On MovieTome: The next Spider-Man villain?
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 49 of 133:
Next »
« Previous
SP2 is not
SP2 is not "a whole new release", it's a mountain of bug fixes wrapped up with a service pack to the most bloated web browser out there. It also hosed a significant number of systems when it was released because they were infected with malware that prevented its proper installation. It would be roughly equivalent to claiming that OSX 10.4.8 is a whole new release of OSX when it is nothing more than patches to 10.4 and writing it so shabbily that the installation of the update could easily go south badly enough to render the system unbootable. As a PC technician, SP2 was almost as much of a boon for business as Blaster was.

While we're on the subject of new OS versions and their frequency, Win98 offered no functionality not found in Win95c and WinME offered no new functionality from Win98SE. Thus you had for the consumer product cycle with genuine new features for Windows 1991: Windows 3.1, 1996: Windows 95 (first available retail copies in most locations), 2001: Windows XP, 2007: Windows Vista (retail). Twice during the Windows 95 life cycle, Microsoft fleeced it's customer base by claiming that what was no more than another service pack was a whole new version and charging them $89+ for upgrades.

I walked away from Windows in 1999 when the latest service pack, WindowsME was far less stable than its predecessor. Windows zealots like to laugh when a new version of OSX cuts out a few more 7+ year old machines from the compatibility lists. Meanwhile, XP will not support any machine built more than 2 years before its release, and Vista's most stunning features will not function in the manner in which they are/will be advertised on even one year old commodity machines.

The new windows release virtually orphans every off the shelf system more than a year old, while a new OSX release supports hardware that is 6-7 years old, and a current linux release (properly trimmed) will function adequately on even 486DX2's (if you don't need the GUI) and second generation Pentiums (even pre-MMX) will run minimalist GUI's fairly well.

Proof of Concept code does not an exploit make. Yesterday's release of 31 bug fixes in the 7th security update this year (http://docs.info.apple.com/article.html?artnum=304829) is nothing to sneeze at, and does not affect this issue, but here is an important point everyone seems to be missing: Because it does not require administrative privs, it only affects your personal account.

I agree with some of the previous posters that it was a poor choice on Apple's part to make the default account an admin account, but then again Windows also makes the default an admin account. As far as stupid OS design decisions go, it's not quite as dumb as providing a well known administrative account with no password on every install of the consumer version of your OS that the majority of your users do not even know exists.

My Macs and Linux boxes are not immune to attacks. They are, however, far less vulnerable as a direct result of OS design. The real issue with this PoC exploit is not the fact that it can (supposedly) install a library into the user's personal Library, but the fact that the code that does it supposedly executes silently. Looking at the code sample shown in the screenshot of the F-Secure blog, it would appear that the exploit requires the ability to run terminal commands. It would be interesting to see if setting a "standard" user's shell to an unusable value prevented its use or if explicitly calls a shell.
Posted by: bladehawke@...   Posted on: 11/29/06 You are currently: a Guest | Members login | Terms of Use
Reply to Story No further replies to this post will be accepted.

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Adware sample targets Mac OS X  Loverock Davidson | 11/27/06
Adware sample targets Mac OS X  Intellihence | 11/27/06
Profond moron  Mectron | 11/27/06
Over grown calculator?  Laff | 11/28/06
better...  doh123 | 11/28/06
on day to basis Mac is safer, Windows Calc had flaws  jonathan swift | 11/28/06
POC adware  ThinkFair | 11/27/06
Source?  A_Pickle | 11/27/06
This is the article  ThinkFair | 11/28/06
Jeesh.  A_Pickle | 11/28/06
Lovey, back in first  georgep_z | 11/28/06
You need new schtick  tic swayback | 11/28/06
So the score is...  BitTwiddler | 11/28/06
The insanity of Mac zealots can only be a ...  MacGeek2121 | 11/29/06
Quite a controlled comment there!  mbrierley | 11/30/06
Most Windows users don't hate Macs...  MacGeek2121 | 11/30/06
To quote you (almost directly), Loverock...  Zeppo9191 | 11/30/06
Crap  Kobashrer | 11/27/06
Funny that you should mention that...  A_Pickle | 11/27/06
what?  doh123 | 11/28/06
Simple fix  rpmyers1 | 11/27/06
Simplier fix  Mectron | 11/27/06
oh come on  NemesisNL | 11/28/06
BZZZZT  rpmyers1 | 11/28/06
And we can clearly see how the lack of sunlight ...  ShadeTree | 11/28/06
deary me  hirez | 11/28/06
What?  Jim Blaine - Bellingham WA. | 11/28/06
Beat me too it...  Linux User 147560 | 11/28/06
Even simpler fix  NonZealot | 11/28/06
Silly NZ  tic swayback | 11/28/06
Waiting 5 to 10 years?  NonZealot | 11/28/06
Oh goodie!  tic swayback | 11/28/06
That's a lot of typing!! wink  NonZealot | 11/28/06
Cut and paste  tic swayback | 11/28/06
XP allows for cut and paste  NonZealot | 11/28/06
I should have dragged and dropped it then...  tic swayback | 11/28/06
Can't get no satisfaction  NonZealot | 11/28/06
Blame ZDNet then  tic swayback | 11/29/06
Pathetic  ShadeTree | 11/28/06
Why should I do all your work for you?  tic swayback | 11/28/06
Arrogant as ever.  ShadeTree | 11/28/06
I wasn't making an argument, I was rebutting one  tic swayback | 11/29/06
Once again you are ignoring the fact ...  ShadeTree | 11/29/06
Blame Apple then, not me  tic swayback | 11/29/06
Pathetic indeed!  NonZealot | 11/29/06
Huh?  FatherJ | 11/28/06
Double huh?  tic swayback | 11/28/06
Service Pack 2  BroGnorik | 11/29/06
SP2 is not  bladehawke@... | 11/29/06
get a new user id  hirez | 11/28/06
Bzzt, wrong. You are the Weakest Link.  ITGuy04 | 11/29/06
No problem, we're Mac users.  A_Pickle | 11/27/06
Doesn't Require Admin Privileges  ebrke | 11/28/06
It also states it's only a Proof Of Concept.  Laff | 11/28/06
Most won't  rpmyers1 | 11/28/06
So control click  rpmyers1 | 11/28/06
Whatever you been smoking...  Feldwebel Wolfenstool | 11/28/06
I think he was being sarcastic (nt)  tic swayback | 11/28/06
still doesn't work on Linux sad  galileon | 11/28/06
Actually, there is a bug...  fde101 | 11/28/06
How do you know it's a bug ?  magcomment | 11/28/06
Feature?  THEE WOLF | 11/28/06
Design flaw = bug  rpmyers1 | 11/28/06
Safari  bladehawke@... | 11/29/06
More support for the theory that it is ...  ShadeTree | 11/28/06
Wait a minute....  Laff | 11/28/06
What it does show,  3D0G | 11/28/06
Great, then all of you lemmings should  msolgeek | 11/28/06
Exactly!  3D0G | 11/28/06
Is this one of tose faith based circular arguements?  Laff | 11/28/06
????  notsofast | 11/28/06
I know that the then god of buisness IBM blessed MS  Laff | 11/28/06
obscurity? haha  hirez | 11/28/06
Product placement  3D0G | 11/29/06
Windows seems more vulnerable  robbyx | 11/28/06
You are wrong.  ShadeTree | 11/28/06
then you are blind  hirez | 11/28/06
Okay smart guy ...  ShadeTree | 11/29/06
Security experts agree: it's a wash  NonZealot | 11/28/06
This one disagrees  rpmyers1 | 11/28/06
FUD  3D0G | 11/29/06
And I'll bet IE7 will be infected in short order  ITGuy04 | 11/29/06
Multi-layered defense  NonZealot | 11/29/06
Possibly, but...  bladehawke@... | 11/29/06
What it shows is it can be done but isn't.  ShadeTree | 11/28/06
I see....  Laff | 11/28/06
Or they could have a hatred for MS  CMKRNL | 11/28/06
If only it were that simple......  Laff | 11/28/06
Stirred up a zealot's nest!!  NonZealot | 11/28/06
If you really want to see zealots....  tic swayback | 11/28/06
346 posts??!!  NonZealot | 11/28/06
Here's a fine example of a Zealot  Rick_K | 11/28/06
Silly guy.  ShadeTree | 11/28/06
With more than a spoon of irony here...  Linux User 147560 | 11/28/06
I'm sure youre not buying the market share theory ...  ShadeTree | 11/28/06
More than most here  Linux User 147560 | 11/28/06
Who are the hackers  THEE WOLF | 11/28/06
That would be because...  Linux User 147560 | 11/29/06
yeah -NZ has heaps of MS shares  hirez | 11/28/06
a fist full of PoCs  hirez | 11/28/06
naaaah sucker!  hirez | 11/28/06
How does it install?  nomorems | 11/28/06
cR@pPl3 is EVIL!!!  NonZealot | 11/28/06
Spoken like a true  Rick_K | 11/28/06
That's why NZ is so clever  tic swayback | 11/28/06
"He can't lose."- hes lost!  hirez | 11/28/06
Sarcasm...duh.  FatherJ | 11/28/06
good for you!!  CMKRNL | 11/28/06
I'm not sure what to make of this  Shelendrea | 11/28/06
Sodium cloride required...  Linux User 147560 | 11/29/06
It doesn't install as a system library  Resuna | 11/28/06
But... but... but...  NonZealot | 11/28/06
oh buddy! leave of the pot!  hirez | 11/28/06
Apple commercials  THEE WOLF | 11/28/06
OS X not perfect, just a hell of a lot better than Winduds.  usc1801 | 11/28/06
I fixed your typo  NonZealot | 11/28/06
No he had it right  Linux User 147560 | 11/29/06
Linux is a toy OS  Narg | 11/29/06
No he had it right  Linux User 147560 | 11/29/06
Wow!  notsofast | 11/28/06
RISC...  Linux User 147560 | 11/29/06
WTF  notsofast | 11/29/06
hmm  CMKRNL | 11/29/06
And were those brand new machines?  notsofast | 11/29/06
Who wants choice?  mbrierley | 11/30/06
Unfortunately for Apple, you are in the severe minority...  Scrat | 11/29/06
Ya got a link to the story or  Linux User 147560 | 11/29/06
These should keep you ...  ShadeTree | 11/29/06
Link enclosed  Scrat | 11/29/06
Funny  Boot_Agnostic | 11/28/06
PoC is not a POX  hirez | 11/28/06
It was only a matter of time.  Narg | 11/29/06
Platform Indifference!  moffett.john@... | 11/29/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement
Click Here

SmartPlanet

Click Here