The anti-Apple Festival of FUD has been going since the spring of 2005 when it was first perpetrated by Symantec. That's 5 years of endless 'MAC OS X IS GONNA DIE!' FUD. I call it all ridiculous exaggeration and desperate attempts to draw attention away from the fact that Mac OS X remains one of the TOP 3 SAFEST OSes available. Meanwhile, Microsoft Windows remains THE BOTTOM OF THE BUCKET.

The most desperate of rants is the 'Security By Obscurity' garbage. Right. That explains why there are over 10,000x MORE malware for Windows than Mac OS X. That's roughly 1000x more malware per user than Mac OS X. With idiotic lies and exaggerations spewed in endless streams of FUD, it is to the point where it is no wonder Mac users laugh at it all. Apple may well find it much of it over the top as well and it, which is highly counter productive.

If Dr. Charlie Miller would stop hyper-marketing his admittedly excellent hacking skills, maybe he'd provide some helpful advice for Mac users. Meanwhile, scare mongering pays the bills.

There actually are useful and helpful sources of information available regarding Mac Security. It is also seriously important to stay on Apple's case about security. Much as Apple has greatly accelerated their attention to security over the past 5 years, Dr. Miller's 20 zero day flaws emphasize that Apple has a lot more improvement to accomplish. Why not pester Apple to make a better OS the BEST OS!

... I would write viruses for Windows simply for the fact that it isn't worth the time to write them for the other OSes. The "security by obscurity/unpopularity" has a double effect: less machines that can get hacked, and less people writing viruses/trojans targeting said machines. A zero-day exploit on Windows is worth 10x as much as one on a Mac, because you're apt to get 10x return on investment. That's even if Apple tries to brush their OS's exploits under the rug (as if Microsoft doesn't either).

Linux? People who use Linux for their desktop are usually more "aware" of what goes on with their OS, or have their machine administered by someone else who is. Also, Linux usually has a shorter time-to-patch time than Windows because there doesn't need to be as much legacy and production testing before the patch is applied (which many people don't seem to realize). Why even bother trying to exploit those machines?

It is a good laugh to see Mac owners parroting Apple's advertising, which is to say that rather than extol the virtues of running MacOS, they do their best to highlight the flaws in everything else.

Personally, I've always seen such toothless rivalry as a means of artificially inflating Apple's importance - in a market in which you play only a very minor part, portraying yourself as the 'competitor to Microsoft' fluffs you up to look bigger than you really are.

Fact is of course, it's Windows that remains the #1 choice for almost everyone, for the simple reason that almost everyone reads their email, looks at Facebook and plays the odd game - and that's it. They can either spend £399 on a Windows box to do these tasks, or take out a new mortgage for the equivalent Apple with last year's processor and video card.

What's genuinely amazing is how a company with a supposedly vastly superior, vastly safer consumer product has over many decades failed to capitalise on that fact. Has anyone stopped to consider that nobody cares if their PC is full of holes, because if they did, everyone would buy Macs?

Dohh -- so applications have vulnerabilities. Bears do something in the woods too. The big difference between macosx and windoze is that pretty much everything a luser does in windoze is often done as "Administrator" whilst everything a luser does on Unix is done unprivileged. MS has tried with Vista to remedy this, but trying to patch up a weak foundation is always fraught with difficulties. Ergo, powing windows is usually more successful than any Unix machine. Aside from the infamous Morris worm many many many years ago, how many infections of Solaris/Linux/MacOSX have been running amuck? Compare this to various bot-nets of Windows.

The FBI uses Macs in their offices, because thy say it is far safer. It is only the field agents who use pc laptops, and those are not connected to the net.

A better analogy for Mac OS X security is that Apple owns a private swimming pool. Only a limited number of people have season tickets and they are richer, cleaner and well behaved patrons.

On the other hand Microsoft runs a public swimming pool. Everyone uses the pool, including people from the dirty slums. Consequently you have people taking baths, kids peeing and pooing and god knows what else. Microsoft does a good job at cleaning the pool up after each mishap of course.

But the question remains. Which swimming pool would you rather swim in?

You guys are getting bent out of shape over 20 open source flaws when Microsoft patches more than that every month on patch Tuesday. They even have their own day of the week.

I, and many others, have been in the IT game for over 2 decades and I have never seen more security problems than with the OS's that Microsoft puts out. And MS's own people even confirmed that their OS's are 5% flawed. So 10's of thousands of flaws vs a few hundred.

You guys are so hung up on W7 being amazing well the only way they could shore-up the problems than create a gatekeeper app UAC rather than fix all the problems. Get rid of UAC and tell me how safe you are. Linux and the Mac OS don't have UAC and still they're safer. Get over yourselves. It's only software!

"WHILE THE THINK DIFFERENT COMPANY Apple continues to smugly tell users that its OS is safer than Windows, an insecurity expert has claimed that it has 20 zero day security flaws."

It seems patently obvious that Mr. Nick is the "insecurity expert" 'round these parts, crowing about this stuff as often as possible with no upside to make it worthwhile, other than a hit-count which counts for little to nothing in the world at large.

Macs are cruising right along and the nice warm feeling these posts appear to provide could just as easily be achieved whizzing down your own leg, Nick. Just let go. Let if flow. Serenity now.

Hey Charlie,

If it is true . . . and you release the vulnerabilities into cyberspace without informing Apple . . . and hackers create viruses which cripple some MACS or cause MAC owners a world of trouble . . . what does that say about you?

A

The argument that Macs aren't targeted simply because there are fewer of them is bunk. There were numerous Mac viruses before OS X, and there were far fewer Macs around then than there are now. Obviously there is more at play here than that.

Just as Windows attacks occur shortly after the revelation of security vulnerabilities, I would expect Mac users could pretty well bank on having their machines hacked in short order after this revelation of many security problems in OSX.

Apple tends to ignore and dismiss concerns of this nature, which won't help its customers much. At least Microsoft admits its software is insecure and (tries to) patch it monthly.

The root cause behind both these companies' problems is dependence upon the "security by obscurity" model. This doesn't work (as "fuzzing" finds the problems anyways).

Mac OSX closed the door on its BSD code base years ago, forsaking openness for control (which has now spread to oppressive control over even iPhone app developers). Now instead of having millions of users troubleshooting and submitting improvements for OSX, development is limited to a few very closely monitored (read: oppressed) programmers. Control has superseded the quality that would be available from having the code open-source (and this is unlikely to change, given Mr. Jobs obsession with control, and also his penchant for lawsuits...those he has angered would probably really like to have a look at the OSX source code!).

Of course, Mac users can always dual-boot Linux, which does not suffer from the same security problems or depend upon obscurity for a false sense of security.

http://en.opensuse.org/OpenSUSE_on_a_Mac

http://www.askdavetaylor.com/how_do_i_dual_boot_ubuntu_linux_mac_os_x.html

Well I would be careful you might instigate a hacker to hack your Mac. But seriously these days Software vulnerabilities are rarely the cause of malware infections. There is no patch for human stupidity so no system is safe or even safer.

Such beautiful malware like Zeus loves stupid people since to date all the malware incidents I have investigated regarding malware such as Zeus requires 3 levels of stupid.

1) click on the spear phishing link within the email received and download the zip file.

2) Open the zip file

3) Launch the executable within

All of which don't use any software vulnerability but all of which require user to initiate. No OS is safe from that, no Anti-Virus/Sypware/Trojan/Worm software in the world can protect a system from that. No firewall or NIDS/HIDS or IPS can make things safe.

Instead of working on Web 2.0 why don't we work on homo erectus 2.0 you know the one you can bitch slap and fire on the spot (even if your a big fat CEO) for being such a moron.

BTW Unix and Linux are not safe either from this.... good luck and peace out

We've been hearing the old line that Macs don't get viruses because there are less than Windows PCs for a very long time.

It's been 10 years since Mac OS X has been in existence... and not a single virus attack to date.

Yes there are less Macs than Windows computers. Macs make up more than 10% of all personal computers (Mac users hold onto and use their Macs much longer than the average Windows PC user keeps their computers on average).

There are over 100 Million Mac users... that is not a tiny number, and it is well worth a hacker's time to attack Macs. You would think logically that there would be about 20,000 viruses and malware for Macs (10% of the number existing for Windows for PCs...

But there has not been any virus outbreaks for Mac users in 10 years!

The line about Macs being safe because there aren't many of then is pure FUD.

Most Macs are home computers (although many businesses are entirely or almost entirely Macs). It is mostly home users who get attacked and lose data, since businesses and governments have extensive firewalled servers, and they don't let their users install anything on their PCs.

When looking at just home users, about 1 in 5 are Mac users. If you are a Windows user, think of how many people you know who has a Mac. If you know anyone, you can probably name a few.

Mac OS X is a UNIX based system, and unlike Windows it is built for networked and Internet use. It is inherently much more securely coded than Windows (which has its origins in DOS).

Whenever you hear about hackers who find "security holes" it is because they bend the rules and give themselves permissions that a hacker would not have in the real world.

Just be aware, with all of the so-called "security holes" found and publicised over the past 10 years... and with over 100 Million Mac users... there have never been any virus attacks on Macs.

Why is it that you guys take this mac vs windows fight to heart? i have been reading inq for years and they bash both windows and macs pretty much equally.

on another note, Nick can you go back to writing stories in the styling of Nostradamus?

On First Voyage, Seas 1 ep 1, Charlie X Took Command by Simply: COMMANDING. NightMare, Charlie got Wish & deliveryed Safely to Triton, First, Before Cargo Destination. So Dreams Are Dreamy way to sleep & Play. Charlie Dreams where Far Off & in new Surrondings. Why Change to StarBoard. Heres Video on Dreams in Nice GOLD of later years.

http://www.youtube.com/watch?v=EJ4mkFbgP5U&feature=player_embedded

If missed Google Quits China, ALL that GOLD Paid Off Here:

http://news.cnet.com/8301-1023_3-20000757-93.html

Apple Seems Bit Less, Mainly Heavy Breathing & Promises, since Beginning. Market Share zilch, Intrest, School yard, Cost of Operation, HIGH. Sort & Bake.

I wonder why it is that the Inquirer spends so much energy gloating every time someone comes up with a theoretical attack that might affect Macs?

It doesn't matter that none of those theoretical attacks ever amount to anything. It doesn't matter that the Inquirer is made to look like a fearmongering FUDmeister again and again. It doesn't matter that there is STILL no virus (as opposed to trojans that can affect ANY system if the user is dumb enough to install something from an unknown source). It doesn't matter that there are hundreds of thousands of viruses in the wild affecting Windows and zero affecting Macs. It doesn't matter that malware costs windows users tens of billions of dollars per year.

All that matters is that the Inquirer sees another opportunity to spread FUD. Go figure.

created an environment suited to criminals, and as the biggest and baddest, prospered in it. M$ promoted thievery by stealing ideas; protection rackets "pay me or your system breaks"; ran out all the honest businesses and bought their property at pennies on the dollar; promoted addictions (obvious); promoted gambling (I'll bet it doesn't BSOD); controls all the vice (people who make money from existence of the M$ empire); paid off politicians and cops (Justice Dept and NSA), and perhaps most importantly, promoted promiscuous mingling of code and data, which is where most vulnerabilities are found. Now M$ sits in the middle of its criminal empire, controls nearly all the action, and rakes off a cut of all the action in town, even from the remaining legitimate businesses. Like all evil people, they'd rather reign in Hell than serve in Heaven.

So, yes, GOOD analogy, now that I think on it.

Anyhoo, since OS X inherited the basic strengths of Unix (tested by real fanatics for decades), it's surely a more sound model than the amateurs at M$ can ever patch theirs up to be. I'm sure that Apple *won't* be concerned about problems that haven't arisen, but like all good farm folk, have a loaded shotgun handy if need arises.

OSX has a small user base, but the number of PCs that ever get hacked/malware infections is also pretty small because of all the security.

If someone could write a proper hack for a mac, tehy would get all macs because their security sucks; users are complacent, anti-virus is few and far inbetween.

So, why don't hackers hack macs? Because they can't! All tehey can do is build on pre-existing hacks. In other words, hackers don't know as much as they woud like to think they do.

Apple "will not think it has a security problem until it affects [the company's] bottom line, which hasn't been the case, yet"

My first thought was that Apple's bottom line would become affected when it's customers start having security problems. My current thinking is that this has not been the case for Microsoft. Go figure....

This is why OSX will never become a massive contender due to the simple fact that it has has many vulnerabilities. Simply because the OS is doing more and more and becoming more versatile like Windows did YEARS ago. As a result of becoming more popular pritty much only Windows OS's have been targeted and Microsoft has learnt how to deal with such threats.

The day Apple gains a substantial market share is the day OSX gets laughed back out by the malware and virus writers.

What a great analogy! Yes, Apple is the country bumpkin living in the rusty double-wide with the shiny Cadillac parked out front. The Cadillac, glimmering in the sun, masks the real truth that lies within.

http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-6.html

"Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them."

So does Charlie Miller still recommend OS X over Windows to the average user? That's been Charlie's recommendation despite everything since for the end user in OS X, they are likely to see less problems regardless of the reasoning behind it.