Intego's "Year In Mac Security" Report 132
david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."
So, avoid pirated Mac software... (Score:5, Informative)
...and let Software Update do it's thing with Security Updates.
Don't go online as Root, and really try not to open email attachments that claim to be "Nude Photos of (insert female athlete name here)"
Really, how hard is that?
Re:So, avoid pirated Mac software... (Score:5, Insightful)
Re: (Score:2)
Essentially, yes.
With the proviso that smart Windows users have the their AV software and definitions all up to date and use something other than Outlook Express and IE for their email and web use.
Re:So, avoid pirated Mac software... (Score:4, Informative)
The public exploits only affect IE6 users on XP.
Private exploits could affect IE7 users on Vista or even IE8 users on XP, but not if they activate DEP. If you activate DEP even XP users are protected. IE8 users on Vista and Win7 are effectively protected by DEP/ASLR.
So, in effect, if you update even just to year-old technology you're protected.
Re: (Score:3, Insightful)
Except for those exploits that target Acrobat, or Flash, or .. or .. or.
Microsoft has made some improvements with DEP and IE8 on Win7, but there are still far too many vulnerabilities in commonly used and widely distributed applications to make me comfortable with Windows.
Re: (Score:2)
Except for those exploits that target Acrobat, or Flash, or .. or .. or.
Microsoft has made some improvements with DEP and IE8 on Win7, but there are still far too many vulnerabilities in commonly used and widely distributed applications to make me comfortable with Windows.
There are many, many vulnerabilities in commonly used and widely distributed software available for any platform.
Go read just the last month's worth of CVE's
I know, I know.. you're going to say "but I don't use any of _those_ ones" Hah, gotcha.
Re: (Score:1)
Except for those exploits that target Acrobat, or Flash, or .. or .. or.
those are both java exploits actually-
personally I can say that pretty much every virus that I have ever gotten is from a java exploit- I wish that there were ways around not having a JRE but too many things use it
Re: (Score:2)
Perhaps you missed that IE8 with dep and/or uac installed on a version of windows thats not 10 years old didn't have issues? Sure, Microsoft had to put it as vulnerable in their articles because DEP and UAC should be a last line of defence, which doesn't change the fact that there's a bug in the app itself, but good luck getting an exploit to work in that configuration.
Everytime I see an IE exploit, the first thing I do, just for giggles, is to try to make it work in Vista/Win7 on IE8 with default configura
Re: (Score:3, Informative)
I guess you missed the IE8 zero day exploit just last week? It's only the latest way in which PC users get owned through no fault of their own.
It's not like OS X never had glaring [zdnet.com] 0-day [zdnet.com] exploits [about.com] of its own, so what's your point?
Re: (Score:2)
I guess you missed the IE8 zero day exploit just last week? It's only the latest way in which PC users get owned through no fault of their own.
It's not like OS X never had glaring 0-day exploits of its own, so what's your point?
Got a z-series in my closet, what's YOUR point?
Re: (Score:2)
No one denies that there ARE hazards that target OS X.
But three exploits for Leopard, one of them Intel only (PowerPC user here) another is a Safari exploit vs. the countless exploits for Windows scarcely seem indicate that Mac OS is as vulnerable as Windows.
As long as there are Windows users who do everything from the root account, and who will insist upon opening "SEE NAKED PICS OF (female athlete name here)!!!!" emails, Windows will continue to be the botnet host of choice.
Re: (Score:2)
As long as there are Windows users who do everything from the root account, and who will insist upon opening "SEE NAKED PICS OF (female athlete name here)!!!!" emails, Windows will continue to be the botnet host of choice.
Can't argue with that. I don't know with any ways to prevent the "social exploits", however, short of the model where user cannot become the admin at all (i.e. the one where he cannot control his own box even if he thinks he wants to) - and Apple seems to be toying with the concept with iPhone (and looks like they can even sell that!). But MS could never afford such a thing.
Re: (Score:2)
The exposure for IE (it wasn't targeted at IE8 but IE8 could be vulnerable) will own any XP PC on IE6. If they have XP SP3 and IE7 they are not currently vulnerable to the initial threat, but that will change quickly. If they have XP SP3 and have upgraded to IE8, they are currently safe, unless they then turned of DEP.
http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-ie-0day-vulnerability.aspx [technet.com]
Re: (Score:3, Informative)
Both Mail and Finder will warn you that what you are opening has been downloaded from the internet and ask you to confirm you want to execute it.
Each file you download is put into a quarantine and your answer to the question is recorded.
You generally don't have to worry about opening non-executable files like images, zip files, video files etc. But, you of course, do have to worry about shell scripts, apple scripts, applications and application documents that contain java script (like PDF if you use Adobe r
Re: (Score:1)
Any savvy user should already know all these things no matter what platform they use.
The existence of the "Genius Bar" indicates that savvy users are in short supply.
Re: (Score:2)
You're right, I'd rather talk to somebody with a heavy accent named John and wait while he runs through a script, lie and tell him I've restarted when it's not needed, not reinstall Windows like he tells me to and then get a part sent out when a hardware part is broken (nothing like reinstalling Windows to fix a physically broken DVD drive).
Or just go to the Genius bar, see if they can fix it/have a spare right there, if not they take it and it gets fixed.
Gotta hate that highest rated customer service.
With great freedom comes great resposibility (Score:1)
Should it be any surprise that unmoderated software could introduce security vulnerabilities? All a CPU does is execute instructions, so "jailbreaking" a phone just gives you the opportunity to run more software which may contain malicious payloads.
When 20/20 took a look at dangerous "exploding" trucks, it was found that if you put a small amount of explosive near the crash area, that you could indeed cause a truck to explode in an accident. But does that mean that the truck company should be found at fault
Re:With great freedom comes great resposibility (Score:4, Insightful)
Really, the main problem is that jailbreak processes don't try to change your default root password. So the vulnerability is that Apple supplied a default root password (that isn't workable without jailbreak), and the haxx0rs remove the protection but fail to force user to change or randomize (and remember/show to user) that password.
Nothing bizarre about that.
Re:With great freedom comes great resposibility (Score:4, Insightful)
Apple either supplies a default root password or it has to build in a backdoor. Otherwise there is no way to upgrade the OS. Which way do you think is more secure?
The jail break issue isn't Apple's problem. It is a problem with people doing things they don't understand.
Looks like the jail break is just another way to root kit a computer (phone).
Re: (Score:2)
Re: (Score:1)
Apple either supplies a default root password or it has to build in a backdoor. Otherwise there is no way to upgrade the OS. Which way do you think is more secure?
Or, i dunno, have the user set a password?! Which is then entered when modifications need to be made. You really think it's a good system to base it all on having a default root password do you?
Re: (Score:3, Informative)
Re: (Score:2)
If you are smart enough to jailbreak your phone, but dumb enough not to change root password, you really do get what you deserve.
Re: (Score:3, Funny)
Re: (Score:2)
When 20/20 took a look at dangerous "exploding" trucks, it was found that if you put a small amount of explosive near the crash area, that you could indeed cause a truck to explode in an accident. But does that mean that the truck company should be found at fault for a usage scenario that is not supported?
Point taken, but to be fair that was NBC's Dateline that did that, not 20/20.
Re:With great freedom comes great resposibility (Score:5, Insightful)
When people point out something the Iphone can't do, we hear "Oh it can, but you just have to jailbreak it". When we get stories about security holes, we hear "Oh that doesn't count, you just have to not jailbreak it".
So er, which is it?
The problem is that the Iphone is the only phone where "jailbreaking" is necessary to get basic functionality working (e.g., tethering, running applications that Apple don't like).
Consider, do you ever hear people talking about "jailbreaking" in the context of any other phone?
My 5800 works fine, not had a virus (indeed on any of my phones), never needed to hack it.
Re: (Score:3, Interesting)
Correct. Something as simple as deleting [techarena.in] a [appleiphoneschool.com] call [everythingicafe.com] is not possible on the iPhone without jailbreaking, which is shocking because on every cellphone I've used in the past 10 yrs I've had the ability to delete a phone call from the call log and it's a feature iPhone owners have been asking for since 2007. If you want to remove a single call you have to delete the entire phone call log
Hon
Re: (Score:2)
If you're so worried about your wife seeing your calls to your mistress, get another phone. Or delete the entire log.
While I grant you it shouldn't be hard to delete a single call as opposed to the entire log, I cannot imagine needing to do so.
Re: (Score:2)
One of the standard (and hence, predictable) pro-Apple replies: "Why would you want to do that?"
That is not an answer to the criticism. Especially not for a company that prides itself allegedly on good UI and being easy to use.
get another phone
I did.
I cannot imagine needing to do so.
Good for you. Do you post to every discussion about technology, where you don't have a need for a particular thing? Or only to defend Apple?
Re: (Score:2)
Why do people assume this? If I want to delete a call, it must be to cheat on my wife? Can't someone throw a surprise party, or maybe just remove telemarketer calls i don't want in the log?
"I grant you it shouldn't be hard to delete a single call as opposed to the entire log, I cannot imagine needing to do so."
well i'm glad you're the foremost authority on what everyone needs to be able to do. I've been
Re: (Score:2)
like a surprise party?
(Score:5, Flamebait)
oops, sry for feeding the trolls. You may return to your cave now troll, no one wants to hear what you have to say
Re: (Score:2, Flamebait)
I'm not sure what you mean by "basic functionality".
My iPhone isn't broken and I have tethering enabled. Sounds like your problem is with AT&T. I'm in Canada under Fido/Rogers so YMMV.
With "both" companies my tethering is enabled with a quick call. My provider asserts that my data plan must be 1 GB or higher, but this is largely to protect me from ignorantly going over my data plan usage allowances. I go to my settings and turn on tethering. There is no step three ;)
As for "applications that Apple doesn
Re: (Score:1)
As for "applications that Apple doesn't [sic] like", you must mean malware, trojans, and data theft mechanisms. If you want to run those by all means do so. You could save yourself some trouble and just write your date of birth and credit card numbers on a placard and hang that around your neck when you head to the mall.
Yeah cos that's what apps like Google Voice were all about. Don't spout rubbish like that just because you don't know what you're talking about.
Re: (Score:1)
applications that Apple doesn't [sic] like
are not
malware, trojans, and data theft mechanisms.
or do you have no concept of what the above actually are?
Re: (Score:2)
How about you don't jail break it if you're a 'fucking moron'? Or in your case, just don't buy one cause you can't understand the basic premise behind both of those statements.
It isn't open and requires jailbreaking to prevent 'fucking morons' from causing problems.
So a 'fucking moron' who doesn't know what they hell he/she is doing shouldn't jailbreak it, and those are the people who get exploited, which are the people 'who shouldn't jailbreak it'
This is the problem with todays hacks. Hackers forgot the
Re: (Score:2)
You're right. On Android they call it "rooting."
It's not necessary to not jailbreak your phone. Just remember to set your password when you install SSH. Same lesson applies to any machine you install SSH on.
Re: (Score:2)
You DO NOT need to jailbreak to use tethering. My un-jailbroken iPhone tethers just fine.
You also don;t hear about it in any other context because no other phone is in the same sort of position - a popular device that doesn't do quite what some geeks want, with enough following to change. There are plenty of phones that are locked up just as tightly as the iPhone, with features crippled and controlled (but mainly at the behest of the carrier, not the owner of the App store), but they don;t get much press be
Re:With great freedom comes great resposibility (Score:5, Funny)
in a safe manor
My security guards keep my manor safe.
Re: (Score:1)
"that users would want to use software outside of their control"
hahaha, it's funny because it's apple! Hardwired batteries, single sheet aluminium cases, Apple don't like letting you into -anything-, control will be theirs... somewhere in rural America (probably) is a giant warehouse, filled with giant crates, which in turn are filled with all the second buttons from the mice, being looked at by "top men". And you thought they were designed with only one button, HA shows what you know. They just only give y
Re: (Score:3, Informative)
Re: (Score:2)
Probably because hard drives are largely inert, while batteries will explode if you do it wrong. Yes, it's perfectly possible to replace the battery yourself, but Apple doesn't want to be liable for your medical bills from the burn unit if you do.
Re: (Score:2)
I actually didn't even know there was that myth, they seem silly to me because of the heat the core2duos produce, I personally prefer a well vented system, but each to their own, I wasn't after a serious pc vs apple debate, not sure my karma can handle it after the netscape vs ie one a few days back *lol*
Biggest Mac security threat... (Score:2, Funny)
Installing Windows.
Re: (Score:1, Informative)
The results of pwn2own indicate the contrary.
Re: (Score:2)
Not really. pwn2own requires private exploits that no one knows about, with Windows every known exploit is used as soon as possible. The last winner set on his hack for a year. He didn't find a new one, he just sat on it so he'd have it handy.
That sort of contest doesn't indicate security in general, unless you're so retarded you think that because an OS didn't get bothered with during the contest that it must therefore be secure.
Re: (Score:2)
That's a great argument against Security Through Obscurity, which happens to be Apple's MO. Security Through Obsucurity works so poorly that even Microsoft has given up on it.
Demonstrating how quickly a zero day exploit can be created and deployed has nothing to do with security in general.
Re: (Score:3, Funny)
Yep, I'm still installing it... started last october... it's still only on 78% :-/ What the bet it'll crash at 99%? You know it's like a fundamental law of the universe; the longer any computer process takes, the more likely it will crash when it gets to 99%.
Re: (Score:1)
Re: (Score:3, Informative)
Oo you definitely don't want to be deplugging usb drives, you kind of need them to keep their plugs so you can plug them in.
As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time on it (a client of mine's stock has become somewhat disorganised and lost track of what's faulty and what they've used themselves, and as testing harddrives themself is much quicker 'n easier on Linux as you can just
Re: (Score:3, Informative)
As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time
I think what he was trying to get at is what sometimes happens on a Mac if a user unplugs an external drive without un-mounting it first, a quirk that Macs have had since at least the System 7 days. I'm not sure why OS X will still occasionally have trouble handling that situation gracefully (although ninety-nine times out of one hundred the only "bad" result is a dialogue box that pops up advising you not to do that again) but it's not really a big deal as long as you remember to follow the proper procedur
Re: (Score:2)
Right right right, well osx was the first mac os to be done vaguelly "properly" at the kernel level as far as I remember, with previous os's being semi windows 3.1 level in some respects such as cooperative multitasking rather than preemptive, and proper protected/virtual memory mechanism so buggy drivers/apps could just go walking all over the system. So, definitely wouldn't be surprised if that was the case!
I'm definitely not a mac lover myself, but one or two friends with the laptops, and had a support c
You mean OSXWindows? (Score:2)
Some fan guy modded you flamebait but, I guess you mean installing boot camp or a virtual machine (hypervisor) and running it just like OS X, without antivirus/firewall and giving it access to OS X file structure.
IMHO Apple made a huge mistake by allowing (SL Bootcamp) Windows to see (read only though) OS X drives. That is not a favour, it is a huge security risk especially for Mac only people not knowing the extent of Windows threats/trojans/data leakage.
Fix? "My Computer", "Manage", "Disk Management", rem
'Pretty well' isn't good enough (Score:2, Interesting)
Apple doesn't care enough about security [serverwatch.com].
Re:'Pretty well' isn't good enough (Score:4, Informative)
The article you like to is talking apples and oranges literally. If the implication is that BSD bug is also a bug in OS X, then it's false. The bug is not present in OS X.
iPhone on the other hand is a completely different beast and yes it is locked down platform mostly for the benefit of the users, so we don't have to worry if an application is safe to install and use.
Yes, there may be security issues in iPhone apps, but even the security updates of applications go through the same review process, which may catch an omission in the review of the previous version (which is what happened in the case of the software discussed in the article).
The review process is not perfect nor ideal, but I for one am thankful that someone else is testing the applications for me and I don't have to waste the time and money on tools to check what each app does and it it is safe to use on my phone.
Re: (Score:2)
So don't buy one. See how easy that is. If you want a phone you can flash ROM on, install OS you want it, develop apps for it you want, and choose provider you like, shop elsewhere (I don't know of any that will let you do all those things).
It's not like Apple advertised you could do all those things with an iPhone and we now find out you can't. iPhone was meant to be an appliance (a phone) from day one and not a general purpose computing device like their laptops.
If they ever started doing that with their
You can't handle the truth (Score:1, Informative)
As much as Intego wants to present the state of malware on the Mac, the truth is that even Intego works pretty much like any other AV engine which tries to detect malware based on its signature or heuristics (behavioral), that they receive either from someone sending them a sample or collected with their honeypots around the world.
The bots/trojans/RATs that are written for specific targets, do not have a signature, thus, are undetected. Then it becomes obvious that Antivirus solutions are not enough. You
Re: (Score:3, Funny)
"but doesn't mention that Adobe's own CS4 install tries to phone home"
Riiight... cuz that's what trojans are famous for isn't it... checking to make sure that you're allowed to run then. My god I do wish trojans actually did do that, and better than other software does it. I'll admit on here, I don't legally own any trojans at all, which means all I have to do is make sure that they can phone home to verify this, and never have to worry about them again! Ahh... pleasant thoughts.
Re: (Score:2)
Wow you're really clever, I had no idea, ya know I was actually thinking he was talking about a giant wooden horse that could make DTMF tones into skype whenever he played counter strike four, so it could secretly tell his opponent, ET, where to shoot. My google I wish even harder you were self monitoring and reporting to yourself how much dang it, would be so swell if you could teach me all about understanding abstract concepts seeing as you got my point but I didn't get anybody's. This is how stupid I am,
Software updates,activations and anon statistics (Score:2)
So, original Adobe CS4 user who paid more than $1000 and gave his credit card number, home address and telephone should be protected from "evil Adobe" from checking updates or trying to figure which parts of software is used anonymously?
Well, Intego and couple of other companies offer a application firewall but, obviously if you use original/activation system software, it will fail to work if it can't access to net. Solution is GIMP but, it would be a bit unrealistic.
my summary of the white/sales paper - fluff mostly (Score:4, Insightful)
This is basically 7 total pages:
* first couple pages on installing bitorrent'd software
* Page 4 and 5 about people who installed openssh on their jailbroken iphones and didn't change their passwords
* last page has citations back to their own blog
The meat of it is about PDF, Java -- surely those have a more widespread effect right? But they spend a lot less words on those topics. Note that all the visuals have to do with the stupid ssh-admin-password and bittorent'd malware.
Skip to the concluding paragraph -- they just have to emphasize the iphone again.
I was going to say "I declare this posting unfit for Slashdot" but the good I see is that we can pick it apart to sort out the fluff.
My rating system on severity overall on the entire population of apple products:
1) pdf/java (5 stars)
2) I-enabled-ssh-w/o-a-password (1 star - you're fault for being a retard)
3) Charles Miller iphone vuln (5 stars when it wasn't patched)
Re: (Score:1)
Surely something with a button that big and red must be awesome.
Re: (Score:2)
"* last page has citations back to their own blog"
*lol* it's like when some breaking story (ie, any story) hits the news, but perhaps controversial or unconfirmed, and they say "it has been reported that blah blah blah" and then you flick over the channel and they're saying "blah blah has reported that blah blah blah", and it doesn't take long to notice that all people are telling you is that people are telling you what they're telling you.
Someone somewhere get tipped off about some rumour, phones someone h
Re: (Score:2)
lose/lose (Score:2, Funny)
lose/lose (from the article) seems like a fun game to play right before installing Debian.
WTF, people. (Score:2, Interesting)
The ability to jailbreak is a security hole. Last I knew the techniques people use are remote code execution.
For example as I recall the 1st gen jailbreak was to get a specially crafted TIFF file that exploited a buffer overflow when a page was loaded in Safari. Stop and think about that for a minute. This is the kind of behavior you don't want to be possible. Yet in the reality distortion field, it's a great thing suddenly. Users are totally unconcerned about this.
I'm not sure if the exploit mechani
Re: (Score:2)
This is the kind of behavior you don't want to be possible. Yet in the reality distortion field, it's a great thing suddenly.
Ummm, citation needed?
Re: (Score:3, Informative)
FWIW, this has changed about jailbreaking. What you said used to be true on the 1.x series of iPhone software, where everything always ran as root. Therefore, a hole in libTIFF lead to (remote) root code execution. Starting with the 2.x series, Apple finally forced the restricted user account named Mobile to be used instead of root. That made it so now a libTIFF exploit *also* would require a privilege escalation exploit rolled inside; made things much harder. Starting around the 2.x software, the new way t
Re: (Score:2)
http://secunia.com/advisories/27213/2/ [secunia.com]
Yeah that is ancient news my friend. It was patched with OS version 1.1.2. in 2007 if my information is correct.
iPhones and iPods can now run OS version 3.1+
I would say that pretty much anyone going online has patched as version 3 of the OS brought copy/paste functions.
I can't imagine using my iPhone or iPod without copy/paste.
so what they are saying is... (Score:2)
Re: (Score:1)
I think I'll just settle for not buying one.
Apple's DRM seems to be the main problem (Score:4, Insightful)
Re:Apple's DRM seems to be the main problem (Score:4, Informative)
Re: (Score:2)
So, you're blaming Apple for a user's inability to think umm, I am installing SSH on my device, maybe I should not use the default root password".
Right.
Is it also Ford's fault that I can't easily get into my car because of the draconian limits on copying car keys when I lose my main and spare set?
Re: (Score:2)
If the reasons that motivate most people to escape were addressed, then so would the unintended side effects. There would be a fraction of the hacks if a) Apple sold a proper unlocked network free model and b) Provided a simple and painles
Re: (Score:2, Troll)
iPhone unlocking has nothing to do with jailbreaking. I unlock my iPhone but I definitely don't jailbreak it (don't want the instability and hassle of dealing with stuff that comes from non-official sources).
Re: (Score:2)
My jailbroken phone isn't unstable...
Re: (Score:2)
Re: (Score:2)
Or you just ask your carrier to unlock it for you. O2 will do it for you here in the UK now that the exclusivity deal has finished.
Locked phones are not unique to to Apple.
Jailbreaking the phone to run the unsigned unlock code also doesn't make you vulnerable. Installing SSH and not changing the default password does. That is a separate thing.
Re: (Score:2)
The two are *totally* unrelated. Unlocking to other networks has *nothing* to do with jailbreaking your phone.
Nor does jailbreaking itself cause you to be vulnerable - you need to also install SSH as well.
If you are installing SSH, you really ought to know what you are doing.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
How big is the demand for jailbroken devices? I know there are a lot of people on /. that would almost reflexively jailbreak one if they owned it, but how does that translate to the general population? Hardcore geeks like us are neither typical of people in general nor Apple's target market.
I have an iPhone with quite a few apps on it, and it's not jailbroken. This means that any software I install on it gets at least a screening from a company that has a lot to lose by allowing malware on the phone.
Re: (Score:3, Insightful)
They also have a lot to lose by allowing apps like voip, instant messaging, map readers, voice search, flash player, browsers, podcasters, movie players, music players, file downloaders etc. etc.. Basically anything that competes with their tech, or offends the network, or they simply don't like on grounds of taste or any other arbitrary reason. They even ban apps w
Re: (Score:2)
The locking to network is not Apple's beef - they don;t care one way or the other (or in fact, prefer unlocked since it means they can sell more phones). You can get your iPhone unlocked by just asking your carrier (note: does not work in USA).
The main point is that everyone knows ahead of time about the walled garden, and yet wants in anyway - only to them complain that they are in a walled garden. This is what Android is for!
Re: (Score:2)
Flash player? You're assuming that I want the number one security vulnerability installed on the phone that's also my PDA, browser, game machine, etc. I depend on my iPhone. I don't feel fully dressed without it. I don't want stuff on it that's likely to compromise it.
Re: (Score:2)
Re: (Score:2)
Not assuming anything? Seems to me you're assuming Apple's motives are what you attribute to them. Do you have any evidence that Apple's lockdown is not due at least partly to security and the desire to present a seamless experience?
Re: (Score:2)
Re: (Score:2)
Do you know this through insider knowledge, or are you reading the minds of top Apple execs? You seem awfully sure of the motives of people that you show no sign of knowing personally.
Talking through their hat since 2004 (Score:4, Informative)
Back in 2004 Intego's big complaint about the Mac was that because it's based on UNIX, if you could get it to execute a shell script you could do anything on the computer, and that Applescript wasn't sandboxed. They never noticed that the same was true of CMD.EXE and VBscript on Windows, DCL on VMS, and every other native scripting environment on every OS, ever, anywhere.
Intego's business model appears to be FUD.
Mac keyboard firmware security issue (keylogger (Score:2)
Re: (Score:2)
Its an active hole in the wild used by anyone. (no hint yet?)
Its an active hole in the wild used by the NSA, CIA, FBI. (not going to be fixed anytime soon)
Its not an easy hole to use in the wild. (no chatter yet?)
Apple staff are so distracted by itoys.
Not so fast (Score:1, Redundant)
I ran a Windows computer at work. And I had one at home. Never had a problem.
Then I went to another office. We had to spend a fair amount of time researching on the Web. All it took was one person landing on an illicit web site, and the shit hit the fan. All of a sudden, one after another, everybody's hit with trojans and God knows what else. No IT guy to run the thing, so I became the informal computer guy. Several computers are taken out and got the OS rebuilt. The only way to protect against the exploit
Re: (Score:2)
Re:we don't need economic buzz (Score:5, Funny)
We need an economist to explain us how the us, by privatizing gains and socializong losses turned into a fascist state.
And an English teacher to straighten out that sentence.
Re: (Score:3, Funny)
And an English teacher to straighten out that sentence.
I think it's Korean.
Re: (Score:2)
"any potential problem a Mac might possibly have A: is actually a feature B: is actually your own fault or C: doesn't matter"
Macs are just weird... on my windows machine, both A: and B: are redundant as it doesn't have a floppy drive and C: really does matter cuz the bootloader's there. Like Chalk 'n iCheese.
Re: (Score:2)
The particular problem is the false claim in their adverts of PCs getting viruses, since you could just run Linux (not to mention that Macs are PCs anyway). If they were comparing to Windows, it would be fair enough, but they don't. Possibly it's to avoid getting sued, which makes me suspect that they have no confidence in their claims in the first place (if the claims were true, it wouldn't be a problem to mention Windows).
Re: (Score:1)
The vast majority of computer users aren't aware that 'PC' does not mean 'x86/x64 based architecture running Microsoft Windows'.
Trying to cram too much information into a 15 or 30 second spot is just asking for fail. Commercials (for anything) need to be kept simple.