PDA

View Full Version : Mac Hacked un under 30 min.


GreyWolf_OPS
03-06-2006, 08:54 PM
http://news.com.com/2100-1002_3-6046197.html?part=rss&tag=6046197&subj=news

I was surprised how quickly this happened.. Looks like Mac owners should start taking this hacking stuff more seriously.. Have a feeling that Apple with have a huge problem on their hands soon if they dont jump on this problem.

kaiser_pro
03-06-2006, 09:06 PM
its not that bigger deal, the "hackers" were given ssh logins (remote shell getting in in the first place is most of the battle) I would surmise that quite a few defualt linux installs would be cracked in a similar time frame given same conditions

slaughters
03-06-2006, 09:08 PM
From the article

...Sweden-based Mac enthusiast set up his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications....

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," Gwerdna added....

rocarpen
03-06-2006, 09:48 PM
From the Slashdot thread (http://apple.slashdot.org/apple/06/03/06/1446207.shtml):

SSH is off by default, the admin had to turn it on.

Hackers don't generally have shell accounts -the admin had to set them up.

So if you take steps to make the Mac Mini less secure, then advertise you've done so, it gets hacked. Expect all major tech outlets to cover this new and amazing Mac vulnerability (you think I'm joking?).

People seem to want to believe that OSX is just as insecure as Windows, and that it's just been low-market share that's saved it from hackers, etc. This is relativist BS. OSX is more secure. Not bulletproof, but much better than, say, WinXP (and I say that as an owner and user of both platforms).

slaughters
03-06-2006, 10:22 PM
SSH is not off by default for Mac servers, just Desktops:

"...Of course SSH is on by default on a Mac Server--it is designed to run, and be configured from first boot, headless. That would be pretty difficult to do if you had no services....

>>> Link <<< (http://apple.slashdot.org/comments.pl?sid=179385&cid=14858974)

The assumption is that the administrator who knows enough to set up the server will know enough to disable it.

P.S. I always read Slashdot with a grain of salt anyway. Their reporting tends to be....ummm.... not overly researched some times.

rocarpen
03-06-2006, 10:48 PM
Yeah, you'd sort of expect SSH to enabled on OSX Server, wouldn't you? Here's Ars Technica's take:

Needless to say, most web servers are not set up with the ability to give out free shell accounts to anyone who wants one. SSH is not even enabled by default on OS X, although server administrators can choose to do so if they wish. So the "hacking" contest was not very indicative of the security of an OS X computer, even a web server, that is set up open to the Internet.

ShadowHunter
03-06-2006, 11:04 PM
P.S. I always read Slashdot with a grain of salt anyway. Their reporting tends to be....ummm.... not overly researched some times.
In addition Slashdot is, shall we say, "open source slanted" ;)
As far as I am concerned there is no "more secure than X". The OS is either secure or it is not. That is people can either hack into it or they can not (which is really all that matters in the end). Going along with that definition, presently there exists not a single OS that is secure.
Certainly you could dive into semantics and construct an argument that there are levels of security (e.g. average time it takes to fix critical security flaws), but the upper bound remains the above. And unfortunately given the tools & knowledge a hacker can presently hack any box regardless of its OS.

However, if you get a warm fuzzy feeling from the illusion that your OS is infallible, by all means go ahead. Don't be surprised though when one day you open your server's site and find the index page replaced with: "1337 |-|4><0R wuz here". :D

Beamtracer
03-06-2006, 11:16 PM
I'd like to see this "hacker" gain root access to the machine if he wasn't first provided with a log-in password.

Also, on his site he boasts (http://rm-my-mac.wideopenbsd.org/) that he runs a network for illegal pirated warez software, so I'm surprised news organizations give him any credibility at all.

Would someone who thieved items from a shop be given any credibility?

Icarus
03-06-2006, 11:43 PM
time for lame ass comment of the day

Linux like Virginity, One root, all gone :P

efbie
03-07-2006, 12:49 AM
Yeah, you'd sort of expect SSH to enabled on OSX Server, wouldn't you? Here's Ars Technica's take:
This has to be understood knowing the fact that Unix OSes are supposed to be secure even if someone has a local access to the machine. Websites like sourceforge give free ssh access to anyone and they don't get rooted every 30min.

But i admit that the test is misleading as it tries to make you believe that because OSX isn't secure as a server, it isn't secure as a desktop.

And anyway the security problems on desktops doesn't depend on the OS, the biggest problems is that users agree to install that bonzybuddy screensaver. Most spywares don't need root access to harm.

rocarpen
03-07-2006, 12:52 AM
In addition Slashdot is, shall we say, "open source slanted" ;)
As far as I am concerned there is no "more secure than X". The OS is either secure or it is not. That is people can either hack into it or they can not (which is really all that matters in the end). Going along with that definition, presently there exists not a single OS that is secure.
Certainly you could dive into semantics and construct an argument that there are levels of security (e.g. average time it takes to fix critical security flaws), but the upper bound remains the above. And unfortunately given the tools & knowledge a hacker can presently hack any box regardless of its OS.

However, if you get a warm fuzzy feeling from the illusion that your OS is infallible, by all means go ahead. Don't be surprised though when one day you open your server's site and find the index page replaced with: "1337 |-|4><0R wuz here". :D

Absurd semantic argument. If my money is in a bank vault, I could rightly state that it is "secure". Everyone would understand what I meant. "Secure" by your black-and-white definition, is a total impossibility, and therefore makes the word meaningless.

OSX is more secure than WindowsXP. Period, end of story, done.

ShadowHunter
03-07-2006, 01:39 AM
Absurd semantic argument. If my money is in a bank vault, I could rightly state that it is "secure". Everyone would understand what I meant. "Secure" by your black-and-white definition, is a total impossibility, and therefore makes the word meaningless.

OSX is more secure than WindowsXP. Period, end of story, done.
If anyone with mediocre skills could break in and steal your money and if it were a daily occurence, then yes your money is not secure. This is the case with all OSs right now. Some security issues are due to bad configuration, some are due to undocumented exploits that are kept secret (even auctioned off) by hackers for all the OSs out there.
I really want to avoid getting caught up in semantics. The bottom line is if someone wants to hack you, he will be able to do so given the right tools for any OS. As that hacker points out he could've hacked the Mac Mini using undocumented exploits without being given the paswd.

I would not call that secure. It makes no sense to say "X is more secure than Y" when both can be hacked far too easily.

Edit: Can't spell :(

Layer01
03-07-2006, 02:12 AM
time for lame ass comment of the day

Linux like Virginity, One root, all gone :P


LOL
oh tyr...you made my day :thumbsup:

flipnap
03-07-2006, 02:16 AM
oh wow, this is so important. im putting my coffe down, and cant wait to read more..


in a world.......

rocarpen
03-07-2006, 02:56 AM
...The bottom line is if someone wants to hack you, he will be able to do so given the right tools for any OS. As that hacker points out he could've hacked the Mac Mini using undocumented exploits without being given the paswd.

I would not call that secure. It makes no sense to say "X is more secure than Y" when both can be hacked far too easily.

Edit: Can't spell :(

OSX is more secure than WindowsXP.

Makes sense to me! Really, what's so hard about that? This recent flurry of articles about OSX vulnerabilities is classic FUD. Since I'm a politics junky, I'd say it's like the Republicans trying to peddle the absurdity that the Dems are as implicated in the lobbyist and corruption scandals as they are. "All parties do it", being the implied message. It's total garbage.

rocarpen
03-07-2006, 03:01 AM
Rebuttle (http://test.doit.wisc.edu/) from the University of Wisconsin:

In response to the woefully misleading ZDnet article, Mac OS X hacked under 30 minutes (http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_in_less_than_30_minutes/0,2000061744,39241748,00.htm), the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). Yes, there are local privilege escalation vulnerabilities; likely some that are "unpublished". But this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.

Almost all consumer Mac OS X machines will:



Not give any external entities local account access
Not even have any ports open
In addition to the above, most consumer machines will also be behind personal router/firewall devices, further reducing exposure.

Beamtracer
03-07-2006, 03:27 AM
The other thing is that this "hacking competition" was unsupervised (by any reputable source) and undocumented. We just have to believe the word of "the hacker", who is also running a software piracy network.

I recently heard of another hacking competition for Windows, where the organizers offered a bounty for any undocumented security holes found. However, when they found any flaws they'd alert Microsoft so the holes could be patched. That seemed to be a better way to do it. That way the flaws are verified as being real, and documented.

ShadowHunter
03-07-2006, 03:31 AM
OSX is more secure than WindowsXP.

Makes sense to me! Really, what's so hard about that? This recent flurry of articles about OSX vulnerabilities is classic FUD. Since I'm a politics junky, I'd say it's like the Republicans trying to peddle the absurdity that the Dems are as implicated in the lobbyist and corruption scandals as they are. "All parties do it", being the implied message. It's total garbage.
I respectfully disagree for the reasons already mentioned. You are of course entitled to your own opinion. I do think OSX is being unfairly represented in the article, software that consists of millions of lines of code always has bugs in it (some more fatal than others), that should not come as a surprise to anyone. As such any box running any OS can be hacked unless it is not connected to the internet ;). I shall say no more on this matter.

arctor
03-07-2006, 03:49 AM
if you want secure : http://www.openbsd.org/

slaughters
03-07-2006, 12:06 PM
Rebuttle (http://test.doit.wisc.edu/) from the University of Wisconsin:Quote from the Author of the contest being held by University of Wisconsin

"...Some have objected to this test as doing nothing more than testing the security of apache or ssh on a PowerPC architecture. That is correct...."

pixelmonk
03-07-2006, 03:06 PM
if you want secure : http://www.openbsd.org/


nah... Windows works fine here. Never been hacked and haven't had a virus since 96. Carry on.

richcz3
03-07-2006, 04:11 PM
Welcome to reality.
Steve Jobs has done a phenominal effort to bring Apple and the Mac to a renewed iconic status. I would say this is more of a "riding high" on the iPod buz, but so be it. As OSX's popularity and market share grow, so will its vulnerabilities.

mummey
03-07-2006, 04:24 PM
Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later, this poor little Mac was owned, and this page got defaced."

The hacker who won the challenge, who asked ZDNet Australia to identify him only as "Gwerdna," said he gained root control of the Mac in less than 30 minutes.



I read about this on Ars Technica yesterday. The title of the thread is a little mis-leading. It took one person 30 minutes to get into the machine after the machine was left running for 6 hours. Compare this to an XP box that, if left as default, can be infected in under 5 if connected online.

I'm going to do my best to remain neutral though, and state that XPSP2's firewall has prevented many scores of machines from being infected. There is still room for improvement though.

-b

enygma
03-07-2006, 07:19 PM
Quote from the Author of the contest being held by University of Wisconsin

"...Some have objected to this test as doing nothing more than testing the security of apache or ssh on a PowerPC architecture. That is correct...."
I'll have to agree with this one.

The original post put up a misleading article regarding overall security of OS X. SSH in OS X is off by default, but on by default in OS X server apparently.

So, lets say SSH was enabled somehow, the attacker would need to gain access by username and password. If somehow, the hacker gained access, then there may just be a problem with the secure shell protocol used. If this is the case, why would the problem be limited to OS X?

So, lets bring this to any unix or linux operating system using SSH. I decide to give give a hacker a standard user SSH account and the ability to run scripts in a web interface via Apache. You think that this would be any different if it were Redhat? Suse? BSD?

Samurai Hack
03-08-2006, 03:37 AM
I'm always impressed by a "hacker" who hides his name by spelling it backwards......

JDex
03-08-2006, 04:01 AM
I'm always impressed by a "hacker" who hides his name by spelling it backwards......

You should be Mr Kcah Iarumus. :D

UNIX is hackable... even without the lame conditions provided in this test. It is however more secure by it's very nature than Mr. Windows.

This was a very lame... okay, down-right pathetic experiment.

Myliobatidae
03-08-2006, 04:04 AM
So what is everyone saying here, that OSX is unhackable ?
Don't these guys break into the most secure computers around ?

Beamtracer
03-08-2006, 04:11 AM
Just to put this "hacker" story into perspective, this story from MacWorld:
http://www.macworld.com/news/2006/03/07/hacked/index.php

Dave Schroeder, Senior Systems Engineer at the University of Wisconsin says

Anyone that wanted to hack the machine was given access to the machine through a local account (which could be accessed via SSH), so the Mac mini wasn’t hacked from outside — root access was actually gained from a local user account.

By default, Mac OS X machines will not give any external entities local account access and not have any ports open; also, most consumer machines will be behind personal router/firewall devices, further reducing exposure

The general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system.

To prove his point, and to disprove the previous hype about the hacker, Shroeder is now hosting his own Mac OS X security challenge.

The challenge is... simply alter the web page on this (http://test.doit.wisc.edu/) machine.

The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open—a lot more than most Mac OS X machines will ever have open.

The web page has been up there for some days now, and none of the hackers have been able to break in yet.

Samurai Hack
03-08-2006, 05:15 AM
You should be Mr Kcah Iarumus. :D

say that 3 times real fast....

JDex
03-08-2006, 05:28 AM
say that 3 times real fast....

I can't... you we're too smart and changed the second U to an A in your alias, foiling my diabolical plot. Darn you kids, and your little dog too! :scream: :applause:

phexitol
03-08-2006, 05:47 AM
...the biggest problems is that users agree to install that bonzybuddy screensaver. Most spywares don't need root access to harm.

Not always so: http://www.benedelman.org/
Although I personally consider using IE to be the same as consenting to this crap, it really shouldn't be.

betelgeuse
03-08-2006, 02:24 PM
Boohoo. Nobody hacked into the UofW machine in over 38 hours. I feel a sense of disappointment in the force :)

CupOWonton
03-08-2006, 02:46 PM
The web page has been up there for some days now, and none of the hackers have been able to break in yet.
Been Able? How do they know anyones actively trying to hack it in the first place?

betelgeuse
03-08-2006, 02:54 PM
Been Able? How do they know anyones actively trying to hack it in the first place?

Go to the site and find out.
http://test.doit.wisc.edu/


The response has been very strong, and the test has illustrated its point.
Traffic to the host spiked at over 30 Mbps.
Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus.
The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up.
The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations.
There were no successful access attempts of any kind, including during the 38 hour duration of the test period, nor have their been any claims of success. The host is still the same host and configuration used for the test.

CupOWonton
03-08-2006, 03:42 PM
In other words its people who apparently have no real experience hacking up a storm, and they're sitting back hoping old tools do the job. Great. If they had like, some payroll whitehat hackers on the job, there'd be a diffrent response. Then again, I dont know many... ANY whitehats who use Mac's in the first place. Again, as a previous comment pointed out, Mac's dont have a marketshare hackers would be interested in, not unless they have something against graphic designers.

pixelmonk
03-08-2006, 03:51 PM
In other words its people who apparently have no real experience hacking up a storm, and they're sitting back hoping old tools do the job. Great. If they had like, some payroll whitehat hackers on the job, there'd be a diffrent response. Then again, I dont know many... ANY whitehats who use Mac's in the first place. Again, as a previous comment pointed out, Mac's dont have a marketshare hackers would be interested in, not unless they have something against graphic designers.

percentages of "graphic designers" using Macs versus PCs have changed drastically over the past 5 years. That point is no longer valid.

JMulder
03-08-2006, 04:40 PM
I've been hesitant to reply since I was pretty rudely put down in another security thread, but I think you're all missing an important point.

Everybody here seems to be focused on extermal attacks. Yes, SSH was turned on, and yes, the hacker was given a logon, but the hacker was able to gain root privileges (according to the article).

Assume for a moment that you run a shop with OSX Server and 100 users, and you have not turned off SSH (because, for example...you use it yourself). If a user could start a completely valid SSH session, and evelate their privileges to root level...that would be a bad thing! Once the user had root access, they could create new root level users and hide their tracks and they would 'own' the machine.

I'm not dissing OSX here. I'm just pointing out that there might be valid concerns about this vulnerability.

-Jim
(EC-Council Certified Ethical Hacker)

enygma
03-08-2006, 06:56 PM
That is a valid concern in a large scale network, however, the main concern is since this is a security flaw in SSH, what is the reason they put the focus on OS X? What makes this attack any different than any other Unix style operating system, like Linux or BSD, if they were using the same versions of SSH, or a version of SSH that has the same security vulnerability?

Then the point a lot of people are bringin up, how does this affect your average desktop user? It doesn't.

Beamtracer
03-08-2006, 09:17 PM
Yes, SSH was turned on, and yes, the hacker was given a logon, but the hacker was able to gain root privileges (according to the article).
I see your point, but many consider the first headline hacking event to lack credibility or verification.

That's why this engineer at the University of Wisconsin has organized the second challenge to hack his website. He has also given out SSH access so people can attempt to hack his machine. The amount of web traffic indicates lots of people are trying. I'm curious to see how long the machine can stand it.

In other words its people who apparently have no real experience hacking up a storm, and they're sitting back hoping old tools do the job. Great. If they had like, some payroll whitehat hackers on the job, there'd be a diffrent response.
Well that OS X machine at the University of Wisconsin is still sitting on the web, and they've invited you to hack it. It's there for you to try. Go to it! :)

ages
03-09-2006, 10:38 PM
Looks like the guy who hacked it in 30 mins didnt count as he already has an account on the machine.

http://www.macnn.com/articles/06/03/09/mac.mini.weathers.attacks/

CupOWonton
03-09-2006, 11:26 PM
That's why this engineer at the University of Wisconsin has organized the second challenge to hack his website. He has also given out SSH access so people can attempt to hack his machine. The amount of web traffic indicates lots of people are trying. I'm curious to see how long the machine can stand it.

Actualy, just by being on the net and posting links you end up getting traffic. The increase can be associated to many things. So unless theres posts showing lots of traffic from specific access tactics, theres no visual evidence to back that up. You can look through fire wall logs of secure home network computers and see nearly 100+ hack attempts a day by bots.


Well that OS X machine at the University of Wisconsin is still sitting on the web, and they've invited you to hack it. It's there for you to try. Go to it! :)

#1 - I'd need a mac
#2 - I'd need to know how to hack anything
#3 - In order for anyone to do the same, they would have to have the same
#4 - the few white hats " I KNOW" are PC guys, they get paid to test company firewalls and such. They dont use macs, so they arent going to be skilled in hacking one.
#5 - Again, we can pretty much assume people dont normaly attempt to hack macs in the first place, theres just no usual basis for the hacking to take place. Usualy its an attack on a people or person, be it company or organisation or total jerk no one likes. If lots of large companies all relied on a mac backbone, there would be a larger influx of hacking attempts and success. If Shell America used a MAC network for everything they do, you know someone, be it environmentalist or compedator, would be attempting to attack their networks this very minute for any scrap of information or cause any damage they can. Without reason, theres not much action.

The last virus I found on a mac was made for PC. It jumped ship when I started transferring files over a network. So even if a mac is secure, it apparently isnt preventing infection to other OS's it may be networked to.

Zarf
03-09-2006, 11:36 PM
#1 - I'd need a mac


How do you figure this one? If you can gain access to the system through some network service (like ssh), you might be able to wreak all kinds of havoc without actually needing a mac yourself....


#4 - the few white hats " I KNOW" are PC guys, they get paid to test company firewalls and such. They dont use macs, so they arent going to be skilled in hacking one.


If they are unix fellows they would have a pretty good idea where to start.


The last virus I found on a mac was made for PC. It jumped ship when I started transferring files over a network. So even if a mac is secure, it apparently isnt preventing infection to other OS's it may be networked to.

I'm not aware of any OS that will 'prevent infection of other OS's' in the way you suggest, so I dont see this as a valid criticism.

Cheers,
Xarf

CupOWonton
03-10-2006, 05:16 AM
How do you figure this one? If you can gain access to the system through some network service (like ssh), you might be able to wreak all kinds of havoc without actually needing a mac yourself....
It would be easier than trying to hack it from another OS. Simple as that.

I'm not aware of any OS that will 'prevent infection of other OS's' in the way you suggest, so I dont see this as a valid criticism.

My My virus scanner on windows xp eliminated an entire zip file full of viruses that were aimed at destroying a specific version of linux. I didnt have linux, but I thought it was nice it took the time to make sure I didnt propogate it to a linux box. Granted, its a 3rd party scanner, but it was nice to see that someone was looking out for other people. I wasnt seeing that with the Mac's. They were freely letting harmfull viruses pass through without any warning. Even Apple should understand that people may have a mac, but would have it networked to a win os server.

enygma
03-10-2006, 05:20 AM
It would be easier than trying to hack it from another OS. Simple as that.
I don't honestly see why it would be easier to hack a mac with a mac rather than Linux/Unix/BSD.

If it is as "simple as that," I wouldn't mind hearing your reasoning why.

mummey
03-10-2006, 01:48 PM
#1 - I'd need a mac

It would be easier than trying to hack it from another OS. Simple as that.

I wasn't going to reply to this thread again, but then I saw this juicy bit of 'info'.

Misinformation like this helps perpetuate the myth that Macs are only secure because of their small marketshare.

The REAL facts are:

Despite its appearance, MacOSX is _still_ a Unix. Therefore any vulerability to Unix/Linux has the potential for a vulerability to MacOSX. This is NOT due to the OS itself though, but the programs that run on it. It just happens to be more common to see SSH running on a Unix/Linux box than on a Windows box.

Unix and Linux are, by design, more secure than Windows XP. By this I'm not saying they are BETTER however. They are more secure because what they actually accomplish themselves is very small compared to Windows. Unix and Windows use additional programs for pratically EVERYTHING you do in the OS. The GUI is run using a window manager on a variation of XServer. The web server is Apache. The SSH is OpenSSH. As a result of this, when hackers find vulerabilities on Unix/Linux machines, its never the OS itself that they targeted. Instead its a program running on the machine that opens a port to them.

With respect to the person who posted it, but the mere idea that one needs a Mac to hack one should be laughed at. If I here this coming for a coworker/collegue I would then be leery of any communications or data I do with this person. I really mean it when I say, I don't trust someone who insinuates that its Norton's (or MacAfee's) to remove viruses on a Windows machine, yet its Apple's responsibility to remove viruses when its MacOSX (even if they aren't aimed at Unix/Linux).

Now if this wasn't the intent of your responses before, which I doubt but am willing to give you the benefit of the doubt, I suggest you clarify your statements so as not to spread further confusion.

Edit: One more thing, these "PC white hats" you keep saying you know, the one's you say are paid to test wirewalls and such. If you had bothered to ask them, (which I doubt), you would have found out they DO already know. For you see, anyone who is worth less than _half_ the money I'm guessing these people are getting paid know:

1. You're looking for exploits, you check ALL the computers, not just the PCs.
2. The network equipment _itself_ most likely runs a version of Unix or Linux, so this has to be checked to.
3. (In case I haven't empasized this enough yet.) Macs run Unix! Even script kiddies know this! :p

Zarf
03-10-2006, 05:42 PM
It would be easier than trying to hack it from another OS. Simple as that.

Saying 'it's as simple as that' is not an argument/justification, its a phrase designed to shut down further discussion, as well as being an admission of defeat.

Besides I think an exploit was mentioned here that involved SSH. I know of certain PDA/cell phone type devices that would allow you to take advantage of that just as simple as if you were using a mac. Could you kindly explain to me what it is that I'm 'missing'?



My My virus scanner on windows xp eliminated an entire zip file full of viruses that were aimed at destroying a specific version of linux. I didnt have linux, but I thought it was nice it took the time to make sure I didnt propogate it to a linux box. Granted, its a 3rd party scanner, but it was nice to see that someone was looking out for other people. I wasnt seeing that with the Mac's.


Where these mac's running a *3rd party* virus scanner? If they were not, your criticism is still difficult to take seriously (and yes, there ARE 3rd party virus scanners made for OSX)


They were freely letting harmfull viruses pass through without any warning. Even Apple should understand that people may have a mac, but would have it networked to a win os server.

It's nice to know that it's Apples responsibilty when windows users don't take the proper precautions to secure their system by scanning transfered files for virii. It's also nice to know that Apple is held to a differnt 'standard' than microsoft in this regard. If windows dosn't catch virii intended for other OSs, its your fault for not havng a 3rd party virus scanner installed and running on your system. If OSX dosn't catch virii indended for other OSs its somehow magically *Apple's* fault for YOU not having a 3rd party virus scanner installed and running on your macs.

Amazing feat of logic there.

Cheers,
Xarf

CupOWonton
03-10-2006, 07:06 PM
Saying 'it's as simple as that' is not an argument/justification, its a phrase designed to shut down further discussion, as well as being an admission of defeat.
No, It means that I recognise that I would have to know and use the protocolls involved with a mac specificly to know how to get anywhere with it.
You can write 2 programs in the same language, doesnt mean theyre going to naturaly cooperate. DUH. And it would be even more complicated if you were running say, windows.

Yes, the macs do run virus scan because they had students going back and forth between pc's and macs for their premiere and after effects work. They had premiere on PC and AE on mac rather than having it on both. The virus in question was apparently incredibly old, so it was rather surprising it wasnt caught on the mac.

It's nice to know that it's Apples responsibilty when windows users don't take the proper precautions to secure their system by scanning transfered files for virii. It's also nice to know that Apple is held to a differnt 'standard' than microsoft in this regard. If windows dosn't catch virii intended for other OSs, its your fault for not havng a 3rd party virus scanner installed and running on your system. If OSX dosn't catch virii indended for other OSs its somehow magically *Apple's* fault for YOU not having a 3rd party virus scanner installed and running on your macs.

Firstly - to restate, they had virus and firewall protection, which was a pain at times, because it loved to be as secure as possible when trying to do work across the network.

Secondly -Wow, big assumption there. First you ask a question about weither or not it had a virus scanner, then just go ahead and assume that the tek's working at a large college would completly overlook that. I wonder if people can harbor windows agressive cripple and ransomeware on macs too if a small virus can hang out on one undetected. And No, you dont assume the other OS is going to be protecting itself. You alwayse assume that someone may be vulnerable.

CGTalk Moderation
03-10-2006, 07:06 PM
This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.