MAC computer is still not totally safe in virus?

[nec207]

You've not established anything of the sort. ACLs and account management has mostly nothing to do with modern malware which uses bugs like buffer overflows to do privilege escalations and code execution. Network services affected by these bugs can result in both, creating what is called a "remote root hole".

Can you elaborate here ?

Unix as defined anyway does not define any type of account management, nor ACL control, so I don't know why you're trying to argue anything there. OS X lacks viruses only because no one bothered to write one for a reason or another. It has had plenty of security issues in the past (patched by Apple) that could have allowed one. Leopard and Tiger both still have many that were only fixed in Snow Leopard that could even still technically be used.

If you read the other link I gave you Tiger was more secure than windows XP but windows 7 is more secure than Tiger and Leopard .But in link it also saying that Snow Leopard and Lion is more secure than windows 7.

Because like I keep saying, you do not run root.

Do not run as administrator.

That the thing the OS X and Linux by default I'm admin that must authenticate .To have the same level of security I would have to use a standard or guest account and when I want to do other stuff log out and into admin account and well most home users do not do this thus get malware so well Microsoft through UAC at it.

And with business and corporation the ACLs will not allow me to be installing and removing programs or accessing system stuff like deleting or modify system files and malware will still have same same problem .

Both systems are equal on this front. This is not Windows' flaw. It's not the reason Windows gets more viruses than say Solaris or HP-UX or Arch Linux or Ubuntu or OS X. And you can't say "Unix works like XXXX" because there is no 1 single way defined in the SUS for how Unix must behave as far as accounts go.

The admin should be locked with windows and you should have to authenticate and only pro users that know what they are doing should have to enable it by the use of command prompt aka terminal in the Linux and OS X world .

Home users should be running standard and guest account not admin account . Just like I'm not going to be going to a business and corporation say to the IT guy really nice I want admin account I promise I will not to be installing and removing programs or accessing system stuff like deleting or modifying system files or going to web sites. The IT guy would laugh at me.


When I was young in school I use windows but I could not do any thing out side my folder has the IT guy was running novell on windows 98 and a lot of web sites where blocked for good reason.I had user name and password and I could not bypass the log in screen with cancel like I could at home and I even had capacity limit in my home folder less than 1 GB and could not go over.I could not do any thing on this computer other than in my home folder .

I had computer running windows 95 and windows 98 at home and well it had no lock on it at all and would get no prompt at all.

The thing is business and corporation lock down the computer for clients and well home users computers are not lock down .Many windows user got so use to no prompt that when UAC game around many people got so bad at Microsoft that it is way too many UAC prompt . These people should not own a computer at all.

 

[KnightWRX]

Can you elaborate here ?

Elaborate what ?

Rest of your post is again arguing about user account management which is again, the same on Windows NT as it is on any other multi-user operating system.

 

[nec207]

Elaborate what ?

Rest of your post is again arguing about user account management which is again, the same on Windows NT as it is on any other multi-user operating system.

No where did I say account management is going be 100% safe from malware on any OS has you still have Java , active -X, script , flash and puglins so on where malware can come in and not to say old programs that must run in admin to work .

 

[KnightWRX]

You might try installing a newer version of the more consumer friendly distros these days (ubuntu 12.04, fedora 17). They have really streamlined the process for people new to the system and while you are still not forced to do anything, you typically run through an account creation process when installing using the live CD. Once this is created you are dropped into the user account on first login and have to elevate to root through "su" or "sudo" (password required) if you want to do anything useful.

Like the Windows XP screenshot I posted.

The server versions of these distros are completely different though and usually drop you directly at root level with no GUI.

You'd be surprised. Our HP-UX images are made to connect to our user accounts directory on first boot so that right after an ignite, I can log in with my network account in unprivileged mode on the server. The image also contains default RBAC profiles so that my user account can access the necessary minimal commands it does on every other server.

SLES/RHEL actually install X and some GUI stuff by default and I think even boot to init 5 if you don't manually remove them (though we don't install from media, we use "jumpstart" type functionality like we do for every other OS so again : our system images are properly made in this regard.).

Im sure you work more in the enterprise world, but some linux distros have come a long way in consumer user friendliness (both with install and initial setup).

Last time I did install Ubuntu was back in 2009. The user creation step was quite optional back then. I use Arch Linux myself at home these days, smaller, leaner, more customizable, which I think doesn't even give you a user creation step during the live CD installation. My Ubuntu phase ended pretty quickly, being a Slackware guy since the 7.0 days and before that, a RedHat guy since the late 90s.

But again : Windows has been doing the same thing (creating unprivilege users and not putting you down into an administrator account) since Windows XP and like you said this is all quite besides the point really, as this has nothing to do with how malware/viruses gains escalated privileges.

They do so through privilege escalation bugs usually in the form of buffer overflows in applications/running services. Even sudo has had bugs that could result in unauthenticated privilege escalation.

----------

No where did I say account management is going be 100% safe from malware on any OS has you still have Java , active -X, script , flash and puglins so on where malware can come in and not to say old programs that must run in admin to work .

Why are you talking about account management then ?

 

[nec207]

Why are you talking about account management then ?

Fine thats not talk about UAC or account management than .

What do you want talk about Java , active -X, script , flash and puglins or browser sandboxing or holes and bugs in code of OS or browser ? May be lockdown OS than none lockdown OS.

security is process not thing . Like wise security in home to keep the person from doing B&E or robbery at home. Does locking you doors and having alarm help ? Does living less than 1KM from police sation and having gun under your pillow help.

Please go to all security certification schools and tell them account management and UAC does nothing has you seem to know more than they do.

Really what are you debating or want to talk about UAC or account management or holes and bugs in code !! Or may be Java , active -X, script , flash and puglins .

Did you even read the link why Tiger was more secure than windows XP and why Snow Leopard and Lion is more secure than windows 7.

 

[KnightWRX]

Fine thats not talk about UAC or account management than .

Good. Let's not talk about it then, since this isn't the subject at all in this thread. We're talking about viruses and malware, not general security measures and best practices. Are you finally understanding me ?

I probably know more about user account management and ACLs and other security measures in place on operating systems than you do, but this is not the topic of this thread. This thread is about viruses and other malware.

 

[nec207]

Good. Let's not talk about it then, since this isn't the subject at all in this thread. We're talking about viruses and malware, not general security measures and best practices. Are you finally understanding me ?

I probably know more about user account management and ACLs and other security measures in place on operating systems than you do, but this is not the topic of this thread. This thread is about viruses and other malware.

Well sure comes up in certification schools and security books But hay UAC and account management has nothing to do with malware with you fine got it Sure comes up in certification schools and security books and other message boards that talk about security but hay you different.

 

[nec207]

KnightWRX I get feeling this thread is turning into flame war not talking about security. There are many things we could talk about in that thread but you hug up on UAC and account management in strange way of replying to me in almost flame strange way posting.

- What OS and web browser has most holes and bugs.
- What browser sandboxing is the best
- What OS best dealing with Java , active -X, script , flash and puglins
- Java , active -X, script , flash and puglins
- UAC or account management ( well we should moved past that by now but for some reason is turning into almost flame war strange way posting not a discussion on it.
- What OS and web browser best with privilege escalation.
- Programs amd software running in admin
- User level and system level.
-Locked down OS than non Lockdown OS

Note active -X windows thing.

I'm goimg give it one more shot and than I'm done with this thread .

 

[KnightWRX]

I'm already done. You seem to be hung up on trying to prove something, but you're not telling us what that something is. Have fun, it's impossible to discuss anything remotely logical and fact based with you, since I don't even know what you're talking about. Maybe it's because English isn't your first language, and it's not helping you make a coherent post.

 

[nec207]

I'm already done. You seem to be hung up on trying to prove something, but you're not telling us what that something is. Have fun, it's impossible to discuss anything remotely logical and fact based with you, since I don't even know what you're talking about. Maybe it's because English isn't your first language, and it's not helping you make a coherent post.

No it is the way you reply. If you where trying to say I was posting some thing not true or 100% true or getting the picture of it wrong on how it works.It the way you reply.

That try again if this what you where trying to say to me but the way you replied to me did not come across like this but rambling on and on saying I'm wrong about some thing

KnightWRX You thinking of DOS and OS like windows 9.x base on DOS where software and user level ran in administrator mode.

Not all software and process is in user level with Unix ,Linux or OS X.

The only difference of NT and Unix /Linux /OS X is permission authentication. Where in Unix /Linux /OS X permission authentication is base on folders ,files and home group where windows permission authentication is base on user group what that group has read and write access to.

It comes down to how you set it up . Not all Unix and Linux is like OS X where by default you a user that you must authenticate .There are Unix and Linux out there where you can run has root and get no authentication.

But by default with Unix /Linux /OS X you need authentication out side you home group and this not case with windows.

There are Unix and Linux out there where you can run has root and get no authentication.Not all Linux and Unix out there is like OS X

And most people run administrator mode with windows where wth Unix /Linux /OS X you user that has permission to do administrator stuff that needs authentication .

See above post not all Unix and Linux are same when it comes to root or root being locked.

Windows vista and windows 7 is knock off the sudo command in Unix /Linux with Although User Account Control (UAC).In OS X they give you pretty GUI to authenticate.

You saying UAC is not like sudo at all but than you did not elaborate.

And I think you saying that UAC has better mecanism than sudo the way it works .

And again, the root user does not need "authentication" beyond login into the account. There is no difference. You're just making stuff up at this point, you obviously do not know a thing about Unix/Linux/OS X security and how it works

That try it again like above when running has root it will not need authentication the reason you getting it is well you using some Linux and OS X but where you a admin with root locked by default and there are Unix and Linux out there where root is not locked and you can run has root with no authentication .

The reason I was saying windows vista and windows 7 is knock off the sudo command is it is poorly implemented the UAC and has a lot of holes and bugs and was explain here at macrumors many times.

I think you saying that sudo is not perfect do to there are command you can give that is not safe.

Unix as defined anyway does not define any type of account management, nor ACL control, so I don't know why you're trying to argue anything there

.

The way account management or ACL work does not mean it is NT,Linux or Unix it just the way OS is set up

Not all Linux and Unix are same like OS X when it comes to account management, nor ACL.





On the last note better words and easyer way to understand account management nor ACLc are not the be-in-all- has there still other ways malware can get in like Java , active -X, script , flash and puglins ,OS and web browser has most holes and bugs , browser sandboxing ,privilege escalation ,Programs amd software running in admin so on when you want not about security.


I think this what you trying to say but took many posts and almost flame ware to understand do to the way you reply.