CE-Oh no he didn't! Part XXIII - Gates: "security guys break the Mac every single day"
By Ryan Block 
posted February 3rd 2007 5:59PM
posted February 3rd 2007 5:59PM
Wow, um, Bill, old buddy, old pal. We're sorry to skewer you on this one and all but seriously, what the hell were you thinking telling Newsweek that "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."? We understand the few questions preceding interviewer Steven Levy's query about Vista's security compared to OS X's may have gotten you a bit riled up, but let's be honest for a second. We follow this stuff fairly closely and we haven't seen or heard about any globe-trotting worms or prominent security threats to Apple's operating system in quite some time; one of the highest risk threats we've heard about in recent memory turned out to be a hoax (although, as many readers have pointed out, there's always the MOAB). We're glad Vista is enhancing Windows security (and usability), we really are, but we really think you and Jobs (and Hodgman) should go have a few drinks and just enjoy your filthy richness or something.Love, Engadget
of course windows is broken only one a month,thats why there are only 114,000+ windows viruses. Evedently Bill Gates need to keep more up to date on the techology his company develops, i would be embarrased if i were the person that said that. He then went on to say that Macs get viruses everyday, #1)bullshit #2)bullshit #3)although there are security flaws in OS X, they are discovered by security people, who then pass them onto Apple for fixing, other then in the case of the people with MOAB, in which case they pubicly showed off their ignorance by releasing bugs for mainly 3rd party apps, and what was Apples software was fixed very haistly, as was the 3rd party stuff. I do love when the ZDnet emails arrive and the neadline is "another MS Office zero-day exploit released".
Apple admits vulnerability. If you check out the latest Apple Developer Conference, viewable through iTunes, you'll see one of their programming guys admit as much.
At issue is Unix -- at least according to the guys over at Mac Geek Gab -- they say there are so many levels to ask permision at, it's impossible to unknowingly allow a bot/virus onboard.
Yeah, the Apple spokesguy said:
"We'd like to debunk a few myths about the Mac:
*Mac are invincible;
"We know Mac's are not invincible. We know that we are being targeted by hackers, we are very cognitant of that, and that is why we spend a lot of time in our product design, in our product review, in the way we design our user interfaces, and the way we respond to issues when they appear - to be very proactive about that."
*Mac's are sucure becuase of small market share;
"Again we know that the hackers are targeting us, it actually doesn't take a very big bot army for a hacker to make a lot of money. They can make money off a little bot net of 5000 machines or 10,000 machines, and run a dos attack against someone and blackmail them. So what's really happening is the hackers are targeting wherever they find weakness, and it's our job to make sure the Mac is not weak, we actually have a very good track record there and i'll talk a little bit about our strategy and our process for achiving that."
And there's more; "We've always had with Mac OS X a very easy single update process, so as a result our usersactually keep there systems up to date and always have with Mac OS X, and we think always will cause we've made that so simple, we've paid attention to ease of use. So our security are very simple: number 1 good security starts with design, it's not something you slap on. Number 2 good security is easy to use, security that's not easy to use doesn't get used. Number 3 good security continues to improve."
"Finally we're very proactive about making sure that issues don't become problems, jumping on theoretical exploits as they become publicized. Making sure we do timely updates, we don't wait for the next month to roll around, we do updates on an as needed basis. I know there's some controversy in IT shops 'woultn't it be easier if we could have our security scheduled on a monthly basis or something like that' we actually think it's better to get those security updates out as soon as we can get them out and not wait for the next month to roll around. We work very closely with security communities, so that includes people like CERT or FIRST, the free BSD security team for the OS, we work with the department of homeland security. Security involves a lot of communication with these groups, and again we're very proactive, we have a whole process for doing that. We've done 44 in the last 5 years, for those of you that are keeping count. This is an ongoing process that I think we've actually gotten pretty good at. And finally continuing to innovate in areas that will stop these issues before they become a problem, or provide features like file vault that allow people to keep their data secure."
If one compares the number of exploits found in OS X vs. Windows, Windows comes out very favorably. Microsoft currently leads the industry when it comes to in house security training and security response. Apple, however, likes to pretend there is nothing wrong, which is what sparked the month of apple exploits (a sort of wake up call, if you will). I think Bill is asking for trouble daring people to find exploits in windows (though it could be an incredibly clever ploy to get the exploits shaken out while there are still relatively few vista boxes to exploit), but he is right about the Apple exploits.
Why aren't more Macs compromised if the platform is less secure? Simple economics. Modern exploits aren't malicious worms anymore. They are targeted malware designed to make money (and often patch the exploit they used so others can't). If you can choose between 95% of the computer market or < 5% (and sorry folks, Apple is STILL less than 5%) you go after the larger pot of gold, even if the 5% represent the proverbial low hanging fruit (you can also assume that a large majority of that 95% isn't great about keeping patched).
Or, just look at the numbers in the link below:
http://www.usatoday.com/tech/news/computersecurity/hacking/2006-08-02-black-hat_x.htm
And for further nay-sayers about windows security (though not related to apple)
http://blogs.technet.com/security/archive/2006/10/19/windows-vs-linux-workstation-comparison-q3-2006.aspx
So in short, for all of the asshats here who have no idea what they are talking about before they start typing (i.e. all of the Mac users who think MS security is in the same state of disarray as it was in 2002), why don't you try and educate yourselves first.
I think Bill Gates is right about this. Here is an interesting blogpost about the Mac Ads.
http://blah.winsmarts.com/2007-2-Hi,_I'm_a_PC,_and_you're_just_a_liar.aspx
Specifically about security, scroll down to 3 links where the blogger busts myths about Mac OS security.
FP, Microsoft created an environment that made hacking easier. For instance, the design of macros for Office and ActiveX were neon invitations to creating malicious code. (I've been in this business for a long time, and I remember reading technical articles when these products were released that said, in essence, "Holy crap, watch out for the trouble these suckers will cause!"
Yes, it's up to the users to be careful, but if you design a system that makes it easy for a normal user to unknowingly infect their computer, then that's the designer's fault, not the user.
3 pages. We're doing good aren't we? :P
Start calling 911... I smell flamethrowers firing up :P
Anyway, wouldn't that comment kinda.. you know... encourage people to find all the possible holes in Windows security? Just to make the richest man in the world eat his own words :$ Go hackers, good luck MS!
Microsoft suck but Mac suck even more. I remembered the days when there we didn't own a computer. Such wonderful days.
Perhaps if Apple didn't run arrogant ads focusing direct attacks on PC's running Windows we wouldn't see comments like these. I think Apple really shoots itself in the foot with these advertisements. If Apple had any real plans to gain market share and make OS X a more prominent operating system they'd open it up to other hardware manufacturers. (Wasn't Michael Dell quoted as saying he'd be very interested in offering OS X as an option on Dell Computers?) The truth is, although OS X is a good platform, you're locked in to running it on Apple Computers, and compatible hardware.
I'm a former Mac user that switched to PC's. Maybe if Apple opened up OS X to the PC World and wasn't in the business of proprietary hardware/software combo's I'd buy and run OS X on my PC.
Mike, You Lie...
OK maybe you would buy OS X... If it were offered. But that isn't the point - you guys on this board here are NOT the target market for Apple's OS X... as in all you people who say "If Apple were to release X for generic machines then..." Well TBH some of you may switch... Most of you would download the torrent and play with it for a bit... Some might even stick with it - but that won't be added to Mac sales. Even if Dell were to offer it as a BTO option the market would only clock those as PC sales - don't think they are able to split them down further than that at the mo - so it won't help Apple's market share anyway.
So it's a spurious argument at best.
In my opinion, Gates said "security guys" as in there aren't any n00bs good enough to h4x the Mac. I can imagine they [Apple, Microsoft] pay the best computer techs in the world to test their software for any vulnerabilities. Nothing is safe, people are paid to do this kinda crap all the time, lol.
Nice little hissy fit from Ryan here! This mud slinging is par for the course when it comes from Jobs but the moment anything bad is said about Apple and hissy from Ryan.
Let's face face the facts. The two operating systems are different. Windows has users in mass and Apple has fringe users. Both of those situations bring different problems and different mud to sling at one another. No reason for hissy fits here!
Shut Up Mac fanboys! My friend has a Macbook Pro and it was attacked and hacked everyday! His Bootcamp partition running WinXP was infested with exploits, so what Bill said is true!
I'd like to subtly point out you answered your own angry assertations in your own message; did you ever stop to put the pieces together and recognize that your friend's partitioned drive running XP is the part of his hard drive that is infested? This is why I choose to avoid any such partitioning or dual-booting. I would be willing to bet that your friend would not have the viruses and infestations on his windows XP portion of his hard drive if he...hadn't installed windows XP..on his hard drive.
Squirrels, you need to lighten up dude. Haven't you ever heard of irony in humor? You must work for the Boston PD.
is he using drugs?? or he never used windows in his entire life !!!
brendan , is that why known remote exploits present in FreeBSD 6 years ago have just been recently patched in OS X? Of course Apple can roll out updates whenever the want, they don't have to worry about corporate america not wanting to install patches every week or two as they have no install base there, but they are also not all that quick to fix exploits.
Oh, and Squirrel, have you used vista or just repeat everything your turtleneck clad friends sprout on forums? My desktop is 20 months old and runs EVERYTHING in Ultimate turned on without a hitch. I built it for around $1500 so it isn't some ridiculously tricked out system. My tablet also runs it fine, though I don't have aero turned on because the video card is a little on the crap side.
I think the reasonable people here know that each system (Mac and PC) have their faults and strenghts, security and otherwise.
On the security side though, I've never had a month of Windows patches that equalled 180MB, and I HAVE had this with my Mac. I'm glad I didn't buy a Mac for my parents on a slow connection, or they'd STILL be downloading patches...
This could actually be true now.
He did not say the hackers exploit OS X everyday.
He said hackers exploit Mac's everyday.
Since Mac's now run Windows, one of Bill's statements is actually true and accurate.
Easy to see what he's doing. He's edging hackers to try and perform as many exploits as possible so they can identify the flaws and plug them as quick as possible. Crafty Bill, crafty.
Newsflash : Computer software has flaws, some of which can allow malicious people to damage or take control of your system.
It's silly to argue that Macs are inherently secure. It's not silly to posit that they are more secure, by default, than traditional Windows variants (excluding Vista, with which I have no experience yet). Default security policies on Macs are smarter, for the most part, which is a big help. But that's neither here nor there.
Exploiting 3rd party code, on either system, is only a shot against the OS maker if some OS policy allowed such an exploit to be more effective in it's compromise.
Further, the main issue i take with Bill's statement is the following portion : "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally."
Clearly referring to MOAB here, he's just blowing smoke. The majority of MOAB exploits are denial of service, not security compromises. Look, I'm not downplaying the severity of DOS attacks, or any of these bugs, and I'm glad we're seeing them publicly, but the statement Bill makes is patently false.
Show me a remote root exploit on any system once a day. It's asinine to say and undermines his credibility. He should've just said, "Computer security is a challenge for anyone, as the MOAB project recently showed, and Vista's going to be better than ever." At least that would have been true.
Its like the PC guy in the Mac commercials finally saying "You know what, you're so full of shit!"
Bill is doing what any other man would do.. defending what is his. He is rich but still has an ego. However, that does not justify that he is right. Everyone knows that once you go Mac.. you will never go back!!
Poor(rich)Bill