiting OS X computers.
Gather 1000 randomly selected IT workers together in a room. Chances are pretty high all of them will have heard of Apple.
Now ask them how many have actually used a Mac (More than just wiggling the mouse in an Apple store while they were waiting for their iPod). Probably not many (I’d be surprised if you hit 10%)
Now ask them how many have actually written software for OS X.
Now, of that group (assuming there are any) ask them how many have studied the Darwin source code.
Now ask all the same questions about Windows. Obviously the last one does apply directly, but ask about using disassemblers or downloading that pirated Windows source code.
Now try Linux and Solaris.
Compare the numbers and proportions you have at the end.
Then, of course, there’s the other side of the equation – the benefits of an automated, remote, OS exploiter. What does it get you ?
The ability to take over nearly all the computers on a given corporate network and DOS those l4m3rz off IRC ? Highly unlikely, most of them use Windows.
The opportunity to install keyloggers on the accounts department’s PCs and sniff some banking details ? Highly unlikely, most of them use Windows.
Chances of getting lucky and 0wning a bank’s network ? Pretty low, most of them use Windows.
The ability to attack all the people you’re playing online games against and steal their avatar’s ? Doubt it.
Etc.
Also, let’s not forget the motivation. Apple, due to their penchant for making cool, if expensive, electronic gadgets is seen by the world at large fairly favourably. Even when they are nasty, so few people are actually affected that the overall impact is negligible.
Compare to Microsoft. Due to a penchant for hardball – and in many cases rather unethical/immoral business dealings – most of the world views them with, at best, indifference. Given that any large scale Microsoft fuckup is *highly* likely to affect a significant proportion of the population and be very visible, there’s a hell of a lot more people out there with a ngative view of Microsoft.
Yet, despite all this, you (and numerous others) insist that these things are completely irrelevant, that there’s just as many people out there trying to exploit Macs, just as many (more, in fact, because the code is “open”) with the knowledge to do so and that any arbitrary (successful) exploit would have as much negative impact on the world if it targeted Macs instead of Windows.
OS X is an obscure platform. You’d be lucky to find 1 in 10 people who have actually used it, let alone written software for it, *let alone* tried to find exploits for it. Just because practically everyone over the age of 10 owns an iPod doesn’t mean they’re interested in – let alone capable of – attacking OS X.
You claimed OS X was obscure, being opensourced it can’t be.
Completely and utterly false (not to mention ridiculous).
There are *millions* of OSS projects out there for which the description “obscure” would be incredibly generous. Browsed through SF lately ? How about Freshmeat ?
That anyone *can* look at something doesn’t mean that everyone *does*.
Knowing *of* something is not the same as actually *knowing* it.
Something being “open” doesn’t mean it isn’t obscure.
They claim that the more eyes that see the code the less bugs there are.
No, they claim that being able to see the source code does not (notably) increase the risk, in rebuttal to Microsoft’s claims (one of their criticisms of OSS) that it does.
A hacker so inclined may very well find something to exploit.
That’s the thing. There *aren’t* many crackers “so inclined” because the cost:benefit ratio isn’t particularly compelling for non-WIndows platforms. Yet.
2005-02-03 1:56 pm
Anonymous
Here is an article on thesecurity by obscurity:
http://www.baltimoresun.com/technology/custom/pluggedin/bal-mac0828…
The article does not even mention ActiveX which allows external users to run rogue code on target machines, which is the reason that IE is such a security hole. I have seen at least one suggestion to avoid use of IE. I am sure that more such Here is one example:
http://www.guninski.com/browsers.html
Another design flaw is the Registry, which is an unneeded single point of failure. On the application level, Visual C++ is years behind in terms of
language support. The Windows API is a true kludge.
2005-02-03 4:15 pm
Anonymous
“Not readily noticed or seen””
“Not clearly understood or expressed”
“One that is unknown.”
“An instance of being imperfectly known or difficult to understand.”
I am sorry but your little example fits none of the above. I hate to bring the car analogy up again. 90% of the world hasn’t driven a BMW or a ferrari, but these brands and cars are hardly obscure.
Take a random high school kid and they will be able to rat out the performance specs of a ferrari or a bimmer.
And, naturally, just having heard of Apple endows the average person with not only an ability for advanced programming, but an interest in exploiting OS X computers.
You think most hackers and script kiddies just get sudden epipanies about code to exploit? They make no effort???
If a person wants to expolit OS X there is nothing stopping them
Gather 1000 randomly selected IT workers together in a room. Chances are pretty high all of them will have heard of Apple.
Now ask them how many have actually used a Mac (More than just wiggling the mouse in an Apple store while they were waiting for their iPod). Probably not many (I’d be surprised if you hit 10%)
Now ask them how many have actually written software for OS X.
Now, of that group (assuming there are any) ask them how many have studied the Darwin source code. [/i]
Now poll the same 1000 randomly IT workers and ask them if they know how to remotely exploit a security hole, or know where they can get the tools to make one happen. I’d be surprised if you hit more than 0.5%.
Now ask all the same questions about Windows. Obviously the last one does apply directly, but ask about using disassemblers or downloading that pirated Windows source code.
Now try Linux and Solaris.
Just using an OS doesn’t mean you can exploit security holes or write a virus.
The ability to take over nearly all the computers on a given corporate network and DOS those l4m3rz off IRC ? Highly unlikely, most of them use Windows.
The opportunity to install keyloggers on the accounts department’s PCs and sniff some banking details ? Highly unlikely, most of them use Windows.
Chances of getting lucky and 0wning a bank’s network ? Pretty low, most of them use Windows.
The ability to attack all the people you’re playing online games against and steal their avatar’s ? Doubt it.
You are rambling here. just throwing out jargon doesn’t mean you can fool me into thinking you actually know anything.
http://informationweek.com/story/showArticle.jhtml?articleID=192018…
http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html
http://securityfocus.com/news/10402
Also, let’s not forget the motivation. Apple, due to their penchant for making cool, if expensive, electronic gadgets is seen by the world at large fairly favourably. Even when they are nasty, so few people are actually affected that the overall impact is negligible.
What does your paragraph have to do with motivation? So apple makes cool expensive gadgets seen byt the world as favorable and that is why few people are affected!!!
Are you saying Apple is less of a target becuase they are perceived as cool??
Compare to Microsoft. Due to a penchant for hardball – and in many cases rather unethical/immoral business dealings – most of the world views them with, at best, indifference. Given that any large scale Microsoft fuckup is *highly* likely to affect a significant proportion of the population and be very visible, there’s a hell of a lot more people out there with a ngative view of Microsoft.
So hackers/crackers are out to get microsoft because they think it is evil!!!
I thought most of these guys just wanted to feel L333t. Silly me.
http://securityfocus.com/news/10271
So this guy who broke into T-Mobile did it why?
Becuase Catherine-Zeta Jones married Michael douglas or becuase she didn’t sleep with him?? or He hates the T-mobile commercials? or because he hates that T-Moble signature sound?
Yet, despite all this, you (and numerous others) insist that these things are completely irrelevant, that there’s just as many people out there trying to exploit Macs, just as many (more, in fact, because the code is “open”) with the knowledge to do so and that any arbitrary (successful) exploit would have as much negative impact on the world if it targeted Macs instead of Windows.
Most expolits are not designed to have impact on the world. That’s absolutely wrong headed. Many hackers breakin and steal information like the guy who broke into T-Mobile did, he had access for a year. He got caught because he wanted to advertise the fact that he had accomplished this feat and because he got greedy.
http://securityfocus.com/news/10271
A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers’ passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned.
Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions last October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms.
You claimed OS X was obscure, being opensourced it can’t be.
Completely and utterly false (not to mention ridiculous).
What part of the word obscure don’t you understand. If people can try OS X they can, it is not hard to come buy like say a ferrari enzo (you can’t even buy one if you could afford it). They can down load the source for most of the expolitable systems.
That anyone *can* look at something doesn’t mean that everyone *does*.
Knowing *of* something is not the same as actually *knowing* it.
Something being “open” doesn’t mean it isn’t obscure.
Take OS X and try to fit it in any of the following meanings of the word obscure.
Not readily noticed or seen; inconspicuous: an obscure flaw. [/i]
OS X isn’t it is very easily noticable.
Of undistinguished or humble station or reputation: an obscure poet; an obscure family.
OS X hardly fits that.
Not clearly understood or expressed; ambiguous or vague
I doubt it fits this either.
No, they claim that being able to see the source code does not (notably) increase the risk, in rebuttal to Microsoft’s claims (one of their criticisms of OSS) that it does.
Wrong. They claim that being able to see the code increase the chances of such exploits being found and fixed sooner.
That’s the thing. There *aren’t* many crackers “so inclined” because the cost:benefit ratio isn’t particularly compelling for non-WIndows platforms. Yet.
There are more than 15 million OS X boxes out there in the world most if not all of them in the hands of clueless users. The kind you blame for windows’ vulnerabilities.
Last but not the least if OS X is so obscure accroding to youe ridiculous defenition. How do you explain this
http://www.techworld.com/security/news/index.cfm?newsid=2974
2005-02-03 8:41 pm
2005-02-03 10:07 pm
Anonymous
I am sorry but your little example fits none of the above. I hate to bring the car analogy up again. 90% of the world hasn’t driven a BMW or a ferrari, but these brands and cars are hardly obscure.
I’m sorry, but writing OS X exploits requires a little more experience with the platform than having watched a few Apple ads.
If a person wants to expolit OS X there is nothing stopping them
There’s “nothing stopping” me from doing a lot of things. That doesn’t mean I actually do any of them.
What does your paragraph have to do with motivation? So apple makes cool expensive gadgets seen byt the world as favorable and that is why few people are affected!!!
No, few people are affected because only every 100th machine is a Mac.
Few*er* people are inclined to write exploits in the first place because Apple is a reasonably well-liked company.
Are you saying Apple is less of a target becuase they are perceived as cool??
Yes.
So hackers/crackers are out to get microsoft because they think it is evil!!!
Certainly one motivation.
I thought most of these guys just wanted to feel L333t. Silly me.
Most of them do.
Can you conceive of people being motivated by more than one thing at atime ? Is it difficult to understand the thought processes going “I think I’ll write a virus” and then “I hate Micro$uck, I’ll write it for Windows” ?
So this guy who broke into T-Mobile did it why?
Money, based on a quick read of that article.
Most expolits are not designed to have impact on the world. That’s absolutely wrong headed.
You base this on ?
Many hackers breakin and steal information like the guy who broke into T-Mobile did, he had access for a year. He got caught because he wanted to advertise the fact that he had accomplished this feat and because he got greedy.
Uh, you do understand that security “incidents” like that one are a tiny minority, right ? That highly skilled crackers comprise close to an unmeasurably small proportion of all the people out there distributing malicious code ?
Take OS X and try to fit it in any of the following meanings of the word obscure.
Look, there seems to be a very basic concept here that you’re having a great deal of trouble grasping. Having *heard* of something is very different to having actually *used* it which is very different again to actually having *in depth knowledge* of it.
I never said no-one had heard of OS X, I said it was obscure. From the perspective of someone trying tO *exploit* it, it is obscure. Only every 100th (or thereabouts) potential victim is going to be running it.
Last but not the least if OS X is so obscure accroding to youe ridiculous defenition. How do you explain this
What’s to explain ? It’s a coding bug. Happens to everyone.
2005-02-03 10:39 pm
Anonymous
Here is an article on thesecurity by obscurity:
Maybe you shouldn’t use an article more full of fiction than fact to try and make a point ?
The article does not even mention ActiveX which allows external users to run rogue code on target machines, which is the reason that IE is such a security hole.
It allows external users to run “rogue code” *if the user agrees to it* or there’s a coding bug.
I have seen at least one suggestion to avoid use of IE. I am sure that more such Here is one example:
I agree IE hsould be avoided at this point in time, but that’s more because of its code quality/bugginess and lack of features than any inherent design problems.
Another design flaw is the Registry, which is an unneeded single point of failure.
Like the central repositories of important data on most OSes, you mean ?
The Windows Registry is a transactional database with a very finely grained ACL permissions system. The system automatically and regularly makes backups. It’s a fairly robust “single point of failure”.
2005-02-04 2:58 am
Anonymous
Having *heard* of something is very different to having actually *used* it which is very different again to actually having *in depth knowledge* of it.
I think you are missing the point raptor is trying to make. Just becuase 90% of the world uses windows doesn’t mean that 90% of them know who to write viruses and exploit security holes.
You said it yourslef that most of the security exploits on windows is becuase of the cluelessness of the user. regardless of how many people use windows the percentage of people that do who know how to hack are maybe less than 0.5 %.
Just using an OS doesn’t mean, one becomes adept at hacking it.
Those who do want to hack a particular OS will acquire it somehow or will acquire the knowledge to do it somehow.
You give hackers way little credit. You seem to thing that the average hacker has no clue about any system but windows because it is ubquitous, which is absolutely false.
If you read the security focus article on the guy who broke into T-Mobile, there is a link to his resume when he was about 18. He had worked on many systems at that time.
Most of what you claimed is hard to swallow. OS X is no less of a target becuase it is obscure. IBM Mainframes are can be considered obscure in the world context but doesn’t mean they are any less of a target for hackers.
2005-02-04 3:05 am
Anonymous
Can you conceive of people being motivated by more than one thing at atime ? Is it difficult to understand the thought processes going “I think I’ll write a virus” and then “I hate Micro$uck, I’ll write it for Windows” ?
There is more for the lack of the better word hatred for Apple products as well.
Take OSnews for example the number of Anti-Apple trolls is a good indicator of the feeling toward Apple products. IT is concievable that there is atleast 5 people who care capable of Hacking a system in the world that hate Apple with as much gusto as the folks who think Microsoft sucks.
You arguments on this subject are naive to say the least.
2005-02-04 11:06 pm
Anonymous
Just becuase 90% of the world uses windows doesn’t mean that 90% of them know who to write viruses and exploit security holes.
I never it said it did.
However, the fact that 90%+ of the world uses Windows makes Windows a more attractive target.
You said it yourslef that most of the security exploits on windows is becuase of the cluelessness of the user. regardless of how many people use windows the percentage of people that do who know how to hack are maybe less than 0.5 %.
Right. So what’s a bigger number – 0.5% of 90% of the market, or 0.5% of 2% of the market ?
You give hackers way little credit. You seem to thing that the average hacker has no clue about any system but windows because it is ubquitous, which is absolutely false.
That’s not what I Think at all.
That vast, vast bulk of “attacks” come from automated network scanners and mass-mailer type worms. Most of the people running these “attacking tools” didn’t write them and have absolutely NFI what they actually do (apart from get them a bot army they can use to run people of IRC or mass-mail millions of messages.
These people don’t have any in depth knowledge, they rely on people who.
The people who *do* have this knowledge are, as you note above, a very small minority. They write their tools, release them and go on to the next thing.
They don’t write their tools to automatically exploit obscure platforms like OS X. What’s the point ? Only 1 in every 100 machines is going to be exploitable, so the infection rate will be quite slow (probably not quick enough to be self sustaining. Hardly anything actually runs OS X, so the chances of any high profile, or very high “usefulness” penetrations are going to be quite low. Added to that said hacker in general won’t own a Mac to develop his OS X exploit on.
Basically, writing an automated exploiter for OS X is very inconvenient for the average hacker and any returns on the investment in that inconvenience are unlikely to be particularly impressive.
Certainly, if anyone *really* wants to exploit an OS X machine for a specific purpose, then its obscurity is little defence – but only a tiny minority of attacks are that targeted.
If you read the security focus article on the guy who broke into T-Mobile, there is a link to his resume when he was about 18. He had worked on many systems at that time.
Undoubtedly. His example probably represents about 0.001% of all attacks. The exception to the rule.
The people who amass bot armies aren’t directly investing hours/days/weeks/months/years of their time trying to exploit particular systems, they’re firing off an automated network scanner and letting it run in the background while the curry warez or play Everquest.
Most of what you claimed is hard to swallow. OS X is no less of a target becuase it is obscure. IBM Mainframes are can be considered obscure in the world context but doesn’t mean they are any less of a target for hackers.
If you’re talking about the 0.001% of “hackers” trying to exploit particular machines for particular purposes, no they aren’t.
If you’re talking about the *rest* of the exploits that are successful, of course they are.
There is more for the lack of the better word hatred for Apple products as well.
Pfft. It’s not even on the same *scale* as dislike of Microsoft.
Take OSnews for example the number of Anti-Apple trolls is a good indicator of the feeling toward Apple products. IT is concievable that there is atleast 5 people who care capable of Hacking a system in the world that hate Apple with as much gusto as the folks who think Microsoft sucks.
5 vs 500. Which group do you think is more likely to produce exploits quicker, more regularly and more noticably ? With Windows machines outnumbering Macs ~100 to 1 which platform do you think is going to be hit hardest *even if all else is equal* ?
You arguments on this subject are naive to say the least.
Right. You’re insisting that platform prevalence has no impact on likelihood, frequency, regularity and impact of platform exploits and *I’m* the one being naive ?
2005-02-05 12:56 am
Anonymous
Right. So what’s a bigger number – 0.5% of 90% of the market, or 0.5% of 2% of the market ?
I picked 0.5% out of my ass. Here is another number for you, how about 0.00001%
Right. You’re insisting that platform prevalence has no impact on likelihood, frequency, regularity and impact of platform exploits and *I’m* the one being naive ?
Yes.
You are arguing that the Mac OS X platform is obscure. It is not. Most tech savvy people have heard, used or atleast wanted to own a OS X box.
My first experience with the Mac was with OS X and similarly so are my colleagues’. OS X actually brought the Mac platform out of obscurity for all intents and purposes. Notice AnandTech a very PC centric site, by Anands own admission, now has a Mac section. So does ARSTechnica after the announcement of OS X.
The point being discussed here is not which makes a more attractive target because of volume. The point of contention is if the Mac OS X platform is obscure, if it is, is it obscure enough that no hacker will want to use it.
The answer to all of those questions is a resounding no.
2005-02-06 10:05 am
Anonymous
You are arguing that the Mac OS X platform is obscure. It is not. Most tech savvy people have heard, used or atleast wanted to own a OS X box.
Yes, but that doesn’t mean they *DO*.
FFS, how many people have *heard* of OS X is irrelevant when considering what sort of impact that might have on its *actual exposure* to malicious code.
Just because everyone’s head of OS X doesn’t mean it isn’t obscure from the perspective of actually *finding* OS X machines.
2005-02-07 7:56 pm
Anonymous
Just because everyone’s head of OS X doesn’t mean it isn’t obscure from the perspective of actually *finding* OS X machines.
FFS, why son’t you just stop commenting on OS X and apple related topics. Be happy with windows and your Centrino Laptop and be done with it.
Learn to qualify things with IMO. Just becuase you are delusional about security doesn’t mean it is the way the world operates.
Microsoft products get exploited because they are uniquely vulnerable.
[…]
The architecture of Winxxx makes it almost trivial to exploit and create system wide havoc.
For example ?
Systems based on a *nix architecture are more difficult to exploit and even more difficult to inflict system wide damage.
How so ?
The sooner we move away from Windows the sooner the whole mess which is caused by the inherent design flaws of Windows will go away. Personally, I don’t think the whole mess will start all over again.
Which design flaws are those ?
AFAIK the G4’s throtting capabilties aren’t anywhere near this advanced – they’re either “fast” or “slow”, just like the Pentium 4-M the poster I was responding to was (incorrectly) extrapolating Pentium M behaviour from.
Then you really don’t know much. The original poster said :
makes it run at 600MHz when in battery optimized mode.
The intel official website claims the following, pay attention to Maximum Battery Mode.
With the G4 the processor speed is halved. So a 1.67Ghz cpu runs at ~850Mhz. In contrast a 2.13GHz Pentium M cpu will run at 600Mhz about 1/4th the full clock freq in longest battery life mode.
http://www.intel.com/technology/itj/2003/volume07issue02/art03_pent… Portable/Laptop mode, frequency and voltage changes depend on the application demand. This mode is the normal usage mode when the system is not connected to an AC power source. This mode demonstrates the effectiveness of combining the performance and power-awareness of the Pentium M processor with the energy-saving nature of the Enhanced Intel SpeedStep technology to provide end users with breakthrough mobile performance and extended battery life.
…….
When there is no activity (idle period), each processor runs at its lowest frequency and voltage to conserve energy: the Intel Pentium M processor @ 600 MHz,
…….
Maximum Battery Mode
In the Maximum Battery mode the processor runs at its lowest frequency. This mode is usually used when the user is away from an AC power source for a long time. This mode demonstrates the ability of the Intel Pentium M processor to minimize energy consumption when longer battery life is crucial.
90%+ of viruses and worms exploit end user stupidity, not security holes.
Wrong. You can have a windows machine just sit connected to the net and get infected.
Exploits of actualy security *holes* – and not just end user ignorance – are few and far between. Take out the ones caused by coding bugs and not fundamental problems and you’re down to a *very* short list.
Wrong again. You are saying coding bugs are exempt from the security exploits list, which is absolute bollocks. A buffer overflow exploit is preciselt a coding bud and is most certainly a security hole if it allows arbitrary code to execute and can cause privilege escalation. The *very* short list on windows is usually longer than the longest list on other OSes.
You are just handwaving. Also your approach to security is “if I close my eyes it will go away”.
When there are that many holes it makes it fun for virus writers to write viruses.
Very few pieces of malicious code actually exploit the system. Even fewer do it via problems that haven’t already been fixed.
Obscurity and barrier-of-entry costs do far, far more to discourage virus writers from attacking OS X than any additional “security” inherent to the system.
Obscurity and barrier-of-entry costs do far, far more to discourage virus writers from attacking OS X than any additional “security” inherent to the system.
I would like you to prove this. OS X ships more secure than windows by default. SP2 finally got XP a little closer to OS X’s default shipping level.
> The architecture of Winxxx makes it almost trivial to
> exploit and create system wide havoc. Systems based on a
> *nix architecture are more difficult to exploit and even
> more difficult to inflict system wide damage.
No they don’t. The security model of NT is actually much more sophisticated than a basic Unix security model. The problem with Windows security lies not in its architecture, but in two important areas. One is the quality of Microsoft system services that is often of dubious quality, and the other is in the poor design of many pieces of software written for Windows, that continues to insist that it is running on a single-user version of Windows, and as such (along with the existence of XP Home) instills a behavior of using an account with administrator privileges when this is inappropriate. Thus ignorance of users and the otherwise not as harmful local security flaws for client software can escalate into serious problems.
That however has nothing to do with the design of Windows, but rather legacy and a development culture that has not matured.
> The sooner we move away from Windows the sooner the whole
> mess which is caused by the inherent design flaws of
> Windows will go away. Personally, I don’t think the whole
> mess will start all over again.
Unless you think Windows makes people ignorant, I think you’re missing a large reason why Windows is such an enormous infestation of malware. However, even without administrator privileges, malware can still flourish and cause a user considerable grief, and if Macs become more popular, this exact same thing will happen then, because spammers go where the money is.
Then you really don’t know much. The original poster said :
“makes it run at 600MHz when in battery optimized mode.”
He also said (to help illustrate I have bolded the text you are basing your post on):
“Thanks. But I would be loath to call the pentium m a G4 destroyer. Yes it is a faster chip than any G4. But speedstep makes it run at 600MHz when in battery optimized mode. Unless I am plugged in I am not going to be able to harness the full power of the chip or I don’t get battery life if one were to set it to full performance.
Kind of defeats the purpose of a portable doesn’t it. I know with the P4-M based dells you could neve get it to run fullspeed if unplugged but this was a couple of years ago.”
There are a few things implied here:
a) that the Pentium M can’t really be regards as a better chip; because
b) you either run it a full speed or 600Mhz; and
c) that you can’t change this behaviour.
Based on these flawed assumptions, he concludes:
d) that this “defeats the purpose of a portable”
However, while Pentium Ms *can* throttle down to 600Mhz, they will *also* throttle to numerous speeds between 600Mhz and their top clock speed – some less than the single 50% drop in speed setting the G4 supports. Additionally, this behaviour is end-user configurable or can happen dynamically depending on system load (the PowerBooks and iBooks change their power saving mode only when the AC adapter is plugged in or removed).
In his defence the original poster draws his conclusions based on his experience with the Pentium 4-M. However, as I pointed out, this assumption of equivalence is wrong because the P4-M and the P-M are completely different chips.
Basically you’re attacking me because, while the spirit of the original poster’s argument is not correct and mine is correct, a particular sequence of words in his post sort of agrees with something written on intel’s website…
Obscurity
One more thing the word Obscurity applies more to Windows than OS X. Darwin is entirely opensource so are many of the daemons and services OS X is built on.
Any hacker worth his/her salt can look at the sources and find obvious holes if they really wanted to. If one were inclined they can pick up a range of Apple hardware off ebay cheap.
There is no “Obscurity and barrier-of-entry” nonsense with OS X.
Also to correct another piece of misinformation you threw out. OS X is based on darwin. The kernel is called XNU which has Mach code , BSD Application layer and IOKit for device drivers. XNU is not a true microkernel like a vanilla Mach based OS.
Also most of the stuff in XNU is in the IOKit and BSD layers, the Mach layer is fairly thin doing the VM, IPC, scheduling. The BSD layer does all the networking and filesystem work.
> The difference isn’t how many each has. The clue is that
> one has a $50 lock and the other something worse about 5
> cents. Guess which is which.
Read _Surely You’re Joking, Mr. Feynman!_
> Mac OS X is built on top of BSD UNIX. Which OS is the most
> secure (one that isn’t connect to the internet – drum spot)?
> It’s BSD UNIX. Even the U.S. govt security people say so.
Provide a source for your claim, so I can skip asking you for details that I get the sinking suspicion that you wouldn’t be able to provide and can read it myself.
> Windows makes Swiss cheese look like a solid block of
> titanium. There are more holes in Windows than in all the
> golf courses on the planet.
That’s a fascinating technical discussion waiting to happen, I can tell. Most software has flaws, which comes as no surprise if you make your living writing software. Microsoft certainly constructs its fair share of broken software, but to be perfectly blunt I think you’re intentionally fixating on this and ignoring that people install copious amounts of adware and spyware themselves, and will do so on any platform that has been targeted for the deployment of such software.
(the PowerBooks and iBooks change their power saving mode only when the AC adapter is plugged in or removed).
Not true. The powerbook has an automatic setting for the cpu and the speed is throttled according to load. Running a benchmark while plugged in and the setting set to automatic and the results of said benchmark when the setting is set to highest proves this.
> This is the bullshit argument that Windows is exploited
> because it’s ubiquitous. Apache is the most widespread web
> server in use (about 60+% of all webservers) yet Microsoft’s
> IIS server is the most vulnerable and most exploited web
> server. Ubiquity has nothing to do with exploits. Microsoft
> products get exploited because they are uniquely vulnerable.
> When Gates and Ballmer talk about “security” they’re talking
> about DRM, not system vulnerabilities and exploits.
Most spam is targeted at people residing in the U.S., and is financed by people within the U.S. for the purposes of selling mostly-U.S. goods. Is the U.S. uniquely vulnerable to spam, or is the market in the U.S. more profitable to spammers than the market in Ethiopia?
If exploiting flaws in Apache or IIS were at all relevant to a discussion regarding the end-user adware, spyware, and other malware that troubles your grandmother, I might even entertain a discussion regarding the difference in motivations with respect to the two as targets, but it’s entirely irrelevant. Windows is not uniquely susceptible to the methods used for distribution junk software, it is simply the best bang for the buck. For the same reason there’s considerably more games for consoles, and more games for the x86 than the Mac, people that want the highest return on their investment for the least amount of effort choose the Windows platform. And if users flee en masse the developers of said software will go with them.