What a greta quote:

"the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security.""

amanda m - you only need to have your wireless card running for it to be potentially exploited. It doesn't have to join a network. Disable the card when you're not using it.

Thank you for this article. I just went in and told my macbook to ask before joining any wireless network. I did have it set to automatically join.

I only insert my Wi-Fi card if I need to be on a network. Of course that doesn't solve this problem, but it does mean the notebook is not a constant target.

Unfortunately as PC card slots are reduced in number and most notebooks have built-in wireless, disabling it actually requires a thought process that most of us won't make time for.

Maybe protecting against driver hacks are the next opportunity for the firewall industry. Thanks Brian!

Does this security flaw affect desktop computers running on home wireless networks?

So, this actually has nothing at all to do with it being a Mac, other than an opportunity for a windows user to crack a smirk. When that smirking guy actually reads the article, he/she/it will realize that this exploit is there for whatever operating system is running on the effected hardware. It is an exploit for specific third party hardware. I guess actually this is a testament to OS 10.4, that someone has to go to such great lengths to hack it.

Good job sticking it to those stuck up Mac users!

"Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security."

Eh? We use Mac's because they're lovely machines to work with. Smugness implies that we think we are somehow better than the people that use Windows? Well, that's not the case. We are better off than most computer users for security. Smug? No. These guys should point out the inevitable flaws in systems - not make some tired tirade against Mac users. Boring.

It's worth remembering
1. There are over 25 million mac users out there. That installed base is certainly large enough to propagate an attack
2. When the Vista beta came out, to fewer than 10,000 people a virus appeared for it within a week

So much for the security via obscurity myth.

To date no virus, no worm, no malware, no spyware has been successfully launched and spread against OS X.

There ARE viruses for Word of course..but these have no effect on the OS itself and are easily removed with free software.

Hackers and script kiddies have switched in recent times to more lucrative pursuits with less malice and more profit in mind. Hence the targeting of those systems most commonly used in business. Follow the money.

If macs were used heavily in business they would likely be attacked more frequently...but it's not worth it MONETARILY.
If it were only about "hacker pride" wouldn't infecting 3 million or 5 million or 25 million users be something worth bragging about?

Mac people rag on PCs because they are less secure, but that doesn't make PCs inherantly inferior. There are many aspects to consider when judging a computer or operating system. Both Mac and PC fanatics are missing the point.

Most Mac users realize that their computers are vulnerable to hackers. That is not the same thing as saying that Macs are vulnerable to viruses.

Brian, anxious to denigrate Mac security, fails to put this exploit in perspective. The target of this exploit has to be within wireless range of the hacker. Compare that to an exploit where the target has to be connected to the internet.

Michael: They would not be doing a talk at Blackhat with the world watching if they didn't have a working exploit. If it is all bunk, their reputations are gone.

Its tough to say exactly how this attack works without all the details, however drivers are software, software is vulnerable to exploitation (i.e. buffer overflows, etc...), which leads to total system control.

This is merely a different vector for an attack.

This whole debate got me switched to Mac. There is no doubt the OSX is secure, besides being rock solid, easier to use and prettier. I don't care if the Mac gets a few vulnerabilities as I'm confident Apple will fix them swiftly. After all Apple doesn't have the huge problems Microsoft has with Windows and Office.

I'm delighted with my switch to Mac and from what I see the Mac community isn't made up of hackers and swindlers. Its made up of honest decent people like me getting on with their lives.

ever wonder why macs aren't targeted nearly as much as pcs? it's the same reason why firefox is a safer bet than internet explorer: user base. there are far more pc users than there are mac users. therefore there are going to more attacks on pcs based on sheer numbers. i myself want a macbook pro so i'm not speaking out against mac users, i just feel that this goes to show that they have a false sense of security. but then again so do all computer users.

PC users...just give it up already. No one who is "in the know" ever said Macs are completely invulnerable. The fact is, they are as invulnerable as you can get and that's all that matters. If you prefer 200,000 viruses to none (or a handful at best depending on your definition) or an OS that's much mre likely to be hacked than not, then by all means keep your Wintels. If you want a much more secure system, then get a Mac. But if you think that a single or even a handful of exploits makes a Mac as vulnerable as a PC, then your just trying to make yourself feel better about your choice to stick with a PC.

Let's just assume that there are fewer viruses, malware etc. for the Mac because of the much smaller userbase (I know it's not the reason, but let's just assume). At what percentage of marketshare or a what userbase number will the Mac be interesting for hackers/crackers to start writing viruses or other malware? Will it be at 20%, 25%, 40%, 50% marketshare? Who knows?

What I do know is that the Mac will not reach a significant enough increase in marketshare or userbase over the next 5 years. In other words, the Mac will remain to be uninteresting for malware writers for many years, if the criteria for writing malware is marketshare or userbase.

It's safe to buy a Mac in the next 5 years for sure. If you want to be safe and not have to deal with malware, your next computer should surely be a Mac!

What does "seize total control over the machine" mean? Does this mean they can seize control of the OS? Can they simply shut it down remotely? We need more information about what they can actually do once they "seize control over the machine."

I have heard enough hackers brag about what they can supposedly do and have it turn out to be the most trivial exploit. Tell us what they can actually do when they have control. I doubt they have full control of the Mac OS using this exploit.

What does "seize total control over the machine" mean? Does this mean they can seize control of the OS? Can they simply shut it down remotely? We need more information about what they can actually do once they "seize control over the machine."

I have heard enough hackers brag about what they can supposedly do and have it turn out to be the most trivial exploit. Tell us what they can actually do when they have control. I doubt they have full control of the Mac OS using this exploit.

you don't understand the point...when apple's user base grows, the potential for mac hackers grows. that's why firefox isn't as safe as it used to be. people continue to migrate to firefox and in turn firefox now is as much a target as internet explorer.

winblows isn't the only os dealing with security weaknesses:
http://blog.washingtonpost.com/securityfix/2006/08/apple_issues_bundle_of_securit.html

For crying out loud, John. You Mac people just don't get it. There are no hacks for Mac because no one cares about hacking Macs. Why would I design a virus that works on less than 10% of all computers? That would be dumb. The very nature of a virus means that it has to spread in the wild, and you therefore need to target the largest number of machines. How well do you think a virus targeted at Commodore 64 machines would do? Same scenario here, my friend.

I agree about the user-base issue. I also agree that the Mac OS has its security issues in general; this is just a consequence of Apple making the switch to Unix. Still, until things change, the Mac OS is stil the most secure OS out there. If and when things change so that the Mac becomes more of a burden to maintain than a PC, then I'll be the first to say enough is enough. Until then, I see no point in continually saying "things might get worse." When I actually see them getting worse to the point where it's a practical concern, then I'll make a move. And I'm not talking about something that affects a few dozen users before they updated their OS (as was the case with an Airport issue a while back); a proof-of-concept hack; or something someone claims to have working in a lab somewhere. Let's be realistic.

My house isn't 100% secure. If someone wants to break in, they'll get in. Does that mean I should install a security system, get a watchdog, bar my windows, etc.? I have to assess the probability of an actual break-in.

Oh Gee...wireless is less secure than wired. DUH! Oh Gee, if I have my computer set up to blindly connect to any network, it's a security risk. DUH! So here are my default settings for my wireless. I use a minimum of WPA personal security and only connect to specified networks by name. My wireless network is also MAC address filtered. This should be the minimum level of security used by all wireless networks. If that were the case, I'm just a little bit curious about how this hack could break in.

I'm a mac user. I'm not one of the morons that the presenters are referring to. This isn't even about a Mac. This is about Atheros, Intel, and others.

People should avoid stereotypes.
I'm at BlackHat but going to skip this presentation because it just lost merit in my eyes.

>There are no hacks for Mac because no one cares about hacking Macs. Why would I design a virus that works on less than 10% of all computers? That would be dumb.<

Yup, according to IDC, Mac's current USA market share is a whopping 4.8%, and their worldwide market share is somewhere below that of (who?) Fujitsu/Fujitsu Siemens.

Smithers, I do get it. As you can see in my last post, I do agree with the user-base issue. But that's only part of it...

Look at application installation as one example of security. On a Mac, in order for an application (real or malicious) to be installed, the logged-in user has to be an admin user and THEN the user has to enter the admin password for the installation to proceed. Windows makes the user an admin user by default and no password is needed. So right there, you have a major Windows security flaw. Also, by default, the Mac OS has most of its ports closed while Windows has most of its ports open.

Sure, an admin user can change these things, but for the average user, they know nothing about this.

Anyway, while market share is an issue, these things are not related to that.

Also, WHATEVER the issues are, if one system has virtually no issues while another has many, I'll go with the first system. Until things change, the reasons behind the security issues don't matter much.

To stick with car analogies as the Mac/PC debate often uses...People sometimes consider theft statistics when getting a car. If I heard that there was an increase in the number of thefts of car X in some remote part of the country and that the increase in thefts of car X MIGHT be increasing and MIGHT be spreading, would that deter me from getting car X if I really liked the car, it was everything I wanted in a car, and I never heard from anyine I know with car X that they experienced a theft? Probably not.

I'll be the first to call there bluff, for one to say it gives total control is highly unbelievable. A video proves nothing, just merely someone can manipulate it.

I have watched videos of the beta apple ipod videos that I would of thought where real unless told otherwise.

Sorry this just does not add up. I'll need hard proof before I belive these two clowns are out for nothing more than name recogntion.

Bear in mind that the presenters at Blackhat were more grumpy about Apple's current *marketing* push on security than they were about Apple's users.

Someone up there wrote: "I don't care if the Mac gets a few vulnerabilities as I'm confident Apple will fix them swiftly."

Apple has not done a great job of delivering working security fixes for OSX in a thorough, timely fashion. Part of their problem is that doing so would be admitting there are as many security issues as there are. Apple's PR budget is invested in not doing that.

OSX is based on freeBSD - and freeBSD is a very secure system. A lot of porn sites use freeBSD because it is so secure. So, there's money to be made on freeBSD exploits, because there are databases of credit cards at the porn sites.

Problem is, if someone develops something clever that's primarily designed to go after freeBSD and it's either trivial to include OSX in the exploit, or OSX simply is included because of the shared code base, Apple may have a long process to address it.

One possibility: the exploit doesn't take freeBSD systems down, but it does take OSX down, and it spreads as a worm.

The fix requires either boot from CD or boot to command line mode, and takes several days to emerge.

Today, on another web site, it states:

"Apple Computer issued on Tuesday updates for its Mac OS X operating system to fix 26 security flaws, some serious."

So much for claims that Mac OSX is oh-so-perfect, and security-flaw-free.

The thing is, who wants to put a virus out on a system that won't spread? It won't spread not because the OS is more secure, but no one uses the OS in the first place.

Secondly, even if someone does make a virus or hack a mac. What are they going to do, shut down the system? There's hardly any software to do anything malicious anyways.

Let's take a look at one of the mac commercials. The commercial involves entertainment. The mac commercial poses a normal PC having no sorts of real, fun entertainment while a mac has video editing software of the sort. Great, you can do videos, so can the rest of the world. And guess what? The rest of the world can play the millions of "fun" games on the PC's while the mac can't.

Thanks for the warning. My husband just bought me an external wireless card for my PC. I was not aware my PC could be hacked this way. Now I will limit the amount of time my card stays in my PC, just as I now unplug my network cord when not on line.
My motto: If they can't see it; they can't hack it.

Most Mac users realize that Macs can be hacked. Their is a big difference between being vulnerable to hackers and being vulenrable to viruses.

Brian, anxious to denigrate Mac security, fails to put this exploit in perspective. The target of this exploit needs to be within wireless range of the hacker. Compare this to an exploit where the target needs to visit a website, receive an e-mail, or just be connected to the internet.

Admittedly, this exploit is potentially more subtle than a Trojan horse.

anon,

Pleaser read some of the earlier posts.

As for the other "arguments" you present, while each camp can present specific examples about the availability and quality of software that bolsters their point of view, in general, these arguments are both fallacious and about 10 years old.

Mac vs PC. PC vs Mac.

Nonono people.

Mac = PC. PC = Mac.

Same fnording hardware! The only real difference to the end user is the OS you slap on the thing. MacOS, Windows, Linux, BSD, what-have-you.

I just wish all the "sides" beating their chests over how superior their "side" is would just shut the hell up. Your computer is a tool. Not a lifestyle statement. Just use the tool and put it away when you're done!

>Most Mac users realize that their computers are vulnerable to hackers. That is not the
>same thing as saying that Macs are vulnerable to viruses.

Crooks don't target macs for the same reason that most game companies don't: the user base is too small to warrant the effort.

If Macs ever have a user base that's large enough to justify the effort to attack it, we'll find out how secure it is.

Brian, any FBI takedowns yet?

Mac users aren't "better" -- Macs are better.

There's a hospital where virtually no one dies of infections. Some say it's because hardly anyone goes there. They get great care there and have all the services that anyone needs. AND no one ever dies from infections. Infections just don't exist there.

There's another hospital where there is a very high infection rate and many people die there.

Many people say it's a more popular hospital and almost *everyone* goes there -- so I should go there. They have a very large support staff to fight infections and they say they can fight off their 200,000 infections that are roaming the hallways or are coming in with the people.

And the fact that so many people die there is simply because it's such a popular hospital. I guess you just take your chance at that place -- and your chances are not very good.

No thanks, I'll go to the hospital that has virtually no infections and no one dies.

I like the "better" hospital, thank you -- not the more popular one.

I like my peaceful and nice existence -- not one of fighting off all the diseases every day.

This comment area seems to have become a forum for MAC vs PC.

Your Point?

For $12,000 less than I could have built it with a MAC - I have a fully operational to code recording studio with which I am producing my music on a pro level without selling my home.

God bless the folks that design productivity software/hardware for PCs.

Oddly enough, a lot of the really creative people in this world aren't able to channel their energies towards making the really big money. Some of us spend too much energy being creative. I love my PCs.

Maybe if they make me enough money, I'll replace them with MACs.

Peace In Our Lifetime...

If Macs have 10% of the user base of Windows, shouldn't it have 10% of the number of viruses? No. It has zero. Because it is better designed. There are more Mac users than Linux users, and yet there are lots of exploits that take advantage of Linux.

And Eliakim is right: Who cares /why/ there aren't viruses. There just aren't any. That's an advantage.

And millions of people use Macs, not "nobody."

For uncensored news please bookmark:

www.wsws.org
www.almartinraw.com
www.onlinejournal.com
www.takingaim.info
otherside123.blogspot.com

We're All Republicans Now. We're Either Rich Republicans. Or We Are Banana Republicans...

(1-2-06) The year 2005 has been another stellar year for the top 20% of the United States of America. It can also be reported that the goal, or the "magic number" has finally been reached. That number relates to what George Bush Senior said in 1992 - the goal of having the top 1% of the nation controlling 70% of all the private wealth in the nation. That number is even a little deceptive because that private wealth also includes "public wealth" because of the concentration of holdings of U.S. Treasury and governmen't obligations by the top 1% of the nation. However Bushonomics should be lauded for accomplishing its agenda. People should be reminded of what George Bush Senior said (which we have mentioned many times before) in the famous interview of November 1992. When he was asked what Bushonomics was, Senior replied by saying -- Bushonomics is the continuous consolidation of money and power into higher, tighter and righter hands. And this is how the Bushonian agenda was advanced in 2005...

When you look at /home/ users instead of bulk corporate buyers, Macs have a much higher market share. Apple sold 15% percent of all laptops last quarter, for instance. Laptops are purchased more by individuals than by IT departments. If the know-nothing, MSCE-ridden IT departments of the world actually knew a thing or two about computers, they'd all be on Linux, Free BSD and OS X in a heartbeat.

Most of you users out there are assuming that Mac=osx and PC=Windows...
I have found aLinux to be very stable on my desktop and have not had any virus or spyware trouble. Aside from that, it come with all kinds of security features, and I don't have to pay anyone. I have open office and even have all of my hardware supported.

The argument that Macs are too rare to attract viruses doesn't make sense to me. UNIX and Mac are just more secure.

Apache runs a majority of web servers and a minority run on Microsoft software, yet virtually all virus attacks on web servers go after the Microsoft software, because it's vulnerable. Even though it has a smaller user base.

Why can't they demonstrate it live? They have to do it via videotape? I think that somethings fishy...

1. Most of the know nothing IT departments are running purchased software that is certified by the vendor to run on certain platforms. If it isn't certified for Linux, FreeBSD or OS X, then very few IT managers are going to go out on the limb to try to make it work.

2. I love people trying to make healthcare analogies to IT. If I told you there is a hospital that, by design, is less susceptible to patients receiving infections, would you jump at the chance to go there? Now if I tell you that it is a psychiatric hospital (with few patients with infectious diseases), would you still be jumping? Just because the Mac is better-designed to withstand viruses and worms (something I'm not prepared to accept as fact) doesn't mean it does what I need it to do. Just like I'm not going for heart surgery at a psych hospital.

"It's worth remembering
1. There are over 25 million mac users out there. That installed base is certainly large enough to propagate an attack
2. When the Vista beta came out, to fewer than 10,000 people a virus appeared for it within a week"

sure, and guess how many people will have vista installed when its released? a lot more than 10,000. and the virus that appeared for it will already be fixed, but what about the viruses that people are coding for it and being smart enough not to release them yet? they'll be hitting alot more than 10,000 users because millions will have it loaded.

the people who are making viruses for the "obscure" vista were still making them for a larger user base

Jim,

In response to your second point, of course. And I would say the same to Jordan with respect to Linux on PC. I think it's safe to say that most people are talking about the general user. Most people do basic stuff on their computer. Most people who have a PC run Windows. And so on.

I would also say that with Intel-based Macs, using Boot Camp or Parallels now gives a user the best of both worlds.

I am a (preferred) Mac user, using both OSX and XP Pro on the job. Though neither programmer nor hardware geek (most of the time), I noted the target is the Mac with Intel "core" (single or duo). Would the vulnerability be applicable to a Mac with the G5 chip and a wireless card, running v 10.4?

Just wondering.

I switched my business from powerful Windows machines to MAC Dual Processor G5 systems in 2004. At the same time I purchased some Apple stock. I have spent 0 minutes maintaining the OS of these systems since that date. I have processed 50% more graphic-rich business content, received more customer service compliments, and reaped substantial business and investment profits as a result. Apple is a market-driven solution to the Microsoft monopoly.

Actually, one of the fundamental propositions of this supposed attack I believe is false. The default Airport card setting isn't to automatically join ANY available network, but to ask before joining an unknown network. You can however set it to join any, which you would then need to reverse in order to disable this vulnerability.

I've been wireless for almost 5 years now, and my normal setup procedures do not involve disabling the default behavior, which is to quote from the control panel for the "Automatic" setting: "Airport remembers the networks this computer has joined. If none of the remembered networks are available, AirPort will ask before joining an open network."

According to Consumer Reports, 9/2006 ed., Consumer Reports National Research Center, "State of the Net":

Viruses infect PCs at the same high level as last year. 1 in 4 had a major, often costly problem. Economic fallout per incident $109, total damage $5.2 billion.

Spyware infections, in the last six months, prompted nearly a million U.S. households to replace their computer. 1 in 8 had a major, often costly problem. Economic fallout per incident $100, total damage $2.6 billion.

My question: how much of these enormous costs have been incurred by users of Mac OS X since its release?

Should a person considering the purchase of a Mac factor in the cost of virus protection now, or should that person hold off purchasing virus protection until some virus actually affects, oh, over a dozen different Macs? What about spyware protection? Should the Mac user install what is recommended for every PC owner, two anti-spyware progroms? Or should the potential Mac owner wait until, oh, over a dozen of the 15 million Mac OS X users actually have spyware installed surreptitiously?

How many years have we heard these predictions of "Just you wait, you Mac users will get yours." I've heard the sky is falling for the four years I've been using OS X. Please, come into the sunshine. It's nice and bright and refreshing out here. When the weather changes, then I can invest in all the apps the PCs have to run to protect themselves, and the concomitant processing power those programs consume. Until then, Chicken Littles...

Someone wrote;

"...for crying out loud, John. You Mac people just don't get it. There are no hacks for Mac because no one cares about hacking Macs. Why would I design a virus that works on less than 10% of all computers? "

Because you would be famous beyond your little hacker imagination. Write a PC virus...who cares join the thousands! Write the first out in the wild mac virus, you're on the front page of the CNN web site!

Duh!

So did it work? It's 4PM on the east coast and I haven't heard yet.

Yea, these are so confident they'll only do it at home and videotape because they know in REAL LIFE situations - the Mac is pretty impervious.

Here's an analogy even the Washington Post might understand. Macs are US Army Rangers. PC's are sleepy tourists with a camcorder poking out of their bag under their feet. That's not to say you can't take down a US Ranger ever but if you're a pickpocket, who is the much, much easier target?

Is it possible somewhere on this planet there is mac user with his firewall off and his wireless left wide open? of course, there are 25 mac users but it's much harder work because there are layers of protection ... most Pc's - all protection off ... you do the math.

These guys are pulling a fast one on you - what's next, will they hack into the DOD and give you area 51 files?

"Apple Computer issued on Tuesday updates for its Mac OS X operating system to fix 26 security flaws, some serious."

So much for claims that Mac OSX is oh-so-perfect, and security-flaw-free.

-------------------

Uh, nobody said that.

The majority of such security flaws are in Unix utilities, many of which the average user never uses. Does it count against the platform as a whole? Sure. Does it mean a large portion of the userbase was exposed? No, because they don't utilize that utility.

John

Maybe, but when I think why the people I know, and why I am using a regular PC, I find myself using them not because of security, tech support, or the like. I use them because the market uses them. If the mac market was dominating, I would use a mac instead. There's no if, but, or and about that. Many of us (friends, family, and other people I know) don't use macs because in a way, they are useless to us. I agree that being useless to us, doesn't mean it is useless to everyone -- it's not. But the fact is, the things I want to do, the things I can do, and the things I look foward to doing on my PC, I can't do on the mac. This goes with most people I know.

People use specific OS for different situations. Here at work, we use unix for servers, while most other regular machines run windows. We had one apple machine that we purchased for one of our artist and when he left the company, the mac was up for grabs. Even though the mac machine was faster, no one wanted it. Not because they didn't know how -- they could learn -- but because their windows machines were compatible. Albeit compatible with virii, trojans, worms, and the like, but still compatible. I think that's the biggest here. Compatibility. If I can move all the programs that I'm using right now over to a mac machine w/o problems, I'd be more than happy to do so.

Wanted to add

So this whole thing about security on mac/PC/etc and why one is better than the other is because of this is total BS.

Hmm. 1 in 8 chance of losing $100 vs. 100% chance of spending... how much more for a Mac? I would sooner take my chances behind my router and the free AV software from my ISP.

Whatever, the choice was made to present it on Macs to show that the problem is driver-related and OS-agnostic (and because the ads ARE obnoxious. My pie charts are much more colourful than that).

It's not a Mac vulnerability, it's a wireless driver vulnerability. The choice was made to not demo it live because...

IT'S WIRELESS, PEOPLE! At a hacker conference! Using an undocumented and unpatched vulnerability!

Which, of course, will affect no one using a MacBook, because those aren't the kinds of things that will be used in wireless hotspots. And, of course, city-wide wireless networks will do nothing to increase the range of such attacks.

What I hate most about the PC vs. Mac / Win vs. Linux vs. OS X / Closed vs. Open Source security debates is the lack of scientific method to the conclusions. It's called Ascertainment Bias and I've never seen anyone involved overcome it.

This argument is kind of stupid. Yeah, Windows has things on by default while OSX has it off by default. In the end, it's the intelligence of the user that matters. Right now, I think macs tend to attract smarter users. If wholesale Mac adoption happened, I'm sure there would plenty of stupid users giving admin permission to anything and plenty of stupid tech support people who tell users to turn off such and such security setting.

actually, mac os x is more secure, not because of obscurity, but because:

1. it's based on unix and has the same system of privileges.

2. os x comes with most of its ports closed, so there are fewer doors through which an attacker can enter.

3. you have to either have admin access or enter your password before installing software.

4. offers per-user harddrive encryption (in case your computer is ever stolen.

that doesn't mean it's invulnerable. but it does mean there are fewer 'ports of entry'

Anon...From my experience, it's just the opposite: most people don't do anything that requires Windows. The average user uses applications for e-mail, Web browsing, word processing and spreadsheets, and that's about it. That's not to say a lot of people don't need Windows for specific apps. They do. In that case, however, why not use Boot Camp or Parallels. And I would reiterate that in response to what you said: "If I can move all the programs that I'm using right now over to a mac machine w/o problems, I'd be more than happy to do so."

Try outfitting a series of PCs to match the hardware/software included with the Mac line and then factor in the additional costs for third-party apps to secure a PC plus the time/money involved with maintenance. You'll find that, overall, PCs will cost about the same or more.

Well, these guys are lucky they recorded this because the security update that Apple just came out with might put a wrinkle or two in their demo.

I'm interested how far they could take that vulnerability. Can they hijack the whole system or what?

Everyone here seems to be missing the point, correct me if I'm wrong but simply having wireless enabled can make it vulerable to this exploit, it doesn't have to be connected to any network at all. Simply "on" is good enough. Here is a quote from the article:

"But according to Maynor and Ellch, this attack can be carried out whether or not a vulnerable targeted laptop connects with a local wireless network. It is, they said, enough for a vulnerable machine to have its wireless card active for such an attack to be successful."

And as far as the whole Mac vs. PC thing. Just as soon as I can buy a Mac for the same price as a PC and have the same amount of programs and upgrades available as I have for my MS machine and have an upgrade path without having to buy a new machine, I'll think about buying a Mac. If I want limitations I'll install free BSD or Linux on my PC and have as much or more than a MAC, but if I truely want to do it all I'll use my Intel or AMD box with Windows.

A Mac is just an overpriced PC with a BSD or Linux like OS modified by Apple and sold for far too much money.

Atheros is a chipset maker, and thus they design drivers for their chipsets. So for example, if there is a vulnerability in the driver then it's not an Apple or Microsoft vulnerability, but instead it's a vuln in the driver maker's code.

Granted, Apple or Dell or HP or any number of vendors might build in such faulty hardware. But even so, that in no way reflects on the security of OS X or Windows or Linux or Solaris or whatever else.

Tiffany,

I never heard of Parallels before, but I would take a look. Boot Camp on the other hand is relatively new, atleast for me.

The problem is, unless I take the company's mac, I can't scrap a computer together, install OS X and test it like, like I do with windows/vista/linux.

If there is a way to scrap a computer together and install OSX drop me a link and I'll take a look. Otherwise, I'm going to have save a lot of money just to try boot camp.

For us, when a computer gets outdates (really outdated) we tend to turn it into a dummy machine, server, pbx, etx.

So Brian, how'd you get a job writing biased articles to sway the uninformed reader a certain way without knowing all the information? Hmm... I guess that's what the post does best.

Wanted to add

A regular pc's life doesn't die after the use of the OS on the machine dies. These machines will often be retuned for other uses. For example, a personal firewall or maybe a pbx box for an auto attendant. The possibilities is almost limitless.

In Network Preferences is an option to "create computer to computer network" turning the airport card into a "transmitter" or Base Station. Simply having "by default join: Preferred or automatic networks" nay not by sufficient for this hack to work. Until we know some details it's not worth worrying about.

Mac Smug Alert!

Yeah, I guess hacking a Windows PC is so trivial as to be uninteresting any more..

Isn't it rather intriguing that they didn't want to use a LIVE video opting for a RECORDED video instead?

The reason for this stated:

Maynor said he and his colleague opted in favor of a videotaped demonstration versus a live one because of the possibility that someone in the audience could intercept the traffic sent to a potentially live target and deconstruct the attack -- possibly to use the exploit in the wild against other Macbook users.

Funny how their exploit could be exploited by their exploit. Somewhat ironic don't you think?

Also, it would give them a chance to possibly doctor the video or edit it in such a way that it makes it look easy or whatever.

Of course anything that has a computer chip in it has the potential to attract hackers. Be wary of that the next time you're driving your BMW or Mercedes or your standard GPS Navigation systems.

Nothing is 100% safe but then Windows kind of makes everything easier now doesn't it?

"quote"

"It's worth remembering
1. There are over 25 million mac users out there. That installed base is certainly large enough to propagate an attack
2. When the Vista beta came out, to fewer than 10,000 people a virus appeared for it within a week"

sure, and guess how many people will have vista installed when its released? a lot more than 10,000. and the virus that appeared for it will already be fixed, but what about the viruses that people are coding for it and being smart enough not to release them yet? they'll be hitting alot more than 10,000 users because millions will have it loaded.

the people who are making viruses for the "obscure" vista were still making them for a larger user base

Posted by: chris | August 2, 2006 02:35 PM
"quote"

Now, is response to this.

How many pcs will use Vista once it is pushed as a complete OS? Eh? ALL new pcs for one! And as many business and current upgrading home users as MS can convince through the 'security push' they are making. So Vista will obviously have a larger userbase very quickly.

and as far as fame goes... Hackers today don't want fame, they want their huge Windows botnets they install adware through to get their 6-10k a month for putting adware/spyware on pcs.

I just have to say one thing. Everyone knows Macs are much better on security and viruses. Now why wouldn't a hacker write the VERY FIRST major virus for Macs? That would instantly make him famous for the first large scale spreadable Mac virus. Who cares about the small user base, just like this article, the news would spread and he would be "famous."

Anyways I switched from windows and I love macs more by a long shot. (Apple released a security fix today, did this plug up that hole?)

"I guess actually this is a testament to OS 10.4, that someone has to go to such great lengths to hack it."

So basically, this is your logic process: This can be done on any system. Mac users brag that their system is safer than PCs. They are actually equally at risk. Therefore, "someone has to go to such great lengths to hack it."

I guess wen you're a fanboi, you're a fanboi for life!

AeonFlux: "Everyone knows Macs are much better on security and viruses."

"Everyone knows" is a logic fallacy. Whenever you say it, you are probably kidding yourself. Maybe, "Everyone who I hang out with thinks they know" is more accurate.

AyeRocer,

What???

OMFG Macs ur ghey cuz they dont' hav gam3z!!! OMFG BBQ and my daddy sez macs ur ov3rpryst and for dum dumzZZ!!!ELEVENTY!!!11ONE!!

Let it rest already. ALL computers are lame, and people have let technology run their lives. Run for the hills, put on your tinfoil hats, and roast some marshmallows over an open fire.

-he who stacks pork

@AyeRoxor

Macs are NOT at the same risk of security. This is NOT a spreadable exploit across the internet, you would need to be in range of the wireless card. You have 20,000 viruses, Mac has none, they both share one small exploit and you think theyre both at the same security risks? Explain that logic.

You didn't say what operating system the MacBook was running. Was it Mac OS X or Windows? Given the dual-boot capability, it could have been either, so we can't make an assumption.

Mate - this is about security.
Who invited the fanbois out to fight? Who cares?

Good job that these guys have identified a problem for ALL computer users, and are doing something GOOD about it.

And smart enough to get exposure by compromising a Mac. (Who would have noticed if they compromised a PC). Bad news for Atheros too!

Leopold - stop being gay.

hey porkstacker that was certainly a sane post you just made. I've used all three operating systems(windows, os x, unix) and i'd say the best aesthetically was apple, the most logical was unix and the worst yet most readily accesible is windows. so i'm stuck with windows basically, unix has its fair share of problems as well and apples are just too expensive.

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.