Thread: Windows7 a Con? Well it comes from Micro$oft

Hmm. Never used one. I do use Time Machine with a 500Gb drive for incremental backups. Permanent backups go onto other media.

With over 20 years in the game I now have backups on more than one media type and a means by which backups can be restored.

Alan

Originally Posted by disco2hse

Hmm. Never used one. I do use Time Machine with a 500Gb drive for incremental backups. Permanent backups go onto other media.

With over 20 years in the game I now have backups on more than one media type and a means by which backups can be restored.

Alan

Realy?
I just learnt to format c:

After years in the game I live with it unless it at work where it is back up for me. And yes their back ups work I have used it once so far.

Originally Posted by Ferret

Not if your using Apple's Time Capsule.

I use two separate USB HD's to do my backups because on a Mac it is easy and the app (Time Machine) that lets me do it came free with my Mac POS.

PC using friends can't believe what happens when you open TM on the screen and all your desktops and the docs, etc going back in history are there.

Time capsule is something I don't need with power supply independent backup and the ease of set up and range of Airport Extreme.

cheers, DL

Originally Posted by Ferret

Not if your using Apple's Time Capsule.

LOL. Do you make your income supporting MS products by any chance?

Just be thankful that MS don't make hardware or you'd really know about problems....

If they can't build a decent os with 80k employees, yet Apple can build a far better OS, and all associated software, and design and manufacture all their own hardware with 20k employees...

Originally Posted by Captain_Rightfoot

Interesting... my brand new Solaris 10 Zones at work seem to have virtually everything switched off.

So, if Apple have all these problems, and are lagging in security, why are there very few security issues?

Why is this the same for all the other Unix/linux variants? Perhaps you could explain it to everyone better than I have in my paragraph.

Please don't say aliens only write viruses for MS as they hate Bill..

Originally Posted by disco2hse

Wow you are so wrong I don't know what to say. I mean [sputtering] you can't can't compare the security features as you put it between two OSs and say that because one doesn't have the same as another it must be weaker. They are different architectures.

Alan

There are three things which are critical for security in modern operating systems: small threat footprint of code, memory protection, and stack randomisation. OK so there are more but these make it really hard to hack into a system.

Alan, that is exactly what I am doing - this whole thread is about whether Windows 7 is worth it, and my argument is that for security - it is. Incidentally they are both the same architecture (x86, but that does not really matter in this argument).

I'm not comparing historically the number of published vulnerabilities each vendor has, I'm comparing how easy or hard it is for an attacker to break into each system based upon the technology it is based upon.

Snow Leopard still does not properly implement DEP ( [ame=http://en.wikipedia.org/wiki/Data_Execution_Prevention]Data Execution Prevention - Wikipedia, the free encyclopedia[/ame] ) . MS introduced this in XPSP2 and it makes a HUGE difference and protects against nearly all buffer overflow attacks.

Snow Leopard still does not have proper stack randomisation ( [ame=http://en.wikipedia.org/wiki/Address_space_layout_randomization]Address space layout randomization - Wikipedia, the free encyclopedia[/ame] ) This was introduced in Vista and has been on by default in other Unix based operating systems (OpenBSD, Solaris) since about 2005.

I think that this guys sums it well: I Heart... Windows?! | Risky Business

I'm saying this because I care. IT Security is pretty much all I have ever done, and I have been doing security testing for 10 years now. Not interested in flame wars or hate speak, just a sensible non-emotional discussion about that is good and what isn't.

I have a macbook. I love it. I love all things apple - they are very clever basteds. If you want to know why there are not many apple vulnerabilities around? Its because they gag researchers and silently patch security vulnerabilities.

Check the change log on your recent iTunes and Quicktime updates..

CVE-2009-2817 - itunes remote code exec


ah I cant be bother listing them all.. but have a look here:

Apple security updates

There is a lot of buffer overflows in here.. a lot of remote code exec.. Gee maybe DEP and ASLR may be worth while after all.........

ah and don't forget that "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available." ... which in my experience can mean your Mac (or iPhone) can be vulnerable to a remote attack for over a year (even more) before apple release a patch... (MS are pretty systematically 6 months from discovery to patch)

Originally Posted by Captain_Rightfoot

LOL. Do you make your income supporting MS products by any chance?

Just be thankful that MS don't make hardware or you'd really know about problems....

If they can't build a decent os with 80k employees, yet Apple can build a far better OS, and all associated software, and design and manufacture all their own hardware with 20k employees...

No, I don't support MS products, why did you think that? Should I think you must work for Apple because of what you write? Have to say though, all this talk about aliens makes me wonder .

Actually, I probably wouldn't buy MS hardware either, even if there was some - much cheaper to slap a few bits of Taiwanese stuff together.

Anyway, back on the topic of Mac security:- Browser exploits

"In the PWN 2 OWN contest at the 2008 CanSecWest security conference in Vancouver, British Columbia, an exploit in Safari caused Mac OS X to be the first to fall in a hacking competition. Participants competed to find a way to read the contents of a file located on the user's desktop, in one of three operating systems — Mac OS X Leopard, Windows Vista SP1, and Ubuntu 7.10. On the second day of the contest, when users were allowed to physically interact with the computers (the prior day permitted only network attacks), Charlie Miller compromised Mac OS X within two minutes, through an unpatched vulnerability of the PCRE library used by Safari.[26][27]

In the PWN 2 OWN contest in 2009, an as yet unidentified exploit in Safari allowed Charlie Miller to hack into a Mac in approximately 10 seconds. Apple released a patch for this exploit and others on May 12, 2009 in version 3.2.3.[citation needed]"

Really, after all you have been telling us, a Mac should have been able to last longer than 10 seconds.

Thanks Ferret.. I understand more about where you are coming from now.

I too have seen countless Auscerts and pan through the 20 pages of windows exploits and look for the UNIX section. Most months there are a few UNIX ones for the many different flavours... and occasionally Apple gets a mention... but in the context of Windows problems you know that they are tiny.

I won't argue that OS X does not have issues or vulnerabilities. However you no doubt understand that the vast majority of these are theoretical and never translate into real threats. In fact to my knowledge there has never been a real "in the wild" threat for OS X other than pirated downloads containing trojans. Send me a few links to where millions of Apple users have actually been slammed by something..

Would you seriously go and ditch your macbook and get a windows 7 laptop in the knowledge that there will be fewer exploits and vulnerabilities for it? Keeping in mind that most people have very little idea about IT security, would you tell your family network to go out and get Windows 7 so that they can be more secure online? So that you'd have less support work?

I now understand what you are saying... because windows has been so mind boggling insecure for so long, MS have put in lots of work to secure them. I gather you are also saying that in a corporate environment people have learned how to control them well. I'm with that now. Shame the guys at my work can't get rid of Conflicker...

Anyway, so do you think in 6 months time we'll be saying, damn, there were NO in the wild threats for Windows 7, and 6 for Snow Leopard?

And just to clarify, your position as a security expert is to tell all your friends and relatives to go Windows 7 for security?

I'd rather use an OS that is actually patched by the manufacturer than one that isn't.

Windows has massive problems, no argument there, but if you know what you're doing then it can be as safe as any other OS. Most people don't know what they're doing though and therein lies the problem.

At least Microsoft are taking steps forward and addressing the issues in Windows. I think that, at some point, the whole thing will need a rewrite to have a security model as good as Unix but that would remove all of the compatability (hardware and software) which Windows is known for. Even Mac OS can't compete with Windows for application and hardware support, but that flexibility is one of the killers for MS security.

Just a question though, if you're so concerned about security exploits why are you using Mac OS over OpenSolaris or BSD? They're real Unix and they're more secure than Mac OS, patching is better and they're free. If you use it for the funky environment and applications then that's fine, I don't have a problem with OSX but I do have a problem with people assuming it's the greatest OS on earth without considering that other ones are better suited to certain applications.

Trying not to make this sound like a flame,

Mark