You've already lost that battle, he's an anonymous pansy.

I don't mean emulate HIM, just his actions, with a few minor changers, most notably that i will reveal myself; whats the good of evil if people don't know it?

If you can get root and dump a text file, you can do anything.

Homer,

No, that's not what I said, read again.

Thomas

Also, a quick glance at Bugtraq / full-disclosure / etc etc will reveal that this is *not* how "the game is played nowadays". Holding something like this to ransom is essentially black-hat behaviour imo, and not how the security community should, and mostly does, operate.

Wow, Steve Jobs himself, when directly asked at All Things D, said their worldwide desktop marketshare was around 3%, yet you claim 16%! Now talk about the faithful. When even your hero says 3%, and you turn around and say that he is just being modest. I think you are confusing the fact that for a couple of quarters in the US, Apple has had 16% of laptop sales with their overall marketshare. You see, there are more computers out there than just laptops, and there are more countries out there than just the USA.

IDC announced in it's recent press release the Apple Market Share is now 5.6% for those of you bickering over what the stats are.

And OSX does not have YEARLY $150 updates. Heck, Leopard will be my first OS upgrade in 2 years, that's right...2 years. How long did you wait for Vista? Did you get all those drivers you need yet?

and why when OSX has the slightest possible security hole do Windows users already have to chime in. Your imaginary infinite Windows wisdom is not welcome in our Mac world. We've already learned from your mistakes...which you still continue to make.

Personally, I don't feel the slightest threat from an article on a anonymous person who tests in a closed environment and doesn't release a single detail about the setups or scope of the project.

Well, apparently not. According to this article a coder *has* the potential of creating a widespread worm for OS X but would rather sell/give the info to Apple than release it in the wild. It's like you didn't even read the article.

It's weird how OSx users want to tout security so badly that they're blind to vulnerability reports.

I ran a Linux webhost server for quite a while. If you install tried and tested software on it with proper permissions, keep up with current kernels and limit others from installing crap, it's pretty hardened.

Windows XP and Vista are also pretty secure if you don't do stupid stuff (and you know what I'm talking about).

If this claim is true, it is one of the very few reports as of late that can infect you without you doing anything. Apparently it doesn't exploit a browser, need to be installed or need to be an attachment to email.

Many people have taken them up on their challenge, and done it successfully. People ranging from respected security consultants to black hat lowlifes have found and reported on numerous vulnerabilities and exploits on OSX. And every time someone does, the Apple damage control machine personally attacks them in an attempt to discredit them, crazy Macheads leave death threats on their site, and people like you start floating tripe like your post to minimize the importance of the newly exploited vulnerability. Then all the Macheads stick their head right back in the sand and go right back to parroting that there has never been a security breach on OSX, in complete denial of reality.

@ L. M. Lloyd - "...And every time someone does, the Apple damage control machine personally attacks them in an attempt to discredit them..."

you're so full of it. It's nice to imagine the evil apple spin machine, but seriously, that's a bunch of paranoid bullshit. Show me one example where that EVER happened, and if you point to the macbook wifi joker, then you truly are a fool.

Hey everyone, it's Apple hatin' Lloyd!

@ Jeff

Clearly I don't need to point out an example, since you are obviously aware of it. Apple PR, as you seem to well know, was actively involved in discrediting David Maynor and Jon Ellch, and went as far as to sign contracts with their employer to make sure they couldn't present their findings. This has all been documented several places including cnet and the Inquirer.

Just because you choose to side with Apple PR instead of the researchers, doesn't mean it didn't happen.

@ CmpltDrk

I don't hate Apple, what I hate is the constant void of rational thought that surrounds any Apple, or for that matter Sony (just in the other direction) story. I get so sick of people authoritatively spewing complete crap, and everyone accepting it because it is popular crap.

A large amount of nasty stuff that can get on your computer nowadays involves collecting information to be sold, there's no point in doing that on macs when there's much better prospects in doing it too pcs.

Wow LM Lloyd, both CNET AND the Inquierer reported this? Hell, all I need in the NY Post or the Washington Times to hop on this band of credible news sources and I'm sold...

>XP 2000 and XP

Should read Win 2000 and XP (obviously)

Holy Crap! That's the first time I've heard that. I'll keep my Vista Ultimate? Yeah, you'll pretty much have to since you probably had to take out a second mortgage to buy it. I know that the shiny glow of Bill Gates' autograph on the box keeps you warm at night, but remember to thank Apple for all the innovation in that "Ultimate" OS. I hope your kidding.

He's only had to pay ~$250 for operating system upgrades in the past few years. Apple charges about $130-$150 for their yearly upgrades. With another one set to drop soon, there will have been 4 major releases of OS X since XP, so ~$500 vs ~$250 for operating system upgrades. Math is hard.

@ fred

My copy of Ultimate was free. It's a retail copy with a genuine serial number. Not only that, I sold my other free copy (Vista Business) for $160. So far, I'm in the black with no second mortgage. I also upgraded my machine by eBaying the old parts and using the money to fund new components. I broke even, got some nice new stuff and had enough left over to buy my wife a 22" widescreen.

The cost to acquire and run Vista can easily be made negligible. So far I'm in the black with no second mortgage. Use your brain before you spout off.

@ Christian and Asmeroth

You guys might need to get your sarcasm detectors checked out, they seem to be broken. I cannot believe that you are falling back on MS's failure to release a new version of Windows for so long as a positive. On my planet we call that grasping at straws. I'm sorry if $359 for a warmed over 5 years late aquafied version of windows doesn't ring my bell, when I've had those features for quite a while on my Mac.

As far as you go Christian, hey I'm glad that you could scrap together the cash to upgrade your box so that you might have a hope of running Vista. Hopefully next time you won't need to auction a kidney to get your widgets...oh I'm sorry I meant "Gadgets".

You have both effectively ignored what I was really talking about here anyway. I was poking fun at Bob's assertion that he'll keep Windows because it's so much more secure than OSX.

how did you get ultimate for free? i gotta say... your story is pretty unbelievable

@fred

How do YOU like your Konfabulator, er... I mean Dashboard?

People who live in glass houses...

Everyone just shut up. It doesn't matter who has what OS, as long as you like what you're working with. Its all a matter of opinion.

For a second, I thought I was reading a blog with an audience of bickering 5 year olds. Grow up.

Richard, and where did Konfabulator steal widgets from?

Oh yeah, Apple's Lisa OS.

Deskapps.

The truth is sure a bitch isn't it Windows lover?

@ fred (again): No, your original point was to show your fandom and bash another OS because it makes you feel like a bigshot. My box ran Vista fine before upgrading, and I still have all my organs. I upgrade out of affinity for tinkering with hardware rather than need.


@ Craig: Truth be told, it was $10. Alternate media kit ordered from MS + serial from trial version given out at launch events = licensed version. There are threads floating around regarding this. If you'd like examples: my Sony 20.1" LCD sold for $320, the 22" Benq wide LCD was $270; 2GB DDR sold for $175, paid $99 for 2GB DDR2; mobo/proc sold for $20, paid $135. I got lucky, but I still came out ahead.

@ byaah: He stole my juice box first.

Well, Chris I'm pretty sure I'm gonna know what I was saying better than you, but whatever. As far as me being a bigshot, it's my enormous man parts that make me feel that way. I'm glad you're happy with Vista, and when you'd like to graduate up to the REAL OSX let me know, smarty. I run a Mac out of a need for a stable machine that works right. But hey good luck to you, friend.

I keep my Vista. I had it for 6 months and never did I once ever consider buying an anti virus software.

How bout you just have both OSX and Vista (on a PC by the way) like I have and call it a day ;)

Hey, there's no question that there are security holes/exploits etc in OSX. The difference here is that when there is a possible exploit, the first time you typically hear about it is when your run Software Update, and Apple patches it. There are so many people who would love to knock the Mac off of it's pedestal, but I submit that at least some of the people that start of trying to find a way to screw it up, probably become converts in the process...

Anyway, I agree with you, but only to an extent. Users should always be careful what they browse no matter what platform they're on, but OSX is the most secure, and for reasons way beyond "Small Market Share".

I would not say that OSX is the most secure, not by a long shot. I would say that unix, linux and BSD (more so BSD and linux) are the most secure OS's out there.

They run a even tighter security model than OSX, OSX is essentially a sugar coated BSD variant that the model has been changed slightly to make it easier on the user.

BSD and linux are usually patched with in hours of EVERY exploit or other security concern is found. I don't think any other OS out there to date can claim that, which is one major factor that they are the most secure OS's out there.

Of course, like any other OS out there. Their security can be tossed out the window with a user that doesn't practice good security.

Allow me to clarify. OSX is the most secure MAINSTREAM OS. I wondered if someone was going to bring that up, but I couldn't edit my comment.

And Linux isn't a mainstream OS?

Even Dell is starting to sell their computers with Linux as an option.

What is the market share on Linux compared to OS X anyways.

Actually, what's being done here is that the researcher created a new weapon that only works because of a vulnerability in the OS. He isn't going to release a worm that uses it and have it wreak havoc if Apple doesn't pay for it, he's going to publicly disclose the vulnerability. Apple wouldn't be paying for him to not 'attack', so to speak, Apple would be paying to be the first informed of the security hole so that they have the chance to neutralize it before anyone else knows it exists. All that said, it's still conceptually not a very nice thing to do, but at the end of the day, the guy should get paid for his work, and it's quite a long way away from the man who plants a bomb and threatens to set it off unless receiving payment.

So he's the guy who knows where the bomb is but wants money to tell people?

These people do research on these worms for the purpose of getting them before a person with milicious intent does, and selling it to apple. There's nothing wrong with it.

Yes, there is. I do and have worked for banks' IT departments for 7 years now. Banks are risk-averse and accordingly slow to change. Their IT groups are made up of MS-Certified staff. Because Windows is the market dominator for desktop systems and has been for years, and because of banks' investments in enterprise licensing for software, not to mention the proprietary software they all use for their tellers etc., they will never change their desktop systems, regardless how secure Windows is. They will patch it instead, update their firewall/viruswalls, and continue with business as usual.

And I disagree strongly with your statement that OS X's "security has much to be proven." Remember that the underlying kernel is BSD, which has been around longer than either Apple or Microsoft's companies or their operating systems. We rarely if ever read about viruses/trojans/whathaveyou infesting *NIX systems. For that matter, 5+ years of OS X and a very small handful of exploits (much less actual virus epidemics), to me, equals proven security.

You obviously have no understanding of the major differences between the two operating systems. OS X is a UNIX-based operating system, and in addition the core of it is open source (Darwin). UNIX-based systems have well over three decades of exposure to ever-increasing markets and customers. Further, open source-based operating systems can be audited by anyone, at any time.

None of the above is true for Windows. Windows is a an operating system cobbled together from millions of lines of hacked-together code generated by contractors employed by the lowest bidding contract agencies. There have been no public audits and no decades of constant optimization by people with no vested interest in shipping dates and quarterly profits.

The "market share" argument is crap. There are two reasons why a serious exploit for OS X hasn't been seen in the wild: 1) the OS is UNIX-based, and 2) the vast majority of people who release exploits into the wild are script kiddies with little or no skills allowing them to exploit OS X because exploiting a UNIX-based system requires real knowledge and expertise, not just clicking a couple buttons.

OS X and Windows are fundamentally different systems. That's the reason for the lack of serious exploits for OS X, not market share.

You are mistaken. OS X is fundamentally easier to secure than Windows. Why? Because it's based on a more secure OS - BSD. Of course market share might pay into why some commercial spammers don't attack OS X. Macs don't represent a potential spambot army that Windows does.

But underneath, in the plumbing, it's more secure. This is very well documented on the net if any nay-sayers wish to check it.

That's not to say that we Mac users are naive and don't realize that our computers can't be compromised. They can. But the market share argument is a meme that keeps getting repeated, because Windows fans (is that an oxymoron?) hate the fact that it's not true, so they want to make it true by repeating it. Unfortunately, that's not how it works.

So, for those who don't want to actually read:

1: Yes, Macs have less market share, so that helps
2: No, Macs actually are more secure
3: No, Macs are not invulnerable. Just moreso than Windows or Linux.

Proof? The San Diego Supercomputing center (the ones that set up the honeypots online) did a test. They took an out-of-the-box copy of Windows XP - the way a typical user would install it, and similar copies of Linux and OS X and put them on the Internet without hardware firewalls to protect them. The Windows computer was taken over in minutes, the Linux box was taken over in a few hours and OS X never was.

You do the math.

You know, the overwhelming, and I really do mean overwhelming, majority of Windows exploits, also require an unpatched, or at least not recently updated, system and usually also require some sort of interaction by a stupid user to compromise a system. That doesn't stop THEM from being newsworthy.

In fact, that doesn't stop Macheads from running around claiming how Windows is the most insecure OS on Earth, despite the numerous security studies saying otherwise.

@ L. M. Lloyd = "claiming how Windows is the most insecure OS on Earth, despite the numerous security studies saying otherwise."


aahhhahahahaha - oh that is rich. show me a SINGLE study that says anything even vaguely like that. (microsoft funded studies don't count, and independent studies with that result don't exist.)

you are such a shill.

Ah, so let me get this straight Jeff, you ask me to show you a single study that says that, and then turn right around and basically admit that you know there are studies that say exactly that, but then discredit them because they must be biased if they don't agree with you. Ah, and I'm the shill?

Ooops, looks like the link I posted has been updated to include 10.4.10.

xD

@ L. M. Lloyd

you are a shill. there has been exactly 1 "study" with those results, bought and paid for by Microsoft. It's not that it "might be biased" - it's that it's marketing pretending to be research.

they're shills ("A shill player is a who is paid by the house and plays with the house money.") and you're a shill for using them as your source knowing full well what's going on.

you may as well say that you're the smartest guy in the world because someone you paid to say so, said so. that's idiotic.

"Question (Serious): Is it actually possible to write a program which if ran by the user, to affect the system settings, delete files whatever?
If yes - then this is how half of ignorant windows users get infected (doing certain things hinted at above)
If not - on one hand its good, on the other it again shows how you are restricted on a Mac and have less control."

You must not know much about a little thing called User Levels or Permissions.

On Windows everyone is at the highest level a user can be at, a system administrator.
This means that you can run things that will modify the core system with just a double click. BAD IDEA MICROSOFT!

Nix OSes on the other hand have you set as a User, which means you need permission from an Administrator to do things to files that have permissions set higher than what you can do. This simply makes it so that if someone else was trying to do something to your system files, they'd have to know the administrator password to do so. And when using a Nix OS as a desktop OS, you most likely know the password, so nothing is inhibited.

Learn more about security schemes before saying crap like Macs are inhibited.

I'm not a fan of Macs, but they are a Nix OS too, and saying the way Nix handles users is a draw back is like saying that having a key to your car is stopping you from doing things.

umm - actually users are set at what level you tell them. You can create Administrator accounts and user accounts on both systems. You CAN restrict access in user levels on windows machines, including restriction to install new programs. You can also hide and protect the system folder so users cant accidently just do things with a 'double click' - you mustn't know much about the users settings in windows..

I have to use a mac at work right now and hate having to enter the password every bloody time I want to change something or install a program.

Point still remains that a more closed off system will no doubt be more secure, but less open to more software and there for 'inhibited' (your word not mine, i just said less versatile).

Why cant you just answer a question or have a discussion without the attitude?

@barnz2k:

Yes, you can create user accounts on Windows that have restrictions, like not being able to install programs. That's not the point.

The point, which you've missed: the DEFAULT on Windows is full administrator access. This violates security rule #1: deny all first, allow some later only on authorization.

The OS should be safe and follow security and safety best practices out of the box. OS X does this. Windows does not. Yes, you can make Windows do it after the fact, but the point (again) is that Windows doesn't do it on its own by default and therefore requires non-technical users to have an understanding of user levels and permissions when there's no need for them to do so.

You have to type a password when you want to install an app? Then change the permissions of /Applications.

Ooh, that was taxing.

making it the same power as an administrator in windows, therefore losing the advantage described above..

er...

what?