I wonder if Apple is nervous at all over this. Here they get to wake up each day and find a new bug of theirs slapped in their face with no fix available.

I'm sure Apple will do the best they can to fix the ones that really need fixing but it is kind of funny to see them playing in Micro$oftie's normal mode of damage control.

Interestingly, ZDNet Australia is currently carrying a story pointing the finger at OS X. However, there is perhaps some over-enthusiastic editorializing (by Munir Kotadia) in that case, since this primarily rests on a claim by a researcher at Otago (Mark Borrie) that he's come across botnets run from OS X machines but the Borrie himself says their being compromised was down to mis-configurations and weak passwords.

http://www.zdnetasia.com/news/security/0,39044215,61976105,00.htm

Uh oh, here comes a rehash of the usual fruitless debate between Mac fans and Mac haters about security of the Mac OS compared to Windows. How about we try to avoid some of the usual straw men?

No reasonable user of any computer system, including Mac users, believes their system is "bulletproof." Every system has flaws, and everyone needs to be cautious.

It's just that, relatively speaking, there is very little in the way of real malware "in the wild" that affects the Mac OS. This is due to a combination of the small marketshare of the Mac AND its security architecture (it is harder for malware to be installed without generating a prompt for administrative password).

So Mac fans and haters can both be right to a degree.

As a Mac user, I have to say, we have become rather complacent when it comes to security issues with our software. Mac's do get viruses. I know this through an unhappy experience.

I will not join "The sky is falling!" gang but I will keep myself informed and download the latest OSX security software (as I have always done.)

LMH could (1) tell Apple about security problems, thereby encouraging remedies, or (2) publicize the problems first, thereby encouraging abuse.

Which is the responsible course? Anyone? Anyone?

As a casual MAC user - I can tell you that there are problems. Screen Freeze, crashing, and lack of support are not unusual. Funny how the MAC commercials say those things don't happen. I was also amazed at the lack of software for MAC. After spending 2K I feel like I could have bought a state of the art PC.

LMH has a big dose of E-G-O I think by not publishing them first to those he 'claims' he is trying to help.

No, "the sky isn't falling".

Nor is security software, with satbility and performance troubles to bring of its own necessarily the answer. But it's not a bad time to review your practices:

http://www.macgeekery.com/tips/security/basic_mac_os_x_security

Or check out the Common Criteria recommendations on Apple's website.

I used to think Macs were bulletproof until one day I experienced something akin to the blue screen of death. It is a rare thing called a Kernal Panic. Nobody has been able to provide any info on how to resolve this issue and my poor G4 out of warranty has sat the last couple years collecting dust because I don't want to throw away what ammounts to a giant expensive paper weight. I have followed all proposed sollutions in numerous combinations to no avail. Rather than replace the logic board for a couple hundred, I figured when I've got that kind of money to spend, I would be better of putting it to use on a Dell, or a newer intel mac... but now that I've been burned it's scary to think about the possibility of throwing away a thousand dollars when you know an unfixable crash is possible. At least with a PC parts are relatively cheap and easy to swap.

Ben, if you are getting screen freezes and crashes, there is something wrong with your system, beit hardware or software. That is not the norm and if you remedy the culprit, those issues will go away and you'll be happy with your $2k PC. BTW, did you call Apple???

A couple of points come to mind regarding this "threat?!?" to disclose OS X vulnerabilities--or whatever you wish to call it:

Isn't it time for serious researchers, aficionados, etc. in the computer genre to stop acting like teenagers and act like grown-ups? For example:

a. UNLESS it is an Apple insider disclosing vulnerabilities without compromising their identity, it is totally reprehensible and irresponsible (and frankly immature) NOT to notify the manufacturer and allow them to research (and, if necessary, rectify any bugs of consequence) prior to publication; serious computer researchers should follow this protocol; and

b. it is time for serious computer enthusiasts to stop living behind the juvenile precepts of "p$u3d0nym$." It is hard to take a researcher seriously who hides behind initials and is only available for interview by instant messaging.

It is just this sort of behavior that renders this population as caricatures of overweight and sloppy 30-something adult social misfits relegated to their Mom's basement (ala the Warcraft episode of "South Park").

A month of OS X OS X Bugs won't change the fundamental truth: there are no exploits IN THE WILD for OS X. Of course OS X is not bulletproof, but the threat of your machine being compromised by casually surfing the web is close to nil.

Chris,

Kernel panics are indeed rare, but I've had a couple over the past five years. If rare like this, there may be nothing to fix, but reinstalling the OS would be a good idea. Regular backups should be part of everyone's routine.

If you were getting frequent kernel panics, on the other hand, the source can be difficult to diagnose, but don't let that deter you from getting finding someone experienced enough to fix the problem. One common source is cheap, third-party memory. If you had memory installed after purchase, try removing the chip and see what happens.

If you are talking about a laptop, there were some batches with bad logic boards. Apple has a recall on these and will repair them regardless of warranty. Worth checking into.

Good luck.

To respond to T. Kawles, Apple has a recognizable history of fighting anyone who releases information about their products, from the ThinkSecret fiasco to problems with the OS X drivers for wireless networking.

If I has a list of 31 Apple security holes, I'd want to hide behind a pseudonym too.

Chris, Ben,

Like any electronic device, flaws and failures do occur, no matter whose name is on the outside case. I have had a few problems with my old G4 -- mostly on account of my own screw-ups. Had to buy a new USB card when it mysteriously died. But your claim that Apple is harder to fix than a PC is simply hard to believe. I have spent infinitely more time reconfiguring my parent's and my work PC's to operate as advertised than my trusty Mac - many, many security issues and software conflicts. Never had that problem with my Mac. FYI, if it is hardware that is the source of your problem, internals for an Apple come from the same suppliers as any other PC maker. If yours is a modern system (G4 or later), you will find that Apple internals are also easy to replace & upgrade yourself, thanks to several excellent retailers like Other World Computing, SmallDog, and of course Apple's own online and retail stores. Apple's support has won industry awards, so take your finicky machine to your local Apple store for a quick free consultation. (Try that with a Dell).

As for finding the software you need, well, Macs will run PC software too (Parallels, Boot Camp). Not sure what esoteric software you absolutely need that is not available for the Mac, but a quick search at Versiontracker.com ought to hook you up.

If you believe that Windows is as secure as OSX, then go ahead and save the small initial purchase price difference (usually smaller than one is led to believe because of vastly different "standard configurations" - http://www.systemshootouts.org) and instead spend your cash on monthly Antivirus updates. Some of us prefer to spend our time any money accomplishing tasks rather than fixing problems.

The reason to post the bugs to the public instead of reporting them first to Apple is most likely money or other compensation. Just like the Oracle postings never materialized at the last moment. They're probably hoping a corporate offer will materialize -- notice that these are always precluded by tons of publicity (like this WP article). And although supposedly annonymous, I'm sure the corporate geeks can trace or communicate with the 'bug exposer'.

@Chris -

Kernel panics happen, but they're not the end of the world. I had some now and again with my old G4 tower (usually heat related... go figure). Have you gone through the basic steps of calling Apple, talking to a local support shop, etc?

Your level of 'fear' if it is that is akin to my saying that I once got a bluescreen on a laptop, so now it's a 2k paperweight!

Grow up. Computers crash. Every computer crashes, even the ones with super-nice realtime operating systems (like Satellites, etc). You just need to do the basic things to figure out what's wrong and fix it. At worst, donate it to someone who will.

-WS

What is the VALUE to the CONSUMER and the SOCIETY in NOT TELLING the vendors before releasing this information?

THERE IS NO ADDED VALUE!

It is the way a little man with a big chip on his shoulder chooses to operate as self appointed "punisher". He should tell the vendors first, then make the releases.

If this 'security researcher' (yeah, right) was instead intending to publish the secret location of a stash of guns, how long do you think it would take the first person to get shot with one of them to file a lawsuit?

To Lib:

Where have you been hiding at? There are NUMEROUS exploits in the wild for Mac OS X. You sound so positive in your statement and it is total rubbish.

If you Google: site:milw0rm.com "mac os x" you will get 154 hits for exploits. Some of the Mac fanatics remind me of religious fanatics who keep forgetting about the bad stuff in the bible.

Coming in January: "Year of PC Bugs"

Oh, wait, I'm sorry that's not at all accurate. It should be "Decade of PC Bugs" or maybe "Millenia of PC Bugs." Find me an Apple machine that's rendered inoperable by malware/spyware. On a yearly basis thousands (if not millions) of PC's certainly are.

To Long Beach and others,

One (value adding) reason to not tell Apple before hand, is to embarrass them into doing the job they should have done in the first place, namely, write better code. If Apple is seen as losing its edge over MS in security, then maybe they will beef up their testing division.

Chris,

My son's old G4 crashed - I think it was after I installed a scanner for him. My other son showed up with a disk with "CodeWarrior" (I believe it was called, which found multiple problems and fixed them. If it had not worked, I was prepared to re-install OS-X from scratch. It's a good machine.

"'Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way,' LMH said."

I have no beef with the exercise itself, but LMH is clearly an idiot. "Many" OS X users do not think their system is "bulletproof," i.e. that it could never be exploited under any circumstances. Rather, they think that there are several orders of magnitude fewer exploits actually implemented and circulating in the wild for OS X than there are for Windows. And they are absolutely correct - this is an empirically verified fact.

LMH is clearly dragging out the tired old Artie MacStrawman* for yet another debate, because s/he can't effectively make his/her point without resorting to exaggeration or lies.

*http://www.crazyapplerumors.com/?p=664

Judge C. Crater> "Millenia of PC Bugs."

Double n in millennia, please. "Millenia", should we accept it as a word, would be the combination of "mill" ("a thousand") and "ani", plural of "anus". (I laugh every time I see a Mazda Millenia).

Although perhaps that's what you meant after all...

BEN KELLEY. Don't be so obvious as a troll. No real Mac users spell out Mac in all capital letters as you did. It's a common mistake among PEE CEE users, possibly due to their having to fool around with arcane settings like MAC addresses all the time. "Screen Freeze, crashing, and lack of support are not unusual". Actually, in the Mac world yes they are. Screen Freeze, crashing? Not anything I ever hear about, online or at our user group meetings. B.T.W.,Apple always ranks at the top of consumer satisfaction ratings. So do us all a favor, quit trying to pose as a disgruntled Mac user, and come clean as a disgruntled PC user which you really are.

To blast3r:

Yeah, I've heard that one before. These are published vulverabilities with exploit code published there. What that is NOT is a list of released viruses, worms, trojans, etc., because there are no such now in the wild. Most or all of those 'exploits' are currently patched, and those with actual released trojans are Proof of Concepts that never really made it into the wild in the first place.

Stop spreading your FUD.

This is an attempt to make Apple look bad, first and foremost, and secondly, an attempt to garner publicity and notoriety.

We'll see at the end of the day (month) how many of these released vulnerabilities are previously patched stuff.

Well, let's just put it this way, I've been running Mac OS X since the beta came out, and am online with a high speed network 24/7, and I don't run any type of antivirus/antispyware, and I've never had any kind of infections/worms/trackers. How many on the P.C. side can say that honestly. Additionally, the "security through obscurity" excuse holds no water. If you like working on your computer, buy a PC. If you like working WITH your computer, buy a Mac.

Excuse me, but how is this group LMH any different from illegal hackers? If they want to warn Apple of vulnerabilities they find, that's one thing. Give them six months or so to correct the problem, the way it is done by genuine security experts. No, they want publicity, so they can show off their hacking talents in the hacking market, and get to parade their teenage sensibilities around. Are they doing the users any good by doing this? No, not at all.

Toby Furrire, it may surprise you to know that some Mac users do write MAC, perhaps because they're confused by seeing PC all the time. I saw it happen just yesterday with one of my users, and thought of correcting her, but decided not to bother.

It's interesting that you think PC users have to "fool around with arcane" MAC addresses. As a network admin, I often have to look at MAC addresses when dealing with PCs, Macs, routers, printers, and any other ethernet or 802.11 device. But as far as I know, my PC users are as oblivious to them as my Mac users are. Please elaborate on your experience.

"Rather than replace the logic board for a couple hundred, I figured when I've got that kind of money to spend, I would be better of putting it to use on a Dell, or a newer intel mac."

A kernel panic is a rare occasion. I've had about three since 2000, on various machines. Its causes are various, including, in your case, a logic board that failed. (Are you sure that's the cause?)

In many cases, it's fixed just rebooting. Disk utilities run on bootup automatically, especially after a panic.

@Kristoff

So you don't have any anti-spyware, or anti-virus software? How then, would you even know if you were infected?

Mac owners who preach that there is nothing to be concerned about are no better than people who claim that mobile viruses are fictional.

Everything has bugs, and just about everything has exploitable bugs. What LMH is setting out to do is to show people that Apple's software is just not secure as people have spun it to be.

Rwahrens:
The previous asshat stated there are no exploits in the wild. That is misrepresenting the current actual status of exploits for Mac OS X. That kind of statement is crafted in a way to make it sound like exploits don't even exist for Apple systems. This is exactly how Apple seems to talk as well and I will happily wait for the Month of Mac OS X bugs to arrive. The smugness needs to be slapped off of a lot of people's faces. SOOOOO defensive!!!! One of the biggest problems with people who defend Mac systems is those that were carried over from the 'too dumb to learn how to use a pc' group of people who rode in on the coat tails of the new and improved UNIX based OS. It is mostly these people who now try to act like they are experts when before they could barely point and click on anything. No skillz! Of course there are some Mac users out there from the old days that know what they are talking about but overall this is how the Mac system is advertised. So easy to use. Just like AOL Internet (which I wouldn't be caught dead on). The people that are not experienced will go to AOL.

What this is is a way to stem the Mac OS X tide timed to coincide with MacWorld in Jan, and announcement of an updated new OS version known as Leopard wich will supercede both XP and Vista.

As noted above, 'in the wild' is what counts.

Chris.... the previous post about third part memory being the cause of your kernel panic is right on the money. Try removing one stick of memory at a time and rebooting, if the panic ensues, then replace the memory you removed and take out another stick. This happened on my G4 dual when I got memory from Crucial.

Billy... if you have a new mac, you have available to you ALL of the software published for Windows and for Mac. I'm running XPsp2 on my iMac and have a two windows progs there, then the rest of the stuff is on my mac. You already own a high end PC. It's called a mac.

There was always a nice big slice of swiss cheese along with Apple's security.

Now everyone will know about it! Just think of it as a little "value added".

And remember, "security through obscurity" is not security. But the OS-X, Lunix, FireFox, and OSS crowds wants you to believe it is.

This is just a desperate attempt at publicity and adds up to a load of FUD, again. LHM or whatever his initials are is undoubtedly sucking his thumb in his mother's basement right now.

Just like in November, anythign that is found is totally overblown by the PC press, who are just looking for headlines. Maybe it is the PC press who are paying this 'researcher' (yeah, that is the word...) to come up with this tripe, or perhaps it's someone even more closely connected with Redmond.

Apple touts their security in their ads because they have a HUGE advantage over Microsoft in this area.

It is so sad that the pathetic Mac haters hate Macs so much they troll stories like this. Mac users are here because we are genuinely intersted in the system. PC trolls are here because they are fundamentally psychotic morons who, deep inside are embarrased that they have been so wrong about Macs for so long, and that all the 'innovations' that Microsoft comes up with are nothing more than lame imitations of Apple's vastly superior software.

Come clean windows fanboys. You told your grandma not to buy a Mac 10 years ago because they were 'going out of business' and she still rides you about it...

Havok
"So you don't have any anti-spyware, or anti-virus software? How then, would you even know if you were infected?"

I run anti virus software on my macs to be a good net citizen. I am convinced that I personally don't need it because since the release of OSX six years ago I have received zero mac viruses from websites, email, or other internet activities. I have however received many windows viruses that I have deleted so as to not pass them along the net. It's an expense for me, but I want to stay in the good graces of my PC friends.

Contrary to blast3r's postings above, there are no viruses in the wild for the Mac platform. There are "proof of concept" viruses, that need the administrator's password to give permission to installation to work, but that is all. His reference to a particular virus and a link to an explanation of it was exactly one of these type of trojan horse files.

I work with PCs and Macs. And since the invention of Boot Camp we're replacing our PC's at work with Mac minis and installing windows XPsp2.

It's not about Windows vs Mac anymore. Mac is now the best PC on the market and runs more software (both windows and apple) than any other computer offered. That's why I use it. It's a better tool. Microsoft shouldn't worry about Apple's resurgence, Dell and Gateway should... as is evidenced by Apple's market cap surge in the last year and Dell's market cap fall.

@justsomeguy

Security through obscurity is a myth. Take the time to read some info at this link and you'll understand.

http://www.macgeekery.com/tips/security/basic_mac_os_x_security

"Billy... if you have a new mac, you have available to you ALL of the software published for Windows and for Mac."

No, you don't. Example: you can't run Stamps.com software. In fact, there's no software available that lets a Mac do desktop shipping at Parcel Post rates.

Nor do you have software that lets you run a token-ring network.

Nor can you get drivers to work for many printers, scanners, digitizing tablets, and webcams.

What's the difference between Mac owners, scientologists, and christian scientists? The scientologists and christian scientists admit that they are members of a religion.

At the previous poster above who said I couldn't run "Stamps.com software"...

I'm sorry to tell you but you're wrong. You don't understand that I can run windows xpsp2 software on my mac. I can run WINDOWS XP SP2 on my mac. I can now install and run any piece of software for windows on my mac. I can also download any driver or other piece of software to drive any piece of hardware on my mac.

Your information is incorrect.

Also... it's got nothing to do with a religious zeal, it's just a statement of fact. Can we have a conversation about this like adults without it degenerating into silly insults?

Normal ethical policy dictates that a vendor get advance warning. We all know that. Normally a vendor is expected to respond in a fortnight.

The issue is vendors who refuse to recognise the advisories sent to them. It's a race between the white hats and the black hats and ordinary users stand to suffer as a result.

If a vendor response is not forthcoming in a fortnight, the bug should be fully disclosed so all are aware of the danger and have a fighting chance to protect themselves.

Both Kevin and LMH have a long history of battling Apple to recognise rather obvious security holes in OS X and the industry consensus is that in general Apple will not respond to such an alert. This coupled with the snooty aloofness of those not in the know makes for a provocative and potentially explosive situation.

I rather think Kevin and LMH, like so many others especially including the authors of Opener and Oompa, are just sick and tired of the incessant rantings of the zealots and the 'security through obscurity' approach of Cupertino. And as they're probably Apple users themselves, their objective is to shake Apple out of their sycophantic complacency and get things moving so the BIG GREAT CATASTROPHE does indeed never happen.

For you've got to give them this: they know more than most posters here by a light year.

So kick back, watch and enjoy, and try to not get your knickers in a knot. This can only be for the good.

@rick

"the industry consensus is that in general Apple will not respond to such an alert."

This hasn't been my experience with Apple. And I've owned Macs and PC's since 1984. When there has been a proven issue I've seen them respond within a couple of weeks with software updates that address the issue. Ie... iWeb, quicktime, safari, and OSX security updates. Many of these came within a short time of reported security reports in the past few years. Far faster than my needs were met by Redmond.

I agree with you though - Kevin and LMH should give apple two weeks notice of their findings, but even if they don't. It's all good. If they find anything serious, past experience shows that Apple will fix it asap. Your right, it will be an interesting month to watch.

It's still my assertion though, that it's not about Windows vs OSX anymore. Microsoft stands to make more $$ from Apple now than before with the number of people switching PC manufacturers to an Apple preference. It's about computer platforms, and Dell is certainly in trouble, and Gateway isn't far behind. The Mac is simply the best PC available on the market currently.

"tired of the incessant rantings of the zealots" could well describe some of the winfanboi rantings above. As I read the postings there are zealots on both sides, but most of the reasoned arguments have come from Mac aficionados and the rantings have come from those who continue to believe that "security through obscurity" is fact and not myth.

Sounds like another BS publicity ploy. No disclosure to the company? Irresponsible. Much like the "Wifi Vulnerability" that was proved to be a bunch of nonsense (that i still see people referencing as if it were real, and even claiming that "Apple pressured them into silence" haha - what a joke.)

Funny how 31 bugs in OS X is news, but 300 new exploits in XP no longer headline-material.

My prediction? - 25 bugs that are dependent on non-factory settings, 3rd party add-ons, or outdated software. maybe 6 real bugs that can cause problems, but are either unusable in the wild, or quickly patched by Apple.

I dont know anyone who thinks that their OS X box is bullet-proof, but i also dont know anyone who runs anti-virus, nor do i know anyone who has ever had any spyware or a single virus since 10.0. (and i know quite a bit of mac users.) So empirically, the smugness is almost justified.

Wow, this is funny to see the Mac folks grappling with the age-old (in Internet time) problem of full disclosure v. responsible disclosure debate. Windows and Linux users have been dealing with it for years now.

The first gut reaction is to slam a researcher for releasing stuff directly to the public, but if you do some research, you'll find that full disclosure is a valid response to what vendors have typically done in response to researchers who find bad flaws in thier software Given the EULA's you sign, you have good cause to disclose vulnerabilities because your software vendor offers no warranties to you. The bad guys already know about these often times long before they are disclosed.

I'll bite, Jim. Why won't Stamps.com work on a Core Duo class Mac running Windows? The site does not provide any warnings about peculiar hardware requirements, just a comp, a printer, and an account.

I am not in the US, so the service is useless to me, but I'd be interested in knowing just what the hitch is.

Also, your point is not fully made. I can show you lots of modern PC laptops that "can't run" Windows software because they do not have the ports required by the software. So if you want to use steam powered software and hardware, you are just as out of luck with a new laptop PC as a Mac user would be.

A word to the wise: Most, if not all, of the negative crap about Mac's being posted here, and the "month of Apple bugs" itself, is BLACK PR. Professionally written lies, designed to stop Windows users from switching to Mac.

No, Rick, it might not ONLY be for the good.

Apple credited 'LMH' as the reporting source for one of the patches in its most recent Security Update.

So apparently you can't really honestly say that Apple has "mistreated" LMH or ignored him and his bug reports. In fact, it proves that they are paying attention, because they regularly credit bug contributions on the Security Update Notices they publish.

So what is the chip on your shoulder, LMH?

You didn't like the way some Mac users treated Brian Krebs? Or George Ou? Or the Maynor/Ellch guys? You didn't like the way some people behaved, so you decided to start the Month of Kernel Bugs to announce Zero-Day flaws and force everyone to pay attention.

So let's look at the logic here - despite any protest you might put up, you cannot defend these actions.

So if I don't like the way some bloggers (like LMH) publish zero-day exploits, I think I'll start a "Month of Blog Bugs" campaign that will point out flaws in the various blog sites allowing people to hack in and delete accounts or compromise their passwords.

And this would be ok, because your stance is that it's fine to put EVERYONE in a class of people at risk in order to punish the smug or crass behavior of a few. What an incredibly shallow, short-sighted, childishly emotional and illogical process of thinking you have there, LMH.

It almost makes one hope that LMH's Mac Bugs cause someone, somewhere a serious financial loss, and that said individual (or business) decides to ascertain LMH's identity and sue his pants off.

Rick,

I agree with much of what you said in your post, but then you got to the part about "Opener" and "Oompa Loompa." Why drag out these things? They undermine the rest of your post.

The so-called Oompa Loompa (or Leap-A) was a trojan that fooled users into opening an application disguised as a picture file. The app would then try to send itself to the user's buddies via iChat. Apple issued an update in February that changed the handling of files sent through iChat to warn users if such files contained an application. Complacency indeed. Anyone who keeps their system up-to-date and is careful to install files only from trusted sources is fine.

Opener is a nasty script but has no effective vector to spread itself. Anyone familiar with a Unix command line can write an equally nasty script. One line will do. The trick is spreading the script and getting users to run it on their system with administrative privileges.

Anytime a user can be fooled into giving permission to install something they shouldn't, they are vulnerable. That applies to every operating system.

I look forward to the month of Apple bugs as well, though for different reasons. For years now, Mac haters keep licking their chops waiting for "the big catastrophe." Objective people will be able assess how significant these bugs really are. Apple will issue appropriate patches as needed. Try not to get your knickers in a knot when life goes on as usual.

FWIW, I think that LMH should report them to Apple NOW and follow up later if Apple fails to act.

"Nor do you have software that lets you run a token-ring network."

Seriously? token-ring? A bit out dated don't you think? My dot matrix printer might now work either!

Who cares how many vulnerabilities there are? Or how many exploits in the wild? It only counts if people have been damaged by them, either directly, or by having their computer turned into a base for other users.

So instead of counting how many exploits have been announced, or how many are out there in the wild, why don't we count time and expense required to repair damage.

All the Mac users who have had any kind of problems attributable to malware, please stand on the left. All Windows users who have had any kind of problems attributable to malware, please stand on the right.

Now let's count heads...

As a Mac user for more years than some of the posters may have lived, and as someone who has also worked professionally in the Information Technology field for the same time working predominantly with Microsoft based systems, I have to agree that the problems experienced between platforms is a matter of degree.

I cannot tell you how many times my life has been interrupted by exploits being unleashed targeting the "Windows Infrastructure".
I cannot explain how much money has ( and will be ) spent on software and devices so that my organization may be spared from the financial impact of another "Zero Day Exploit".

Human Stupidity is unavoidable since, by definition, half of the populace is below average intelligence. Those of us that choose a computing platform for ourselves, and recommend to friends and family to purchase Macs, are doing ourselves a favor. But the recommendation should come with a warning - nothing is perfect - Macs only minimize risk at this point ... at some additional cost... but what is the cost of quality of life and productivity?
Safe Computing Habits and frequent updates are necessary whatever computing choice is made.

I use Windows XP at work and find it to be extremely stable and virus free ..... ( But it is patched automatically due to extensive and expensive infrastructure/software that my organization deploys). I use it from home via a VPN from my Mac, and consider it as a "high maintenance, ugly interface application launcher" - but it gets things done.

In my mind, the problem is the typical WalMart shopper buying the "cheapest" machine and hooking it up to "cheap" Internet.
"I Just Want to Run these games ... actually honey, they're called Programs ... "
These are the lower 50% that I previously commented on.
These are the ones who have no clue about security or the need to patch/update their systems - NetBot Paradise.

Fanboiz - PC or Mac ... you have your arguments, but the average "Joe" doesn't have a clue. If you like your friends calling you up in the middle of the night, suggest a cheap PC.
If you value your friendships and family, please suggest a Mac.

In either case - teach them what they need to do from a security perspective - we are all in this together.

Yep.....here's how this idea came into being.....

LMH: Let's do a research project called the Month of Windows Bugs.

Kevin Finisterre: Ok....here's the undocumented bugs we've found so
far.

(slams down a five thousand page printout on the table)

LMH: Uhhhhhhh....how about the Quarter of Windows Bugs.

Kevin Finisterre: Don't think so. By the way, Vista is coming out
soon.

LMH: Uhhhhhhh...how about the Half-Year of....

Kevin Finisterre: Be real.

LMH: 5 Years of....

Kevin Finisterre: Nope

LMH: Decade?

(Kevin Finisterre shakes head)

(pause)

(LMH suddenly snaps his fingers)

LMH: I got it! The Month of Apple Bugs!!!!

Kevin Finisterre: PERFECT!!!

I find it astounding that, without proof, there is an assumption that Oracle stopped the "Week of Oracle Database Bugs" project. Wouldn't it be easier to assume that the project was halted because the project team couldn't meet their goal?

This is a stupid stunt. There are much better ways to deal with the inevitable bugs to be found in any software. This is designed to generate clicks, nothing more, and has nothing to do with actual security.

Wel i had the experience with installing it into a larger scalle network. Its fair to say that mac had/have it's own troubles. But they could do the updating way faster.. they are making good sales last year. Now to hope some of that $$ is putted into debuging labor

Hmm ... I don't know about Apple's rushing to fix vulnerabilities. It's been said before that OS X has had some holes that were fixed literally *years* before on other Unix-like systems. Doesn't sound like rushing to me.

I just tried Googling, and you know what? I found that applies to one of the MoK bugs:

"The bug was fixed by FreeBSD on Tue Jun 27 23:08:36 2000 UTC (6 years, 4 months ago)."

http://projects.info-pull.com/mokb/MOKB-09-11-2006.html

Apple, of course, cannot simply roll in what the FreeBSD people do, because their kernel is hybrid not pure FreeBSD. They had to write their own fix, and they evidently were in no hurry to do so. So, yes, it would appear that they were relying on "security through obscurity". Yes, OS X is not an abortion like Windows. But it has still had numerous vulnerabilities, and. despite assertions to the contrary, they have not always been fixed very promptly.

And it does not follow, as one poster asserted above, that LMH and Kevin Finnisterre want to punish Mac users for their smugness and ignorance and are, therefore, being "childish". The smugness of all too many Mac users is relevant because it gives Apple a motive not to pay as much attention to security as it might - because many Mac users will defend the company out of a misplaced tribal loyalty rather than, as intelligent users would, holding the company to account. I suspect it would take an anthropologist to explain this - presumably deracinated individuals living in modern cities are seeking an ersatz group-identity.

However, that doesn't mean I'm not skeptical of the researchers' motives. As OS X users themselves they may well think that Apple's feet need be held to the fire to make them do as they should. But, yes, as has already been observed, it's all good publicity for them and may help bring good work their way.

Kernal Panics are generally associated with an external device like mice, printers, scanners or even memory that has a problem and the system does not know what to do. I had an apple mouse that had a bad cable that was causing panics. Unplug everything and try to boot up.

LMH has a very good reason for wanting to wipe the smugness off Apple users' faces, in my opinion. Back during the Month of Kernel Bugs, when he found a kernel vulnerability in the handling of DMG files (at least a crash, and potentially arbitrary code execution), Mac fanboys promptly denied that anything was wrong - and I can tell you that they were much louder and more clueless than the Windows and Linux ones who spoke up.

What's more, due to Safari's brain-damaged default settings, unless users had changed them to something saner it was remotely exploitable by any webpage visited, without any further user intervention. (Automatically opening DMGs has caused security problems before, but did Apple change it? No. Probably because user-friendly beats secure for them any day.) Nothing to be smug about there.

mmk,

Here is what LMH said about the DMG bug you are talking about.

"I never said there was code execution right away, but a potential risk, and that risk also exists in others [bugs] that didn't make it to the MOKB schedule, and there will be a risk until DMG-handling is fixed in order to validate the data being read from the DMG disk image."

So there is a potential risk for code execution until handling of these malformed DMG images is corrected. Yes, that should be addressed, but the world is not coming to an end.

The fact that a few Mac fans protested does not indicate that the average Mac user is smug. They are the extreme and do not represent everyone. If LMH posts a serious flaw that can be exploited immediately, he/she would be exposing lots of innocent people to threats just to punish a few annoying teenagers posting from their basement. Classy.

Ben,

Your Mac is sick dude.

I have a headless G4 sawtooth here (old G4 tower) which I use a debugging target / MySQL / postgreSQL / PHP / FTP / Mail /Internal Web server for all my development work (software and web) - and that machine get's absolutely hammered day in day out. And it hasn't been rebooted, powered down or crashed once in over 2.5 years... (yeah, it's still runnning 10.2). It's online, but firewalled and behind a NAT router.

As for LMH - Good on him.

If he can uncover a new bug every day for 31 days then I say go for it, I'm sure that there are at least that many vulnerabilities to be found, not in just in OS X but in any other BSD UNIX based system including various Linux distributions.

The fact is that these vulnerabilites are so obscure that for them to be any real threat would require someone highly skilled to exploit the weakness. I can tell you right now that 98%+ of cracks are done by skript-kiddies, using downloadable root-kits which do not target OS X, and that is the reason why OS X has remained secure for the last 5 years. Skript-Kiddies are not crackers - they're thrill seekers who enjoy taking peoples systems down. It's easy to do it to Windows because the tools are already at hand, but OS X is a different story.

malbeau, Jim, and others who would suggest Parallels or Boot Camp as alternatives--how do you think running Windows on a virtual host on a Mac makes it more secure? What is the point of purchasing a Mac to run Windows software? You simply pay a premium for the hardware and the hype, and you have to buy a Windows license anyway. The purported security benefit of having a virtualized NAT IP in Parallels is no different from what you get by putting your PC behind a $30 DSL router, with no performance or compatibility hits.

What's more, I've had advanced users totally trash their Macs with Boot Camp and have to reinstall MacOS from scratch. It's still a beta, and it's not even a virtualized PC, so you are running either MacOS or Windows and you have to reboot to switch.

So I don't follow your argument. You say "Macs are more secure than Windows PCs," and others respond, "But I can't run the applications I need on MacOS," and you say "Then buy a Mac, a Windows license, Parallels, and run Windows in a VM on MacOS." That sounds completely irrational to me. What am I missing?

January ? Isnt that around the Vista release for the public..?
why did they choose January and why the title which when i read it made me think there a bunch of new bugs where beingpredicted to be found...
I cant be bothered with such pathetic journalisim.
Time to get a life and stop slagging other companies with more FUD.. anyway I suppose you need to announce this now as when the public can buy Vista there will be 4 billions blogs and articles every 10 seconds on TV about the Vista release.. so really it will all be totally drowned in the media

@Thor

"Apple issued an update in February that changed the handling of files sent through iChat to warn users if such files contained an application. Complacency indeed."

No, they didn't fix the two real underlying problems.

a) /Library/InputManagers and ~/Library/InputManagers still allow arbitrary execution of code with no checks on what is being run. Nothing should be allowed to run without the user's or system's permission. While not running as an admin for day-to-day tasks may offer some protection at the system level, you still have to lock down InputManagers in your non-privileged user's ~/Library.

The recent iAdware fiasco took advantage of InputManagers just as much as Oompa and Inqtana.B did.

b) Oompa fooled users into executing the file through a custom icon - a "feature" in OS X as much as the InputManagers "feature." Social engineering indeed, but that should not be allowed to happen. Unless you're viewing the file in question in column view or you get info on it, you still have no way of knowing if you really are opening a JPEG as opposed to an executable.

Antibozo put forth: "So I don't follow your argument. You say "Macs are more secure than Windows PCs," and others respond, "But I can't run the applications I need on MacOS," and you say "Then buy a Mac, a Windows license, Parallels, and run Windows in a VM on MacOS." That sounds completely irrational to me. What am I missing?"

What you are missing that you would be running a Windows app., not accessing the web through either Microsoft's browser or mail client. (The way most exploits are introduced).

Link Greene> What you are missing that you would be running a Windows app., not accessing the web through either Microsoft's browser or mail client. (The way most exploits are introduced).

And you think you need a Mac and Parallels to accomplish that? Try using Firefox and Thunderbird instead.

And in any case, your suggestion is possible only with Parallels, not with Boot Camp, and still relies on the user to choose to go back to MacOS for all browsing and email. And the application may well run only in the Windows browser (e.g. a web application relying on ActiveX). And meanwhile, all the other non-browser/email vectors are still there.

So, you were saying...?

I find the timing suspicious as well. Microsoft seems to be running scared in reaction to the increase in defections to the other side (Apple), and considering what a shell of it's formerly promised self Vista (Longhorn) turned out to be, they have a LOT to lose if the rollout is a bust. I'm seeing more people choosing Macs now, people who normally wouldn't have made that decision were it not for the increasing insecurity and mounting headaches associated with running a Windows machine.

I have a Windows PC and two Mac's and I use them every day. Most problems (excl: virus, malware, spyware problems) come from the PC and some from Mac, but 98 out of 100 I am to blame (for the Mac problems).

But I think that LMH is playing a very dangerous game, because if there are, and there will be some "open doors" in OS X. Hackers will have an advantage and many Mac's will be less secure.

I think the apple kids should embrace this, finally they get to play in the big kids world. The fact of the matter is most PCs are configured by user error, not by running per microsoft's best practices. You can sudo -s to root, i can runas /user: cmd and execute. Thats how the big kids in M$ world do it. And as kernel panics being a rare thing, ha ha ha, i see them happen all the time and i dont work on Macs.

And in any case, your suggestion is possible only with Parallels, not with Boot Camp, and still relies on the user to choose to go back to MacOS for all browsing and email.

Not true. There is no reason you couldn't do that in Boot Camp as well. It would only require a quick re-boot.

And the application may well run only in the Windows browser (e.g. a web application relying on ActiveX).

Which means it wouldn't work with Firefox...

And meanwhile, all the other non-browser/email vectors are still there.

Well, hopefully you wouldn't be using more than one or two Windows specific apps, so you would still be running the Mac in it's native mode most of the time, running apps, doing some web browsing, photo editing, maybe working on a website, and not spending your time checking current system health with AVG and Spybot.

Big Kids, little kids, the fact remains, most people for home use leave their OS settings exactly the way it came out of the box, and that leaves them vulnerable. I don't care if they are not running per Microsoft's best practices, that's the way the machine was sold to them. They shouldn't have to make corrections after the fact to try and secure their machines from vulnerabilities that were left open by default by Microsoft (with the blessings of Dell, Sony, etc.) No matter which way you slice it, you're still way safer on a Mac, and that's of primary importance to a lot of people today, and apparently becoming more so day by day.

@Thor:

Alpha is right. The 'fix' Apple introduced works only for their own web apps. Anything else - Firefox, Camino, you name it - is still wide open. Because the flaw was not in the apps themselves but in what Alpha points to in his last graf.

There was quite a big stink in the media at the time about it and nothing's been added by Cupertino since then. Any web apps not emanating from One Infinite Loop are still wide open. And that's just a fact. A sad fact - but a fact.

MAC is WACK

macgots can continue to gloat, once your bastardized version of linux has been around for 10+ years come talk about how "secure" you are. lol @ apple and damage control and their little company mindset. good thing the world runs on PCs, apple is incompitent at business level deliverance. Server 10.3, what a joke.

Mac is Wack
I Doubt It

Unintentional truth!

For all the pertinent information all you need to do is visit this link.
http://www.apple.com/getamac/ads/

Link Greene> Not true. There is no reason you couldn't do that in Boot Camp as well. It would only require a quick re-boot.

I see. You're suggesting that a user will boot Windows, do some work with his Windows-only app, reboot into MacOS to check his email, reboot back into Windows to do some more work with the Windows app, reboot back to MacOS to Google something, ad nauseam...

I can see you don't work with users very often.

Link Greene> Which means it wouldn't work with Firefox...

Your point being...?

Link Greene> Well, hopefully you wouldn't be using more than one or two Windows specific apps, so you would still be running the Mac in it's native mode most of the time, running apps, doing some web browsing, photo editing, maybe working on a website, and not spending your time checking current system health with AVG and Spybot.

So now you're saying that if you boot back and forth between MacOS and Windows, you don't need anti-virus or anti-spyware software?

And is "running apps, doing some web browsing, photo editing, and maybe working on a website" what a Mac is good for? Because, other than web browsing, I don't do much of that, but if I did, I would do it in GNU/Linux/KDE on PC hardware (as I do nearly everything), at dramatically lower cost, and with a far more configurable GUI. IOW, your use case doesn't argue for Mac; it argues for Linux.

"macgots can continue to gloat, once your bastardized version of linux has been around for 10+ years come talk about how "secure" you are."

OS X isn't based on Linux.

You're suggesting that a user will boot Windows, do some work with his Windows-only app, reboot into MacOS to check his email, reboot back into Windows to do some more work with the Windows app, reboot back to MacOS to Google something, ad nauseam...
Well, that would provide the incentive to find a Mac app. that would make that unnecessary.

Link Greene> Which means it wouldn't work with Firefox...

Your point being...?

That you would still have to use Internet Explorer to run those web based apps that require active x.

So now you're saying that if you boot back and forth between MacOS and Windows, you don't need anti-virus or anti-spyware software?

If you stayed offline while running the WIndows apps, probably not.

And is "running apps, doing some web browsing, photo editing, and maybe working on a website" what a Mac is good for? Because, other than web browsing, I don't do much of that, but if I did, I would do it in GNU/Linux/KDE on PC hardware (as I do nearly everything), at dramatically lower cost, and with a far more configurable GUI. IOW, your use case doesn't argue for Mac; it argues for Linux.

Those are just some of the things that a Mac is good for. Linux has it's place, but for the everyday user it is still a little raw. Configuring a Linux setup properly still requires above average computer skills. As far as the "dramatically lower cost" argument goes, I think most people find out that when you figure in the included software and capabilities of the Mac out of the box and then equip a PC comparably there's little difference. And that ignores the benefits of OS X and hardware designed specifically to work with it.

You're suggesting that a user will boot Windows, do some work with his Windows-only app, reboot into MacOS to check his email, reboot back into Windows to do some more work with the Windows app, reboot back to MacOS to Google something, ad nauseam...

Well, that would provide the incentive to find a Mac app. that would make that unnecessary.

Link Greene> Which means it wouldn't work with Firefox...

Your point being...?

That you would still have to use Internet Explorer to run those web based apps that require active-x, therefore exposing yourself to all it's exploits.

So now you're saying that if you boot back and forth between MacOS and Windows, you don't need anti-virus or anti-spyware software?

If you stayed offline while running the WIndows apps, probably not.

And is "running apps, doing some web browsing, photo editing, and maybe working on a website" what a Mac is good for? Because, other than web browsing, I don't do much of that, but if I did, I would do it in GNU/Linux/KDE on PC hardware (as I do nearly everything), at dramatically lower cost, and with a far more configurable GUI. IOW, your use case doesn't argue for Mac; it argues for Linux.

Those are just some of the things that a Mac is good for. Linux has it's place, but for the everyday user it is still a little raw. Configuring a Linux setup properly still requires above average computer skills. As far as the "dramatically lower cost" argument goes, I think most people find out that when you figure in the included software and capabilities of the Mac out of the box and then equip a PC comparably there's little difference. And that ignores the benefits of OS X and hardware designed specifically to work with it.

Well...I am an "Apple kid" if one wants to call me that way and I am an Apple big fun...but it's a matter of preference rather than anything else.I was working on PC's since 1992 and I could do my job without any problems.I wanted to try Apple product so I switched to Mac in 2004 and I still can do my job perfectly.In terms of security: whatever OS you use there will always be a "hole" or vulnerability in the system the hackers could take advantage of.The only thing developers can do is to prevent that and both Microsoft, Apple and Open Source are making progress to do so.Microsoft has the biggest market share and it is normal that their products are more targeted by hackers.Recently there are more and more people switching to Macs and it is a matter of time when hackers are likely to focus on Mac OS as well.What we can do is just to get updated and trace the news.As for now I don't know about any malicious code that can seriously affect the updated Mac (10.4.8).

It would be really nice if you would make some effort to distinguish your comments from my quoted material.

Link Greene> That you would still have to use Internet Explorer to run those web based apps that require active x.

Again, I don't know what point you're trying to make. Yes, I believe this is something that I said earlier. Is this like that Mac commercial where they argue about the meaning of "touche'"?

Link Greene> Configuring a Linux setup properly still requires above average computer skills.

Configuring any setup properly requires above-average computer skills.

But that's not relevant to the topic at hand, which is: if you're going to have to run Windows anyway to do your work because the application isn't available on MacOS, then what's the point of buying a Mac?

Still loving my Mac! No issues with viruses, spyware, malware or keystroke loggers. Maybe someday I'll have to worry about all that junk, but not today, and that's what matters to me. Get a Mac. You won't be sorry.

Antibozo said: "But that's not relevant to the topic at hand, which is: if you're going to have to run Windows anyway to do your work because the application isn't available on MacOS, then what's the point of buying a Mac?"

Actually, that's not the topic at hand. The topic is the "Month of Apple Bugs", and whether or not the Mac OS is more secure from attacks. I would say yes, if your main use of your computer required a Windows only program, then buying a Mac may not make sense. However if that was only the case on one program, and your other computing needs could be met with Mac applications, I would have to seriously consider buying a Mac, due to it's superiority in certain areas such as system security and seamless integration of software and hardware. It always amuses me when I have a PC using friend over, and watch their reaction when I hook up new peripherals and they just work. No installing drivers, no rebooting, no queries from the computer wanting me to type in a serial number to "prove" that I'm not running a hot copy of the OS. The ease of use, the truly innovative apps that Apple and it's developers constantly come out with are always viewed with awe and disbelief by my PC using friends, and more and more I see them considering the switch to a Mac as not only a possibility, but a desirable alternative.

Geez... why not just tell Apple about the security holes? By reporting them publicly you are making it easier for malicious hackers to exploit the findings. Real smart.

AAPL $86.31
MSFT $29.99

now thats funny

"Geez... why not just tell Apple about the security holes? By reporting them publicly you are making it easier for malicious hackers to exploit the findings. Real smart."

You don't think the black hats already know about these holes?

I call BS on the whole proposition.

"LMH" doesn't have one single security hole to disclose. Not one! It's completely made up.

And when he "mysteriously" doesn't produce them, watch the huge uproar claiming Apple paid him off! Hahahaa!

You mooks are easy marks.

>>AAPL $86.31
>>MSFT $29.99

>>now thats funny

You fail to understand how stock prices work. There is no humor in that.

L. Greene> Actually, that's not the topic at hand. The topic is the "Month of Apple Bugs", and whether or not the Mac OS is more secure from attacks. I would say yes, if your main use of your computer required a Windows only program, then buying a Mac may not make sense.

Which was the thesis of my original statement, and the topic of this thread of conversation. If you want to change the topic to something else, that's fine.

I'm sure your comments represent your experience; I personally cannot recall the last time I ran into a device that works readily on a Mac and not on a Windows PC. What I will say from a network admin's perspective is that managing Macs in a heterogeneous network with *NIX and Windows systems has always been a major PITA. This has improved somewhat with OS X, mainly because they added an ssh server, but they continue to insist on doing commonplace things in an arcane fashion under the hood.

L. Greene> The ease of use, the truly innovative apps that Apple and it's developers constantly come out with...

Ease of use... it took them what? 15 years? to figure out that a mouse should have more than one button.

As for innovation, the only truly innovative thing I've seen Apple do since the Apple ][ came out is to design the iPod dial to mimic sexual stimulation. And I'll give them two points for iTunes. Everything else they nicked from someone else (remember XEROX?), put in a shiny box, and showed off in a TV commercial, and people who like bright shiny objects do eat it up.

There could be vulnerabilities in OS X but who cares... I prefer to deal in reality...

Here is what I know. I had been plagued by bugs, viruses, crashes, blue screens of death, worms, spyware and adware for many years. I spent lots of money and time fixing (trying to at least) these issues on my own computers and at work as a network admin. And then I bought a Mac...and then I bought another Mac, and then I sold all my PC's and vowed never again to buy another machine that could run Windows, for it is far to buggy... and then I installed Parallels and installed Windows on my Macs...for old time sake.

The point is, there very well could be vulnerabilities in Mac OS X, but they are not real, they don't affect anyone... especially not in the way that millions of PC users' machines are crippled by exploits and spyware and essentially rendered useless because of a weak operating system. I don't have that problem at all. So go ahead and dredge up some sensationalist exploits for 30 days. Instead of religiously running Norton's live update each and every day, I will actually be getting some work done on my Macs.

It's this way, many OS X users KNOW their system is better than Microsoft's XP or its new Vista[s]. It is not hubris--it's just a proven fact.

The reason why crackers go after M$ is not because there is a lot of them, but because they are like banks with the safe open, with lots of cash, and no one around. So why rob Fort Knox?

By the way, this LMH borders on being a cracker. This person is pushing the ethical boundary. Sounds like an emotionally immature male who needs help.

Re Kernel panics, "unfixable" crashes, etc.:

*Mourn the loss of your data for an appropriate time
*Get out the system DVD
*Use Disk Utility to wipe the drive
*Reinstall the system
*Learn AND USE a reliable backup method.

I've owned a computer since 1978. You WILL lose your drive now and then. (and your expensive software WILL be obsoleted)(and so will that language you spent 100s of hours learning)(and your drives)(and your database) ....

On Macs, I make it a yearly exercise to wipe the system drive and start fresh. Install partitions. BUT ALSO: have a system on a second drive... they don't cost that much, and you'll be able to drag-copy stuff that isn't backed up before you wipe/install.

"LMH has a very good reason for wanting to wipe the smugness off Apple users' faces, in my opinion. Back during the Month of Kernel Bugs, when he found a kernel vulnerability in the handling of DMG files (at least a crash, and potentially arbitrary code execution), Mac fanboys promptly denied that anything was wrong -"

No that is not what happened at all you are a complete liar. It was only pointed out that LHM did not do his work properly by someone who is really knowlegable. Non of the usual mac fan bloggers did any denying that I saw. LHW made a very typical mistake. He was looking for evidence to support his beliefs and was a little to easy satisfied and uncritical when he found it

Apropos Month of Browser Bugs: It would be great to have another one of these, but this time NOT security related but with the undeterred focus on standards (W3C) compliance! Economically speaking this would, IMHO, make much more sense than fixing a few potential exploits which in almost all cases boil down to user stupidness. Just imagine if all the major web browsers were 100% standard comliant? This would save tremedous amounts of web dev money and virtually any business who runs a decent website could benefit from that. We're easily talking about worldwise savings of billions of dollars!

Antibozo said: "But that's not relevant to the topic at hand, which is: if you're going to have to run Windows anyway to do your work because the application isn't available on MacOS, then what's the point of buying a Mac?"

Though I am a novice I can understand your point. The whole Mac vs PC, like most wars, distorts facts.
Both platforms have their uses and Windows is king in the business world while Mac seems to be on top of things in the entertainment industry.

Currently my household has 4 Macs and 1 PC all networked and running fine. My PC has suffered crashes with WinXP right from the first time I went to Windows Update so I switched to 2003 and must admit problems have been reduced greatly. But the fact still remains that Windows is more vulnerable to attack as it is shipped with OEM computers than any Mac I've ever had. Sure I've had kernal panics but mostly due to the fact that I take more risks than most people would. It all comes down to preference in the end. I use my PC because that is what 90 percent of the world uses. I use my mac because it just feels good.

@e-twelve
"by definition, half of the populace is below average intelligence."
and your math is clearly far beneath avarage.

If Mac OS X is so rubbish according to PC users, why do govenement bodies around the world use Macs???????

http://macslash.org/article.pl?sid=04/01/29/0139205

Also go anywhere and ask someone - How many people do you know with a PC with problems? - Ho many people do you know with a Mac with problems?

http://www.pcpro.co.uk/news/99772/microsoft-exec-warned-bill-gates-i-would-buy-a-mac-today.html

Why would a Senior MS employee buy a Mac if they are so crap?

Please read included article.

In my experience most Mac haters have not used or owned a Mac. If they have used a Mac, it was many years ago or for less than a couple of hours.

All Mac users have used a PC for a very long time and prefer Mac.

http://www.neoseeker.com/news/story/5436/

IBM Germany moves to Linux.

http://www.lockergnome.com/nexus/linux/2005/11/28/mits-100-laptop-to-run-redhat/

Imagine third world countries with a whole generation brought up on Linux. They will have an experience of an OS with no security problems.

I don't usually respond to crap like this, but you got my attention.

So many people claiming to be cumputer professionals, and experts on everything.
Me.., I'm far from being an expert on anything, but I know a bit about Macs.

With the exception of a hand full of posts, the rest of you are full of crap when it comes to Macs, spouting BS, and outright hate, for a machine, you know nearly nothing about.

About security, go check a few reputable security sites, read the pie charts, check the numbers, the history, etc, etc.
There's a story to be told.

Google this.
"most secure operating system"
(leave the qoutation marks)
You are going to see three, more than others.
BSD, Unix, OS X
(OS X is built on BSD and Unix)

Sure, no OS, or software, is imune to bugs, but in my opinion, a Mac out of the box, without any additional security software, or on board security software optimized, is still safer than a Dell or HP, with a fully patched, Windows XP, with securuty software running, and probably still more secure than Vista will be.

About Windows on Mac.
Bootcamp and Parrallels have been mentioned and guffawed by a few, not understanding, what it does.

You can run Windows on Apple hardware, using Bootcamp, but you have to reboot, to switch OS's.

With Parrallels on Mac, ($69.00 US, I think), you can run OS X, Widows XP, maybe Vista, and any number of Linux distros, in parallel, without having to reboot between them.

Get a Mac, buy Parallels, load your bootleg copy of XP, a couple Linux distros, openBSD, and whatever else you might like, and enjoy.

(here comes my pitch)
Anyone thinking of switching to a Mac.

If you want a durable, reliable, stable, more secure, full featured computer, that comes with a bundle of high quality apps, and will run nearly any OS, and software you can throw at it, get a Mac and Parallels.

If you can't justify the extra couple hundred more, you might have to pay for a Mac, then stick with what you got, or buy a cheap box, with Vista pre loaded.

If you don't like Macs, and are worried about security, then think about BSD.

If you're stuck on Windows, then you're "stuck", on Windows.

Currently I'm running OS 10.4.8, Ubuntu, Kubuntu, on my G4 iMac lamp, and looking at a couple other Linux, and BSD distros.
My G4 is nearly at the end of it's Mac lifecycle, of five years between hardware upgrades, and will be retired to the living room, as a jukebox/DVD player, and plugged into my stereo.
(I abused this iMac, and it won't die)

My needs have grown, I need more power, and I will be buying my third Mac, with Parallels, and I won't be running Windows on it.

@e-twelve wrote.
"by definition, half of the populace is below average intelligence."
and your math is clearly far beneath avarage.

Thanks for the insult but as I said I am a novice so I don't dig deep for statistics. Of course any one of minimal intelligence can tell a generalization when they read one.

I wonder how (a)many of you have a Mac and are in favor and how many don't have?(b) Who uses a Mac? (C) who did work on a Mac? Because how can you juge something that you didn't even try? It is like saying BMW is a bad car because it is a BMW of because BMW drivers say that it is a good car.

(A) I have two mac's pro
(b) every day
(c) a+b= yes :)

I have been using Macs for over ten years.

(a) Own around 7 Macs
(b) everyday for over 8 hours a day
(c) average work day 6 hours

Well, the whole format of this smacks of a cry for attention by LMH, but such is life. I can't help but wonder what the article writer thinks Apple might do to prevent this? He says in his own article that Apple is not being given any advance notice of the vulnerabilities.

Antibozo,
Apple paid Xerox for using elements from it's graphical interface. Microsoft stole their whole Windows interface from Apple.
For that matter, they didn't even create DOS. They bought (some say robbed) it from a small company who was calling it QDOS. Who called it "Quick and dirty operating system". As as far as I can tell, that would still be an apt description for What lies underneath Windows today.

Antibozo.
Your ignorance is showing. Who do you think first included a mouse with their systems? Yet another Apple innovation, rapidly copied by you know who.

Xerox first used the mouse. Apple copied the idea from them.

"Xerox first used the mouse. Apple copied the idea from them."

Apple paid for all elements that it used from the Xerox machine, which incidentally was never sold as anything but a commercial workstation. The Alto was in no way meant to become a commercially mass-produced item, and never did.
The mouse was not invented by Xerox but in fact by Doug Englebart.
Additionally for Antibozo, Mac OS X has supported 2 button mice (if you must have them) since it's beta release in 1999.

IMHO, it's not about who copied from whom. If company A copies from company B for the users' benefit that's fine. If they improve the original idea that's even better. This is basically what Apple (and others) have done with the original Xerox ideas. Xerox obviously didn't have a clue what they had developed there so there's nothing wrong with other companies taking up the idea and bringing it to a market. Otherwise we might all still be working in a mainframe/terminal environment with next to zero GUI.

@KBR:
I have owned, upgraded, tuned and abused 6 Macs in the last 12+ years. This, I think qualifies me as being in favour of Macs. I use my present boxen daily, though not so much on the job (I work in a Windows/Linux shop). It's my way of separating work from leisure.

Big Bill> Bootcamp and Parrallels have been mentioned and guffawed by a few, not understanding, what it does.

No one has guffawed at Parallels or Boot Camp, and I'm perfectly aware of what they do. I've been using the same technology on other OSes (e.g. VMware, user-mode Linux, even a Mac VM on AmigaOS) for around 15 years.

Since you didn't read what I said very carefully, I'll say it again. There was a dialog I will paraphrase here:

M: Mac's are more secure than Windows PCs.
P: But I have to run Windows-only apps.
M: Then buy a Mac and you can run your Windows apps using Parallels or Boot Camp.

...and to which I responded:

How does running Windows under Parallels or Boot Camp make it secure? And what's the point of purchasing a Mac in order to run Windows on it in a VM?

If you're going to advocate a Mac as more secure than a Windows PC (I generally agree), don't then turn around and tell people to run Windows on it. Windows is exactly as [in]secure running under Parallels (behind any cheap NAT router) or Boot Camp as it is running on a standalone Windows PC.

"Apple paid for all elements that it used from the Xerox machine, which incidentally was never sold as anything but a commercial workstation."

Certainly, I'm just saying that the GUI was not an Apple innovation. They certainly were the first to make a mass marketed implementation, but if we're considering marketing to be part of innovation, them Microsoft is the king of innovation.

For the record, I really like macintosh and especially OSX, but you have to admit that they do some pretty strange things behind the scenes. I am not a fan of the whole Data Fork/Resource Fork methodology that Apple uses. It makes the system very easy to use for the end user, but as an administrator, having to keep track of all components (especially when copying files to and from alternate operating systems) becomes a chore. I don't like their hybrid case-sensitivity. On OSX, you can have a file named MyFile.txt in the same directory as a file called myfile.txt. However, in the Mac GUI, you'll see only one of these files. Which one you see depends on which one got there first. This may not be a big deal at all if you're totally a macintosh shop, but if you're integrating macintoshes with an existing Windows/Unix environment, it can really bite you.

Again, I find myself having to repeat everything I say because people don't read...

L. Greene> Apple paid Xerox for using elements from it's graphical interface. Microsoft stole their whole Windows interface from Apple.

Why does everyone drag Microsoft into the discussion every time someone disparages Apple? It's 100% predictable. "Apple is not so great". "Oh yeah? Well Microsoft sucks."

It doesn't matter what Microsoft did. The point at issue, which you again missed, was that the mouse wasn't Apple's innovation. It was, as always, their marketing. And your statement, "Apple paid Xerox..." substantiates my point.

L. Greene> Your ignorance is showing. Who do you think first included a mouse with their systems? Yet another Apple innovation, rapidly copied by you know who.

You have some nerve calling me ignorant. Again, the mouse wasn't Apple's innovation. And they did it wrong by putting only one button on it. More on this below...

L. Greene> The mouse was not invented by Xerox but in fact by Doug Englebart.

Which again substantiates my point: Apple does not innovate (except in rare instances); they repackage and market.

L. Greene> Additionally for Antibozo, Mac OS X has supported 2 button mice (if you must have them) since it's beta release in 1999.

[Friendly aside: you consistently use "it's" where you mean "its". It's easy to remember; just think of "his" vs. "he's"--"its" vs. "it's" follows the same pattern.]

Yes, and you could tack a two-button mouse onto a Mac for years before that. And then you had to screw around with a special driver, trying to convince the Mac that the right button means this, the middle button means that, in various applications. Believe me--I've been there.

And 1999--that's about 15 years, like I said, since the first Mac came out, isn't it?

Yet even now, the support is weak. Other OSes have included normalized semantics for the behavior of additional buttons for many years, but Macs haven't. Consequently, additional button semantics on MacOS are inconsistent.

What *has* finally happened, if I understand correctly, is that Apple is considering multi-button mice standard equipment. So finally Apple is catching up with the rest of the market, 20 years later, on this basic input device.

MacOS X is like "bullet proof glass." It isn't really "bullet PROOF," it's "bullet RESISTANT." People in the physical security industry don't call it "bullet proof glass" because they know better. Big enough bullet, at a high enough velocity, and it's coming through.

MacOS 10.4.x could stand some improvement in the security department. Some of those areas require significant code changes, and are addressed in the upcoming 10.5 (Leopard) version.

Some have stated that the "smugness" in the latest round of Apple Mac ads about viruses and spyware means that Apple doesn't take security threats seriously. I'd say it's just the opposite. Apple management would have to be pretty clueless to make that assertion without making sure that they stay on top of those issues, and get fixes out quickly. It's a competitive advantage. I don't think Apple wants to lose that.

It will be interesting to see what LMH finds. Dedicated focus on finding bugs in OS X is a good thing. Plastering a list of security holes all over the media before giving the vendor a change to patch it first is juvenile and unprofessional. That hurts his credibility, and I that doesn't helps the user community. It just gets LMH's initials more publicity.

Every platform has bugs. That's not going to change. The code is written by humans. Humans make mistakes. But some have more bugs than others, due to differences in design and QA priorities. Windows XP and older versions have had a well-deserved reputation for poor security. It just wasn't a priority during development. Vista is different, but we'll see how much difference the changes really make.

I still recommend Macs for most people. Out of the box, it is more usable and secure than the typical Windows XP system.
Invincible? Of course not. But better is still better.

I have a quesiton and I hope it wasn't answered yet. Someone on here, I think "Jim", mentioned that any Windows app can run on Mac through Bootcamp and Parallels. I am not disagreeing or arguing about whether a Mac or PC is better, I have a real question. If I needed to run a Windows pc or app as a "server or master" how would one go about getting Windows to start automatically on the Mac??? One could obviously put Paralles into the login Items but how would you get the Windows VM to start without user interaction?? Say for a power failure.....

just a question.

MikeyB, this thread has degenerated into mostly Windows and Mac fanboys battling it out. Your best bet with your Parallels question is to take it to http://forum.parallels.com/forum53.html

Wyseguy -
Thanks for the link, I will check it out.

But I did want to throw a small wrench into the equation ;)

Neither Boot Camp nor Parallels are emulation. You are actually running Windows at native speed on the processor when you are using them. Mac OS X files don't have the seperate data and resource forks. Those were used in earlier systems, which in fact allowed users not to be bothered with those pesky file type extensions. Say, wasn't Microsoft talking about doing away with them a while back?
And no, you can't dismiss Apple as just being successful because of marketing. They were the first to implement these new technologies into their machines. They were the ones that made USB a standard. Sure, the bus had been around in the PC world, but nobody was using it. The iMac made that happen. Now it's optional to have a floppy drive in your machine. Let's see, who was it that did that first, and suffered much derision from the PC crowd over doing so, oh yeah, Apple again. 3.5" floppies? Sony made 'em but nobody was using them till Apple put them in their first Macs back in '84. A properly designed interface shouldn't require a two button mouse. Apple's certainly didn't but the poorly designed menu structure of Windows made that a must. More complication, more clutter. You really don't seem to know very much about modern Macs, or computer history in general. I'm tired of arguing these points. Apple is a more innovative company than Microsoft. Steve Jobs said it best when he stated that MS had no taste. Ethically, MS is bankrupt. There are example after example where MS has used dirty tactics to beat their competition. I can't believe that "the world" has been willing to settle for such a third rate architecture as Windows. Buggy, insecure, full of obsolete code, but CHEAP (at least on the surface) and that's what counts to many. Apple did it first, Apple was and still is better, and as more and more people are discovering, Macs are a better choice for a personal computer. Now go look for that driver you need to make your sound card work, and hope there are no conflicts.

This is a very lively discussion (save for the trolls). Thanks for the entertainment!

For the record: I've been using computers since 1974. I've used numerous kinds of interfaces and GUIs, some that have not seen the light of day. I own a PC running XP and a MacBookPro running 10.4.8 and XP SP2 (when I need it).

To most people, I have recommended a Mac. Like all present interfaces, it has its quirks, but it's the most enjoyable and reliable so far.

I look forward to seeing what LMH may have to disclose regarding any OS X security issues, so that I and other IT professionals may close them as best we can. Oddly enough, it's also coming on the cusp of Leopard arriving on the scene, which may make many of his issues moot.

Relax. It's a challenge, not an insult!

@antibozo: You are right, Windows is no more secure on a Mac than on a PC. A Mac running windows can get just as many viruses as a generic PC.

However, the fortunate aspect is the problems are relegated to the PC side, only. If my Windows partition becomes horribly infested, it's small act to delete and reinstall the partition (assuming I've backed up my valuable data). Apple informs Bootcamp users of the Windows vulnerabilities, that Mac Windows users need to run the same protection software as the typical Windows user. I would imagine most Bootcamp users are all too aware, as well.

The Mac as an average whole is, nevertheless, still more secure.

I use Virtual PC 7 to run Windows 2000 in Mac OS X for testing the web sites I create on different versions of Internet Explorer. If I had a newer Mac I'd use Parallels.

Running Windows in a virtual machine is the safest way to run Windows. The virtual machine is in a sandbox so it can't do any damage to the Mac side -- the guest OS thinks it's running on a PC. There is little I personally need to do in Windows that would require special drivers for the hardware attached to the Mac. If I'd need to scan, I'd scan on the Mac side and drag and drop it onto Virtual PC to hand it to Windows. If I need to print something out of Windows - well, it just sees the Mac-networked printer.

I do find it annoying to see people calling each other Windows or Mac fanboys and zealots. The aim here should be getting at the undiluted facts and sharing information. Name-calling undermines that aim.

Fact: Mac OS X is inherently more secure than all versions of Windows, though Vista is catching up.

Fact: Windows Vista vastly improves security over Windows XP.

Fact: Apple and Microsoft both innovate where it is warranted, and borrow from existing projects when it accomplishes something well.

Fact: I have personally never gotten a virus on any Mac I've owned for the past 12 years, some of which were running as webservers 24/7 for years. One server did get hacked - due to a weak password!

Fact: The Mac is a smarter platform for developers. Microsoft Visual Studio is $300. Apple XCode is FREE. And the Mac comes with every scripting language under the sun, plus you're learning to program in a meaningful environment: A real Unix shell. Cross-platform tools are easy to come by as well, for game developers especially.

Add your own facts to the mix...

This posting of bugs will make absolutely no difference at all. Apple Computer will continue to make the Mac OS X a tight and secure system as it always does, always finding and repairing any problems. And any of these that may be posted will be "business as usual" for Apple, fixing what is found and needs to be fixed. It's an on-going thing and no users have to worry -- because the operating system is in the good hands of Apple Computer.

All this talk about the month of bugs is simply a publicity stunt for the posters. Who knows..., someone may be trying to get more money or attention for themselves. That's all this amounts to.

For Macintosh OX X users, there's no worry -- as there have been no worries through the present. It continues as usually. "Move on..., nothing here..."

There are SO MANY sources for this kind of information on the web, it must be terribly embarassing for Microsoft ;^)

http://www.mcmillan.cx/innovation.html

http://www.dwheeler.com/innovation/microsoft.html

http://www.2near.com/edge/editorials/ms.html

The list goes on and on, but as anyone with half a breain and internet access can plainly see, Microsoft has never "innovated" much of anything.

Just what were those computers that you mention using a mouse before a Mac? Compac, HP, IBM? Please send me some info on that.

Link Greene> A properly designed interface shouldn't require a two button mouse.

A properly designed interface shouldn't *require* a mouse at all. Also, a properly designed interface should take advantage of a multi-button mouse, and provide consistent semantics for additional buttons.

Link Greene> Apple's certainly didn't but the poorly designed menu structure of Windows made that a must. More complication, more clutter.

Again, you drag Microsoft into the picture. X11-based systems were supporting and making good use of 3-button mice 15 years ago. AmigaOS supported 3-button mice. BeOS, NextStep, DEC, Symbolics, Sun, AT&T... IOW, *everyone* but Apple saw the benefit of multi-button mice all along. And it has nothing to do with how well-designed the menu system is--you can make a system navigable with one button, but why you would want to when people have two readily independent fingers sitting on the button area? If you're making a mouse part of the picture, let people get the most out of