[Full-disclosure] Re: Question about Mac OS X 10.4 Security

From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
Date: Wed, 1 Mar 2006 20:21:17 -0000

Stef wrote:

On 2/28/06, Paul Schmehl <pauls@xxxxxxxxxxxx> wrote:
<snip>

Still, the ignorance of Mac users, who believe their platform is
somehow magically "secure" will contribute to the problem.

I am sorry, Paul, but I have to take you up on this, especially with
your tendency of generalizing everything.
original migration. As a repository of security and network tools, I
have thrown at this baby everything I can possible think of, and still
haven't found a way to break it ...

Never mistake a lack of imagination for an insight into necessity. I
guess you didn't think of writing a virus, renaming it to "funny_game.exe",
and emailing it to yourself with an email body saying "Hi! Here's that
flash game we were chatting about the other day!" ?

The point I'm making is that the vast majority of windows virus infections
aren't delivered by remote network exploit, they're delivered by people
double-clicking on executables attached to email, and that would work on
Macs just as it does on windows. There's nothing about the Mac that would
make Mac users less vulnerable to social engineering than windows users, and
as long as the attitude persists that Macs are somehow special and secure,
then uneducated Mac users will be even /more/ likely to open an executable
attachment, because they won't believe it can harm them, because they've
been told over and over how their Mac is "secure" and all those viruses are
only a problem on windows.

cheers,
DaveK
--
Can't think of a witty .sigline today....

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: Question about Mac OS X 10.4 Security
  - From: mz4ph0d

Prev by Date: Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit
Next by Date: Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
Previous by thread: [Full-disclosure] NCP VPN/PKI Client - various Bugs
Next by thread: [Full-disclosure] Re: Question about Mac OS X 10.4 Security
Index(es):
- Date
- Thread

Relevant Pages

Re: OT: IE for Mac...
... Today's Mac is nothing more than yet another UNIX shell. ... Apple lacked the skills to create a real OS ... win for Mac users since for the first time they got real memory ... Windows Vista will not run on many older computers, ...
(rec.food.cooking)
Re: MacBook/Parallels/Vista
... Safari is considered secure. ... For comprehensive, bootable backups, I use SuperDuper!. ... mutliple computers (Windows and Mac) accross a network, ...
(microsoft.public.windowsmedia.player.mac)
Re: OT - Computer Stuff
... Telling someone to get a platform based on your antipathy for another is very dishonest. ... It IS dishonest insofar as telling him to get a Mac just because it is a Mac. ... All it takes is a little due diligence to make your system secure. ... Of the 3 mainstream operating systems, Windows, Apple, and *nix. ...
(alt.support.diabetes)
Re: Most secure mainstream OS? (was Re: QuickTime 7.1.6: Java vulnerability Fix)
... OS X is the most secure common desktop operating system, ... secure operating system rather than simply saying that Mac OS is more ... Windows is more secure than OS X. ...
(comp.sys.mac.advocacy)
Re: DENIAL
... Three or four mac users claimed you got a virus form visiting Gay Porn ... It was dismissed when Dave said he didn't visit porn sites ... It was suggested or implied by four different experienced mac users. ... What would constitute a 'qualified Windows user'? ...
(comp.sys.mac.advocacy)