Reading mode: Light Dark

PC users switching to Mac for Security

Go to last post
canonballs said:
Sure. However, protecting the user from their own stupidity is not
something I realistically expect from any OS in my lifetime.
Click to expand...
LOL!!! A standard (non-admin) user in OS X is fairly hobbled... but.. yes.. I do know what you're talkin' about...
canonballs said:
On an average OS X real-life volume there is valuable stuff that is
not permission-protected.
Click to expand...
Which goes back to what I said before... are we placing a value on protecting the system... or protecting a user from himself?
canonballs said:
I am not sure what you mean by "summarily". So the demonstration
page only activated a script already present on any OS X system
whose effect was or included starting up Terminal?
Click to expand...
Ok.. so that we don't talk in circles... here's the actual alert:
http://secunia.com/advisories/11622/

Mac OS X v10.2.8 and Mac OS X v10.3.3 are both "immunized" against this. And... a healthy part of the problem with this exploit goes back to what you said about 'protecting the user from himself.' Ever since the first "QuickTime" autoplay exploit was detected in 1998.... its always been the case that users of any system should NEVER "auto" do ANYTHING post transfer from the internet. The exploit you referenced (same as the link I pasted above) only works if "open safe after downloading" is checked. Apple's fix? Change the default.
canonballs said:
OK, so only-just-downloaded scripts do not qualify as KNOWN LOCAL?
Click to expand...
If the script in question was downloaded to the enduser's computer because the enduser permitted this process.. and the script was downloaded to a known directory (potentially, default desktop, etc) and the "open after downloading" was selected... then yes.. this script could execute and do something not very nice. BUT, you have a number of "ifs" to accomplish, first.
canonballs said:
I assume a single web page can both download a file and run a
remote perl process - can it not? Would be nice if you could
briefly comment on what makes a script KNOWN LOCAL.
Click to expand...
See the link I pasted earlier.. it describes it.
canonballs said:
canonballs said:
canonballs said:
I tend to think that a Mac
user should not be seen as doing something stupid when they enable
pop-ups and even click on them if they are so inclined.
Click to expand...
Yes... but... why?
Click to expand...
Again not sure what you mean here. "Yes" seems to indicate
agreement. Why?
Click to expand...
Well.. just because someone wants to get force fed marketing information need not mean they're stupid... but even if you don't care about intrustion into your computer... certainly the issue of cookie "leaks" must be a consideration? Or are these the same people that think its ok walk into a suspect part of town with their cash plainly displayed in an money clip dangling from their neck?
canonballs said:
Because I think it can be genuinely difficult to
differentiate between "safe" and "malicious" web content without
trying it out first, hence the user should be protected by the
software from technically harmful effects. Do you agree with the
quoted statement for a different reason?
Click to expand...
And to that end, Mac OS X does an exemplary job... but there is always a price.. such as the information invasion issue I referenced above on cookie leaks. Many "reasonable" websites need cookie access... but many other websits take advantage of this information and intrude on privacy.
canonballs said:
Little Snitch I think it was called.
Click to expand...
1.) You're right.

2.) I typed my answer WAY too quickly.. and the end result was.. I botched a name that I knew.
canonballs said:
Nice, but I did not want it bad enough to pay €25.
Click to expand...
Ah welll.. come on now... ;-)
canonballs said:
My point was not so much about specifically
restricting network access but a more about a systematic approach
to letting the user determine what an application is or is not
allowed to do - play sounds, ask for current time, take over the
whole screen etc.
Click to expand...
As a software publisher... I gotta tell you.. I have a serious problem giving an end user THAT much control. It only leads to much bigger problems.
canonballs said:
Sure, OS X knows no ActiveX. I wonder if some of the functionality
of all that wonderful stuff can still be retained without
compromising security.
Click to expand...
In a word, no.

-Daniel
 
Daniel JS said:
Daniel JS said:
On an average OS X real-life volume there is valuable stuff that is
not permission-protected.
Click to expand...
Which goes back to what I said before... are we placing a value on
protecting the system... or protecting a user from himself?
Click to expand...
Ideally, I'd like to have both. At least protect the user from scripts run by web pages.
Daniel JS said:
Ok.. so that we don't talk in circles... here's the actual alert:
http://secunia.com/advisories/11622/

Mac OS X v10.2.8 and Mac OS X v10.3.3 are both "immunized" against
this. And... a healthy part of the problem with this exploit goes
back to what you said about 'protecting the user from himself.'
Ever since the first "QuickTime" autoplay exploit was detected in
1998.... its always been the case that users of any system should
NEVER "auto" do ANYTHING post transfer from the internet. The
exploit you referenced (same as the link I pasted above) only works
if "open safe after downloading" is checked. Apple's fix? Change
the default.
Click to expand...
A script can be seen as "safe"? I thought that was only possible if you recall another problem where an application could camouflage as a document.
Daniel JS said:
If the script in question was downloaded to the enduser's computer
because the enduser permitted this process.. and the script was
downloaded to a known directory (potentially, default desktop, etc)
and the "open after downloading" was selected... then yes.. this
script could execute and do something not very nice. BUT, you have
a number of "ifs" to accomplish, first.
Daniel JS said:
I assume a single web page can both download a file and run a
remote perl process - can it not? Would be nice if you could
briefly comment on what makes a script KNOWN LOCAL.
Click to expand...
See the link I pasted earlier.. it describes it.
Click to expand...
I looked at the descriptions, and it was not clear to me whether the following scenario is (was) possible.
Perhaps you can clarify.

A page downloads a file with a script to the default download location, say Desktop. (Many users automatically download stuff if a web link calls for a download). This script is not opened by autoopen either because it is not deemed "safe" or because autoopen is disallowed. Instead the remote perl process from the same or closely related web page activates the script since it has a high-probability guess(es) as to where that script is located.

Or are these the same
Daniel JS said:
people that think its ok walk into a suspect part of town with
their cash plainly displayed in an money clip dangling from their
neck?
Click to expand...
OK, I guess I need to read up on cookies.
Daniel JS said:
Daniel JS said:
My point was not so much about specifically
restricting network access but a more about a systematic approach
to letting the user determine what an application is or is not
allowed to do - play sounds, ask for current time, take over the
whole screen etc.
Click to expand...
As a software publisher... I gotta tell you.. I have a serious
problem giving an end user THAT much control. It only leads to
much bigger problems.
Click to expand...
Your application could refuse to proceed if it is unhappy with any of the restrictions. The user could then choose whether to grant your application the required access or to abstain from running it. Would that not be fair?

--
canonballs
 
canonballs said:
Ideally, I'd like to have both. At least protect the user from
scripts run by web pages.
Click to expand...
That's been done.. about one year ago.
canonballs said:
A script can be seen as "safe"? I thought that was only possible
if you recall another problem where an application could camouflage
as a document.
Click to expand...
I would never run a script (or anything) if I don't know what it is and where I got it. The problem you're referring to was an aledged Microsoft Word installer that was circulating via LimeWire. I don't even consider this an issue for many reasons...

1.) It was a supposed COMMERCIAL PRODUCT moving around on a P2P network.

2.) MS Word is a VERY large environment... the file in question was only a few KB in length.
canonballs said:
canonballs said:
canonballs said:
I assume a single web page can both download a file and run a
remote perl process - can it not? Would be nice if you could
briefly comment on what makes a script KNOWN LOCAL.
Click to expand...
See the link I pasted earlier.. it describes it.
Click to expand...
I looked at the descriptions, and it was not clear to me whether
the following scenario is (was) possible.
Perhaps you can clarify.
Click to expand...
A local file has the properties of being on the volume that is to be affected and in the issue of a script, has direct view (via directory switch or commonality) to affect directories or files in question. For example.. if the "vulnerable" directory is called "My Secret Special Files" and you download the script to the desktop, and the script does not know that knocking out "My Secret Special Files" is where the damage can be done.. the script is ultimately, useless.
canonballs said:
A page downloads a file with a script to the default download
location, say Desktop. (Many users automatically download stuff if
a web link calls for a download).
Click to expand...
Ok...
canonballs said:
This script is not opened by
autoopen either because it is not deemed "safe" or because autoopen
is disallowed.
Click to expand...
Ok...
canonballs said:
Instead the remote perl process from the same or
closely related web page activates the script since it has a
high-probability guess(es) as to where that script is located.
Click to expand...
Not possible. Please tell me why you think this is possible.
canonballs said:
OK, I guess I need to read up on cookies.
Click to expand...
Cookies contain all sorts of gems about you and your surfing habits... it is possible to retrieve this data and use it.. for... whatever.
canonballs said:
Your application could refuse to proceed if it is unhappy with any
of the restrictions. The user could then choose whether to grant
your application the required access or to abstain from running it.
Would that not be fair?
Click to expand...
No. In the OS 9 days and the early days of OS X (a carry-over from OS 9) interface modification was all the rage. And I know this is also very popular on Windows, too. Software publshers create product expecting a specific running environment... when users modify this environment it is very difficult to deliver a consistent performance and user experience.

-Daniel
 
Daniel JS said:
Daniel JS said:
A script can be seen as "safe"? I thought that was only possible
if you recall another problem where an application could camouflage
as a document.
Click to expand...
I would never run a script (or anything) if I don't know what it is
and where I got it. The problem you're referring to was an aledged
Microsoft Word installer that was circulating via LimeWire. I
don't even consider this an issue for many reasons...
Click to expand...
It's not quite that. I've seen an object that appeared in the finder as something.mov and carried a QT icon that, when double-clicked, turned out to be a (harmless) application.
Daniel JS said:
A local file has the properties of being on the volume that is to
be affected and in the issue of a script, has direct view (via
directory switch or commonality) to affect directories or files in
question. For example.. if the "vulnerable" directory is called
"My Secret Special Files" and you download the script to the
desktop, and the script does not know that knocking out "My Secret
Special Files" is where the damage can be done.. the script is
ultimately, useless.
Click to expand...
How about Documents for the role of vulnerable directory?
Daniel JS said:
Daniel JS said:
Instead the remote perl process from the same or
closely related web page activates the script since it has a
high-probability guess(es) as to where that script is located.
Click to expand...
Not possible. Please tell me why you think this is possible.
Click to expand...
open Desktop/freshlydepositedmaliciousscript.scpt

Did the web page that started up Terminal not do something similar to a standard-issue script somewhere else on the volume?

--
canonballs
 
canonballs said:
It's not quite that. I've seen an object that appeared in the
finder as something.mov and carried a QT icon that, when
double-clicked, turned out to be a (harmless) application.
Click to expand...
Hmmm... haven't seen that.. can you point to something?
canonballs said:
How about Documents for the role of vulnerable directory?
Click to expand...
Yeah.. but what is the tilde referencing? You need a user name to complete the path.
canonballs said:
open Desktop/freshlydepositedmaliciousscript.scpt
Click to expand...
canonballs said:
Did the web page that started up Terminal not do something similar
to a standard-issue script somewhere else on the volume?
Click to expand...
See above...

-Daniel
 
Daniel JS said:
Daniel JS said:
It's not quite that. I've seen an object that appeared in the
finder as something.mov and carried a QT icon that, when
double-clicked, turned out to be a (harmless) application.
Click to expand...
Hmmm... haven't seen that.. can you point to something?
Click to expand...
http://wired-vig.wired.com/news/mac/0,2125,63000,00.html

This describes an ".mp3 file". IIRC what I've seen for myself was an iTunes playlist, not a QT movie disguise. But I remember I had the impression at the time (perhaps from reading something) that an application could similarly disguise itself as any kind of document.
Daniel JS said:
Daniel JS said:
How about Documents for the role of vulnerable directory?
Click to expand...
Yeah.. but what is the tilde referencing? You need a user name to
complete the path.
Click to expand...
OK, I did not realize one needs an actual username instead of ~ in this context. I think I now understand better what people mean by 'potential vulnerability'. This also explains (to me) how the malware exploiting this could benefit from mounting a volume.

Many thanks for your clarifications.

--
canonballs
 
The Mac Genius who taught my class the other day, said that alot of doctors and such come in, because of the 128-bit security of the FireVault. (THIS IS VERTUALLY INPENETRATABLE, IT WOULD TAKE EVEN A COMPUTER WAY TOO LONG TO CRACK THE FIREVAULT IF YOU HAVE AN EXCELLENT PASSWORD!!) He has even had a guy come in from the FBI (I believe for a personal computer, but none the less, it will do work things on it).

So go on debating, but a UNIX system is by far the best, it just depends were you go from there(Linux/ Mac) on personal preference.

--
Ashley
 
mbryda said:
CptnJustc said:
The truth of this is pretty murky, because of all the variables
involved. Apache seems to be preferred for single-server solutions
for static web pages, which leave out the scripting languages that
open up all kinds of security holes. One could argue that, since
IIS is favored among Fortune 1000 companies, it makes a juicier
target. So it would be about market share....
Click to expand...
IIS is not favored by more Fortune 1000 companies.... Head over to
http://www.netcraft.com and look at the stats. Many high profile
companies run Apache (IBM, Zdnet/Cnet, CNN, HP, Compaq, Apple, etc)
and they most definitely do more than just static webpages. You'll
also notice that IIS lost marketshare lately. And it's not 50/50
either - 69.7% of sites run Apache vs 20.26% IIS.
Click to expand...
True. But, on the other hand, it must be admitted that a lot of those sites are small sites that choose Apache because it's cheap and they have little to no budget. http://redmondmag.com/features/article.asp?EditorialsID=471 makes a good read on that (and also shows that the vulnerabilities are not all that starkly different).
mbryda said:
Remember - A$P and A$PX are not the only dynamic content languages
out there for the Web. Smart companies use Java, Perl, CGI, etc vs
ASP/ASPX which only tie to M$ technologies.
Click to expand...
You could take that position. But a lot of those dynamic content languages are a pain to secure. I admit I don't have any experience with ASP, but I can't imagine how it could be structurally easier to exploit than something like PHP.
mbryda said:
mbryda said:
one thing. To say that OSX will forever be free of virii due
solely to superior architecture is another. Surely in this case
market share has SOMETHING to do with it, particularly when you
consider that so many Windows intrusions are from phishing scams or
spyware piggybacking on more-or-less legitimate software, the kind
of user error which an OS can only do so much against.
Click to expand...
The NIX architecture is so much more secure than Windows it's not
even funny. Look at the bugs - Windows typically are of the
nature "xxx causes a buffer overflow which leads to code being able
to be run". NIX bugs are "xxx causes a buffer overflow which
leads to yyy to crash". There are few root/code exploits available
for NIX.

The phishing stuff happens all the time - I get them all the time
on my Macs. If you are dumb enough to click a link in your e-mail
you get what you deserve. What I tell everyone is that even if it
looks like it's from your bank, credit card, mortgage company,
don't click it. Call them. Go to their website directly, but
don't click that link.
Click to expand...
Theoretically, SP2 will cut down a lot on those buffer overrun errors with its improved memory protection. Along with things like the new locked-down default on IIS 6, I don't think there's nearly as much difference in security these days as before Bill's newfound focus on security before features. It's far from perfect, but it's no longer a difference between night and day. You can impugn Symantec's motives in announcing that there were 37 vulnerabilities in OS X, but they don't have any more of a magic perfect-code-creating wand any more than MS does, or we wouldn't be waiting on our second Tiger point release in just over a month.

[good point about software, but...]
mbryda said:
Same stories with laptops - show me a 15" widescreen with an 80GB
5400 RPM drive, 8x DVD +-RW, 512MB, and 64MB video card from a teir
1 manufacturer (IBM, Compaq, Toshiba, etc) for $2400. They are
hard to come by.
Click to expand...
Are you serious? Go to dell.com and look at what $2400 gets you. I put together a 17" widescreen, 2GHz Pentium M, 8x DVD+-RW, 512MB, 256 MB GeForce 6800, Bluetooth 2.0, 802.11g, 100gb HD for that price. I couldn't, in my quick search, find a model with an 80gb 5400 RPM drive, but there was a 60gb 7200 RPM option. Even though $2400 is near the upper range I had earlier conceded, that's a bigger screen, far superior vid card (the 64MB option is $200 less) and probably considerably faster processor for the same price. And that's before a $300 rebate.
mbryda said:
Sure you can get a laptop for $599, but it's a 14" 1024x768 model
with shared video RAM, 256MB, and a small and slow hard drive.
Click to expand...
All for $700 less than the comparable slow, low-capacity iBook.
mbryda said:
Sorry, I outgrew 1024x768 with my iMac and it was the reason I
shopped PB. Add a high-rez 15" screen to a laptop and you're
almost @ $2k...
Click to expand...
Only with Apple, unfortunately. The 15" option on Dell's $600 laptop is only $50, not $1400.

I think choosing laptops is a bad way to defend Apple's value... I think Apple hasn't gone through its cost-cutting phase with its laptops, and they don't present nearly as good a value compared to PCs as their desktops.
 
Ken Leonard said:
CptnJustc said:
Ken Leonard said:
And PS runs better and faster on a Mac.
Click to expand...
I haven't seen a difference, other than that I can get certain
plug-ins only on the Windows side, though I'll have to see if CS2
obviates that.
Click to expand...
As far as I know PS Plug-ins and actions are one and the same for
PC's and Mac's. In other words if a Plug-in is devleoped on a PC it
will work on a Mac and vice versa. Same is true with actions. Now
if those plug-ins or actions were made into an .exe file of course
you could not execute the code on a Mac. Perhaps that is what you
are saying?

Here are some plug ins you can use on either platforms.

http://porg.4t.com/plugins.html

Ken
Click to expand...
Thanks for the link. Yes, my favored perspective-correction (defishing) tool was a DLL. I'll have to find an alternative.
 
canonballs:

The "culture" I operated in for a number of years was in fact as a member of the U.S. Military.

Do they get everything absolutely right? Absolutely not.

Do they protect classified data properly? Almost without exception, especially since it is not usually a matter of "judgement."

I will leave the discussion to others, but I will point out that even though you and I obviously come from a different culture, protecting highly classified data can sometimes become a matter of life and death to members of the military and the citizens they serve.
canonballs said:
Rod Smith said:
I find it interesting that, in all this wrangling about security,
no one has mentioned the Orange book and DoD requirements for
trusted systems.
Click to expand...
Rod, you refer to a text produced by DoD as the yardstick. I am
curious as to how much you generally trust the American military to
get things like computer security better than anyone else.

Curiously, in the culture where I grew up, the military are about
the last community one would turn to for sound judgement.

--
canonballs
Click to expand...
--
Rod Smith
Niceville, FL
 
CptnJustc said:
True. But, on the other hand, it must be admitted that a lot of
those sites are small sites that choose Apache because it's cheap
and they have little to no budget.
Click to expand...
I wouldn't call IBM and the others cheap. :)
CptnJustc said:
http://redmondmag.com/features/article.asp?EditorialsID=471 makes a
good read on that (and also shows that the vulnerabilities are not
all that starkly different).
Click to expand...
Nor would I trust a Microsoft-centric source with stats about a competitors product. (Nor would I necessarily trust Red Hat for a fair comparison of MS Stuff.)
CptnJustc said:
Theoretically, SP2 will cut down a lot on those buffer overrun
errors with its improved memory protection. Along with things like
the new locked-down default on IIS 6, I don't think there's nearly
as much difference in security these days as before Bill's newfound
focus on security before features. It's far from perfect, but it's
no longer a difference between night and day. You can impugn
Click to expand...
Most of the bugs run just fine on SP2 of XP. The only good it does is turn on the firewall by default.
CptnJustc said:
Symantec's motives in announcing that there were 37 vulnerabilities
in OS X, but they don't have any more of a magic
perfect-code-creating wand any more than MS does, or we wouldn't be
waiting on our second Tiger point release in just over a month.
Click to expand...
Symantec, F-Prot, McAfee, etc are all in the business of selling their virus protection software. They have a vested interest in portraying each OS as being insecure.
CptnJustc said:
Are you serious? Go to dell.com and look at what $2400 gets you.
Click to expand...
I don't buy or reccomend Dell. I said a QUALITY machine. Something Dell doesn't know how to do. Seen way too many Dells turn into POS's after a year of use.

Dell would not even be on a list of reccomended machines. The best place for a Dell is the trash.

Just checked IBM's site: R52, 18584MU - 15" SXGA+, DVD, 80Gb, 512MB, 2Ghz Peee-M - $2,249.

Yeah, that $150 price difference KILLS Apple.

Just for S&G Went to Dell's (poor) website:

Instpiron 6000 (lowest end machine), Peee-M 1.6, 512MB one dimm, 80GB, DVD, 1 year warranty (What's Dell hiding with 90 days standard?), $1,398.

For a computer guaranteed not to last past year 2 without serious issues.

I'll take the Powerbook or the IBM.
CptnJustc said:
CptnJustc said:
Sure you can get a laptop for $599, but it's a 14" 1024x768 model
with shared video RAM, 256MB, and a small and slow hard drive.
Click to expand...
All for $700 less than the comparable slow, low-capacity iBook.
Click to expand...
Yeah, XP BLAZES on a De-celeron with 224MB RAM and a slow hard drive. Been there, done that, glad it wasn't mine.

Have used the wife's iBook G3/800 for years with 256MB and it ran fine. Bumped it to 640MB the other month and it runs Tiger perfectly.
CptnJustc said:
Only with Apple, unfortunately. The 15" option on Dell's $600
laptop is only $50, not $1400.
Click to expand...
See above - Dell would not even be in the running.

When comapring to a QUALITY VENDOR (See IBM comparison), the Apple machine is a quite good value.
CptnJustc said:
I think choosing laptops is a bad way to defend Apple's value... I
think Apple hasn't gone through its cost-cutting phase with its
laptops, and they don't present nearly as good a value compared to
PCs as their desktops.
Click to expand...
Yes they do - you just have to compare like to like, not Apple to bottom of the barrel (Dell). Compare to a good quality vendor, Apple is a decent value.

I wonder how many will be duped by Dell's 90 day warranty when everyone else is at least 1 year. Very shady tactic that I'd expect from the scum of the earth (oops, that would describe Dell).
 
canonballs said:
Daniel JS wrote:
http://wired-vig.wired.com/news/mac/0,2125,63000,00.html

This describes an ".mp3 file". IIRC what I've seen for myself was
an iTunes playlist, not a QT movie disguise. But I remember I had
the impression at the time (perhaps from reading something) that an
application could similarly disguise itself as any kind of document.
Click to expand...
LOL!!! I remember this thing... oy... oh boy.. you know I forgot about it because it was such a joke. Did you read the entire article? Read this:
canonballs said:
The program can't be spread by e-mail or through a file-sharing network unless it is compressed

using software like Aladdin's Stuffit. Failing to compress the MP3 file before sending it renders the
software inoperative.
Click to expand...
Why is this so? Simple. This "file" is not a flat file that is common with today's Mac OS X/Windows environments... rather it is a binary... it contains a resource fork and a data fork that harkens back to the old OS 9 (and older) era. Consequently, this signficant clue of the program being knocked out by standard MIME wrap (with email transport) shows how fragile the old-skool Macintosh resource fork is. 1.) This is not a virus. 2.) It is barely a concept trojan. For it to be a viable trojan... it must transport effectively... if you can't email it easily... then the concept falls flat.

Remember what I said before? I said that it is technically feasible to compile malicious code that will affect the Mac... but getting it to RUN on a Mac.. getting it to WORK on a Mac... that's a differrent story altogether... and I never see why this would ever change.
canonballs said:
canonballs said:
canonballs said:
How about Documents for the role of vulnerable directory?
Click to expand...
Yeah.. but what is the tilde referencing? You need a user name to
complete the path.
Click to expand...
OK, I did not realize one needs an actual username instead of ~ in
this context.
Click to expand...
I figured that's the part you were not getting. :-)

I was getting frustrated when you kept maintaining how something was possible.. and I knew it wasn't.

Try this... go to the Finger's "Go" menu and choose "Go to folder..." and type in the patch box " Documents." Yes.. it will pop open the Documents folder that is COMMON with you as the user. BUT.. do you think you can use the tilde trick for anything? Try " Users" and tell me how far you get?
canonballs said:
I think I now understand better what people mean by
'potential vulnerability'. This also explains (to me) how the
malware exploiting this could benefit from mounting a volume.
Click to expand...
Everything is "potential" and measured in percent degrees of likelihood. It is POSSIBLE to attack a Mac? Yes. Is it likely? No. And market share has nothing to do with it.

-Daniel
 
Security expert sums up first month with Mac: 'much safer, more secure, more productive than Wintel' -By Winn Schwartau, security expert and switcher to mac - MDN Take

http://macdailynews.com/index.php/weblog/comments/security_expert_sums_up_first_month_with_mac/

Original article HERE

http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1094413,00.html
  • Also see Mad as hell, switching to Mac - By Winn Schwartau, Network World, 05/23/05
http://www.networkworld.com/columnists/2005/052305schwartau.html

http://porg.4t.com/Security.html

Ken Leonard
 
mbryda said:
CptnJustc said:
True. But, on the other hand, it must be admitted that a lot of
those sites are small sites that choose Apache because it's cheap
and they have little to no budget.
Click to expand...
I wouldn't call IBM and the others cheap. :)
mbryda said:
http://redmondmag.com/features/article.asp?EditorialsID=471 makes a
good read on that (and also shows that the vulnerabilities are not
all that starkly different).
Click to expand...
Nor would I trust a Microsoft-centric source with stats about a
competitors product. (Nor would I necessarily trust Red Hat for a
fair comparison of MS Stuff.)
Click to expand...
Boy, even if it's just Microsoft-"centric"? Even in an article espousing Apache to IIS users? Tough crowd.
mbryda said:
mbryda said:
Theoretically, SP2 will cut down a lot on those buffer overrun
errors with its improved memory protection. Along with things like
the new locked-down default on IIS 6, I don't think there's nearly
as much difference in security these days as before Bill's newfound
focus on security before features. It's far from perfect, but it's
no longer a difference between night and day. You can impugn
Click to expand...
Most of the bugs run just fine on SP2 of XP. The only good it does
is turn on the firewall by default.
Click to expand...
Not true. Most of the bugs (assuming they're not "I Love You"-style phishing scams) don't work anymore. A couple have been found, as undoubtedly they have been found with OS X.
mbryda said:
mbryda said:
Are you serious? Go to dell.com and look at what $2400 gets you.
Click to expand...
I don't buy or reccomend Dell. I said a QUALITY machine.
Something Dell doesn't know how to do. Seen way too many Dells
turn into POS's after a year of use.

Dell would not even be on a list of reccomended machines. The best
place for a Dell is the trash.
Click to expand...
If you say so. But clearly, the vast majority don't have your high standards.
mbryda said:
Just checked IBM's site: R52, 18584MU - 15" SXGA+, DVD, 80Gb,
512MB, 2Ghz Peee-M - $2,249.

Yeah, that $150 price difference KILLS Apple.
Click to expand...
It certainly does them no favors (I said it mostly affects up through mid-range machines, and this appears to be a case in point). When you add in that it's probably more powerful, includes a $250 extra warranty (which Apple will make you pay $350 more for) and far longer battery life, it has an advantage.

You can personally prefer whichever system you like, but you can't say $150 off the price of a computer (even discounting those other perks) isn't an advantage.
mbryda said:
mbryda said:
mbryda said:
Sure you can get a laptop for $599, but it's a 14" 1024x768 model
with shared video RAM, 256MB, and a small and slow hard drive.
Click to expand...
All for $700 less than the comparable slow, low-capacity iBook.
Click to expand...
Yeah, XP BLAZES on a De-celeron with 224MB RAM and a slow hard
drive. Been there, done that, glad it wasn't mine.
Click to expand...
Okay, add $50 to give it 512, add $100 to call it an IBM. Heck, add $50 more to give it 1280. You've now got a clear performance advantage, and $500 to go.
 
Rod Smith said:
The "culture" I operated in for a number of years was in fact as a
member of the U.S. Military.
Click to expand...
my situation is somewhat symmetric - I spent a few years in non-U.S. military.
Rod Smith said:
Do they get everything absolutely right? Absolutely not.
Do they protect classified data properly? Almost without
exception, especially since it is not usually a matter of
"judgement."
Click to expand...
Protecting data is not all there is to computer security. Even with protecting data, is judgement not involved in selecting effective ways of doing so? Do you not hope or believe or know that much sound judgement has gone into the composition of the Orange Book?
Rod Smith said:
... but I will point out that
even though you and I obviously come from a different culture,
Click to expand...
[even you can hopefully appreciate that]
Rod Smith said:
protecting highly classified data can sometimes become a matter of
life and death to members of the military and the citizens they
serve.
Click to expand...
Yes, I can appreciate that. I left the military with the impression that the less these lives depend on highly classified data, the safer we all are.

--
canonballs
 
You must log in or register to reply here.

Keyboard shortcuts

f
Forum
m
My threads
Mobile site
About
Editorial content
Cameras & Lenses
Community
All content, design, and layout are Copyright © 1998–2025 Digital Photography Review All Rights Reserved.
Reproduction in whole or part in any form or medium without specific written permission is prohibited.
When you use DPReview links to buy products, the site may earn a commission.
©GPS Media - Guides, Products, Services.
Back
Top