Posted on 04/10/2010 9:49:52 AM PDT by SmokingJoe
Charlie A. Miller loves his Macbook Pro laptop. And his four other Apple ( AAPL - news - people ) PCs, the iPhone he uses daily and two older iPhones he keeps for tinkering. But his relationship with the company that created those gadgets is somewhat more complicated.
In March, for instance, the 36-year-old security researcher publicized his discovery of 20 security vulnerabilities in Apple's software. Each would allow a cybercriminal to take over the computer of a user who's tricked into opening a certain PDF attachment or who simply visits an infected Web page using Apple's Safari browser.
That haul of bugs is a record even for Miller, who over the last four years has become perhaps the world's most prominent Mac hacker. It may also be definitive proof that Apple devices aren't safe "right out of the box," as the company has claimed for years. "When I first began saying that Macs were less secure than Windows, everyone thought I was an idiot," says Miller. "So I had to prove it again and again and again."
In 2007 Miller became the first to hack the iPhone, using a flaw in its Safari browser to remotely gain control of the not-so-smart phone. Six months later he hacked a Macbook Air in two minutes at a competition in Vancouver. Last summer he revealed a method that allowed him to virally hijack the iPhone using text messages spread via a user's contact list.
(Excerpt) Read more at forbes.com ...
So much for, “I use a Mac because Windows is unsafe.”
NICE!!! I love this guy =oD (in a purely heterosexual way, of course)
The computer security expert I trust for my business jokes that Apple’s popularity among its users is like a religious cult, not based on reason.
And he prohibited our adopting iPhones, because they are a remarkably insecure consumer entertainment tool, unsuitable for business.
I use it for ePocrates at a business. But if I don’t get .exe files or allow a program to download can I still get a virus?
I’ll be the guy is lousy at sports....
be = bet
Waiting for the “Apple FUD!!!!1!1!!” crowd to show up. Any criticism, not matter how legitimate, is considered “FUD” by the disciples.
Waiting for the “Apple FUD!!!!1!1!!” crowd to show up.
Well, it's only natural... when someone posts "FUD"... you get the FUD crowd... no problem there, that I can see ... LOL ...
But.., it's going to take a whole lot more than FUD to get the Macintosh users to start using any anti-virus software, since they've never had any problems with it, across the board.
Heck! I can't find a single Windows users who will discontinue the use of any anti-virus software on a Windows platform machine -- while Macintosh users have been doing it for years on end (not running any anti-virus software).
Those anti-virus people have yet to find out a way to get Macintosh users to use their anti-virus software since hardly anyone on the Macintosh platform uses it or see a need for it... LOL ...
It will take a whole lot more than this FUD article, that's for sure... :-)
Reality check #1. All big software has security holes.
I’m an admitted Linux Biggot - been using it since 1992. Linux has security holes in it too. Fact is, any major piece of software does.
Reality check #2. Microsoft product have 10 times as many users, thus they are the biggest target for bad software.
Conversely, Macs and Linux boxen have relatively few threats against them because they are not the dominant environment. Who wants to bother. They are going to go for the biggest bang for the least effort when someone is trying to create malware.
Reality check #3. Architectural differences in the way the software is put together gives Unix derivatives some technical advantages in security.
Consider that up through Windows 98 - it was really DOS on steroids, where all Unix derived systems came from environments that had memory management hardware - which meant that they were originally multi-user systems that had to have a notion of security from the start.
Windows XP is a derivative of NT which was always multi-user, but it had some choices built into it like putting user accessible features in protected mode like the video driver that made it less stable and provided more vectors for attack.
This plus slack coding styles (from a security point) which exists in all three software stacks (Macs, Linux, XP) made XP the most vulnerable of the set.
I’ve got PCs I don’t use AV software on.
So you’ve found one.
Star,
I’ve gone without any virus protection on my mac since day one (more than two years). Recently, I thought I should give it a check. Complete scan reveals zero infection.
Just the facts.
ampu
I would guess it takes a certain minimum density of any particular OS for a virus to propagate in the wild. Too many misses and it dies out.
There would seem to be some minimum distribution density of an OS to reach critical mass to support sustainable levels of virus propagation.
Or in other words, the minority OS users should be careful what they wish for...
bump
And It should be obvious that if the level of expertise is significantly greater to write bad things for a Mac than a PC, then the Mac is obviously safer.
I’ve got PCs I don’t use AV software on.
So you’ve found one.
Man! That is something for a Windows user... I couldn't find one before. I think you should put that information out on the net, as an article in one of the Windows' (and/or Macintosh) publications and let the world know about that one. That's extremely unusual.
I asked someone before to set up their Windows machine without a anti-virus program and use it for their web browsing and downloading and all their normal stuff (you know, like e-mail and their main computer...) but they just wouldn't do it, even though they told me that the Windows OS was more secure than the Mac OS..., so that's why I've been looking for someone like that. I wanted to run the Mac OS X and the Windows machine for a year that way and see which machine got "hosed" first ... LOL
What operating system are you using now and how are they configured (like direct on the Internet, or behind firewalls, etc.).
And also, is one of those machines the one you use for all your web browsing and downloading of files.
I ask those questions, because that's pretty much what Mac OS X users do -- most of the time, have it connected direct to the Internet (you know, at home through DSL or cable Internet), and use it for all their web browsing and any downloading of files that they may do.
So, that's why I'm wondering.
And to tell you the truth, I find that absolutely amazing for a Windows user, as I would be scared half to death to use the Windows operating system the same way as the Macintosh users generally do... LOL ... (really, I would...).
I cruise the web with my Macintosh with a direct Internet connection, bypassing the firewall and download all the time and also I try accessing some of those websites that some posters here have identified as infected, but I never can get anything to happen to the Mac... :-)
I’ve gone without any virus protection on my mac since day one (more than two years). Recently, I thought I should give it a check. Complete scan reveals zero infection.
Yeah, that's the way the majority of Macintosh users go, too. And nothing happens. It's not because they are (themselves) inherently safer at doing stuff on the web, it's just that there doesn't exist the problems there and there's none of those nasty virus and malware programs for the Macintosh users to be concerned with.
If someone used the fingers of both hands, I don't think you can find enough virus/malware out there for the Mac OS X, to actually infect them with anything -- to even fit onto the fingers of one hand, much less two hands.
There are no anti-virus packages for Solaris either. Enough said. Unix is inherently secure And that is the reason anyone that has a concern for security does not run a Windows-only shop. The only reason that Windows exists is an open hardware platform, the ubiquitous MS Office, and stupidity among those that adopt the paradaigm.
The only computers I’ll run without AV are computers totally under my control (in my office) that are behind a business NAT router with firewall and that are never used for Email or browsing the Web. They do have Internet access for updates (both Windows and applications). Generally these computers are used for automatic test using IEEE-488 buses controlling test equipment. The current OS is XP but originally I used Win95 the same way for many years. The current primary machine was Vista but wouldn’t run the IEEE bus and Visual Basic test programs properly so I replaced the drive and installed XP professional.
These computers have network sharing with permissions setup but only select folders and never the root folder or OS folders. All of my work computers are on a separate physical network with a different subnet from the rest of the house and I have routers with strict rules setup between subnets (I have multiple) not allowing cross access other than select devices such as cameras, a music server, sprinkler controller and weather station data.
PC based computers for Email and Web browsing all have AV. I didn’t use AV software until I got online in the mid 90’s and did fine.
To date, I’ve never had any of my work computers get a virus or Trojan. I did have a music server get infected once about 10 years ago by someone connecting an infected laptop (not mine) to that network. At that time I didn’t have the safeguards in place that I do now. That’s it.
Each would allow a cybercriminal to take over the computer of a user who's tricked into opening a certain PDF attachment or who simply visits an infected Web page using Apple's Safari browser.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.