PC users switching to Mac for Security

[Daniel JS]

Sure. However, protecting the user from their own stupidity is not
something I realistically expect from any OS in my lifetime.

LOL!!! A standard (non-admin) user in OS X is fairly hobbled... but.. yes.. I do know what you're talkin' about...

On an average OS X real-life volume there is valuable stuff that is
not permission-protected.

Which goes back to what I said before... are we placing a value on protecting the system... or protecting a user from himself?

I am not sure what you mean by "summarily". So the demonstration
page only activated a script already present on any OS X system
whose effect was or included starting up Terminal?

Ok.. so that we don't talk in circles... here's the actual alert:
http://secunia.com/advisories/11622/

Mac OS X v10.2.8 and Mac OS X v10.3.3 are both "immunized" against this. And... a healthy part of the problem with this exploit goes back to what you said about 'protecting the user from himself.' Ever since the first "QuickTime" autoplay exploit was detected in 1998.... its always been the case that users of any system should NEVER "auto" do ANYTHING post transfer from the internet. The exploit you referenced (same as the link I pasted above) only works if "open safe after downloading" is checked. Apple's fix? Change the default.

OK, so only-just-downloaded scripts do not qualify as KNOWN LOCAL?

If the script in question was downloaded to the enduser's computer because the enduser permitted this process.. and the script was downloaded to a known directory (potentially, default desktop, etc) and the "open after downloading" was selected... then yes.. this script could execute and do something not very nice. BUT, you have a number of "ifs" to accomplish, first.

I assume a single web page can both download a file and run a
remote perl process - can it not? Would be nice if you could
briefly comment on what makes a script KNOWN LOCAL.

See the link I pasted earlier.. it describes it.

I tend to think that a Mac
user should not be seen as doing something stupid when they enable
pop-ups and even click on them if they are so inclined.

Yes... but... why?

Again not sure what you mean here. "Yes" seems to indicate
agreement. Why?

Well.. just because someone wants to get force fed marketing information need not mean they're stupid... but even if you don't care about intrustion into your computer... certainly the issue of cookie "leaks" must be a consideration? Or are these the same people that think its ok walk into a suspect part of town with their cash plainly displayed in an money clip dangling from their neck?

Because I think it can be genuinely difficult to
differentiate between "safe" and "malicious" web content without
trying it out first, hence the user should be protected by the
software from technically harmful effects. Do you agree with the
quoted statement for a different reason?

And to that end, Mac OS X does an exemplary job... but there is always a price.. such as the information invasion issue I referenced above on cookie leaks. Many "reasonable" websites need cookie access... but many other websits take advantage of this information and intrude on privacy.

Little Snitch I think it was called.

1.) You're right.

2.) I typed my answer WAY too quickly.. and the end result was.. I botched a name that I knew.

Nice, but I did not want it bad enough to pay €25.

Ah welll.. come on now... ;-)

My point was not so much about specifically
restricting network access but a more about a systematic approach
to letting the user determine what an application is or is not
allowed to do - play sounds, ask for current time, take over the
whole screen etc.

As a software publisher... I gotta tell you.. I have a serious problem giving an end user THAT much control. It only leads to much bigger problems.

Sure, OS X knows no ActiveX. I wonder if some of the functionality
of all that wonderful stuff can still be retained without
compromising security.

In a word, no.

-Daniel

 

[canonballs]

On an average OS X real-life volume there is valuable stuff that is
not permission-protected.

Which goes back to what I said before... are we placing a value on
protecting the system... or protecting a user from himself?

Ideally, I'd like to have both. At least protect the user from scripts run by web pages.

Ok.. so that we don't talk in circles... here's the actual alert:
http://secunia.com/advisories/11622/

Mac OS X v10.2.8 and Mac OS X v10.3.3 are both "immunized" against
this. And... a healthy part of the problem with this exploit goes
back to what you said about 'protecting the user from himself.'
Ever since the first "QuickTime" autoplay exploit was detected in
1998.... its always been the case that users of any system should
NEVER "auto" do ANYTHING post transfer from the internet. The
exploit you referenced (same as the link I pasted above) only works
if "open safe after downloading" is checked. Apple's fix? Change
the default.

A script can be seen as "safe"? I thought that was only possible if you recall another problem where an application could camouflage as a document.

If the script in question was downloaded to the enduser's computer
because the enduser permitted this process.. and the script was
downloaded to a known directory (potentially, default desktop, etc)
and the "open after downloading" was selected... then yes.. this
script could execute and do something not very nice. BUT, you have
a number of "ifs" to accomplish, first.

I assume a single web page can both download a file and run a
remote perl process - can it not? Would be nice if you could
briefly comment on what makes a script KNOWN LOCAL.

See the link I pasted earlier.. it describes it.

I looked at the descriptions, and it was not clear to me whether the following scenario is (was) possible.
Perhaps you can clarify.

A page downloads a file with a script to the default download location, say Desktop. (Many users automatically download stuff if a web link calls for a download). This script is not opened by autoopen either because it is not deemed "safe" or because autoopen is disallowed. Instead the remote perl process from the same or closely related web page activates the script since it has a high-probability guess(es) as to where that script is located.

Or are these the same

people that think its ok walk into a suspect part of town with
their cash plainly displayed in an money clip dangling from their
neck?

OK, I guess I need to read up on cookies.

My point was not so much about specifically
restricting network access but a more about a systematic approach
to letting the user determine what an application is or is not
allowed to do - play sounds, ask for current time, take over the
whole screen etc.

As a software publisher... I gotta tell you.. I have a serious
problem giving an end user THAT much control. It only leads to
much bigger problems.

Your application could refuse to proceed if it is unhappy with any of the restrictions. The user could then choose whether to grant your application the required access or to abstain from running it. Would that not be fair?

--
canonballs

 

[Daniel JS]

Ideally, I'd like to have both. At least protect the user from
scripts run by web pages.

That's been done.. about one year ago.

A script can be seen as "safe"? I thought that was only possible
if you recall another problem where an application could camouflage
as a document.

I would never run a script (or anything) if I don't know what it is and where I got it. The problem you're referring to was an aledged Microsoft Word installer that was circulating via LimeWire. I don't even consider this an issue for many reasons...

1.) It was a supposed COMMERCIAL PRODUCT moving around on a P2P network.

2.) MS Word is a VERY large environment... the file in question was only a few KB in length.

I assume a single web page can both download a file and run a
remote perl process - can it not? Would be nice if you could
briefly comment on what makes a script KNOWN LOCAL.

See the link I pasted earlier.. it describes it.

I looked at the descriptions, and it was not clear to me whether
the following scenario is (was) possible.
Perhaps you can clarify.

A local file has the properties of being on the volume that is to be affected and in the issue of a script, has direct view (via directory switch or commonality) to affect directories or files in question. For example.. if the "vulnerable" directory is called "My Secret Special Files" and you download the script to the desktop, and the script does not know that knocking out "My Secret Special Files" is where the damage can be done.. the script is ultimately, useless.

A page downloads a file with a script to the default download
location, say Desktop. (Many users automatically download stuff if
a web link calls for a download).

Ok...

This script is not opened by
autoopen either because it is not deemed "safe" or because autoopen
is disallowed.

Ok...

Instead the remote perl process from the same or
closely related web page activates the script since it has a
high-probability guess(es) as to where that script is located.

Not possible. Please tell me why you think this is possible.

OK, I guess I need to read up on cookies.

Cookies contain all sorts of gems about you and your surfing habits... it is possible to retrieve this data and use it.. for... whatever.

Your application could refuse to proceed if it is unhappy with any
of the restrictions. The user could then choose whether to grant
your application the required access or to abstain from running it.
Would that not be fair?

No. In the OS 9 days and the early days of OS X (a carry-over from OS 9) interface modification was all the rage. And I know this is also very popular on Windows, too. Software publshers create product expecting a specific running environment... when users modify this environment it is very difficult to deliver a consistent performance and user experience.

-Daniel

 

[canonballs]

A script can be seen as "safe"? I thought that was only possible
if you recall another problem where an application could camouflage
as a document.

I would never run a script (or anything) if I don't know what it is
and where I got it. The problem you're referring to was an aledged
Microsoft Word installer that was circulating via LimeWire. I
don't even consider this an issue for many reasons...

It's not quite that. I've seen an object that appeared in the finder as something.mov and carried a QT icon that, when double-clicked, turned out to be a (harmless) application.

A local file has the properties of being on the volume that is to
be affected and in the issue of a script, has direct view (via
directory switch or commonality) to affect directories or files in
question. For example.. if the "vulnerable" directory is called
"My Secret Special Files" and you download the script to the
desktop, and the script does not know that knocking out "My Secret
Special Files" is where the damage can be done.. the script is
ultimately, useless.

How about Documents for the role of vulnerable directory?

Instead the remote perl process from the same or
closely related web page activates the script since it has a
high-probability guess(es) as to where that script is located.

Not possible. Please tell me why you think this is possible.

open Desktop/freshlydepositedmaliciousscript.scpt

Did the web page that started up Terminal not do something similar to a standard-issue script somewhere else on the volume?

--
canonballs

 

[Daniel JS]

It's not quite that. I've seen an object that appeared in the
finder as something.mov and carried a QT icon that, when
double-clicked, turned out to be a (harmless) application.

Hmmm... haven't seen that.. can you point to something?

How about Documents for the role of vulnerable directory?

Yeah.. but what is the tilde referencing? You need a user name to complete the path.

open Desktop/freshlydepositedmaliciousscript.scpt

Did the web page that started up Terminal not do something similar
to a standard-issue script somewhere else on the volume?

See above...

-Daniel

 

[canonballs]

It's not quite that. I've seen an object that appeared in the
finder as something.mov and carried a QT icon that, when
double-clicked, turned out to be a (harmless) application.

Hmmm... haven't seen that.. can you point to something?

http://wired-vig.wired.com/news/mac/0,2125,63000,00.html

This describes an ".mp3 file". IIRC what I've seen for myself was an iTunes playlist, not a QT movie disguise. But I remember I had the impression at the time (perhaps from reading something) that an application could similarly disguise itself as any kind of document.

How about Documents for the role of vulnerable directory?

Yeah.. but what is the tilde referencing? You need a user name to
complete the path.

OK, I did not realize one needs an actual username instead of ~ in this context. I think I now understand better what people mean by 'potential vulnerability'. This also explains (to me) how the malware exploiting this could benefit from mounting a volume.

Many thanks for your clarifications.

--
canonballs

 

[shepha]

The Mac Genius who taught my class the other day, said that alot of doctors and such come in, because of the 128-bit security of the FireVault. (THIS IS VERTUALLY INPENETRATABLE, IT WOULD TAKE EVEN A COMPUTER WAY TOO LONG TO CRACK THE FIREVAULT IF YOU HAVE AN EXCELLENT PASSWORD!!) He has even had a guy come in from the FBI (I believe for a personal computer, but none the less, it will do work things on it).

So go on debating, but a UNIX system is by far the best, it just depends were you go from there(Linux/ Mac) on personal preference.

--
Ashley

 

[CptnJustc]

The truth of this is pretty murky, because of all the variables
involved. Apache seems to be preferred for single-server solutions
for static web pages, which leave out the scripting languages that
open up all kinds of security holes. One could argue that, since
IIS is favored among Fortune 1000 companies, it makes a juicier
target. So it would be about market share....

IIS is not favored by more Fortune 1000 companies.... Head over to
http://www.netcraft.com and look at the stats. Many high profile
companies run Apache (IBM, Zdnet/Cnet, CNN, HP, Compaq, Apple, etc)
and they most definitely do more than just static webpages. You'll
also notice that IIS lost marketshare lately. And it's not 50/50
either - 69.7% of sites run Apache vs 20.26% IIS.

True. But, on the other hand, it must be admitted that a lot of those sites are small sites that choose Apache because it's cheap and they have little to no budget. http://redmondmag.com/features/article.asp?EditorialsID=471 makes a good read on that (and also shows that the vulnerabilities are not all that starkly different).

Remember - A$P and A$PX are not the only dynamic content languages
out there for the Web. Smart companies use Java, Perl, CGI, etc vs
ASP/ASPX which only tie to M$ technologies.

You could take that position. But a lot of those dynamic content languages are a pain to secure. I admit I don't have any experience with ASP, but I can't imagine how it could be structurally easier to exploit than something like PHP.

one thing. To say that OSX will forever be free of virii due
solely to superior architecture is another. Surely in this case
market share has SOMETHING to do with it, particularly when you
consider that so many Windows intrusions are from phishing scams or
spyware piggybacking on more-or-less legitimate software, the kind
of user error which an OS can only do so much against.

The NIX architecture is so much more secure than Windows it's not
even funny. Look at the bugs - Windows typically are of the
nature "xxx causes a buffer overflow which leads to code being able
to be run". NIX bugs are "xxx causes a buffer overflow which
leads to yyy to crash". There are few root/code exploits available
for NIX.

The phishing stuff happens all the time - I get them all the time
on my Macs. If you are dumb enough to click a link in your e-mail
you get what you deserve. What I tell everyone is that even if it
looks like it's from your bank, credit card, mortgage company,
don't click it. Call them. Go to their website directly, but
don't click that link.

Theoretically, SP2 will cut down a lot on those buffer overrun errors with its improved memory protection. Along with things like the new locked-down default on IIS 6, I don't think there's nearly as much difference in security these days as before Bill's newfound focus on security before features. It's far from perfect, but it's no longer a difference between night and day. You can impugn Symantec's motives in announcing that there were 37 vulnerabilities in OS X, but they don't have any more of a magic perfect-code-creating wand any more than MS does, or we wouldn't be waiting on our second Tiger point release in just over a month.

[good point about software, but...]

Same stories with laptops - show me a 15" widescreen with an 80GB
5400 RPM drive, 8x DVD +-RW, 512MB, and 64MB video card from a teir
1 manufacturer (IBM, Compaq, Toshiba, etc) for $2400. They are
hard to come by.

Are you serious? Go to dell.com and look at what $2400 gets you. I put together a 17" widescreen, 2GHz Pentium M, 8x DVD+-RW, 512MB, 256 MB GeForce 6800, Bluetooth 2.0, 802.11g, 100gb HD for that price. I couldn't, in my quick search, find a model with an 80gb 5400 RPM drive, but there was a 60gb 7200 RPM option. Even though $2400 is near the upper range I had earlier conceded, that's a bigger screen, far superior vid card (the 64MB option is $200 less) and probably considerably faster processor for the same price. And that's before a $300 rebate.

Sure you can get a laptop for $599, but it's a 14" 1024x768 model
with shared video RAM, 256MB, and a small and slow hard drive.

All for $700 less than the comparable slow, low-capacity iBook.

Sorry, I outgrew 1024x768 with my iMac and it was the reason I
shopped PB. Add a high-rez 15" screen to a laptop and you're
almost @ $2k...

Only with Apple, unfortunately. The 15" option on Dell's $600 laptop is only $50, not $1400.

I think choosing laptops is a bad way to defend Apple's value... I think Apple hasn't gone through its cost-cutting phase with its laptops, and they don't present nearly as good a value compared to PCs as their desktops.

 

[CptnJustc]

And PS runs better and faster on a Mac.

I haven't seen a difference, other than that I can get certain
plug-ins only on the Windows side, though I'll have to see if CS2
obviates that.

As far as I know PS Plug-ins and actions are one and the same for
PC's and Mac's. In other words if a Plug-in is devleoped on a PC it
will work on a Mac and vice versa. Same is true with actions. Now
if those plug-ins or actions were made into an .exe file of course
you could not execute the code on a Mac. Perhaps that is what you
are saying?

Here are some plug ins you can use on either platforms.

http://porg.4t.com/plugins.html

Ken

Thanks for the link. Yes, my favored perspective-correction (defishing) tool was a DLL. I'll have to find an alternative.

 

[Rod Smith]

canonballs:

The "culture" I operated in for a number of years was in fact as a member of the U.S. Military.

Do they get everything absolutely right? Absolutely not.

Do they protect classified data properly? Almost without exception, especially since it is not usually a matter of "judgement."

I will leave the discussion to others, but I will point out that even though you and I obviously come from a different culture, protecting highly classified data can sometimes become a matter of life and death to members of the military and the citizens they serve.

I find it interesting that, in all this wrangling about security,
no one has mentioned the Orange book and DoD requirements for
trusted systems.

Rod, you refer to a text produced by DoD as the yardstick. I am
curious as to how much you generally trust the American military to
get things like computer security better than anyone else.

Curiously, in the culture where I grew up, the military are about
the last community one would turn to for sound judgement.

--
canonballs

--
Rod Smith
Niceville, FL

 

[mbryda]

True. But, on the other hand, it must be admitted that a lot of
those sites are small sites that choose Apache because it's cheap
and they have little to no budget.

I wouldn't call IBM and the others cheap.

http://redmondmag.com/features/article.asp?EditorialsID=471 makes a
good read on that (and also shows that the vulnerabilities are not
all that starkly different).

Nor would I trust a Microsoft-centric source with stats about a competitors product. (Nor would I necessarily trust Red Hat for a fair comparison of MS Stuff.)

Theoretically, SP2 will cut down a lot on those buffer overrun
errors with its improved memory protection. Along with things like
the new locked-down default on IIS 6, I don't think there's nearly
as much difference in security these days as before Bill's newfound
focus on security before features. It's far from perfect, but it's
no longer a difference between night and day. You can impugn

Most of the bugs run just fine on SP2 of XP. The only good it does is turn on the firewall by default.

Symantec's motives in announcing that there were 37 vulnerabilities
in OS X, but they don't have any more of a magic
perfect-code-creating wand any more than MS does, or we wouldn't be
waiting on our second Tiger point release in just over a month.

Symantec, F-Prot, McAfee, etc are all in the business of selling their virus protection software. They have a vested interest in portraying each OS as being insecure.

Are you serious? Go to dell.com and look at what $2400 gets you.

I don't buy or reccomend Dell. I said a QUALITY machine. Something Dell doesn't know how to do. Seen way too many Dells turn into POS's after a year of use.

Dell would not even be on a list of reccomended machines. The best place for a Dell is the trash.

Just checked IBM's site: R52, 18584MU - 15" SXGA+, DVD, 80Gb, 512MB, 2Ghz Peee-M - $2,249.

Yeah, that $150 price difference KILLS Apple.

Just for S&G Went to Dell's (poor) website:

Instpiron 6000 (lowest end machine), Peee-M 1.6, 512MB one dimm, 80GB, DVD, 1 year warranty (What's Dell hiding with 90 days standard?), $1,398.

For a computer guaranteed not to last past year 2 without serious issues.

I'll take the Powerbook or the IBM.

Sure you can get a laptop for $599, but it's a 14" 1024x768 model
with shared video RAM, 256MB, and a small and slow hard drive.

All for $700 less than the comparable slow, low-capacity iBook.

Yeah, XP BLAZES on a De-celeron with 224MB RAM and a slow hard drive. Been there, done that, glad it wasn't mine.

Have used the wife's iBook G3/800 for years with 256MB and it ran fine. Bumped it to 640MB the other month and it runs Tiger perfectly.

Only with Apple, unfortunately. The 15" option on Dell's $600
laptop is only $50, not $1400.

See above - Dell would not even be in the running.

When comapring to a QUALITY VENDOR (See IBM comparison), the Apple machine is a quite good value.

I think choosing laptops is a bad way to defend Apple's value... I
think Apple hasn't gone through its cost-cutting phase with its
laptops, and they don't present nearly as good a value compared to
PCs as their desktops.

Yes they do - you just have to compare like to like, not Apple to bottom of the barrel (Dell). Compare to a good quality vendor, Apple is a decent value.

I wonder how many will be duped by Dell's 90 day warranty when everyone else is at least 1 year. Very shady tactic that I'd expect from the scum of the earth (oops, that would describe Dell).

 

[Daniel JS]

Daniel JS wrote:
http://wired-vig.wired.com/news/mac/0,2125,63000,00.html

This describes an ".mp3 file". IIRC what I've seen for myself was
an iTunes playlist, not a QT movie disguise. But I remember I had
the impression at the time (perhaps from reading something) that an
application could similarly disguise itself as any kind of document.

LOL!!! I remember this thing... oy... oh boy.. you know I forgot about it because it was such a joke. Did you read the entire article? Read this:

The program can't be spread by e-mail or through a file-sharing network unless it is compressed

using software like Aladdin's Stuffit. Failing to compress the MP3 file before sending it renders the
software inoperative.

Why is this so? Simple. This "file" is not a flat file that is common with today's Mac OS X/Windows environments... rather it is a binary... it contains a resource fork and a data fork that harkens back to the old OS 9 (and older) era. Consequently, this signficant clue of the program being knocked out by standard MIME wrap (with email transport) shows how fragile the old-skool Macintosh resource fork is. 1.) This is not a virus. 2.) It is barely a concept trojan. For it to be a viable trojan... it must transport effectively... if you can't email it easily... then the concept falls flat.

Remember what I said before? I said that it is technically feasible to compile malicious code that will affect the Mac... but getting it to RUN on a Mac.. getting it to WORK on a Mac... that's a differrent story altogether... and I never see why this would ever change.

How about Documents for the role of vulnerable directory?

Yeah.. but what is the tilde referencing? You need a user name to
complete the path.

OK, I did not realize one needs an actual username instead of ~ in
this context.

I figured that's the part you were not getting.

I was getting frustrated when you kept maintaining how something was possible.. and I knew it wasn't.

Try this... go to the Finger's "Go" menu and choose "Go to folder..." and type in the patch box " Documents." Yes.. it will pop open the Documents folder that is COMMON with you as the user. BUT.. do you think you can use the tilde trick for anything? Try " Users" and tell me how far you get?

I think I now understand better what people mean by
'potential vulnerability'. This also explains (to me) how the
malware exploiting this could benefit from mounting a volume.

Everything is "potential" and measured in percent degrees of likelihood. It is POSSIBLE to attack a Mac? Yes. Is it likely? No. And market share has nothing to do with it.

-Daniel

 

[Ken Leonard]

Security expert sums up first month with Mac: 'much safer, more secure, more productive than Wintel' -By Winn Schwartau, security expert and switcher to mac - MDN Take

http://macdailynews.com/index.php/weblog/comments/security_expert_sums_up_first_month_with_mac/

Original article HERE

http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1094413,00.html

• Also see Mad as hell, switching to Mac - By Winn Schwartau, Network World, 05/23/05

http://www.networkworld.com/columnists/2005/052305schwartau.html

http://porg.4t.com/Security.html

Ken Leonard

 

[saxafraz]

just adding a little more fuel to the fire

http://www.scott-o-rama.com/2005/06..._i_didnt_blo.html

 

[Ken Leonard]

Thanks but the link does not work, at least from here

just adding a little more fuel to the fire

http://www.scott-o-rama.com/2005/06..._i_didnt_blo.html

 

[shepha]

PC World has honored Apple by adding the iPod photo, iTunes, iTunes Music Store in the Consumer Electronics category, Mac mini as one of the best small PCs, and Mac OS X v10.4 “Tiger” as the best operating system, PUTTING IT INTO THE NUMBER THREE SLOT OM THE TOP 100 PRODUCTS LIST.

http://www.apple.com

http://www.pcworld.com/reviews/article/0,aid,120763,pg,12,00.asp

--
Ashley

 

[CptnJustc]

True. But, on the other hand, it must be admitted that a lot of
those sites are small sites that choose Apache because it's cheap
and they have little to no budget.

I wouldn't call IBM and the others cheap.

http://redmondmag.com/features/article.asp?EditorialsID=471 makes a
good read on that (and also shows that the vulnerabilities are not
all that starkly different).

Nor would I trust a Microsoft-centric source with stats about a
competitors product. (Nor would I necessarily trust Red Hat for a
fair comparison of MS Stuff.)

Boy, even if it's just Microsoft-"centric"? Even in an article espousing Apache to IIS users? Tough crowd.

Theoretically, SP2 will cut down a lot on those buffer overrun
errors with its improved memory protection. Along with things like
the new locked-down default on IIS 6, I don't think there's nearly
as much difference in security these days as before Bill's newfound
focus on security before features. It's far from perfect, but it's
no longer a difference between night and day. You can impugn

Most of the bugs run just fine on SP2 of XP. The only good it does
is turn on the firewall by default.

Not true. Most of the bugs (assuming they're not "I Love You"-style phishing scams) don't work anymore. A couple have been found, as undoubtedly they have been found with OS X.

Are you serious? Go to dell.com and look at what $2400 gets you.

I don't buy or reccomend Dell. I said a QUALITY machine.
Something Dell doesn't know how to do. Seen way too many Dells
turn into POS's after a year of use.

Dell would not even be on a list of reccomended machines. The best
place for a Dell is the trash.

If you say so. But clearly, the vast majority don't have your high standards.

Just checked IBM's site: R52, 18584MU - 15" SXGA+, DVD, 80Gb,
512MB, 2Ghz Peee-M - $2,249.

Yeah, that $150 price difference KILLS Apple.

It certainly does them no favors (I said it mostly affects up through mid-range machines, and this appears to be a case in point). When you add in that it's probably more powerful, includes a $250 extra warranty (which Apple will make you pay $350 more for) and far longer battery life, it has an advantage.

You can personally prefer whichever system you like, but you can't say $150 off the price of a computer (even discounting those other perks) isn't an advantage.

Sure you can get a laptop for $599, but it's a 14" 1024x768 model
with shared video RAM, 256MB, and a small and slow hard drive.

All for $700 less than the comparable slow, low-capacity iBook.

Yeah, XP BLAZES on a De-celeron with 224MB RAM and a slow hard
drive. Been there, done that, glad it wasn't mine.

Okay, add $50 to give it 512, add $100 to call it an IBM. Heck, add $50 more to give it 1280. You've now got a clear performance advantage, and $500 to go.

 

[saxafraz]

That link again

http://www.scott-o-rama.com/2005/06/why_i_didnt_blo.html

 

[Ken Leonard]

Thank you, I have added this fuel to the fire to the Security page (as well as several other recent articles)

http://porg.4t.com/Security.html

Ken leonard

That link again

http://www.scott-o-rama.com/2005/06/why_i_didnt_blo.html

 

[canonballs]

The "culture" I operated in for a number of years was in fact as a
member of the U.S. Military.

my situation is somewhat symmetric - I spent a few years in non-U.S. military.

Do they get everything absolutely right? Absolutely not.
Do they protect classified data properly? Almost without
exception, especially since it is not usually a matter of
"judgement."

Protecting data is not all there is to computer security. Even with protecting data, is judgement not involved in selecting effective ways of doing so? Do you not hope or believe or know that much sound judgement has gone into the composition of the Orange Book?

... but I will point out that
even though you and I obviously come from a different culture,

[even you can hopefully appreciate that]

protecting highly classified data can sometimes become a matter of
life and death to members of the military and the citizens they
serve.

Yes, I can appreciate that. I left the military with the impression that the less these lives depend on highly classified data, the safer we all are.

--
canonballs