Macs Gaining a Bigger Role In Enterprise

rev_media tips a short article up at InfoWorld giving some numbers on the increasing Mac presence in businesses. "We're seeing more requests outside of creative services to switch to Macs from PCs," notes the operations manager for a global advertising conglomerate. They "now [support] 2,500 Macs across the US — nearly a quarter of all... US PCs." Another straw in the wind: "Security firm Kapersky Labs has already created a Mac version of its anti-virus software for release should Mac growth continue (and the Mac thus [find] itself prey to more hackers)."

The ghost of Vista

[Santana]

I was thinking of buying a laptop some weeks ago but I was reluctant to use Vista. That was the initial thought that led me to buy a MacBook.

I use Windows XP at home and OpenBSD at work as desktop OS. I can't stand Linux as a desktop OS. Mac OS X seems like a perfect merge of a great GUI and the power of UNIX, running on solid, proven Intel hardware. With a Mac I have the best of both worlds.

You asked to be corrected...

[thestuckmud]

Don't kid yourself. Linux is potentially as vulnerable as other operating systems. Reports [slashdot.org] say that rootkitted linux machines serve as botnet controllers. Keeping linux machines patched for security is necessary, too.

Re:Just goes to show ...

[dorzak]

Not likely since Rush Limbaugh is a Mac user.

Re:It's not Vista; it's W7 and beyond

[UttBuggly]

Absolutely agree with what you say, most especially "...a better OS to get shit done on."

I've used everything; Apple II and III's, every Mac model there is, the Lisa, and NeXT machines from the Steve. I think at every strata of the evolution of Apple, there was a focus on getting shit done. And making the user interface better.

I'm not a fan of Apple or a Microsoft hater. I am most certainly a fan of things that work and work well.

That's why I've started switching the family to Macs. After the first MacBook, for the son in college, I had no takers for Vista, even though they would HAVE to get a new machine to run it. Everyone will replace their current laptop and/or desktop with a Mac as budget permits.

At work, not so rosy, by a long shot. I think it's more a function of overcautious upper IT management than the Mac isn't a viable alternative to Vista. We have about 40,000 PCs and laptops to support, so this does require some serious thought. Do we replace the estimated 25,000 machines that flat will not run Vista and upgrade a fair amount of the remaining 15,000, plus the cost of Vista itself? How much will ancillary impacts from upgrading other services like Remote Management, AV, Windows Update, and so on cost? User training costs? Will it break anything like internally developed applications?

The light at the end of the tunnel is that the numbers ARE scary, so we're doing studies with various Linux distributions and there's some serious thought to bringing Macs in. Linux looks good from the hardware standpoint as virtually all the current PCs in service can run Linux. The Mac looks good from a support overhead standpoint, which is not insignificant with the number of users we have.

I'd be happy with either at work myself. I have an old ThinkPad T-23 (a Celeron CPU) with SLED 10 on it now. It's good.

Still, I have 4 machines at work and I wouldn't mind trading them ALL in for Mac replacements!

Strong Rumour - Salesforce Switching to Mac

[Anonymous Coward]

If this is true then 4000 users at Salesforce are about to switch to Macs.

http://www.alexcurylo.com/blog/2008/04/23/switcher-salesforcecom/

Re:Mac support in the Enterprise?

[bartron]

AD works but is is no-where clean. It doesn't support DFS (not the way we set it up anyway). The only thing that comes close is Thursby's AdmitMAC product which does the job but likes to own the computer in the process. To me that's just an invitation for instability and we'd be back where we started.

I love my macs but they are indeed a pain to get working properly in a mixed environment.

Re:Don't pretend (you too)

[Anonymous Coward]

"Don't pretend this is the same thing as tens of millions of Windows bots compromised with a single vulnerability. Some poorly administered linux servers got compromised. That's bad, but that's not the same thing as your own windows box allowing a Lithuanian hacker to remotely administer your XP machine while you sleep and feed the username and password he captured from your keyboard log to instruct your bank from your computer to transfer all of your funds to his account. That's a completely different level of exploitability." - by symbolset (646467) on Sunday April 27, @03:59AM (#23212460) Homepage

It's EXACTLY the same thing, since you mentioned "poorly administered" - see this:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, & make it "fun" to do, via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?showtopic=2662 [tcmagazine.com]

----

Because it LITERALLY shows you the level of security that BOTH Linux (AND WINDOWS) have, via their DEFAULT security policies settings, & out of the box/oem stock (this is inclusive of SeLinux bearing distros as well, mind you).

(And, by default, they're BOTH setup pretty poorly for security... until you "security-harden" them).

It's not like I couldn't produce you a fairly sizeable list of hacks/cracks/security vulnerability holes & incidents over the past 2-3 yrs. now for you, should you ask, ok? Just ask.

APK

P.S.=> Right now, as long as Macs, Linux, & all other *NIX distros/versions variants are less used, they DO have the phenomena known as "security-by-obscurity" operating in THEIR FAVOR... & that's about it, because you CAN security-harden a Windows rig & have it as secure as ANY *NIX variant out there, if not moreso, for around 1-2.5 hrs. of your time doing what's in that thread, in addition to using some common-sense, for YEARS to DECADES of secure, stable, & security-hardened uptime... apk

Re:Hmmmm

[flnca]

I have a mailbox full of Mac exploits. Want some?? ;-))

They're easily identifiable by attachments with Mac file extensions.

Re:Not impressed with Macs

[wass]

I can't help you out with the MDI thing, but here are two ideas that may help you become more productive with launching the apps you want (ie, less fumbling with the Dock and Finder).

First - check out Quicksilver [blacktree.com]. It's kind of a dynamic shortcut to your useful applications, files, music, webpages, etc. Many techie OS X gurus can't live without it. There are even youtube tutorials for it.

Second - if you want something akin to Windows-style start menu try this. Open the Applications window in Finder. At the top of the window there's a small icon next to the Applications window title. Drag that icon into the dock, to the right of the separator. With one click you now have instant access to your Applications directory.

However, if that's not good enough, by right-clicking this icon instead it will show you all your Applications in a textual menu form, much like the Windows start button.

If that still isn't good enough, you can make another Useful folder with links to all your commonly-used Applications, then put this Useful folder in the dock.

Re:Mac support in the Enterprise?

[Anonymous Coward]

I have been installing and supporting more and more pure MAC networks.

I must say that their server product is extremely buggy.

http://discussions.apple.com/thread.jspa?messageID=6696589&
http://discussions.apple.com/thread.jspa?threadID=1224346
http://discussions.apple.com/thread.jspa?messageID=6698417

This is reference to an Appletalk/OpenDirectory bug that hasn't been fixed in SIX months. It is a showstopper bug for many people, yet there is no fix or workaround.

I also noticed that MS Office on a MAC is extremely buggy.

Apple needs to dedicate more resources to their enterprise products before I can truly recommend them.

Re:Make that two of us, Apple needs competition

[644bd346996]

The Cocoa-Java bridge was dropped because hardly anybody was using it. There's no way it would have been cost effective for Apple to continue to update it.

The "C/C++" apis you were referring to, more commonly known as the Carbon api, is a slightly sanitized version of the Classic Mac OS programming interface. They were old and ugly, and Carbon had to retrofit them with support for things like preemptive multitasking and memory protection. Anybody who considered Carbon as anything but a legacy api was a fool. (Yes, that includes Adobe.)

You don't seem to be aware of CoreFoundation and Objective-C++, which provide C and C++ respectively with access to most of the Cocoa apis. But I get the feeling that you're deliberately ignoring the fact that Apple has added Cocoa bindings for Python and Ruby.

And you definitely should have mentioned GNUStep, a portable environment that is compatible with OpenStep (from which Cocoa is derived) and has included many of the improvements from Cocoa. If you actually want your app to be portable, it is very easy to write it using GNUStep as the lowest common denominator. The resulting app can then be compiled and run on Windows, Linux, and OS X.

Comment removed

[account_deleted]

Comment removed based on user account deletion

I didn't say any OS came perfectly safe

[symbolset]

You saying that Windows can be secured does not diminish the fact that over a million Windows boxes are compromised right now. No useful system that's connected to the network can be made perfectly secure, but that doesn't mean that some are not better than others.

Again, Linux and osX don't have any viruses in the wild. Zero. None. Not one. Zip. Nada. On these operating systems antivirus is to protect you, the feeble Windows client of the mail server. The Linux malware ecosystem is almost the exclusive purview of nation-states and their clandestine operatives, megacorporations and their industrial spies. Securing your linux box is important, but these people aren't generally interested in common folk.

Windows has hundreds of thousands of viruses in the wild. These viruses support the financial interests of spammers, identity thieves, Nigerian scam artists, mail order fraudsters. Their ecosystem includes money launderers, extortionists, blackmailers thugs and hit men. There are incredible toolchains that take a found vulnerability and turn it into an exploit plugin for distribution by their botnets and compromised websites in mere hours. There are marketplaces where the proceeds of spying on your Windows box and the tools to compromise your windows are bought and sold. The ecosystem also consists of various members on the white hat side including antivirus vendors, penetration experts, firewall vendors, malware blockers and anti-phishing toolbars. Then there's the grey area group who sell with irritating popups products that do absolutely nothing, but give users a false sense of security -- opening them up to exploitation. These industries generates several billions of dollars a year in profits.

No antivirus catches 100%. The virus infrastructure in a thriving stew that's updated minute by minute to stay ahead of the AV companies. For the most part the latest and most successful viruses are used. Once your PC is infected they pretty much can do anything with it they want to including:

• monitor your keyboard and watch your screen
• remotely control your PC
• read all your mail and your personal files
• transfer any file back to their mesh storage, or publish it online
• use your computer to attack other computers
• use your disk to store illicit materials (stolen data, porn including kiddie porn, warez, movies and music)
• use your computer (if it's connected directly to the net) to serve the above data to other people for a fee
• send spam

They can do all of that without your knowledge or consent of course. They are actively doing this to over a million Windows users right now. Are you one of them?

People can choose. The operating systems with no viruses or the ones with hundreds of thousands. It's their choice.

Re:It's not Vista; it's W7 and beyond

[ceoyoyo]

Strange, I had the opposite experience. I remember coding in Visual C++ and desperately looking around for a stupid MS documentation CD to find out that the university hadn't renewed their very expensive subscription.

Coding on the Mac? Pop open the browser of your choice, navigate to developer.apple.com/documentation and type in what you'd like to know. Not only are the class references there but they also have conceptual documents and tutorials that are actually helpful.

I agree I don't particularly like the documentation browser built into XCode. So I never use it.

Re:Make that two of us, Apple needs competition

[iluvcapra]

As Apple became more comfortable with their position and had less fear of Developers being unwilling to move to the platform, the first dropped Java as a first class language (no more Java-Objective-C API bindings)

They had built in the bridge at great cost in the early years, and it was a major part of their developer push. You can imagine their frustration when no one used it; this is the Cocoa bridge, mind you, not the Java platform. People code in Java so they can write once and run anywhere, not so they can code platform-dependent GUI code. Apple thought having a Java bridge might drive people to write software that favored their platform, but Java devs just kept on using Swing and AWT, and generally ignoring the bridge, since it was platform-dependent.

I think the nail in the Java bridge's coffin was that you couldn't do key-value coding in Java, the way Apple implemented it, because you sorta need duck typing to make it work. Objective-C can do this, Java cannot (though the Java people hold this is a good thing.)

last year dropped the C/C++ API's further development.

This is a tricky statement, as CoreAudio, the File Management APIs, OpenGL, QuickTime, Core Foundation, Core Services, and, hell, the Kernel API and BSD subsystem are all "C APIs" and a part of the OS X platform [apple.com], and they are all continuously being refined and extended; though not all of them are 64 bit yet, this doesn't pose much of a limitation on OS X since you can call from 64 bit code into 32 and back "for free." The Carbon API, particularly the UI code, has not been rebuilt for 64 bit and may not ever, but it is not "unsupported" or "deprecated."

Your statement makes it appear that coding in C on OS X is somehow unsupported, or that ObjC is the only Kool-Aid in town, and this is a flagrant canard.

There will be no 64 bit version of Adobe CS4, the next CS iteration, for OS X, Adobe has said. It will literally take them years to port their code base to ObjC. Personally, I wonder why they bother. Given that the Ubuntu Linux desktop is now very smooth, is getting fantastic reviews all around the net on mainstream publications, It would be a perfect time for Adobe and others to port their apps to Linux

They're probably in the same spot MS is, in that even they don't know how their code works any more, with the number of people they've had working on it over the years.

Clarification

[theolein]

I know people and companies who used the Java-Cocoa bridge. A friend of mine was developing an online custom PDF report generator for financial companies using it. There were many such uses of the Java-Cocoa bridge, just not much in the way of client side publicly available applications. The problems my friend ran into, long before Apple decided to drop the bridge, was that the Java-Cocoa bridge was very buggy and reported bugs to Apple by companies that had developer agreements with Apple were simply not given any priority. One of the bugs in the J-C bridge was that the a PDF renderer (IIRC) implementation in the bridge had a memory leak. It only became obvious on many hundreds of objects, which was precisely what my friend was using. Apple knew about the bug as far back as 2003, yet never fixed it, right up until they deprecated the API in 2005.

I am aware of CoreFoundation and Objective-C++. Since you mention it you are also aware that it is restricted in what it can do. Porting a large C++ application to ObjC++ is not that simple. You will need to rearchitect the entire GUI code and most of the backend.

I am not ignoring the Python and Ruby bridges, and not the AppleScript implementation either. But they are not suitable for major client side performance dependent native applications.

As for GNUStep, who uses it? Can you point out any major applications that make use of it? The best way to make cross platform applications has been though the Qt and WxWidgets toolkits. They both rely on the Carbon APIs.

Re:Biggest Apple problem

[dregs]

We test, because OS X is not backwardly compatable enough.

We currently have 1 enterprise product that DOES not work on OSX 10.5, but does on 10.4 fine.

10.5 also broke our centralized authentication process. So if you run unmanaged Macs then yep its all fine, but that is not running an enterprise setup, that's just running a heap of Macs.

Its not the same, and it doesn't scale well
We more than halved our support calls times on Macs when we rolled out a centrally managed and supported managed operating environment,
it would have been more, but apples last minute upgrades, and breaking of backward compatability
now require significant more testing.

We support Linux, Win XP, and OS X, and the linux and PC's are the cheapest to support, and have the best backward compatability.

Just go to http://www.macintouch.com/leopard/compat.html [macintouch.com], to see what broke and what only kinda broke, (and its not a small list), we were affected by a number of these issues.