“When it comes to security, Apple Computer’s report card reads like that of a gifted child: high marks for achievement, but needs to communicate better with others. In general, the Mac operating system has seen far fewer bugs than its Windows counterpart. But some say a recent vulnerability demonstrates that the notoriously tight-lipped company must communicate more openly on security issues and move more quickly when it comes to plugging holes,” Ina Fried reports for CNET News.
CNET’s sidebar “bottom line” states: “Apple has a strong security record, evidenced by its virtually virus-free record, but some say the company needs to be better about communicating with customers and security researchers.”
“‘I think there’s room for improvement with their response speed on problems with their own code,’ said Chris Adams, a Mac user and system administrator for San Diego’s Salk Institute for Biological Studies, a research center that’s played a part in training five Nobel Prize-winning scientists. ‘The general pattern is complete silence for months and then a terse announcement when the update is released.’ Adams said Apple has done a pretty good job of updating the operating system to fill holes found in various Unix components. But what is needed, Adams and others contend, is more dialogue about what the company is doing with regard to security,” Fried reports.
Full article here.
MacDailyNews Take: “Virtually virus free?” If by “virtually,” CNET means “totally,” then we’re okay with it. There is no “almost” here. The number of Mac OS X viruses is zero. Maybe they’re still holding tightly to their hearts those handful of years-ago Mac OS Classic viruses?
i usually support MDN and their supplemental commentaries and rants, but this time you need to shut the hell up.
adams is right. the recent security issue was a potential nightware waiting to happen. its like a security company with a major system fault leaving their clients’ homes and businesses vulnerable and open to attacks to thieves. while never mentioning this vulnerability, they are at the same time crossing their fingers hoping nothing bad will happen until they patch up a fix.
so MDN instead of acting like a little brat, maybe you should wake up and smell the applejuice for a change
Most of this so called viruses appearing on Mac OS X are user’s fault, for example downloading illegal files from Limewire. I always double check for file size and some other basic forms of protection when downloading illegal stuff from Limewire… For example what kind of nitwit thinks that a full demo of office 2004 is a little over 100 K. It’s plain stupid! Of course, that person deserves it, because there’s OOo, for me it’s just like MS Office but without the bloat, and of course free. I don’t have to worry for SBA rading my office, because I support OSS, of course, there are some things not available on OSS, but that’s another topic for discussion
RE: Jim
“while never mentioning this vulnerability, they are at the same time crossing their fingers hoping nothing bad will happen until they patch up a fix. “
As long as they were working on a patch then I think this is the right thing to do. If they announce that there is a security hole, but no fix yet, then that tips off hackers on how to exploit the hole and you have no way to defend against that yet.
Now if they wait for someone else to also discover the hole before trying to patch it, that would be pretty f’d up.
We all need a firewall and virus software though, cause I still manage to forward windows virus’ somehow. I love the Mail.app but it would be nice if Apple added basic protection so that it would delete messages that have well known problems before they get to our inbox.
I will NOT buy virus software until I see a need to (i.e. Mac viruses start popping up). Let me rephrase that- not until, but IF I ever need to. If I pass on a virus on to other Windows users hidden in an email message, so be it. Doesn’t bother me, doesn’t affect me. Why should I spend money to clean up Winblows problems? Sorry, ain’t gonna happen!
I agree with Ace. There is a huge difference between a report about a potential security problem that has had NO actual reports of it causing a single incident, and reports of thousands of personal computers and servers going down due to a rapidly, self-replicating, virus.
I live in a very small, rural, town. About 99% of the population don’t lock their doors (ever) and many leave the keys in the car’s ignition so they don’t misplace the keys. Yes, there is a vulnerability to the people’s security but by design, with everyone knowing everyone else, it is a very safe place. It would be terrible to have someone publish in a nearby city paper an article about the town and their security habits. Even if there were to be a beak-in or a stolen car, the whole town is not about to go crazy and start buying locks and fences. Okay, there is a vulnerability in the Mac OS. Where’s the damage? What’s the point in advertising it to the world. Let Apple know, and then move on. When damage actually does occur, and it is spreading, THEN tell the world.
It seems that we are becoming accustomed to the major media (namely television news) hype as they take a minor issue and make it big news. This is exactly what has happened here. Not unlike the stories of the boogie monster in the closet. Just think about it… What damage has it caused? NONE! How many people has it affected? Very few if any! Let’s not get wrapped up in the hype and actually expend a tiny amount of brain power and assess the risk for ourselves.
But, I must conclude that the same brainless wonders that would download software from an unknown source would probably be just as clueless and be sucked into the baseless hype.
Jim, you smoking crack? Microsoft should be more open about their security vulnerabilities. It’s only recently they admitted this.
Why don’t you shut the hell up. MDN has made a good point. CNET has been shown to not really know what it’s talkin gabout.
To me this is the Wolf whining that it missed Red Riding Hood. The only way anyone on a Mac could be affected by most of these security issues is if they are downloading software from speculative sites or some of these file sharing services.
I have not seen any reports of any significant outbreak. Unlike Windows, the Mac does not suffer any reportable downtime from virus, exploit or other issues that routinely affect the Windows world.
CNet needs to get more perspective and stop trying to create non-existant parity between the Mac and Windows as far as security goes….
I think it’s cnet that needs better communicatin skills… like more objective journalism instead of creating FUD (fear, uncertainty, doubt) about Mac OS X’s security. “Virtually virus free,” my ass. If jim (1st post) wants to talk about “potential nightmare waiting to happen,” it’s already happened: windoze security.
Yawn. CNET just has an axe to grind as always. They’re just desperate as usual to devert as much attention away as possible from the security disaster that is Microsoft Windows….
Jim, none of the security issues that I have seen in MacOS X can be accurately classified as “viruses” or “worms.” They do not self-replicate and distribute themselves. They are single-shot trojans masquerading as benign files or links. MDN is absolutely correct in this case and the media’s representation of the “facts” is FUD.
I do not discount the security risks. But MacOS X is clearly superior to Windows in terms of security. I would also argue that Apple’s response to OS X security issues has generally been quite good.
wake up you morons. its an issue whether you like it or not. i’m not comparing this with windows we already know windows is a POS swiss cheese crap OS.
SO AGAIN I’LL SAY IT AGAIN…..DONT COMPARE THIS WITH WINDOWS because that’s not my point.
the point is, regardless of what type of computer user we are dealing with, IT IS AN ISSUE.
yo Jimbo
MDN’s take on this article was specifically about viruses. And it is indeed, completely true. A computer virus is malicsious code that not only affects your computer but as real viruses do, replicates and spreads to others automatically. And they represent a real security issue that OSX does not have.
This is not to diminish the other security hole which has surfaced as of late. But I believe that the CNET note of ‘virtually virus free’ is misleading because it also implies ‘some’ virues exsisting.
and please… stop callin people morons if you want people to listen to your viewpoint
woops… I shoulda spell checked ‘malicious’
so far OS X has security issues but has no virus nor known exploitable hole that could lead to a virus.
Jim, looks like you are mixing the two things: it is an issue but it is no virus. Hence CNET with the “virtually virus-free” is mixing – as you do – the two things.
A virus is a virus is a virus. OS X has zero so far and no virus-exploitable security flaws.
CNET on the Mac is almost always 80 percent biased crapola mixed with 20 percent truth.
Ditto to what has already been said by just about everyone (except anything Jim has said so far, unless he is willing to acknowledge the differences that have already been pointed out to him).
Only thing that hasn’t been specifically mentioned (that I saw) – how many millions of dollars have been wasted and thousands of man-hours in productivity lost due to a single Mac OS X virus or –>sucessfully<– exploited security flaw? Hmmm???? Virtually None? Virtually Zero? How ’bout EXACTLY None and PRECISELY Zero?
Who cares what CNET says? The site is put together by monkeys. They probably groom insects off each other while they type. Either that or fling crap across the office. Screw CNET. I’m getting me another beer.
The last thing one would want to do upon finding an unexploited vulnerability, is to inform Jabba, the Hut, er… CNET.
I’d say the article is dead on, I would like to add to a the analysis that Apple is too trusting of websites and the internet in general.
To make things “easier” and “more user friendly” Apple has automated a lot of things that go past a “user check” to make sure a actual user initiated a action.
This has lead to the recent overwhelming rash of exploits in Mac OS X.
Any of them about a thousand times more damaging than a simple virus, I’m talking complete control of our machines.
So far I know of two cases of keystroke loggers were installed on a Mac OS X machine, the culprits got a hold of the email address and have been “hitting and running” the email hoping to get valuable banking info (we found out from the banks a password request was made)
56k is what tripped us to their presence, the clients for some reason could not gain access to their ISP on all the available numbers, we called the ISP and they checked their logs. Sure enough someone else was using the account.
Since we had no way of finding the keystroke logger, (there is a company supposedly working on it) we just wiped and changed everything.
But these people were very afraid, and for good measure. Now their accounts are secure. They have a account with just a small amount for web purchases (via debit card). The rest of their money is locked in several accounts that require a personal visit to transfer money.
These people believed in the “Mac OS X Security Myth” and the article above is dead on.
Apple doesn’t communicate effectively, and if you notice a lot of the employees at the Apple Store are not trained salespeople either.
That’s why Apple market share is shrinking, lack of effective communication.
A few thousand good salespeople can get Mac’s in every business in the country.
Oh, Mr. Chunks, once again I have to ask the same questions I asked of you on another thread – http://www.macdailynews.com/comments.php?id=P2813_0_1_0 – though there’s a little more detail above, but not really enough for me to consider it a valid concern when considering my comments and questions on the other thread.
You say you “know of two cases where keystroke logging programs were installed on a Mac OS X machine” – how did those TWO programs get “installed”? Did it happen automatically when the unsuspecting client was online? Or did the client using the machine have to enter a user password not realising they were installing a program (how likely is that, exactly)? Or were they foolishly logging in to root (which doesn’t exist until the user creates the account)? Were the external culprits really to blame by being able to install this malicious program remotely? If remote access was turned on (again, by the user), but not actually properly secured by that same client?
And you say there is now an “overwhelming” rash of exploits in OS X? Exactly how many are there? Three? Five? Seventeen? Some could say that’s a huge percentage increase from just a few months ago, when there were literally NONE that had been exposed, much less exploited, but then again, if you compare it to the number of M$ vulnerabilities, it’s a paltry percentage, barely worth mentioning when placed next to the mountain of virii, trojan horses, and worms and popups, etc., ad infinitum that can invade the typical pc in a matter of seconds.
Finally, I’ll give you the point that there’s a decided lack of effective communication by Apple when it comes to explaining the inherent benefits of owning a Mac over a pc – I really wish we would see more of that in advertising – maybe they’re counting on the goodwill and persuasive word-of-mouth from current users to bolster sales in that manner. In that we agree – Apple needs to do more in this area.