ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

How Snow Leopard can save Mac OS X from malware attacks

By | June 23, 2008, 4:49pm PDT

Summary: Guest Editorial by Dino Dai Zovi As reported by Intego and Matasano Security, a new local privilege escalation vulnerability has been found that gives local root access on Mac OS X Tiger and Leopard. While Intego calls this a critical vulnerability, I’m mostly with Matasano’s Thomas Ptacek on this one where I am saying this vulnerability is [...]

Flash attack may as well have been zero-day Guest Editorial by Dino Dai Zovi

As reported by Intego and Matasano Security, a new local privilege escalation vulnerability has been found that gives local root access on Mac OS X Tiger and Leopard.

While Intego calls this a critical vulnerability, I’m mostly with Matasano’s Thomas Ptacek on this one where I am saying this vulnerability is not nearly that serious.  For one, it only works when it is run as the user who is logged into the console.  This means that no Mac OS X servers are affected by this, but it can allow a Web exploit or Trojan horse to gain root access without the user’s knowledge or permission.  Also while root access is pretty serious, it is not necessary in order for the malware to do bad things to your system (i.e. install itself to run automatically, backdoor Safari, etc.)  So I will dub this a serious, but not critical, vulnerability.

Perhaps the most interesting fact about this vulnerability is where it came from: a thread (from Google cache because the forums seem to be down now) on the forums at Mac Shadows, a Mac underground site.  The aforementioned thread was discussing how to build AppleScript-based Trojans until “callmenames” discovered the vulnerability and the discussion moved towards the vulnerability and ensuing news and attention.  And at the time of writing, the forums on the site have been taken offline.

The big question on everyone’s mind is when malware will begin to seriously affect Mac OS X and what will happen when it does.  As for when, I am betting that it completely depends on market share, as per Adam O’Donnell’s game theoretic analysis.  As for how bad, that will all depend on Snow Leopard: when it will ship, how it will improve Mac OS X security, and how many users will install it.

Snow Leopard will hopefully raise the bar for Mac OS X as much as Vista did for Windows.  Of course it won’t stop all security attacks, but it should make exploiting them beyond the reach of most attackers.  I’d personally like to see the following improvements:

  • Real ASLR (address space layout randomization).  Library randomization with dyld loaded at a fixed location just doesn’t cut it.
  • Full use of hardware-enforced Non-eXecutable memory (NX).  Currently, only the stack segments are enforced to be non-executable.  Welcome to the new millennium where buffer overflows aren’t only on the stack.
  • Default 64-bit native execution for any security-sensitive processes.  I don’t particularly care that it may waste 5% more memory and a little bit of speed, I want Safari, Mail.app and just about everything else that has security exposure to run as a 64-bit process.  Simply because function arguments are passed in registers rather than on the stack, this makes working around ASLR and NX damn near impossible for many exploits.
  • Sandbox policies for Safari, Mail.app, and third-party applications.  Code execution vulnerabilities aren’t the only kind of vulnerabilities and good sandbox policies for security-exposed applications can help mitigate the exploitation of code execution and other vulnerabilities in these applications.  I love the scheme-based policies, by the way.
  • Mandatory code signing for any kernel extensions.  I don’t want to have to worry about kernel rootkits, hyperjacking, or malware infecting existing kernel drivers on disk.  Most kernel extensions are from Apple anyway and for the few common 3rd party ones, they should be required to get a code signing certificate.

[ SEE: Memory randomization (ASLR) coming to Mac OS X Leopard ]

I’m hoping that Snow Leopard ships before we see too much Mac malware, fixes all of the above, and that it is a free upgrade.  Yes, I know that’s unlikely, but users will not pay money for security features.  When users don’t upgrade and are subjected to malware, Apple may still get a bad rap for it.

* Dino Dai Zovi is an information security professional, researcher, and author.  He is perhaps best known in the security and Mac communities for discovering the vulnerability and writing the exploit to win the first PWN2OWN contest at CanSecWest 2007.  He publishes the Trail of Bits blog and can also be found on Twitter.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Macintosh, Vulnerability, Malware, Attack, Apple Mac OS X, Apple Mac OS, Spyware, Adware & Malware, Desktops, Cyberthreats, Security, Operating Systems, Viruses And Worms, Software, Hardware, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

91
Comments
Add Your Opinion

Join the conversation!

Just In

Re: What hyperbole!
santuccie 19th Jun 2009
And yes, there have been root kits and other Trojans for the Mac, but you have to be physically at a machine to "infect" it. It would be easier to log in as "guest".
>>>>Looks like somebody didn't read the blog...

'...but it can allow a Web exploit or Trojan horse to gain root access without the user?s knowledge or permission.'

Just FYI, a "Web exploit" that does anything "without the user's knowledge or permission" is called a drive-by download. And it is understood today that Macs are sitting ducks against them. Alanrr was correct; the only reason you're not in trouble is because of obscurity. Wanna see a drive-by download surreptitiously launch a program on your Mac right now? Go here: http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html
View in thread
0 Votes
+ -
Brilliant
nmcfeters 23rd Jun 2008
Well played Dino. For all of the positive of Mac not having the rough history of M$ with regards to being hacked, there are some very real concerns there. It'd be great to see this new version take a step forward in security.

-Nate
0 Votes
+ -
Snow leopard seems the exact copy of Vista security features
qmlscycrajg 24th Jun 2008
Snow leopard seems the exact copy of Vista security features
0 Votes
+ -
Because the authors wish list extends it
Richard Flude 24th Jun 2008
The list are not Snow Leopard features, but a wish list.

Nothing in the list jumps out (extensions of existing
technologies incorporated into Leopard), but I'm not sure
how user applications like Mail with extensive drag and
drop support are going to work with restrictive MAC.

[author writes]
"Yes, I know that?s unlikely, but users will not pay money
for security features."

Snow Leopard is not a security release. The release will
incorporate significant re-engineering which, hopefully,
will produce an even better OS.
0 Votes
+ -
Re-engineering
LiquidLearner 24th Jun 2008
It's being re-engineered for it's poor security. It will be a Security release. Snow Leopard is Mac OS's XP SP 2. Except Apple will charge $129 for it and we'll all hear how it's somehow more cost effective than a Microsoft OS.
0 Votes
+ -
...
snberk203 24th Jun 2008
Perhaps you could check your crystal ball and let us know
what the next lottery numbers will be. That, at least, would
be useful speculation.
0 Votes
+ -
I suppose...
LiquidLearner 24th Jun 2008
...that Jobs saying 10.6 (Snow Leopard) will be a security release and not really add any new features to the OS outside of ZFS is a crystal ball. And perhaps you're right, maybe 10.6 will be the first POINT release of OSX that isn't charged for. After all, if they're will to do a usable replaceable battery for the iPhone and allow users to choose software to install on their iPhones without going through Apple's dictatorship of what is allowed on the device you own it could happen. Oh, what's that? Neither of those things happened? That's right... neither will a "free" point release of OSX.
0 Votes
+ -
...
snberk341 24th Jun 2008
.... and what were those numbers again?
0 Votes
+ -
Yawn -- Wake me when...
arminw 25th Jun 2008
the first 10,000 Macs worldwide are
incorporated into a botnet spewing forth
billions of SPAM mails, clogging the pipes.
It doesn't really matter WHY in my house
doesn't get broken into, the fact is that
Mac houses don't get burglarized. Thieves
and hackers are lazy folks, who don't want
to work very hard breaking into people's
computers. If one computer is just a tiny
bit more secure than another, the less
secure one will be broken into. Macs ARE
more secure than any flavor of Windows.
0 Votes
+ -
Not quite
alanrr 25th Jun 2008
I think Vista is quite a bit more secure than Mac OS. Apple has yet to have the trial by fire that Microsoft have been through and, as the buggy Safari shows, still have a lot to learn. Macs are less secure but also less likely to be attacked. They benefit from security through obscurity rather than security per se.
0 Votes
+ -
What hyperbole!
pritchet1 25th Jun 2008
Macs had their baptism by fire with Mac OS 6, 7, 8 and 9
when they did get bad-nasties. Mostly through macros for
MS Word.

The score: Mac OS X is still zero to 144, 000 for the
Windows environment. And yes, there have been root kits
and other Trojans for the Mac, but you have to be
physically at a machine to "infect" it. It would be easier to
log in as "guest".
0 Votes
+ -
Not quite is right...
techconc 27th Jun 2008
"I think Vista is quite a bit more secure than Mac OS."
Unfortunately, our personal opinions are irrelevant.

"Apple has yet to have the trial by fire that Microsoft
have been through"
What does that mean? Has Apple not been exposed to
malware or public use? It seems to me, they have...

"as the buggy Safari shows, still have a lot to learn"
If anything, Safari shows that all browsers are subject to
vulnerabilities. However, statics show Firefox to be the
buggiest with 122 vulnerabilities documented in 2007,
followed by IE (57) and Safari (47).

When Microsoft products get another vulnerability, it's
hardly newsworthy as it's pretty much expected. When
Apple products get a vulnerability, it's a much bigger deal
and likewise, over exposed in the press.

In any case, we're all entitled to our opinions, but statistics
don't support your position very well. But, if it makes you
feel better, you can hang on to that security through obscurity theory of yours.
0 Votes
+ -
Re: What hyperbole!
santuccie 19th Jun 2009
And yes, there have been root kits and other Trojans for the Mac, but you have to be physically at a machine to "infect" it. It would be easier to log in as "guest".
>>>>Looks like somebody didn't read the blog...

'...but it can allow a Web exploit or Trojan horse to gain root access without the user?s knowledge or permission.'

Just FYI, a "Web exploit" that does anything "without the user's knowledge or permission" is called a drive-by download. And it is understood today that Macs are sitting ducks against them. Alanrr was correct; the only reason you're not in trouble is because of obscurity. Wanna see a drive-by download surreptitiously launch a program on your Mac right now? Go here: http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html
0 Votes
+ -
Maybe, but
notsofast 25th Jun 2008
most PCs's aren't in a bot net. If you don't practice safe computing, you're a malware destination. I saw an old friend for the first time in 5 years a while back. he was having some PC problems, so I said I'd look at it. I figured it was his ancient PC with virtually no ram (which didn't help). Ran an AV scan and he had something like 100 viruses, worms and/or trojans. To put this in perspective, I rarely run AV software, and scan with adaware or spybot every few months.

AV draws blanks....adaware and spybot rarely find much of note. I think adaware rated the severit...the worst I'd seen was a 3.

My friend had adware that ranked an 8 or a 9.....I didn't no such things existed.

I haven't seen him in a few years, I'm sure his PC is riddled with malware again....he doesn't practice save computing....no firewall. no router. No AV software....nothing. And I suspect he downloads attachments that he should not.....

Over confident OSX users willsuffer teh same fate, unless they quit worrying about being superior to Windows and start worrying about criminal attacks.
0 Votes
+ -
How the hell do you know?
24th Jun 2008
First of all, who said it was being reengineered strictly for
security purposes? I do believe Snow Leopard will do away
with PowerPC code and is being reengineered to optimize it
for the Intel platform *only*. That is great news since the
OS's performance (which is fantastic on both my MacBook Pro
and PowerBook G4) will see benefits. Just a shame my
PowerBook won't benefit from this release, but they have to
cut the cord sometime.
0 Votes
+ -
Liquid Learner = NonZealot?
edward.arnold@... 24th Jun 2008
Or just his/her twin in carping at everything that Apple does...
0 Votes
+ -
You're using the same arguments
LiquidLearner 24th Jun 2008
on me as you would Non Zealot, and that's to say no argument at all.
0 Votes
+ -
It's being re-engineered for it's poor security. NOT!
vulpine@... 26th Jun 2008
It's being re-engineered for better performance;
cleaning up obsolete code and removing no-longer-
necessary functions. That alone is likely to make it
more secure.

However, there is word that security is one of the
things they are intending to improve as well as
bringing in the next version of Safari and Mail.

In other words, your blatant statement is only a tiny
piece of the whole picture, not the picture itself.
Sorry.
0 Votes
+ -
Yes agreed
nmcfeters 24th Jun 2008
Just like Vista was a major overhaul and cost more money and included more security features as well... BUT, this was Dino's wish list.

Hell, I wish it was free too. I'm not likely to pay for a new OS just cause it is prettier, but I certainly would pay for better security.

-Nate
0 Votes
+ -
RE: How Snow Leopard can save Mac OS X from malware attacks
JustinCarmony 24th Jun 2008
I agree. I am no way saying I think OS X is a breeding ground for viruses and malware, but with OS X gaining more and more of the market share, their OS is going to be a much larger target.
0 Votes
+ -
So are there millions...
arminw 25th Jun 2008
or even thousands of nowhere infected
Mac? For years now, people have been
predicting the wholesale infection of
millions of Macs, as the number of these
computers have increased dramatically. So
far, this has not happened. Why? Most
people cite small market share as the
reason, but there must be more at work
here. If market share where the only
reason, then the number of infected Macs
should be roughly proportional to how
many Macs are connected to the Internet.
0 Votes
+ -
Non linear relationships don't exist?
NonZealot 25th Jun 2008
If market share where the only reason, then the number of infected Macs should be roughly proportional to how many Macs are connected to the Internet.

Are you suggesting that linear relationships that go through the {0,0} coordinate are the only types of relationships that exist in the world?

There exist many relationships where a critical mass must be reached before anything happens.

I'd also like to know why you believe there are no infected Macs out there? There exist several trojans in the wild and considering how few OS X owners run any sort of malware scanning, how would they know that they haven't been infected? Check out the Apple support form and you will see countless complaints of freezes, crashes, and odd behavior. Can you say with 100% certainty that none of those people have been infected by one of the few hundred pieces of OS X malware out there?
0 Votes
+ -
No infected Macs
fox.kenji 25th Jun 2008
There are no infected Macs out there. Infections would've already been detected and identified by now. I can say that with 100% certainty.

It seems you are making the mistake of equating OS issues with OS security flaws. Just because someone in Apple support forum (you spelled it "form") said his speakers are making popping noises it doesn't mean he's been infected with malware. Likewise goes for other software issues. Everyone has those. What Macs have very LITTLE of is security problems.

Armchair analysis is useless. Try a Mac instead.
0 Votes
+ -
Just Plain Weak Thinking
PMC-CON 25th Jun 2008
Attack "form" instead of "forum?"

So who the hell are YOU that says with 100% certainty that no Macs are infected? Is there some way an intelligent person (not just an oblivious person) could come to that conclusion?

Hey, maybe you're the one with the Mac botnet, trying to throw off suspicion! Your remote control software allows you to see that no other software is installed, and you don't consider your software to BE an infection.
0 Votes
+ -
You didn't answer the question
notsofast 25th Jun 2008
If you have a trojan, worm or virus and you never scan for those things, who would you know you have one? These types of attacks don't have to eat up all of your resources. For example, If the purpose of the attack is to collect info on you (perhaps credit cards, bank account etc), you'd want to use as few system resources as possible.

Your argument goes something like this:

You: WOOHOO, I don't have cancer.
Me: I didn't know you were getting tested for cancer.
You: Dude, I can't get Cancer, why would have get a cancer screening?
0 Votes
+ -
The answer
frgough 27th Jun 2008
The tech press would have a field day if there were botnet armies
of compromised Macs in the wild.

So far, all we hear are crickets.
0 Votes
+ -
" There exist many relationships where a critical mass must be reached..."
bmerc 26th Jun 2008
Perhaps, but historically, computer operating systems are NOT one of those.

How do I know this? Because I was around when there was no single dominant OS for personal computers, and they ALL had virus and malware infections.

Atari, Commodore, IBM, TI, Tandy, all were affected.
I've said this before and I'll say it again. Anyone who claims that the only reason Windows has so much malware is their popularity is completely ignorant of the history of malware and personal computers.

Period.
0 Votes
+ -
Can you say with 100% certainty...
vulpine@... 26th Jun 2008
"... that none of those people have been infected by
one of the few hundred pieces of OS X malware out
there?

In a word, Yes! As of this time, outside of the two
Proof-of-Concept exploits just discussed, there are a
grand total of TWO pieces of malware of OS X, one a
worm and the other a Trojan. At this time neither one
is capable of spreading itself without user intervention,
unlike the first of these two PoCs in the article. Those
problems that you so joyously tout are usually either
software conflicts in the various different applications
or hardware glitches that any machine (yes, even
Apples) can have. Even so, Macs have fewer issues than
their competion, though admittedly their users are
more vocal... because they're not is inured to them as
Windows users are.

How do I know? Because I have had some of these
issues myself on my newest iMac and am pretty certain
of the causes of every one of them.
0 Votes
+ -
It's complete hersay....
JoeMama_z 1st Dec 2008
but if you feel like taking my word for it, a buddy of mine got adware from a porn site on his mac several months ago.
0 Votes
+ -
A non-linear step function...
arminw 27th Jun 2008
of zero is indeed rather nonlinear. There are
millions of Macs, but no bot nets and absolutely
none of the self replicating malware that plagues
Windows computers by the millions. Never, ever, has
any Mac anywhere, at any time, been infected by the
simple act of connecting it to the Internet without a
firewall or other protection mechanism besides the
Mac itself.
0 Votes
+ -
I'm just wondering....
23Tracy 17th Apr 2009
I've had all of the symptoms you mention on many occasions, but when it happens enough to irritate me, I simply run Disk Warrior, TechTool Pro and/or Drive Genius 2. These have always cured any problems for me. So would my utilities get rid of malware, if it existed on my computer? Or would I be safe in assuming malware never existed on my computer, since my utilities corrected my problem?
0 Votes
+ -
Love reading the comedy on ZDNet
KaplanMike 24th Jun 2008
This is the funniest site I know of. There's not one -- not
ONE -- real-world threat to the Mac OS, and you're talking
about how the sky is falling, and only the next OS version
can "save" the Mac. Now, that's funny.

And when you compare Leopard to XP (by calling Snow
Leopard the equivalent to XP SP2), now that's comedy
genius!

I was an early convert to Apple, switching from PCs in the
early 1990s. Since then, I've never run any "security"
software, and have been infected by exactly zero viruses,
spyware, malware, crapware, hacks, cracks or attacks. In
nearly 20 years. Go ahead, laugh at that.
0 Votes
+ -
You're right
LiquidLearner 24th Jun 2008
I will laugh at that. You know why? Not because Apple software is somehow magically secure. Because it's not worth the time. No one with any data worth stealing runs a Mac OS so people concentrate on where the money is.

IF that were to change Mac OS users would be hosed because they think they're invincible and are probably the easiest targets on the planet for social engineering. Just having something with some snobby, hip kid tell you to open it and you wouldn't question it twice. (much as many apple users do with the commercials)
0 Votes
+ -
Microsoft defenders always...
arminw 25th Jun 2008
ONLY are able to yammer about what
could, might, possibly, somehow,
somewhere, in some manner, someday
happen. Sometimes they talk about some
contrived, specially set up hack
conferences where some Mac was
especially set up to be exploited. They
never mention the millions of PCs, right
NOW, that STILL are active nodes of huge
bot nets, spewing vast quantities of SPAM
designed to separate people from their
money in various ways. Who cares what
MIGHT happen tomorrow or next year.
What really matters to most people is what
is happening today. That's a big reason
why Macs are selling rather well these
days. Talking about IFs, and whens of
someday, somehow, massive malware
infections of OSX, is a pointless exercise
of desperation of all MS faithful.
0 Votes
+ -
Poor Apple Software = QuickTime
PMC-CON 25th Jun 2008
So why is QuickTime patched so often? How about Safari? How about the several mega-patches of OS X?

Why do you think that the Mac is invulnerable when there are so many examples that it is not?
0 Votes
+ -
QUickTome patched often???
23Tracy 23rd May 2009
As a Mac user, QuickTime is only patched a few times each year. I always download the newest very when I'm alerted. That doesn't seem to be very often to me.
Perhaps it seem like a lot to others. If you're using a PC and the need to update QuickTime is a lot more than that, perhaps it's because you're using a PC. Or maybe my perspective of "often", is different than most.
0 Votes
+ -
And how are you different?
notsofast 25th Jun 2008
You yammer on about the insecurity of Windows, but you don't run windows. I can sit there and say that I never get viruses/trojans and I run windows. So what?

I'm not stupid enough to believe that I can't get it...I just happen to take a lot of other precautions....nevertheless, I still scan (though not so much lately). It always comes up clean, but I still check.

In other news, I haven't had so much as a good in almost 2 years. I guess I should assume I no longer can get sick. I still go to the doctor, just in case.

The truth is that 2 years ago, Mac people said there were no attacks. Then there were no attacks unless the person downloaded it and put in a password to do whatever.

Now it just requires then to download it and presumably open/execute the file.

FYI, that's exactly what the state of attacks on windows was 9 or 10 years ago.

That attacks are getting more serious, and mac fan boys just keep yelling, "it's not like these are the attacks that windows users have"

When you operate under the illusion that your impervious to attack, you will, eventually, be successfully attacked.
0 Votes
+ -
Failed argument already debunked. Try again.
bmerc 26th Jun 2008
nt
0 Votes
+ -
Again you're wrong, LL (or should I say, NZ)
vulpine@... 26th Jun 2008
The shift to "... people concentrate on where the
money is..." is relatively recent; the last 3 years or
so. Prior to that the majority of viruses and worms were
out to either snag confidential intelligence (military
and government) or to make as big a splash as
possible for the sake of saying, "I did that."

As for "magically secure," the simple fact is that
Windows was always the bigger and easier target; and
still is. I'm not saying that Macs are immune, but
combine a different Operating System with a smaller
market and you've got a very tiny number of 'script
kiddies' even willing to try and the UNIX core tends to
block any kind of automated attempts to increase privileges from outside the console.

As for the "... snobby, hip kid tell you to open it and
you wouldn't question it twice," Vista has you so
used to doing it now that even with Vista's
vaunted security trojans have become even more
prevalent than ever in the Windows environment.
0 Votes
+ -
Wow, quite the feat!!
NonZealot 24th Jun 2008
I've never run any "security" software, and have been infected by exactly zero viruses, spyware, malware, crapware, hacks, cracks or attacks. In nearly 20 years. Go ahead, laugh at that.

You make it sound as if that is some kind of accomplishment. I've been running Windows for 15+ years and have been infected by exactly zero viruses, spyware, malware, crapware, hacks, cracks, or attacks. That isn't an accomplishment, it is the way it is supposed to work. I do find it interesting how people seem to believe that malware free computing is only possible on the Mac. The recent release of in the wild, root level exploits against OS X proves that dumb people will get infected no matter the OS and smart people won't get infected, no matter the OS.
0 Votes
+ -
LOL @ NonZealot
fox.kenji 25th Jun 2008
2 things:

1) First, congrats on having zero viruses, spyware, malware, etc etc on your Windows PC for 15+ years.

2) Now, consider all the extensive work and effort that it took you to accomplish that feat and keep it there.

Well, I accomplished the same thing on my MacbookPro by simply doing nothing. I just took it out of the box and started using it.
0 Votes
+ -
Care to tell me what I did to stay safe?
NonZealot 25th Jun 2008
Please, you seem to know me so well. Tell the world what I did to remain malware free on Windows for 15+ years. I'm just dying to know! happy
0 Votes
+ -
How you did it.
pritchet1 25th Jun 2008
You either stayed with DOS (the same Windows version
what has been in circulation for 15 years? Really?), never
had the unit in question online (must be a great PC!) or
added software apps to it or you did as my former
employee companion did with his systems and reinstalled
the OS every 3 months when things slowed down. I'm a
former MCSE.

I've moved through 3 Macs since 1993. I beta-tested Mac
OS X when it first came out. I also beta-tested MS OSes.
Mac OS X with all its early quirks, was much easier on my
soul.

I also run a legal copy of XP on my Mac today - not
because I want to, but because SiteBuilder requires it and I
don't want to play babysitter for PCs any longer. My life is
more precious than that.
0 Votes
+ -
Say no more
NonZealot 25th Jun 2008
I'm a former MCSE.

Now I know why you couldn't get Windows to work.

You either stayed with DOS (the same Windows version what has been in circulation for 15 years?

Nope, always upgraded whenever a new version of Windows came out.

never had the unit in question online

I've had broadband Internet access for approximately 8 years, modems before that.

or added software apps to it

Added lots of games, development, and multimedia tools.

So, care to try again? Please tell all of us how I've managed to do it while you (a trained MCSE even!!) couldn't. Thanks! happy
0 Votes
+ -
Are you joking?
notsofast 25th Jun 2008
There were viruses in Dos.
0 Votes
+ -
well one thing's for sure
bmerc 26th Jun 2008
You sure as heck didn't connect your computer to the internet.
0 Votes
+ -
And So ... Do You Patch QuickTime?
PMC-CON 25th Jun 2008
Do you patch the Mac OS? Why do think that the Apple patches are released? Because there are no exploits possible, Apple is doing it just to get their name in the news?
0 Votes
+ -
"Because there are no exploits possible, ..."
vulpine@... Updated - 26th Jun 2008
Nobody ever said exploits were not possible; however,
they have said that until now there have been none in
the wild that were in any manner effective at spreading
themselves. With this new PoC now accessible, that
may
change. Then again, maybe not. It depends on a lot of
factors.

I won't deny that protection is necessary and that
solutions are available for nearly every operating
system out there. It is only now that OS X is actually
making a splash in the world that it has become a
target worth shooting at. And UNIX is still making it a
more difficult target than Windows. We'll just have to
see how Apple responds to these attacks.
0 Votes
+ -
"...proves that dumb people will get infected no matter the OS..."
vulpine@... 26th Jun 2008
There's a difference between dumb and smart vs
ignorant and educatated, and you really should
have used the latter term.

Why? Because that is far closer to the truth than your
stereotypical insults, NZ. I, personally, don't believe
your statement of being totally malware-free for 15+
years because I know how some of those attacks
worked and caught exactly two notable pieces of
malware in less than 10 years, and my business was
consulting. You have said previously that you used no
outside components over most of that time and only
an external firewire or sheer luck could have prevented
you from catching the one virus before it could do any
damage; something you said you didn't have.

I say "Sheer Luck" in that you managed to get the AV
update installed before the virus hit you whereas the
virus hit me before the update could download and
install... something I was in the process of doing when
I got hit. Oh, and this was only minutes after turning
on my machine for the day... in the early morning... on
the East Coast of the US. My AV application was set to
check for updates multiple times during the day, so
don't use the excuse that the update was available the
day before I got hit... it wasn't. So you either got
incredibly lucky, or you had outside protection. Period.
0 Votes
+ -
2 things protected me
NonZealot 26th Jun 2008
an external firewire

Did you mean "firewall"? If so, that is certainly 1 thing that kept me safe. $50 for a NAT router (anyone with wireless needs one of these anyway) is safe from 99.9% of outside attacks.

The second thing that I believe kept me safe from nearly everything was that I haven't run as Administrator since moving to Win2000. Nearly 100% of all attacks assume the user is logged on with admin privileges and I've never heard of an attack that would gracefully fall back to an alternate attack if the user wasn't admin. Granted, I'm still vulnerable to attacks that encrypt my personal files and maybe I've avoided those due to some very basic common sense. When my niece sends me screen savers of dancing elves or naked Baywatch actresses, I've somehow shown enough self restraint not to run the attachment. Crazy, I know, but its true.

So for $50 and 30 seconds (the amount of time it takes to create a non admin account), I do believe I've been able to safely use Windows. I think it is a shame that it took Microsoft so long to restrict the permissions on the default user account but that is a different story. When Apple moved from OS9 (where there was no concept of restricted rights) to OS X, they basically told their very few customers to suck it up and deal. It is too bad MS didn't feel they could get away with that behavior too.

There you go, you asked, I answered. Luck had nothing (or at least very little) to do with it. $50 and 30 seconds is all it took. happy
0 Votes
+ -
Way to go NZ!!!
???Dilemma 30th Jun 2008
2 things protected you, and the fact that you wouldn't open
your mail attachments even when it comes from your
niece!!!!!!!!!! Ok, so you open only attachments from whom?
from yourself only?

That sounds like greaaaaat computing!

Well done NZ
That really tempts me into running windows

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix