Canadian Mac Forums at ehMac banner
1 - 12 of 12 Posts

·
Premium Member
Joined
·
7,069 Posts
:rolleyes:

Sheer anti-Mac journalism. The guy is wrong, and the security flaw used as proof, the chance of it happening is slim to none. It may be a large hole, in that a great deal of damage could be done, but how is someone going to be able to exploit this flaw? Besides a work around was posted about 2 weeks ago, less then a week after the flaw was reported.

This guy is crazy. He has a few points, but they are blown out of proportion. Anyone hear about the latest IE flaw? Which one? I mean the latest one, the one where spam sites can easily mimick another site (eg. paypal) and in the status bar and address bar put what looks like the actual site. Or is that not the latest one anymore?
 

·
Canadian By Choice
Joined
·
5,141 Posts
Agreed, its a pathetic article with a ridiculous premise but the flaw actually is serious if you have an Airport or other wireless network that is not protected. Sure, the work-around is easy but if you haven't the sense to set up security on your Airport basestation then maybe you also don't know about the subnet vulnerability.

BTW, over 50% of wireless networks are unprotected. Enabling 128 bit WEP is the minimum level you should be at.
 

·
Registered
Joined
·
599 Posts
Chealion,

Do you know if Apple has released an official patch for the security issue? I read about the workaround a couple of weeks(?) ago but didn't do it since it seemed to be a fairly remote possibility
 

·
Premium Member
Joined
·
7,069 Posts
There is no official patch, but it should be fixed in 10.3.2 which is being rigorously tested (Apple has released 3 builds to developers thus far).

The chance of this flaw being exploited is slim to none, unless someone has the know how to set up a DHCP server, set up the right NetInfo information, connect to your network and have you restart your computer. If someone knows how to do that, they have better things to do, and could easily be making money knowing how to do what they do. It is a flaw not worth exploiting.

Windows however, you have a few flaws to choose from and it takes much less work, and you have the capability to access more computers. Besides next week Monday or Tuesday we should see the monthly security fix cocktail from Microsoft for all the Windows machines.
 

·
Premium Member
Joined
·
7,115 Posts
I thought twice about posting this article yesterday... does the author address any specific issues?


He waxes idiotic about how the Mac is every much open to virii attacks, yet we have none (save for the autostart worm from 1996). If the Mac OS is such a hated platform (by the you know whos), why hasn't anyone tried to create a malicious virus? If it's "just as easy to create one for the Mac", where is it?

And what about these security risks? He speaks in generalizations. Sure, they exist... but has anyone actually fallen victim to any? Probably not since Apple typically patches any holes that are found within days of discovery.

In short -- the author is obviously a Dvorak in training looking to pad his Xmas bonus.
 

·
Registered
Joined
·
296 Posts
If I could, I sure would like to write a virus to screw up todays Mac OS. It would be quite the honour to be the first one to do it. Alas tis only a dream. Gene B.
 

·
Premium Member
Joined
·
5,247 Posts
The article is wrong.

Most of the services required to exploit the vulnerability are turned off by default. To be vulerable, you have to turn them on yourself.

Most Windows vulnerabilities are remotely exploitable, in it's default configuration. To be vulnerable you have to do nothing.

One you manually turn certain services on on your Mac, there is also the requirement that someone be an evil black-hatted hacker and that person must be on your LAN (ie inside your firewall or connected to your cable/DSL router, not "out there" on the internet). In other words someone you know and trust has to be Dr Evil.

If you have Airport enabled, that person would have to be physically nearby.

In business, that person should be fired and at home think seriously about a divorce or boot camp for your kids.

You can most certainly set up any system, no matter how secure, to be insecure. What's important is that it's not insecure as it comes out of the box (like Windows).

I know one very competent computer guy who had his WindowsXP installation hacked within 5 minutes of installation; they were breaking in at the same time he was connecting with Windows Update to patch his box.

I have no idea what this has to do with viruses, though.

[ December 12, 2003, 09:57 PM: Message edited by: gordguide ]
 

·
Canadian By Choice
Joined
·
117,692 Posts
Is the .Mac virus software worth the deal that Apple is sending my way to entice me to subscribe once my free subscription has ended?
 

·
Premium Member
Joined
·
5,247 Posts
If you connect to Windows machines in a business/educational enviornment, you should scan your mail and MS Office docs for malware.

If you recieve a message with a virus from another Windows user, they can be re-sent from your computer to a Windows machine inadvertently.

If you don't use Outlook, Entorage, MS Office or it's components, you don't need AV to protect yourself, but you could re-transmit one if you forward an infected eMail (for example).

A file is just that, but if you think about it, every Windows virus travels from it's host through many OS's that do the grunt work of the internet (UNIX, BSD, Linux, MS) before infecting another Windows user. May as well identify and kill them on the way if you can.
 

·
Premium Member
Joined
·
8,815 Posts
I've been VERY BUSY down in the PC Mag forums ;)

Signed,

MacDuff
(my PC Mag handle)
 

·
Premium Member
Joined
·
8,815 Posts
Testing my new sig and avatar ;)
 
1 - 12 of 12 Posts
Top