So where are the exploits, the trojans, the malware for OS X? Oh, that's right, Macs only have 0.01% market share so nobody bothers. What, OS X is at 6% and growing? Well then it's just a matter of time, you just watch all you Mac fan boys, those script kiddies and hackers are gonna get you too!

Or maybe, just maybe, the reasons for all of the malware troubles in Windows are security flaws at a fundamental level. A Windows code base so hosed and exploitable the devs on the "Mac Farm" and "Torvaldis' Terrace" snicker about it.

Nah, that's not possible, Windows has 90%+ market share. Macs and Linux have just been lucky for 20 years.

Lions and tigers and bears, oh My!

Ok, OSX has another exploit pathway. It'll get fixed just like the others.

So let's figure the score of viruses and such.

Windows: 150,000+
OSX: < 5

Even a country girl can figure out which is better off.

Y'all come back now, ya hear?

What Verizon is doing with an open operating system when Microsoft is nowhere near capable of doing so?

What's that smell?

Study: .NET overtakes Java

http://weblog.infoworld.com/techwatch/archives/014981.html

SiteFlash? Patent 6,826,744

Vertical Computer Systems, Inc. Files Patent Infringement Lawsuit Against Microsoft Corporation

Fort Worth, TX, April 20, 2007 (PRIME NEWSWIRE)? Vertical Computer Systems, Inc. (OTCBB: VCSY)(www.vcsy.com) announced today that on April 18, 2007, Vertical Computer Systems, Inc. filed suit for patent infringement against Microsoft Corp. in the United States District Court for the Eastern District of Texas. VCSY claims that the Microsoft .Net System infringes U.S. Patent No. 6,826,744.

"Linux on the line: musings on the CLI / GUI flip-flop"

Microsoft dallied in the past with MS-DOS and later hoped Visual Basic Script (VBS) would catch on. Well, it certainly did with virus writers and script kiddies, making VBS almost universally blocked by mail clients and systems admins worldwide. They're back on the command-line and scripting bandwagon with 'PowerShell'.

...

Given how few people in the world would be solidly experienced PowerShell experts, the TCO argument now swings strongly in favour of Linux. But that aside, ask any Microsoftie what the inspiration for PowerShell was. It's a blatant bash derivative. Even the help screens are obvious Linux man pages. They'll tell you straight up.

...

I bet those "I hate keyboards" Windows admins wish they'd spent more time with Linux now; the Microsoft roadmap involves a strong learning curve for anyone who can't punch their way out of a command-line. And even in the Linux camp, the power of the CLI is coming back in vogue.

Such is the way of the CLI/GUI circle of life.

Joe,

"Has Leopard let the malware cat out of the bag?"

No, but feel free to point to bona-fide malware attacks in Leopard to prove me wrong. Not some security "talking head" or laboratory's theory, but a real attack. You know, the kind actual computer users are concerned about.

That's right, you can't.

This site was so much better when you analyzed Microsoft realistically. Now it's so heavy on the FUD it borders on astroturfing. A shame.

Nobody here can explain away...

...Verizon's latest announcement about providing an open-platform for developing mobile applications in light of Verizon's relationship with VCSY and knowledge of VCSY's intellectual property.

The posters here ignore the information so they can freely insult the readers' intelligence.

So here are some post threads so you can see for yourself.

(much more at url)

http://messages.finance.yahoo.com/Stocks_%28A_to_Z%29/Stocks_M/threadview?m=tm&bn=12004&tid=1318806&mid=1318806&tof=1&frt=1

Oh, and one more thing. How long are you and other Apple-bashers gonna drool over the alleged "exploit" in the wild?

To get bit by this, one must:

1) Surf for porn.
2) Be told they need a "codec" to the view the porn.
3) Explicitly download the "codec" themselves.
4) Explicitly install the "codec" themselves (providing an admin password in the process).
5) Get burned.

I don't even need a weakness to exploit if I can get the user to gladly download a file and willingly install it in an attempt to satisfy his libido!

If this is the best you've got as an argument about real-world Mac exploits, then every Mac owner can sleep well at night. Eight weeks ago you would have known this, but that's before this site became just another FUD spewer.

Although Mac's don't as much security vulnerabilities as Window's but they do have alot of Hardware and Software issues.

To get bit by this, one must:

1) Surf for porn.
2) Be told they need a "codec" to the view the porn.
3) Explicitly download the "codec" themselves.
4) Explicitly install the "codec" themselves (providing an admin password in the process).
5) Get burned.

Tom, I hate to break it to you, but that is generally how Windows malware gets installed. People explicitly install a dodgy program or it gets piggybacked installed via a more legitimate install

(Exactly how many people on OS X land have the inputmanager known SmartCrashReports installed without realizing it because it was installed along with another piece of Mac software. How many people didn't discover that their Logitech mouse driver had an APE installed until they tried to upgrade to Leopard?)

Tom, your farmboy ignorance is showing. Stick to being just a small wave.

This kind of stuff is like "The year of Linux", people are always predicting it, but it just never happens.

@ Wes:
Windows = autorun.inf, VB Scripts and Active-X.
... virus writers and script kiddies, making VBS almost universally blocked by mail clients and systems admins worldwide.

*nix = sh, chmod +x on_the_file
then
$./excute_the_program_manually || full_path_to_the_file
or
$sh -x on_the_file.sh

@ Wes:"...your fanboi ignorance is showing. Stick to being just a small wave."

I bet those "I hate keyboards" Windows admins wish they'd spent more time with *nix now,...

The main difference between *nix and Microsoft is the fact that *nix always has and still run mission critical task, so therefor had always taken security as top priority. Windows 3.11 started out as Workgouped PCs. Security was and still is an after thought. All Microsoft has changed since Win3.11 is the TCP/IP stack that the y riped off from BSD. Because at the time the Internet was the in thing. Microsoft Windows architecture is based on a workgroup design.

Some of you guys may remember that DOS use to get boot sector viruses and wipe out your FAT table, then Norton Disk Doctor came to the recuse back when DOS was not popular, hence no script kiddies.

In the final analysis, what has changed? Market share?

"Security-Enhanced Linux"
"National Security Agency has long been involved with the computer security research ... security-enhanced Linux system."

...

"Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. Additionally, the integration of these security research results into Linux may encourage additional operating system security research that may lead to additional improvement in system security."

The main difference between *nix and Microsoft is the fact that *nix always has and still run mission critical task, so therefor had always taken security as top priority. Windows 3.11 started out as Workgouped PCs. Security was and still is an after thought. All Microsoft has changed since Win3.11 is the TCP/IP stack that they riped off from BSD. Because at the time the Internet was the in thing. Microsoft Windows architecture is based on a workgroup design.

Some of you guys may remember that DOS use to get boot sector viruses and wipe out your FAT table, then Norton Disk Doctor came to the recuse back when DOS was not popular, hence no script kiddies.

In the final analysis, what has changed? Market share?

"National Security Agency has long been involved with the computer security research ... security-enhanced Linux system."

...

"Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. Additionally, the integration of these security research results into Linux may encourage additional operating system security research that may lead to additional improvement in system security."

"Alicia Keys Spreads a Virus To Her Friends, ..."

I'm typing this on an Asus Eee 701. I guess you'd characterize it as a "UMPC", except unlike current UMPCs, it's actually a lot cheaper than a regular laptop.

Why is it so cheap? Because it doesn't need to use highly-specced components to give good performance. How does it manage that? Simple--it doesn't come with Windows, it comes with Linux.

Asus recently raised their estimate of how many of these little beauties they're going to sell over the coming year, from 3 million to 5 million. They're still saying they're going to offer a Windows option at some stage, but it'll have to cost extra, and you can bet that'll put people off.

I think the Year of Desktop Linux has finally begun.

Joe --

Debates like these have been raging in the security community for years. Vendors like Symantec, Kaspersky and McAfee have been predicting that "this year" will be the year Mac users will see big-time, Windows-style malware infections... for the last 3 years now. It hasn't happened yet, or maybe I should say that I don't think it's happened yet. That's the trouble with security doom-and-gloom stories: nobody bothers to keep score over bona fide infections, so the writer can never be proved right or wrong. (That's true in the Windows world too -- how many times have you seen a security vendor admit that their products don't work, and that their customers are infected? Doesn't stop them from playing the fear card...)

My sense with Leopard is that it's two steps forward, one step back. Certain features that could have become widely exploited (such as "InputManagers" for Safari, which are similar to BHOs for IE) have been pretty well restricted in Leopard. Leopard also has added some other features that bring it closer to parity with Vista, security-wise: code-signing, address space layout randomization, a "sandboxing" feature to restrict code runtime privileges, and other enhancements under the hood that most people won't notice. Some are implemented well, and some aren't. My friends at Matasano have done a good job looking at these, and I recommend their analysis to your readership.

The biggest "miss" for Leopard, in my opinion, is that they don't offer much in the way of outbound firewalls. Every Mac owner should buy a copy of Little Snitch, so that they can monitor their outgoing network traffic.

All that aside -- Leopard ought to be a bit more secure than its predecessor (regressed mail bug aside). As for whether the Mac becomes just like Windows -- who knows. Unless we start getting evidence of actual infections, Mac users will be safer on their farms for a while longer.

Nice to see I-Man posting again. My VCSY knowledge was starting to get a little stale.

Wes,

"Tom, I hate to break it to you, but that is generally how Windows malware gets installed."

Nonsense. The vast majority of malware gets installed through Microsoft's leaky Internet Explorer or IIS without the user's knowledge or permission. How can you possibly not know this?

You think the 100,000+ known attacks on Windows were the result of people explicitly downloading a file and then explicitly installing it? Wow.

When a company is brought to its knees by a rampant Windows virus that SPREADS ITSELF, where are all those users downloading and installing it? Your statement was ridiculous.

To get bit by this, one must:

1) Surf for porn.
2) Be told they need a "codec" to the view the porn.
3) Explicitly download the "codec" themselves.
4) Explicitly install the "codec" themselves (providing an admin password in the process).
5) Get burned.
----------------------------------------------------
This is called a "Social" engineered attack, and is not the typical windows viral attack. Social, because the user has to allow the program (usually a trojan) to install.

I fix computers, especially computers ridden with spyware, malware, viruses, trojans, scumware, etc.

The bottom line is folks, the computers that come in the door that need this type of service, are always, 100% of the time, Windows computers. They are never Mac, Linux, BSD, Unix computers. Period.

The most recent Infected computer that came in the door, was a 1 year old computer with XP media center on it. The folks that owned it actualy did good to keep it almost virus free that long. They were afriad to surf with it, so "only visited safe sites." or so they thought. They had virus protection on it and up to date, well Norton antivirus. The point is, being afraid to surf anywhere, is not what I bought my computer for. Whats the point of being on the internet with a Windows computer if you are too afraid of browsing? People, just don't have the knowledge to protect their Windows computers, and MS togeather with the OEM's sells them wide open from the stores, and a viral magnet. MS should be ashamed, but sadly MS have no shame.

Some Linux Distros, SimplyMepis for example, also have a firewall and antivirus (builtin that scans mostly for windows email viruses so as not to pass them on to windows users). Its definately one of the most secure out of the box setups for surfing the web that I have seen. Linux is more locked down than Mac is some requards.

But again, Mac computers are not coming though the door for spyware removal, Mac is at 6.5% of the market last time I looked too. So ask yourself, why is this only a Micro$oft Windows problem?

Wes said: Tom, I hate to break it to you, but that is generally how Windows malware gets installed. People explicitly install a dodgy program or it gets piggybacked installed via a more legitimate install.

What planet have you been on, Wes? Windows malware can get installed WITHOUT similar user intervention. You can get viruses without supplying an admin password. You don't have to explicitly install something. You just have to visit some sites and click on some buttons. And if you don't spend time keeping your anti-virus software up to date (another expense), then sometimes you don't have to do surf at all. Windows security is a cruel joke.

I find it sad that King Friday III sends poor ol' Prince Tuesday to write an article on how bad Mac has become. When it is still way ahead in security when compared to Windows and other Fridayware.

When for decades the only thing to come out of "King Friday's Castle" was insecure single user software. At some times overloaded with "multiuser emulation". Are we now to dump our "alternative" platforms because they are less secure than the used to be. While still being more secure and stable than Fridayware.

My recommendation is: if things get worse just get some anti malware software. After all isn't that what all the of the king's men said. "Windows is secure", "It isn't Windows' problem, it is the malware writers" or "Just get an antivirus".

A few incidents are not enough to send folks rushing back to Windows which is plagued by them. It is sad indeed that the best that can be done is say "uhhhh look now you have 1 malware, be afraid be very afraid". Wake me up when things get as bad as they are with Windows. In the mean time there is no reason to switch back.

Please list the actual viruses you have experienced on os x. Or that anyone you know has experienced. Or that anyone you've read about has experienced.

Thanks.

I can just picture Mr. WIlcox frothing at the mouth covered in sweat a-la Steve Balmer jumping around on his bully pulpit yelling at the top of his lungs: "VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES! VIRUSES!"

YAWN!! Just another sour grapes post lacking imagination. Go on type your drivel. Meantime I'll keep working on my iMac. 4years old and humming on Leopard. Yes, every time I wake it from sleep it just keeps on working, all day, every day. Boring really isn't it? Nothing to report except the simple pleasure of productivity. Yawn, guess I must do some more work the .... It then I did get to do this post on my iPhone tee her ... who the he'll even notices microsoft these days

n0neXn0ne,
You equate scripting in all unix like flavors with PowerShell. Apparently you don't have a clue of what PowerShell is...

@evan:
It's scripting.

"Experienced Unix or Linux users may recognize PowerShell as similar to bash, though the GUI has been modernized to provide an appealing and consistent automated environment for administering Windows operating systems and applications."

...

"PowerShell was specifically designed by Microsoft to automate system tasks, such as batch processing, and create systems management tools for commonly implemented processes, using a powerful language similar to Perl. PowerShell replaces functions that formerly required users to create scripts in VB, VBScript or C#..."

It's an awfully vain attempt at writing subjectively but unfortunately this article falls on all accounts. What a pile of steaming skid marked pants.

Following your allegory
The problem was that at the beginning Mr Gates did not have good engineers, and when he acquired them he did not trust the inhabitants of his "neighbourhood" and made a lot of secret passages to spy his "villagers" (remember the unauthorised updates?) This eventually grew out of his control and the marauders ended up invading his neighbourhood (right around now) The despairing villagers are looking where to run: some will go to la-la land-but not all, since it is too expensive to reside there. Some others will go to the Torvace Terrace, where they will surely find peace at last.

Every six months or so, some self-described "expert" rants and raves about how Apple or Mac OS is doomed to failure based on recent events. And every time, they're proven wrong. How many times did the boy cry "wolf" before the villagers started ignoring him? When the day comes that there is finally a REAL virus spreading around OS X users, you guys will explode in a fit of self-satisfaction, while Apple will quietly release an update that fixes the problem. The Mac OS operating system is based on UNIX, the most stable and secure platform available for a computer. Tens of millions of computers around the world have run UNIX for DECADES without falling victim to 150,000+ viruses. I expect that Mac users will have the same immunity for some time to come.

God bless Apple and the Mac. And tell the Wintel Fanboys to STFU. It's okay by me that they don't like the Mac, as I surely don't like the PC. But please leave me out of their delusions of grandeur. They know not what they are talking about.

Seriously, are you actually paid for this drivel??

Your head is so far up the ass of Gates that the only clear vision you have is that of the soles of Steve Bullmers feet.

People with more integrity than you sell drugs to children.

Oh good god, ok so the article might have hyped up the security flaw. But it is there, the fact that no one has used it means nothing. That just shows that even when a flaw is found on a mac no one who wants to take advantage of it cares. I'm not saying that windows is better, i know its security isn't amazing but in vista its come along leaps and bounds, i havnt had a single piece of malware since im not exactly cautious about it. Also the whole "Macs are more stable than Windows PC's" thing is a joke. I havnt had an actual fully blown crash in windows since XP SP2 i have had a few program crashes but i was using a mac in the apple store the other day and both logic audio and some video editing software i was playing with crashed. And those are computers with all the right things installed on them. Windows computers are immensely stable considering the huge diversity of programs people run on them from a massive range of developers. Oh by the way to the person above me... are you being serious, are you really making a comparison between someone who sells drugs to children and someone who writes a biased article. LMFAOROFL

n0neXn0ne,
I am sure you can create classes and call remote objects with the bash shell..

evan Says:
"I am sure you can create classes and call remote objects with the bash shell..."

@evan:
"PowerShell...using a powerful language similar to Perl."

@evan:
Reading is fundamental, try it sometimes...

ALL PowerShell experts except 'evan' raise your hand.
ALL Perl experts raise your hand.

Now i see some hands raised ... case in point!

Bourne shell, Korn shell, Bash, Perl, Python, Ruby, Tcl/Tk, and other long-standing powerful scripting languages are now joined by PowerShell. So what's all the silly arguing about which shell is "better"?. The only negative I sense with PowerShell is that it will never be available for Linux, AIX, Solaris, HP-UX, or any other platform other than the latest versions of Windows. Other than that, pick the best shell for the particular job at hand, quit arguing, and use it. It's not illegal (yet) to use Perl if that's what you so desire.
Bill Gates once claimed that no one needed more than 64K of memory in their PC. Now he sells software that won't get out of its own way unless you give it at least 2 GB. But even though his technical head is firmly up his rear end, his financial and marketing genius won the $$$ war hands-down.
Bill Gates once claimed that the GUI with non-overlapping tiled windows was superior to a GUI with overlapping windows. Now he sells software GUIs with overlapping windows. But even though his technical head is firmly up his rear end, his financial and marketing genius won the $$$ war hands-down.
Many, many people have claimed that GUIs are superior to command-line interfaces and that GUIs will eliminate the need for those ancient and arcane command-line interfaces. Bill Gates went along with this advice, pumping his efforts into GUIs and letting the DOS+BAT environment languish in a technical wasteland for the past two decades. Now he sells PowerShell, the first real command scripting tool that Microsoft has offered. So even though his technical head was firmly up his rear end, his financial and marketing genius will very likely continue to win the $$$ war hands-down.

@Brian:
evan turn this into my language is better than yours. I'm too ole to get into that type of no win debate.

My point was and still is:
"I bet those "I hate keyboards" Windows admins wish they'd spent more time with Linux now; the Microsoft roadmap involves a strong learning curve for anyone who can't punch their way out of a command-line. And even in the Linux camp, the power of the CLI is coming back in vogue."

Brian Says:
"...his financial and marketing genius will very likely continue to win the $$$ war hands-down.

@Brian:
"Hoist with their own FUD: an old marketing tactic is backfiring"

"Fear, Uncertainty, and Doubt, or FUD, is an old sword with a new blade in today's competitive IT world. If you cannot beat 'em, create controversy. But the old tactic is starting to lose its effectiveness.
..."

n0neXn0ne says:
"evan turn this into my language is better than yours."
@n0neXn0ne:
As they say, if the shoe fits, wear it. If it doesn't fit, then it wasn't meant for you.
n0neXn0ne says:
"My point was and still is..."
@n0neXn0ne:
I agree with you 100.000%. I'm just dismayed at Microsoft can make so much money selling just junk (for instance, DOS was a collection of interrupt handlers, and was NOT an operating system regardless of its name). And I lament how most mid-level politicians in the corporation I once worked for made so much money trying to tell me how to do a job that they couldn't do themselves if their very lives depended on it and that I could do nearly infinitely better than all of them put together could even imagine, let alone do. And so while I do NOT want to believe Microsoft's financial juggernaut will continue to crush all non-Microsoft innovation, I still fear that it actually will continue to harass legitmate innovation for quite a while yet.
n0neXn0ne says:
"... Fear, uncertainty, and doubt..."
@n0neXn0ne:
I do believe that the tide is turning against rampant ineptness and mindless unbounded greed in the world of software development. I just hope that I live long enough to see it and enjoy it. It's been a very long time coming.
@n0neXn0ne:
I really like your style of quote/response. So please be assured that imitation is indeed the sincerest form of flattery!

@Brian:
Ya aiight wit me:) Peace out.

**These are my opinions only and in no way are they meant to offend anyone. If for any reason you feel the need to contact me in any way regarding these posts, especially for inappropriate wording or a perceived derogatory statement, please feel free to contact me. I am all over the Internet and you can find me there.**

An 0-day exploit that affects Macs? Yes, the castle wall has been breached, no matter what small-wavers may wish it to not be true.

Rather than scream "FUD" at any bit of news you don't want to believe, you'd all do well to learn to protect yourself. And no, protect youself does not solely consist of "Get a Mac"!

If your looking for even more information on PC security then I would head over here as they have plenty of stuff on identity theft, antivirus software etc.