Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Windows has a 17 year old un-patched vulnerability
- Thread starter *LTD*
- Start date
- Sort by reaction score
Heh, when I read about this my gut reaction was to laugh.... then I remembered I have over 1000 machines with IE6 at my job - meaning I get to spend hours re-imaging them yay. At least theyre patching these things, even if it is 17 years on. I mean code always breaks *is a programmer as well - some of my code is riddled with them and I just reach a "itll do" state - thats what this thing was probably caused by xD*
I will take Apple's word over a bunch of crazy fanbois/girls word thank you very much.
I also follow common sense. But oh well =/
It has nothing to do with either fanbois/girls or common sense. It is my understanding that there are something like 26 Mac-only viruses. They date back to System 6 with a few coming online during the early days of System 7. Starting with Microsoft Word 6, Word/Office macro viruses went cross-platform. On a Mac, a Microsoft macro-virus can damage only your Office installation. On Windows, it can take down your system. By the time MacOS X became Apple's primary shipping OS, the number of new Mac viruses had dwindled to fewer than one per year. MacOS X drove that number to zero.
Since then, a lot of people have tried and a lot of people have failed to write a true MacOS X virus. There have been a few vulnerabilities found, but those are eliminated before anyone ever manages to exploit them. We have seen pwn2own contests that make a big hoopla about their successes. However, those all require user intervention to succeed.
*LTD* is exactly right. The Apple statement is a disclaimer. The disclaimer does two things:
- It mitigates the damage in the unlikely event that someone somewhere somehow till develop a working Mac virus that gets into the wild. It is also easier than explaining to the ignorant that viruses are not the natural order of things and that Macs don't have viruses.
- Any number of times, newbies have posted on this and other Mac fan sites that they have a virus and with absolute certainty demand help in repairing the damage done by the virus that they discovered. The truth, of course, is that they have no virus. The behavior attributed to a virus is not virus-like behavior. It is often the computer performing normally. Hysteria is powerful. The disclaimer, however, takes a little wind out of hysteria's sails.
This proves my point. It IS common sense that no computer connected to the internet is 100% safe. Apple says so. So of course I won't listen to someone who says OMG MAC CAN'T GET VIRUSES!!!
This isn't directed at LTD but fanbois/girls who claim this. Lack of common sense, blinded by something Apple never claimed.
Proved your point how? The last of these MacOS-exclusive viruses was in something like 1999 or earlier. None under MacOS X. Common sense is based on common experience. Most kids in college today are too young to remember the last time a new Mac-exclusive virus made it into the wild.
BTW, there is no inherent connection between the Internet and viruses. Most of the 26 Mac-specific viruses were spread via floppy disk. Implicit in your argument is that viruses are the natural order of things. They are not. The reason that Windows has so many viruses and MS-DOS before that is that the Microsoft operating systems were designed that way. Microsoft even developed a virus-enabling technology. It is called Visual BASIC for Applications. Do you realize that before VBA, only skilled assembly language programmers had the skills to develop viruses. VBA opened the field up to "script kiddies." But I digress.... To tie-off the other end, the MacOS and Linux have so few viruses and MacOS X has none because they are designed that way. That is why despite all of the boasts and taunts about MacOS X having no viruses, that no one has forced the Mac fanbois to eat their words. It certainly isn't for lack of trying.
So why don't we just agree to drop this?
Because there have been more recent exploits of Mac OS X. Maybe not dangerous. The difference between Microsoft and Apple is Apple gets attacked in such small numbers (and very crippled viruses/other baddies) that they (Apple) has time to patch and black list said trojan/worm/virus.
They do have them. Its just a matter of are they blacklisted or even dangerous.
Viruses aside, other vulnerabilities have been patched by Apple (which I'm sure more exist) and that's why OS X isn't 100% safe either. Granted, many services are turned off by default, but by no means does that make it 100% secure.
EDIT: Here's an example of something that affects 10.6.2:
http://www.securityfocus.com/bid/36935
While this vulnerability is not likely to give someone complete control, it still applies to OS X not being 100% secure. You can go to Security Focus and search for vulnerabilities by OS and see more.
Now you are just stringing words together. However, it is interesting that you try to invoke the "Security through obscurity" excuse. The excuse is a fiction. This excuse had its origins in the early days of Windows XP. For those who remember, XP's early days saw some of the worst viruses in the history of computers. Microsoft operating systems up through Windows 98 had suffered viruses, but they were nothing compared to XP. Microsoft came under withering criticism for the number and seriousness of virus attacks on its latest OS. Many customers threatened to bolt to Linux or the Mac. In response, Bill Gates simply asserted that Windows had more viruses because it was the most popular OS. No evidence was presented to support this contention. No study was ever conducted to gather the evidence. However, the easily convinced both inside and outside the popular press accepted Gates' assertion without question.
Because Windows was more popular and it had more viruses, its viruses were caused by its popularity. This is the logical fallacy known as:
Post hoc, ergo propter hoc.
Logical fallacy or not, Gates had managed to turn a damning flaw into a virtue. However, Gate's whole premise was false. The most popular version of Windows in at the time was Windows 98. Windows 98 was immune to the worst Windows XP viruses.
Security Through Obscurity is a bogus argument.
Over 50 million users and nothing for nearly nine years. The old Mac OS had a far smaller market share and more viruses (that is,"more" as opposed to zero.)
There are no known OS X viruses in the wild. Academic proofs of concept and lab experiments don't count. When the Get a Mac ads say there are "thousands of viruses" for Windows, Apple isn't lying. Every Windows version is by default heir to this legacy.
This has led to a resurgence of comments to the effect that a) Macs are just as vulnerable as PCs and b) the only thing that protects them is their miniscule market share. These ideas, of course, are wrong.
4% of the worldwide installed base of computers might explain why there are fewer Mac viruses. But it wouldn't explain why there are none.
There have been hundreds, if not thousands, of PC viruses, a handful of Mac OS 9 viruses, and not one for Mac OS X in the wild (for nearly nine years.)
Maybe not just as, but they are vulnerable due to other vulnerabilities that exist within the OS.
I'm not sure why POCs and lab experiments don't count. If there's a virus in the lab, then there's a virus.
If you want something that is 100% safe and secure, give it up, there is no such thing and there lilkey never will be. That's why we don't measure security with 100% at the top.
Because lab scenarios are not indicative of real word situations and are designed to be hypothetical. If it isn't in the real word, it pretty much doesn't mean anything. Lots of things exist only in the lab, but nobody talks of them as real world things. Labs and real worlds are two different things.
I realize that security is journey, but LTD believes OS X has reached a destination.
But things that happen in the lab also have the possibility of being reproduced in the wild.
I'm not stringing words together. I'm saying there HAVE been viruses/trojans EXPLOITS for OS X. I never said they are there anymore. my point being it CAN happen and no computer connected to the internet is 100% safe. Apple even said so on their website. I suggest you go and read it. Especially before accusing me of running words together and using obscure arguments.
Well if that happens then they are no longer classified as lab scenarios. Lots of things are possible in theory, but the real measure of security is stuff that happens in practice. If it's not happening in practice, it's not really worth mentioning.
So you don't understand the meaning of obscure in this context? Let me explain it to you.
Bill Gates asserted [without proof] that Windows had so many viruses because it was popular. The mainstream media and Microsoft apologists took the flipside of this assertion and dismissed the fact that so few viruses existed on the Mac because the Mac had a small marketshare. The Mac was safe because it was obscure, the excuse went. This was the birth of the "security through obscurity" excuse. It had nothing to do with you or your argument.
Yeah I know what the word Obscure means. I thought it was directed at me because there wasn't a break in quotes or no quotes at all.
Also, I agree. Popularity isn't why Mac OS X fails to get deadly viruses. Like someone else here said. OS 9 had less market share and more viruses than OS X. The whole "more popular" thing is just an excuse Windows fanboys use to avoid admitting that their OS just has a bunch of security holes.
http://blogs.zdnet.com/security/?p=758
http://www.tomshardware.com/news/hack-windows-security-snow-leopard,8704.html
http://www.tomshardware.com/news/pc-windows-apple-mac-osx,9557.html
Some professional opinions, just to counter the unprofessional ramblings of people like LTD.
http://www.tomshardware.com/news/hack-windows-security-snow-leopard,8704.html
http://www.tomshardware.com/news/pc-windows-apple-mac-osx,9557.html
Some professional opinions, just to counter the unprofessional ramblings of people like LTD.
It's all completely meaningless when those alleged flaws are never exploited.
We're still waiting.
8+ years of carefree, unimpeded surfing. Love it.
8+ years of carefree, unimpeded surfing on the various PC's I've owned, with a flash player that works and a browser significantly less treacle like than Safari. I love it as well. Avast AV, free, small footprint, works so well you never notice it's there, never had a virus or malware issue.
Your point?
You would come across a lot less like a troll if you stopped trying to pretend you're an IT security expert by hand-waving away the opinions of those who ARE IT security experts.
+1.
When I was on Windows, with Avira AntiVir Free, I had no virus problems, except ad tracking cookies.
I did have problems with stability and audio though, which is why I moved to mac.
It's not meaningless. A flaw is a flaw, regardless of whether it's exploited. Say there's an issue with Bonjour that would give a remote attacker administrator privileges on your Mac. The vulnerability is still critical, even though nobody may have attempted to exploit it.
If what you're saying is true, there's no need to ever patch any system on a secure network, which has to be the worst idea I have ever heard.
Your surfing habits are yours, not everyone's. In other words, one case does not make the norm. You are always making threads about the doom and gloom of Windows and the unflawed Apple arena. You couldn't be more wrong.
No antivirus software required. No worries about malware. The safest consumer computing platform for 8+ years now. That's my point.