OS X Security

[whininggit]

I recently installed OS X Snow Leopard on a cheap Dell Mini 9 I got from eBay, mainly just to play around with and to see what is so great about the OS that our office Mac nut (the preachy "I'm better than you because I've seen the light and gone Mac") is always banging on about. I will state that so far I like the operating system for the most part, but I'm not sure I buy into the whole "OS X is more secure than Windows" thing and some of the things it does are the most obtuse way imaginable, just for the sake of being different it seems.

Two things struck me right away:
1) The firewall in OSX defaults to "off". Microsoft have had the firewall enabled since Windows XP SP2, which was back in 2004. Furthermore even PCs which didn't have the Windows Firewall enabled typically came with something such as ZoneAlarm, McAfee or Norton (not saying any of these are good, mind you).
2) The first user created when setting up your new Mac is given administrative rights and automatic login. Okay, the first user on Windows is also an administrator but in the very least they have to input their password.

I also like the hypocrysy from Apple surround UAC in Vista. Admittedly, Vista did have a tendency to ask a lot of questions, particularly when modifying files/folders in "Program Files" but have you used the disk manager in Snow Leopard. Every single task re-prompts you for the password. Ask for it once and then keep me elevated; don't keep asking me to type a password in. That's more annoying than UAC.

Personally, I don't have a problem with Apple or OS X. The issue I have is with arrogant Mac users who either gloss over flaws or limitations, or put them forward as benefits, such as "why would you want to customize your OS, it's better to just use your computer like uncle Steve says because it's simpler.... (idiot Window$ user)". That last one is the most idiotic thing I often read from the Mac crowd - in one breath, Windows PCs are more "difficult" to use and maintain with Macs being more "simple", but then when the way things are done on the Mac is criticised, it is because the Windows($) user is an "idiot"? A rational, un-brainwashed person would see things the other way around - the Mac users are idiots because they couldn't figure out how to use Windows, or how to use Windows without getting infected with malware.

Has anyone ever read the marketing stuff for SL on the Apple site? What a load of utter crap, yet people buy into it. Apparently QuickTime X is a benefit, in spite of the fact it can't play anything that hasn't come from the iTunes store (seriously, try AVI, MKV, TS, MPG - none of it works). And iChat now managed 640x480 - well blow me over, I'd better ditch Skype and it's 720p on Windows then. Automatic updates for printer drivers... assuming that the printer is supported. Faster, more powerful Safari... still **** though. More reliable disk eject - seriously, how could they have ****ed this up in the first place - I thought OS X "just works", even before SL?

I realise that I've gone off on a tangent from "Security", and in the OP too, but such is the nature of Geekhack.

[EverythingIBM]

and some of the things it does are the most obtuse way imaginable, just for the sake of being different it seems.

That's exactly my criticism. They go through unconventional means just to be different (one example is inversing the window buttons to the left side rather than the right). Another is disabling maximization of windows: I have a very big issue with that. At least give the option to "enable" this somewhere... I hate crap flying everywhere.
Then you have the annoying "genie" animation of the windows being sucked up and down: I'd rather prefer the windows just to pop up and down instantaneously rather than wait for 10 seconds to watch some stupid animation.

Another point is Apple basically "removes" all the advanced-user customization/configuration, or hides it very well that you just waste time trying to find it.

I remember david pogue complained about having to hit "start" and then "shutdown" in windows and said that was counter-intuitive. Well in Mac OS9, I could say the same thing, you had to choose "special" then "shut down".
Then he opened up microsoft word, and enabled every single option making the interface cluttered and valiantly exclaimed microsoft was at flaw... Actually, [those] options WERE NOT ALL ENABLED BY DEFAULT, and that just shows how much FLEXIBILITY you get with CUSTOMIZATION.
Of COURSE you can't do that with something Apple makes, they make it a point to remove [that] customization. What a dummy.

Another thing I hate is how when you open an application, it takes possession of the bar at top, but leaves the desktop showing... this is kind of confusing I find, and just bloody annoying.
So if you open photoshop, you can see your desktop behind all of the windows... that's STUPID.

OS X is alright, but I'd rather be able to configure every fine detail. Yes windows is bloated, but that's because it wasn't COMPLETELY REWRITTEN like many of the new operating systems.

[ch_123]

I also like the hypocrysy from Apple surround UAC in Vista. Admittedly, Vista did have a tendency to ask a lot of questions, particularly when modifying files/folders in "Program Files" but have you used the disk manager in Snow Leopard. Every single task re-prompts you for the password. Ask for it once and then keep me elevated; don't keep asking me to type a password in. That's more annoying than UAC.

I don't know what experience you've had with it, but I found Vista's default UAC settings to be far more annoying than OS X's sudo password requests, which is pretty much the same as any other Unix variant I've tried.

The other thing about UAC is that Microsoft deliberately broke it so that it would be backwards compatible with older, badly written Windows applications. There are various hacks for getting around UAC, which Microsoft can't plug in case it breaks older software.

I don't really get the emotional response that OS X affects in people. It's a decent OS. It has some good points, it has some bad points. I use it for some things, and not for others.

[microsoft windows]

The main problem I got with Apple is their terrible product support. If you paid $3000 for a top-of-the-line Power Mac workstation in 2005, it can't any of their latest OS's only four to five years later. Even Mac OS X 10.4, which was released in the same time, is a pain to find programs for these days. And remember those lovely ADC connectors that only supported their crappy LCD's?

Windows computers are much better in terms of support. They use standard plugs and components, and even their OS from 10 years ago can still run most modern software. You can get a lot more use out of a PC from 2000 than a Mac from 2000. If you upgrade the RAM in a PC from 2000, you can even run Windows 7, released at the same time as Mac OS X Snow Leopard, very well. Good luck running Snow Leopard on a Mac from 2000.

All I really see Apple as is a crooked company that just wants your money. They sell you overpriced, low quality computers, and then basically ditch them and you and through purposely making their older computers obsolete. I honestly don't see any reason to buy a new Mac. Same Chinese crap, just twice the price.

[Findecanor]

Another is disabling maximization of windows: I have a very big issue with that.

Full-screen maximization is evil. Full-screen maximization is what has got us "This site is best viewed in 800x600", and then "This site is best  viewed in 1024x768" and then "This site is best viewed in 1280x1024" and so on ad infinitum ..

As an old Amiga and X Windowing System user I can only say: Full-screen maximization and compound windows with internal windows (à la Windows) is a lousy substitute for real multiple workspaces! It took a very long while, but Apple eventually saw the light and incorporated it in Mac OS 10.6.

They go through unconventional means just to be different (one example is inversing the window buttons to the left side rather than the right).

The Close button has always been on the top/left corner ... but the Zoom button (toggle between two window sizes) has been moved there from the top/right corner. Having colours to indicate different windowing actions is retarded! What red means is given, but you can't tell (without looking it up or mousing over the button) which lousy button it is that has the Zoom function ...

A Close button (on the top/left or top/right corner), Window Shade when double-click and a pop-up menu on right-click all you really need. The Proxy Icon and Minimize buttons could have been merged into one entity. Less is more.

[bladamson]

Yep, I dig it.

I used to be a mac head.  I bought my PowerPC in 1996 and retired it in 2004, which was a pretty good run, I think.  But I feel like the new macs are kind of pushing the social phenomenon rather than being decidedly superior from an architectural standpoint.  Sure the hardware is cool and the UI is slick, but for my purposes the cost-over-time factor for the hardware is way way too high, and there are other unix-like OSes that I like better that run just as well on cheaper hardware.

I'm not dissing on macs at all or trying to troll or anything, don't get me wrong.  They're just not the machine for me anymore.  But if they are for you, then go for it.

[microsoft windows]

Macs haven't been superior than PC's in a while. As a matter of fact, over the last 10 years, I'd have to say that PC's were much better.

The main problem with Apple and their computers is their poor product support.Microsoft's supported Windows XP for nearly 10 years and still plans to support it for another 4. Windows 2000 was supported for 10. 98 was supported for 8. Now look at Macs. They not only support each version of their OS for only a couple of years, but they basically force people to purchase new computers through planned obsolescence. A top-of-the-line Windows workstation from 2005 would run Windows 7 great. But a Power Mac G5, Apple's $2500 computer won't run Mac OSX Snow Leopard. They just ditched support that whole PPC platform, basically leaving customers with wasted money. Perfectly good computer, but terrible support!

A lot of people fall for Apple's forced-obsolescence scam, so people write programs for only a few years around the OS's release. Good luck finding new software that'll run on Mac OS 9.2. But what about Windows XP, whcih was released the same year? XP is clearly superior in this regard.

[microsoft windows]

Yep, I dig it.

I used to be a mac head.  I bought my PowerPC in 1996 and retired it in 2004, which was a pretty good run, I think.  But I feel like the new macs are kind of pushing the social phenomenon rather than being decidedly superior from an architectural standpoint.  Sure the hardware is cool and the UI is slick, but for my purposes the cost-over-time factor for the hardware is way way too high, and there are other unix-like OSes that I like better that run just as well on cheaper hardware.

I'm not dissing on macs at all or trying to troll or anything, don't get me wrong.  They're just not the machine for me anymore.  But if they are for you, then go for it.

Apple's ditched their own platform now. For over a year now, their OS has only run on PC's. Kind of ironic.

Honestly, today, there's no practical reason to purchase a Mac. Almost any program that will run on a Mac will run on Windows. And Windows computers, with Windows 7, are available in a vastly superior variety, are cheaper, and have better support than Apple.

[iMav]

As a long-time UNIX guy, Macs didn't appeal to me at all until OS X came around.  

It was the release of the Mac minis (at a reasonable price) that got me to first give OS X a try.  Moved my kids from their linux machines to Mac minis...it was especially nice to be able to provide them with some good educational software without having to monkey with WINE.  

Now, it is the favored OS of the wife and kids (although the kids are equally comfortable using OS X, the nasty, and Linux).  Personally, I enjoy both Linux and OS X.  There are some things I like about both...and some things that annoy me about both.

The nasty actually exists on a few computers now as it gives me the opportunity to manage several of our (McAfee) solutions...and what better way to give security solutions a work out!  


Note, I am a BIG fan of PC's.  From a price/performance stand point, there is nothing better.  As long as I can put a sane OS on them, that is.  (PC ≠ Windows)

[microsoft windows]

OS X is actually "The Nasty" if you ask me. Only runs well on a few computers, not compatible with everything, and terrible product support. Windows and Linux are much better.

[iMav]

OS X is actually "The Nasty". Only runs well on a few computers, not compatible with everything, and terrible product support. Windows and Linux are much better.

Runs on a few computers BY DESIGN.  Like it or hate it...it keeps Apple from the driver support hell that can sometimes plague the Windows world.


My OS progression basically went like this (for my primary systems):

DOS -> OS/2 -> Linux -> OS X (and Linux)

And my career was strictly UNIX administration for a long time (AIX, Solaris, UNICOS, HP/UX, etc).  If it was a UNIX variant, I likely dealt with it at some time or another.

It's all about what you are comfortable with and what gets the job done for you.  Everything else is just fun banter.  

[bladamson]

My OS progression basically went like this (for my primary systems):

DOS -> OS/2 -> Linux -> OS X (and Linux)

Oooh!  I like OS progression diagrams. ^_^  Here's mine lol.

Apple ][ -> 68k Mac + Dialup ULTRIX -> PPC Mac + x86 Linux -> PPC Linux -> x86 Linux

There's always been some Windows stuff involved with work starting around the end-of-lifetime for 98, too.

[microsoft windows]

I started with MS-DOS. Now I use Windows 3.1.

[chuckading]

Yeah, OSX and macs are real real real real dumb.  It doesn't have programs like songsmith, and that's why you never see professionals use them.

True about iChat on the mac, totally sucks compared to Skype which Microsoft created and comes preinstalled on all PCs.

The nastiest thing about OSX, is there is absolutely NO third party developers that make system utilities or any other program that would allow customization.

If you got a nice keyboard, you might as well throw it in the trash if you're gonna use OSX cuz you won't be able to do crap with it. I heard OSX isn't even compatible with cherry mx's!

[ch_123]

A huge proportion of the problems with Windows (and a lot of other operating systems) are caused by backwards compatibility concerns, both for hardware and software. Is Apple killing backwards compatibility to keep quality consistent, or are they killing it to encourage hardware and software sales? All I know is that I wouldn't run Windows 7 on a 10 year old PC, or 10 year old software on Windows 7.

[EverythingIBM]

Full-screen maximization is evil. Full-screen maximization is what has got us "This site is best viewed in 800x600", and then "This site is best  viewed in 1024x768" and then "This site is best viewed in 1280x1024" and so on ad infinitum ..

As an old Amiga and X Windowing System user I can only say: Full-screen maximization and compound windows with internal windows (à la Windows) is a lousy substitute for real multiple workspaces! It took a very long while, but Apple eventually saw the light and incorporated it in Mac OS 10.6.


The Close button has always been on the top/left corner ... but the Zoom button (toggle between two window sizes) has been moved there from the top/right corner. Having colours to indicate different windowing actions is retarded! What red means is given, but you can't tell (without looking it up or mousing over the button) which lousy button it is that has the Zoom function ...

A Close button (on the top/left or top/right corner), Window Shade when double-click and a pop-up menu on right-click all you really need. The Proxy Icon and Minimize buttons could have been merged into one entity. Less is more.

Fullscreen maximization is evil?
People who design websites to be "best viewed" in a certain resolution don't know how to make proper websites (lol), and this was done a long time ago when those resolutions were actually used. Show me a modern website that requires best viewed in 800x600.
And if you had windows floating around un-maximized in 800x600, you'd have even less space to work with!

When I'm using an application and focusing my full attention to it, I demand a maximized window so it's not floating around, I don't see crap behind it, etc. This also prevents me from accidently moving it around, or, HAVING IT GET STUCK OFF SCREEN AND WITH NO WAY TO GET IT BACK, but to crash the stupid mac.

Yes I've used Mac OS9, having the buttons on TWO sides was just even more stupid... so now you have to move your cursor back and forth.
Technically, that just proves all the more that the buttons should be on the top right-hand side. Not on both sides, or the left side, JUST the right side.

[Brian8bit]

Switched to OS X this year after starting out computing on C64 moving to Amiga 1200 then Windows then moving to Linux. Used variations of Linux and Windows over the years. Don't see myself going back to either any time soon and looking forward to Lion.

[Lanx]

if your the "computer guy" of your family, just recommend mac and you'll never have to deal with an issue again. Not cuz mac's are awesome but cuz then you can finally say sorry you have a mac now, i can't help you. side note, just had lunch with friends who want iphone4 for the navigation. I said you don't get new navigation with the iphone4, you have to buy an app for it. They said but it's old, i'm like that has nuttin to do with navigation software, you have to buy like tomtom for iphone, she's like then how do you have it, i'm like cuz i have a droid and since it's a google phone google includes google maps for free.talkin to these mac ppl are like talkin to brick walls, i don't want to goto to japan with them next year, but i guess i have to.

[Fishraper]

[nathanscribe]

Yeah, OSX and macs are real real real real dumb.  It doesn't have programs like songsmith, and that's why you never see professionals use them.

If you got a nice keyboard, you might as well throw it in the trash if you're gonna use OSX cuz you won't be able to do crap with it. I heard OSX isn't even compatible with cherry mx's!

:lol:

As a Mac/OSX user for almost 6 years, and (believe it or not) still using two desktop PCs (XP, DOS 5/Win3.1), I am used to the regular abuse.  Mac-bashing is no different to Apple Fanboyism; neither are interesting or useful positions.

As for not having any useful software that won't run under Windows, I'd struggle to get Logic running on it.

Comments about the position of buttons are just retarded.  It's like complaining that some people are left handed and therefore you, as a right-handed person and therefore the best, hate left-handed things.  Or that you you don't like someone else's shoes.  Need to use it?  Learn it.  Don't use it?  Get over it.

It's Christmas.  Don't we all have drinking to do?

[a_fluffy_kitten]

As an old Amiga and X Windowing System user I can only say: Full-screen maximization and compound windows with internal windows (à la Windows) is a lousy substitute for real multiple workspaces! It took a very long while, but Apple eventually saw the light and incorporated it in Mac OS 10.6.

I've seen this drivel from Apple Fanboys for years (even though I'm a bit of an Apple Fanboy myself).

Just because you want to maximize a window does not mean you want to run every window maximized all the time.  I don't run all my programs maximized on a regular basis, but there are many times I want to maximize a single window while I'm working on something specific.  There is no excuse for preventing me from doing that.  It's dumb and/or lazy an Apple's part.

[keyboardlover]

I agree. That stuff makes using a Mac miserable for me.

[bladamson]

I like tiling window managers, myself.

I just wish someone would write one that was mouse-driven, supported floaters and multihead properly, and didn't require some variety of oddball special-purpose scripting language to configure. >_>

I'm too lazy/dumb to write one myself. <_<

[microsoft windows]

There is plenty of reason behind Mac bashing. This sums it all up: Why pay extra for a computer made of low-end components that's designed very specifically to become obsolete in a few years?

[Daniel Beaver]

I dislike Apple products in general. But I always recommend them to friends and family. They're made for non-powerusers, and I think they work better in that role than a Windows machine.

Plus, they never call me when they have problems, because they know I can't fix it

I like tiling window managers, myself.

YES, thank you. I used Ion3 for awhile on my Linux setup, and it just seemed like a more logical method of window management. What is the point of having overlapping windows?

Nowadays, I WinSplit for basic tiling in Windows, and the grid plugin for compiz on Linux. I am genuinely more productive when using those utilities.

A huge proportion of the problems with Windows (and a lot of other operating systems) are caused by backwards compatibility concerns, both for hardware and software. Is Apple killing backwards compatibility to keep quality consistent, or are they killing it to encourage hardware and software sales? All I know is that I wouldn't run Windows 7 on a 10 year old PC, or 10 year old software on Windows 7.

A big aspect of Microsoft's software design is legacy support. It is a lot of the reason behind their success in professional settings. Many, many businesses use extremely old software, and in most cases that software works just fine on modern machines. You pay for that legacy support, with cruft and basic wonkeyness.

I actually like the Apple method of "screw old stuff, everyone can upgrade". It makes for a better end-user experience, at the cost of long-term flexibility.

[ch_123]

:lol:

As a Mac/OSX user for almost 6 years, and (believe it or not) still using two desktop PCs (XP, DOS 5/Win3.1), I am used to the regular abuse.  Mac-bashing is no different to Apple Fanboyism; neither are interesting or useful positions.

As for not having any useful software that won't run under Windows, I'd struggle to get Logic running on it.

Comments about the position of buttons are just retarded.  It's like complaining that some people are left handed and therefore you, as a right-handed person and therefore the best, hate left-handed things.  Or that you you don't like someone else's shoes.  Need to use it?  Learn it.  Don't use it?  Get over it.

It's Christmas.  Don't we all have drinking to do?

A big aspect of Microsoft's software design is legacy support. It is a lot of the reason behind their success in professional settings. Many, many businesses use extremely old software, and in most cases that software works just fine on modern machines. You pay for that legacy support, with cruft and basic wonkeyness.

Except, now that virtualization is so common, there's not very much reason for them to keep doing that.

[microsoft windows]

A big aspect of Microsoft's software design is legacy support. It is a lot of the reason behind their success in professional settings. Many, many businesses use extremely old software, and in most cases that software works just fine on modern machines. You pay for that legacy support, with cruft and basic wonkeyness.

I actually like the Apple method of "screw old stuff, everyone can upgrade". It makes for a better end-user experience, at the cost of long-term flexibility.

All that is is Apple having bad product support. Microsoft has good product support. There's nothing about Microsoft's products that make you not able to upgrade your computer every few years. You can if you want. But, through planned obsolescence, Apple forces you to.

[microsoft windows]

A big aspect of Microsoft's software design is legacy support. It is a lot of the reason behind their success in professional settings. Many, many businesses use extremely old software, and in most cases that software works just fine on modern machines. You pay for that legacy support, with cruft and basic wonkeyness.

Except, now that virtualization is so common, there's not very much reason for them to keep doing that.

It's pretty obvious that you have never worked with computers in a corporate setting. Most companies and institutions don't have enough money to keep replacing their computer hardware all the time. Even through virtualization might make sense to you, how easy would it be to successfully employ it in a corporate setting where all the users need to know how to use it?

Many businesses and schools still run their computers off of Windows XP and are likely to do so for a few more years, till the past of the Pentium 4 systems are replaced.

[iMav]

Most big corporations I've worked for turn their computers over every 3-4 years (end user workstations and laptops).  And the enterprise is ABSOLUTELY embracing virtualization...both in the datacenter (server VM's) and at the desktop.

[ch_123]

Even through virtualization might make sense to you, how easy would it be to successfully employ it in a corporate setting where all the users need to know how to use it?

Some of the latest VMware versions allow you to have the virtual machine run in the background, and there's a menu on the host machine that starts applications inside the virtual machine, but it appears and behaves to the user as if it's a normal application running right on their computer.



I tried it a while ago, and it needs some improvement as it stands, but I think stuff like that is going to become far more common for providing backwards compatibility in new operating systems.

Many businesses and schools still run their computers off of Windows XP and are likely to do so for a few more years, till the past of the Pentium 4 systems are replaced.

Right, but what I'm talking about here is how new versions of Windows can be backwards compatible without having to deliberately break the OS in a dozen ways so that someone can run a 10 year old version of Photoshop designed for Windows 98.

[NAVIWORLDINC]

Alright, I was saving up this post for when I had time to comment. (I went to see Tran-Siberian Orchestra Yesterday ^__^)

So, let's see here where do I begin... Background: Alright, So I work in a Social Security Disability Law Firm, I am called the IT guy, but if I wanted to put it into professional terms I label myself as the Senior Network Engineer. Yes, I said Engineer, I'll get to that in a minute... So, this place is a "Mac Only" law office, as my boss has only been using Mac's since 1985, and he is such a tech idiot, he still doesent know a single keyboard shortcut (including copy/paste) and still hasn't figured out how to scroll with a mousewheel/magicmouse/mightymouse....

When I got their I almost panicked... 30 computers, almost half of the workstations (Remember all macs) on an insecure wifi, no backup solution no central point of storage other than a flash drive plugged into the apple airport extreme.... >:-o Let me repeat myself... We are a Social Security Disability Law Firm and Had NO SECURITY, medical records, social security numbers, personal addresses, names and god knows what else was flying through the air on a N network in CLEARTEXT. In fact I showed my boss this one day as we had coffee across the street from our office, and he still did not panic as much as I was.

So in my time there, I have preached the value of security day in and out, although it took 2 years of me preaching I finally got my way, and we invested in wired networking, hardware firewall, switching equipment, a DD-WRT router (ASUS N16) that can handle the load, and since we are mac only a mac mini server. I was impressed with the out of box security that this little server had to offer, and I was also impressed that apple actually allows me to do what I want on the device, It is basically like running full freebsd with an aqua shell. I set up an active directory server, using kerberos identification, a print server, share points, an ical server, dns server and a mail server. The thing only took me a day to configure. (I needed a little help with permission rights on the share point and had to call apple enterprise support which was not only free but AMAZING.) The server was also very easy to make sure it was backing up, it has two hard drives, so I made a very simple script using automator which automatically copies our work files, compresses them and then uploads them to not one but two remote FTP servers we have purchased for the next 5 years. Working on it is a breeze, it doesn't have a keyboard, mouse or monitor attached but all I have to do is use a different mac using share screen, or simply I can use the server applications programs locally if it isn't to intensive.

If you were questioning about security, yes the mac mini server came with the firewall defaulted to on. I have attempted a many attacks trying to get in and have yet to be successful. I feel the system is secure enough for a 30 person office now. Overall I am happy with the setup, not to complicated, but also well. The employees LOVE the open directory server as everyone has their own login accounts now and they replicate at any workstation they log into, and the mail server and ical server helps keeping the office on task is very nice. All and all I used to be a mac hater, but then I used OS X server, and I gotta say it is a powerful setup in compairson to M$ Active Directory Service.

Any questions about the Mac Mini Server go ahead and ask. As a brief note it is running OS X server 10.6.x

[bladamson]

Alright, I was saving up this post for when I had time to comment. (I went to see Tran-Siberian Orchestra Yesterday ^__^)

Excellent, excellent band!  If you like them, you might like Haggard as well.  <3 Haggard!

[whininggit]

If you were questioning about security, yes the mac mini server came with the firewall defaulted to on. I have attempted a many attacks trying to get in and have yet to be successful.

Well done for being the first Mac user to discuss security in this thread. As expected, the others glossed over it because it isn't important. It's good that OS X Server comes with the firewall enabled (I'd expect no less from any company selling their product as a professional server), but it's still no excuse for it being disabled by default on the consumer OS, where ignorance is likely even more rife than in a business. Things really will go up **** creek for Apple and OS X if market share continues to increase, and users remain blissfully ignorant of threats, even to the invincible Apple software (mutter mutter mutter UNIX mutter mutter mutter STABILITY mutter mutter SECURITY). Remember, all it takes is a vulnerability in Bonjour or QuickTime...

It's could be moot though. Mac users have been brainwashed into believing they're invincible for so long that they're more likely to fall for phishing scams than any kind of malware.

[ch_123]

The last I checked, most Linux distros don't have any sort of firewall enabled by default. I guess the logic being that the people that need them will need to configure them themselves.

Besides, don't most routers do firewalls anyway?

[RoboKrikit]

Windows has little going for it outside of hardware support and office software.  OS X has everything going for it except hardware support and office software.  I wish I could run OS X on more hardware.  Hackintoshes do not really cut it for me in the long term.  I'm only typing this on a Windows machine now because I wanted to play some PC games before they die.

Unix owns the server market.  Nobody in their right mind would want to run Windows as a server unless they had to for Windows client compatibility reasons, for a specific product that is not available on anything else, or because they don't have employees who understand Unix.

[Brian8bit]

Well done for being the first Mac user to discuss security in this thread. As expected, the others glossed over it because it isn't important.

It's not as important as you're making it out to be.

It's good that OS X Server comes with the firewall enabled (I'd expect no less from any company selling their product as a professional server), but it's still no excuse for it being disabled by default on the consumer OS, where ignorance is likely even more rife than in a business.

System Preferences -> Security. If you don't do that when you do a fresh install you deserve everything you get. Regardless of OS. But I agree that it should be enabled by default.

Things really will go up **** creek for Apple and OS X if market share continues to increase, and users remain blissfully ignorant of threats, even to the invincible Apple software (mutter mutter mutter UNIX mutter mutter mutter STABILITY mutter mutter SECURITY).

"Hurrr durrr market share". Since when did an increase in market share mean goatse sized gaping holes where suddenly going to appear in the code from repositories they pull from? With increased market share it's more than likely they'll be subject to as many holes as Windows but OMG like windows, they'll plug them. It's not like Apple will be brought to it's ****ing knees. So sick of that stupid market share argument.

Remember, all it takes is a vulnerability in Bonjour or QuickTime...

HOLY ****! You mean like any other piece of software on any other OS. WE'RE ALL ****ING DOOMED!

It's could be moot though. Mac users have been brainwashed into believing they're invincible for so long that they're more likely to fall for phishing scams than any kind of malware.

You mean like the tens of thousands or more of Windows users who fall for phishing scams every year and make phishing a multi million dollar industry? If you're falling for phishing scams, you're a ****ing moron regardless of what OS you use. It's PEBKAC.

[wendell]

I operate mainly in the *nix world and I sometimes get an earful from a programmer who got the Mac religion. This has made me curious enough about OS X to give it a serious try. I personally found the interface very awkward and limiting, but I see the appeal of the ease of setup.

When I ask professional users about the particulars of why they like OS X, it mostly boils down to interface consistency and ease of setup. In fact, most of the raves I hear are from people whose jobs consist mostly of system setup and administration.

This shows how OS X is such an improvement over Mac OS. In the 1990s, I knew a sys admin manager at a major university who was extremely annoyed at people who praised Macs for their ease of maintenance. He would brandish his logbooks that showed clearly they spent twice as much time maintaining Macs as Windows PCs.

Personally, I don't get excited over the Mac vs. Windows thing, since I would much rather be using Plan 9 or RISC OS or Be OS or ....

[bladamson]

Personally, I don't get excited over the Mac vs. Windows thing, since I would much rather be using Plan 9 or RISC OS or Be OS or ....

HURD!

'Tis a shame that the Hurd has never seemed to really go anywhere. :3

[microsoft windows]

Excellent, excellent band!  If you like them, you might like Haggard as well.  <3 Haggard!

Merle Haggard is a good musician.

[microsoft windows]

Some of the latest VMware versions allow you to have the virtual machine run in the background, and there's a menu on the host machine that starts applications inside the virtual machine, but it appears and behaves to the user as if it's a normal application running right on their computer.

Show Image

I tried it a while ago, and it needs some improvement as it stands, but I think stuff like that is going to become far more common for providing backwards compatibility in new operating systems.



Right, but what I'm talking about here is how new versions of Windows can be backwards compatible without having to deliberately break the OS in a dozen ways so that someone can run a 10 year old version of Photoshop designed for Windows 98.

It's starting to catch on with Microsoft's Windows XP Mode in Virtual PC. I'm interested to see how people are using it in five years.

Oh yeah, and by the way, whoever made that screenshot should upgrade to Internet Explorer 8 and ditch the Netscape.

[bladamson]

Hackintoshes do not really cut it for me in the long term.

Yea....  I tired to run OS10 in VirtualBox for a while, back when I was looking into what all would be required to get into iPhone development, but the performance was abysmal. :<

[whininggit]

Never mind. Trying to have a computer discussion with a Mac convert is like trying to have an evolution discussion with a creationist. I think we've already been there.

I don't dislike OS X; I dislike Apple's bull**** marketing and the baa baa Mac sheep who repeat every word of crap that Apple tell them as if it is the truth, then defend design choices that go against everything the almight SJ has preached for years.

[iMav]

Never mind. Trying to have a computer discussion with a Mac convert is like trying to have an evolution discussion with a creationist. I think we've already been there.

I don't dislike OS X; I dislike Apple's bull**** marketing and the baa baa Mac sheep who repeat every word of crap that Apple tell them as if it is the truth, then defend design choices that go against everything the almight SJ has preached for years.

Even though this thread actually ended up with some honest discussion and debate, it seems (from your posts) that you are bitter and hateful towards Apple and it's defenders.  This final rant and the closing of the thread has a "fine, I'm taking my ball and going home" feel to it.

Fanbois are ridiculous and, often, incapable of having intelligent discussions...and you'll see them on all sides of this type of discussion (Microsoft, Apple, Linux, etc). The thing is, there wasn't a lot of that in this thread.  Is it simply that everyone didn't agree with you that caused you to close the thread?

I'm not trying to attack you at all...in fact, I consider you a valued member here...I'm just surprised by the behavior.

[ch_123]

Yea....  I tired to run OS10 in VirtualBox for a while, back when I was looking into what all would be required to get into iPhone development, but the performance was abysmal. :<

I found a pre-made OS X image on the *coughs* usual corners of the net that actually worked quite well, even if some of the fancy animations aren't so smooth.

I keep meaning to set my own one up, I don't really like using someone else's hacked copy. Then again, now that I now have a real Mac, it doesn't matter as much.

[pikapika]

I like tiling window managers, myself.

I just wish someone would write one that was mouse-driven, supported floaters and multihead properly, and didn't require some variety of oddball special-purpose scripting language to configure. >_>

I'm too lazy/dumb to write one myself. <_<

http://www.bluetile.org/

[quadibloc]

Runs on a few computers BY DESIGN.

I can run DOS programs at native speed on a modern Windows computer.

That is where Apple failed. Of course, it had limited resources, so it isn't really completely at fault.

When Motorola decided to discontinue support for the 68K architecture, Apple did not have the option open to it of purchasing Freescale, and changing its priorities, so that the 68060 would have had successors right down to the present day.

It just isn't possible, today, to walk into a computer store, and have the choice between a Windows PC with a Core i7 processor in it, or a Commodore Amiga, an Atari ST, or a Macintosh, each containing a 68000-architecture processor of equivalent power to the Core i7. Freescale doesn't make such chips, and AMD doesn't make them either.

This failure of the computer marketplace to evolve in an appropriate manner has left computer users without reasonable choices.

[ch_123]

My reading of the situation was that it was more like Motorola started making the PPC because Apple started using them, not the other way around.

Then Apple moved away from PPC because IBM was more interested in making server and embedded chips than stuff that could be used in laptops and low end desktops.

I can run DOS programs at native speed on a modern Windows computer.

Ehmm... Very much depends. Especially now that 'modern' PCs have 64 bit Windows which drops native 16bit support.

[mike]

I found a pre-made OS X image on the *coughs* usual corners of the net that actually worked quite well, even if some of the fancy animations aren't so smooth.

Me too. I really hope Apple gets over it's attitude towards running OSX in virtual machines - it's a vital tool for IT support, and is gradually becoming pretty important to ordinary users with the increased importance of desktop virtualisation (thin clients are coming back).

As to OSX Security ...

Firstly one of the less publicised features of 10.6 is anti-malware protection ("File Quarantine"), although how effective this is remains to be seen. Still it's better than nothing.

The amount of OSX malware out there is negligible in comparison to Windows malware. This may be because OSX is more secure than Windows; it may be because the OSX population is comparatively small; it might even be because OSX users are more safety conscious than Windows users (come to think of it, this one is really unlikely). I don't know what the answer is, but I find it unlikely that malware authors are holding back attacking OSX because the population is relatively small - some are less concerned with mass infections like Conficker than with getting their skill publicised, or using OSX as a stepping stone into the inside of a firewall.

It is interesting to note that different OSX software vendors have different attitudes to security - as an "admin" user I can write to the Microsoft Word executable but not to the OmniGraffle executable. And of course, by default OSX malware that comes through a browser will run with the privileges of my account.

Apple is in an interesting position - whilst they have not had a really nasty security problem themselves (note: it seems that senior managers have really short memories so Apple II viruses don't count), they are able to take advantage of the lessons learned by the Unix vendors in the 1990s - because much of their code is Unix-based[0].

Of course that doesn't help with the GUI side of things, and Apple won't take security really seriously until they have a really big problem. That's the funny thing about security - there hasn't been a single operating system vendor ever who took security seriously until they had a big problem - not the old Unix vendors like Sun[1], DEC[2], and certainly not Microsoft who had the advantage of a bit of breathing space whilst the "hackers" were tackling the low-hanging fruit of Unix systems.

0: The old rshd daemon is still distributed with OSX but not enabled.
1: Before the days where a firewall was installed where I work, I used to install Solaris servers in an isolated environment to ensure they wouldn't be broken into before I had finished hardening the install.
2: My first experience of IT security was dealing with a compromised AlphaServer running Digital Unix which was riddled with hacked accounts - people were using it as a training ground!