[Gamoe]

I really do take exception to MacNN's inappropriate and alarmist news posts as of late. I must say that I simply cannot take MacNN news as seriously anymore. I am referring to specifically the "virus" news articles. I have no problem with MacNN reporting it, as it should, but the way MacNN has decided to "report" these smells very much like FUD, and it is not "constructive" at all.

[gorgonzola]

Originally Posted by Gabriel Morales

I really do take exception to MacNN's inappropriate and alarmist news posts as of late. I must say that I simply cannot take MacNN news as seriously anymore. I am referring to specifically the "virus" news articles. I have no problem with MacNN reporting it, as it should, but the way MacNN has decided to "report" these smells very much like FUD, and it is not "constructive" at all.

What in particular is the problem with the reporting? Specifics help.

[Gamoe]

Originally Posted by gorgonzola

What in particular is the problem with the reporting? Specifics help.

Basically, I find the (virus) articles unnecessarily alarmist and distorting of the truth ("spin" if you will). It does more to produce Fear, Uncertainty and Doubt than to actually report the facts and give people the solution, of possible. It also seems to make conclusions, or express opinions, rather than report the facts. Statements like these seem to draw conclusions on the attitudes of Mac users and the real threat level:

Many Mac users have been somewhat smug about the existence of virii for the Mac, but French anti-virus vendor Sophos says it is very real.

I've never felt "smug" about it.-- Linux is not inundated by viruses either. Only Windows is, for various reasons. I have felt much more confident about my operating system of choice and its security, and from what I've read about this virus, I have every reason to continue feeling that way. In any case, I feel that comment in particular is a little unfair and exaggerated. But it's not just that comment, I feel the same way about all of the virus articles.

[iLikebeer]

Originally Posted by Gabriel Morales

Basically, I find the (virus) articles unnecessarily alarmist and distorting of the truth ("spin" if you will). It does more to produce Fear, Uncertainty and Doubt than to actually report the facts and give people the solution, of possible. It also seems to make conclusions, or express opinions, rather than report the facts. Statements like these seem to draw conclusions on the attitudes of Mac users and the real threat level:



I've never felt "smug" about it.-- Linux is not inundated by viruses either. Only Windows is, for various reasons. I have felt much more confident about my operating system of choice and its security, and from what I've read about this virus, I have every reason to continue feeling that way. In any case, I feel that comment in particular is a little unfair and exaggerated. But it's not just that comment, I feel the same way about all of the virus articles.

To be fair, it does say many, not most. If you've ever been unlucky enough to witness a PC/Mac argument, smug is definately the right word for many Mac users. Even on mac oriented sites, one will often see in-thread jokes about how much better Mac is because "at least we don't get viruses." I doubt they were referring to you personally, and I'd say it's a valid statement. Maybe the word "some" would have been better, but many is accurate enough as I see the smugness often myself. Many ARE smug, as it's an indefinate amount. "Most" might have been questionable, but really it's just semantics of their word choice and they provide a service for us so I don't mind if they add their own insight and opinion as long as it seems accurate or justified.

[gorgonzola]

OK, here's my 2 cents.

(1) While you may not care for the statements made, I think they're fairly accurate. Regardless, I don't think it's reasonable to say they're spreading FUD. Saying that Mac users are smug about virus threats may be objectionable (if you think that's false, and I don't), but it's certainly not alarmist.

(2) That said, there is a case to be made that those posts are not the appropriate place for this kind of editorializing in the first place. I think I'd agree that there's no need to opine about perceived smugness regardless of whether it exists.

I'll chat with the news staff about it.

[porieux]

...

[f1000]

I'd prefer to see MacNN err on the side of containment and prevention than on the side of accuracy when it comes to public service announcements concerning Trojans and virii. So what if MacNN jumps the gun and repeats exaggerated reports on the virulence of a particular exploit; would we prefer the alternative scenario of having a virus race through the user base to the rapturous delight of OS X's detractors?

[Gamoe]

Originally Posted by gorgonzola

(2) That said, there is a case to be made that those posts are not the appropriate place for this kind of editorializing in the first place. I think I'd agree that there's no need to opine about perceived smugness regardless of whether it exists.

I'll chat with the news staff about it.

Thanks.

It wasn't just that statement though. It just seemed to me like the article exaggerated the issue and perhaps even gave the impression that an anti-virus program is necessary, where that's not the case, and I don't believe is the case in general, beyond those particular incidents. I don't think the article was being fair and accurate about the matter.

Originally Posted by f1000

I'd prefer to see MacNN err on the side of containment and prevention than on the side of accuracy when it comes to public service announcements concerning Trojans and virii. So what if MacNN jumps the gun and repeats exaggerated reports on the virulence of a particular exploit; would we prefer the alternative scenario of having a virus race through the user base to the rapturous delight of OS X's detractors?

The article could strongly suggest users update their systems with the latest security updates without expressing all sorts of potentially alarming opinions, unless of course, it was an opinion piece and so labeled.

[aberdeenwriter]

As a non-technical Mac user and MacNN poster I never go to the more technical forums here and if something isn't posted on a page or thread in a main portal to MacNN I am likely to miss it altogether and for that reason I resent the locking of the thread in the main lounge dealing with this problem as only the techies will go to a trouble shooting lounge on a routine basis. The non techie wouldn't go there unless they are first aware that a problem might exist.

And because the main lounge thread has been locked, how would someone know that a problem even exists?

That is a combination of non-thinking and elitist thinking.

And f1000, here you are rightly defending MacNN's erring (if it can be considered an error at all) on the side of containment and prevention but then post a snippy little post in the main lounge thread that this news doesn't belong in the longe but in the troubleshooting forum, where anyone there is laughing at it being NOT a virus but a trojan and not that big a problem.

But to a guy like me, I don't know the difference between the two and all I know is that there is something I need to be aware of to protect my investment.

But now that the thread is locked there may be others like me who won't have a chance to even KNOW there's a potential risk to their Mac.

So, f1000, you are trying to be on ALL sides of this matter. Posting in the OSX room. Sniping at the news being announced in the main lounge and now here trying to be reasonable.



What's the point of being called the Mac NEWS NETWORK if the news that MIGHT save you from losing $2000 is buried in an obscure room for tech minded folk who react to this news with "meh" but the people who need the news are made to suffer for being JUST average computer users who APPLE is spending millions of dollars trying to induce to switch?

Way to go!

[f1000]

Originally Posted by Gabriel Morales

The article could strongly suggest users update their systems with the latest security updates without expressing all sorts of potentially alarming opinions, unless of course, it was an opinion piece and so labeled.

I'm sorry, GM, but I didn't find the piece to be alarmist at all. Call me jaded, but I don't get panicked by reports of Trojans and viruses. I've only ever had one or two virus problems on the old 680x0's (nVIR anyone?) and none while using OS X or PC's (yes, you read that last word right).

Frankly, I first became aware of this Trojan on MacRumors as MacNN's news page has become all but unreadable to me. The MacRumors headline piqued my interest, and a quick read through of their forums pretty much explained the nature of the exploit to me. I only bothered to peruse the related MacNN news articles due to the ruckus in this thread.

[ghporter]

The reason most news about this bug has been strident has been that it's the first time in a long while that any news agency could say anything interesting about a computer bug. Everybody is ignoring stuff about Windows malware because they're saturated by it. Suddenly there's a real bug that affects OS X and that IS news.

I must further state that reference to Mac users' "smugness" over the lack of malware that attacks OS X is a very real issue. Take a look at the way members have been talking about antivirus software; "why bother-Macs are immune" is a very common sentiment (and they don't even bother to say "practically immune"). The way this particular piece of nastiness gets in is through really poor social engineering, too. That's something that NO operating system or platform is secure against. It takes USERS being aware of what they're doing to be safe against that sort of thing. And smug selfassurance that your platform "is immune to viruses" is counterproductive in many ways.

Gabriel, YOU may not be smug, self assured, or even a likely victim of any social engineering, but a whole lot of Mac users are all three. That particular bit in the news is cold honest.

[TETENAL]

Originally Posted by ghporter

Suddenly there's a real bug that affects OS X and that IS news.

This virus is not a bug and neither is it the result of a bug in OS X.

Originally Posted by ghporter

Mac users' "smugness" over the lack of malware that attacks OS X is a very real issue. Take a look at the way members have been talking about antivirus software; "why bother-Macs are immune" is a very common sentiment (and they don't even bother to say "practically immune").

That is nothing anybody has ever been saying here. The common sentiment is "Why bother, there are no viruses to check for". Virus software for Mac was useless because it was searching for something that it knew didn't exist.

[ghporter]

TETENAL, while most folks here are more aware and on the ball than to act like Macs are not threatened at all, there are still a lot of people making noises about it in these forums. Note the thread in Applications started Thursday or Friday about "Is Antivirus A Waste Of Time?"

And I meant "bug" in the casual sense, not in the "software flaw" sense. I felt that this particular meaning should have come through quite clearly from the context.

[TETENAL]

Originally Posted by ghporter

Note the thread in Applications started Thursday or Friday about "Is Antivirus A Waste Of Time?"

And that's one of the threads I had in mind. Nobody was "smug" in this thread. People just mentioned that anti-virus software is not necessary since it searches for something it knows not to exist. That was not "smug" that was a statement of fact. You mentioned heuristics which might kick in under certain circumstances. That was also a valid opinion, but not more or less valid as the other one. To say Mac users are "smug" just pisses Mac users off and Mac users are the main audience of MacNN. So why are you doing this?

Originally Posted by ghporter

And I meant "bug" in the casual sense, not in the "software flaw" sense. I felt that this particular meaning should have come through quite clearly from the context.

I am not aware of any other meaning of "bug" in a casual sense. I'm not a native speaker.

[ghporter]

I see your point; my feeling was that one or two of the responses that were written as if they were authoritative on the subject dismissed the notion of using antivirus software so completely that it showed smugness on their part. Other threads in the past have included numerous and explicitly smug denials of the utility of antivirus software, now or even in the future, though I couldn't show you any particular one without doing quite a bit of searching.

I don't intend to piss anyone off. I DO intend to point out that NO software and in particular no modern OS is immune to attack. Some, like OS X, are far more robust and built in such a way that attacks are difficult to accomplish and have a lower probability of success, but that does not make them immune, just more robust. And considering that the mechanism Leap-A used for access to the user's machine involved some really silly social engineering, I dispair at what will happen in the future with well timed and well written malware. Mac users may not as a whole be "smug," but they are (again as a group) complascent.

Finally, in computer security circles, it is not uncommon to call malware a "bug" in the sense that it is an irritant (and it's frequently not immediately known what type of malware a particular problem is). Sorry for the confusion-I should know better than to use jargon outside its proper context.

[Gamoe]

Originally Posted by ghporter

I see your point; my feeling was that one or two of the responses that were written as if they were authoritative on the subject dismissed the notion of using antivirus software so completely that it showed smugness on their part. Other threads in the past have included numerous and explicitly smug denials of the utility of antivirus software, now or even in the future, though I couldn't show you any particular one without doing quite a bit of searching.

But you see, I don't consider myself smug, except to say that I DO believe my OS of choice is superior to the MS Windows OS. If I am being smug because of that, than so be it. However, I really don't see a need for anti-virus software now or in the past, and as long as Apple keeps doing its job right, there shouldn't be any need for it the future either. The scarcity of viruses on the Mac is one of the things I love about the platform, and one of the reasons I recommend it to others.

I wasted time and money back when I was a much newer Mac user running Virex and SAM[/i] (Symantec Anti-Virus for Mac, which was later plainly renamed as Norton AntiVirus for Macintosh) to "protect" when there was virtually nothing to be protected from. Later I realized that anti-virus apps were not necessary on the Mac, although the anti-virus companies love exaggerating and spreading FUD to make people think they do. That bugs me.

In addition, various publications write articles that seem to imply that the Mac is somehow as insecure as Windows or they write doomsday articles stating how "virus-writer" might soon be targeting the Mac en masse spelling out an end to the relative virus-free safe-haven that is the Mac. And that bugs me.

So it is because of these factors that it bothers me that MacNN seems to be subscribing to the view (and telling its readers, some of which are not as Mac-savvy) that a.) the Mac needs anti-virus software, b.) Mac users are smug (because of course, they have no reason to feel superior because Mac OS X is as bad as Windows) and c.) the Mac will soon fall victim to a horde of viruses, as Windows is now.

[gorgonzola]

I think you're blowing the whole thing out of proportion, honestly. Just because Mac OS X is more secure than Windows doesn't mean that it's impervious to virus threats, which is all the article was pointing out. While antivirus programs aren't currently necessary and may not ever be necessary, people should still be aware that viruses are possible on Mac OS X. It's only *more* relevant to explain that to a less savvy reader, since such a person is more likely to blindly think that Macs have no viruses and that's the way it always will be. I don't think any of the articles were painting a doomsday scenario as you claim.

[f1000]

Gabriel, unless you're a theoretical computer scientists or logician who can formally prove that OS X is immune to Trojans and virii, you're just ranting as an unqualified fan-boy.

As long as the Mac OS is capable of being compromised by malicious code, we should continue a policy of hypervigilence. Any Trojan or virus can be contained through concerted user action, and the best way to achieve this is by keeping everyone up-to-date on the latest threat.

[Gamoe]

Originally Posted by gorgonzola

I think you're blowing the whole thing out of proportion, honestly.

I'm not calling for anything because of it, but I did want to point it out.

Originally Posted by gorgonzola

Just because Mac OS X is more secure than Windows doesn't mean that it's impervious to virus threats, which is all the article was pointing out. While antivirus programs aren't currently necessary and may not ever be necessary, people should still be aware that viruses are possible on Mac OS X. It's only *more* relevant to explain that to a less savvy reader, since such a person is more likely to blindly think that Macs have no viruses and that's the way it always will be. I don't think any of the articles were painting a doomsday scenario as you claim.

I don't think the article was by itself painting a doomsday scenario, but I think it can be taken like that, specially by people who are not as knowledable about the Mac. Instead of quoting an anti-virus company, I think the article should have emphasized on the importance of thinking before accepting files and backing up your data (because after all what worse could a nasty virus do than erase your data?), without calling Mac users "smug".

Originally Posted by f1000

Gabriel, unless you're a theoretical computer scientists or logician who can formally prove that OS X is immune to Trojans and virii, you're just ranting as an unqualified fan-boy.

As long as the Mac OS is capable of being compromised by malicious code, we should continue a policy of hypervigilence. Any Trojan or virus can be contained through concerted user action, and the best way to achieve this is by keeping everyone up-to-date on the latest threat.

I have been a Mac user for more than a decade, and my system, even when it was System 7, has never been compromised by a virus or a trojan. I don't think I have to be a theoretical computer scientists or logician to state with relative certainly that viruses (or trojans) have never been, and aren't now a serious threat on the Mac.

I've never claimed that there can't possibly any any viruses (or trojans) on the Mac, but merely that there isn't enough of a threat to justify anti-virus software or the type of mentality that would be prudent on a Windows machine. And, if Apple continues to do its job at securing Mac OS X, I see no reason why that should change.

Anyway. unless anyone wants to add anything of significance, I think I've clearly expressed my opinion on the matter. Honestly, I don't want to make this a bigger deal than it is, as you suggest, gorgonzola.

[Gamoe]

Here we go again with the "Mac OS X more vulnerable than WinXP" headline and article. At least there were no snide remarks to Mac users or much editorializing in this one, but please folks, at least you could have appended that with ", ZDNet claims". The push for security is good, but outright lies are not.

[Kevin]

Yeah that was kinda sleazy.

"The National MacNN"

Pretty soon batboy is going to be making appearances in the headlines to get hits.

[turtle777]

They don't erven have the grammar right:

Apple's Mac OS X has many security vulnerabilities than its Windows XP counterpart

...many...than... ? WTF ?

[FireWire]

From yesterday's article about the Intel Mini:

Apple today unveiled the new Intel-based Mac mini at its special event in Cupertino, which will replace the company's previous low-end G5-based model.

which has been subsequently corrected after I pointed it out to : "the company's previous low-end PowerPC-based model".

[york28]

Seriously though, if the recent news from the windows world has taugh Mac users anything, it is that even the anti-virus software makers can't be trusted.

[ghporter]

Originally Posted by york28

Seriously though, if the recent news from the windows world has taugh Mac users anything, it is that even the anti-virus software makers can't be trusted.

?! I really don't understand what you mean by this. Why can't they be trusted? And why are you grouping ALL antivirus software makers together when only a few are subpar?

[Kevin]

I knew as OS X gained exposure and marketshare the anti-virus companies would start the FUD compaign.

[turtle777]

Originally Posted by Kevin

I knew as OS X gained exposure and marketshare the anti-virus companies would start the FUD compaign.

Ha, talk about it. And now, with the Intel switch, it gets worse. As if the underlying processor had *anything* to do with it...

-t

[tooki]

Indeed. I guess the antivirus companies have gotten desperate, since they've had no real business on the Mac for years now.

tooki

[f1000]

Originally Posted by Gabriel Morales

Here we go again with the "Mac OS X more vulnerable than WinXP" headline and article. At least there were no snide remarks to Mac users or much editorializing in this one, but please folks, at least you could have appended that with ", ZDNet claims". The push for security is good, but outright lies are not.

I saw the headline you're referring to (before it was edited) and I thought it was sleazy, yellow-journalism as well. Is MacNN News pandering to one or more of its advertisers? I hope that the staff has more journalistic integrity than that.

[turtle777]

Originally Posted by f1000

I hope that the staff has more journalistic integrity than that.

I'm not sure about that, judging from their recent escapades...

-t

[Gamoe]

"Mac OS X hacker gains control in 30 min"... Yet another misleading headline and story. Is repeating what others write, without verification or details really "news"?

[Kevin]

Is that misleading? Didn't a hacker gain access in 30min?

What is this I hear about Apple running code in root without authentication?

[turtle777]

Originally Posted by Kevin

Is that misleading? Didn't a hacker gain access in 30min?

Yes, it is.

The contest was to REMOTELY hack the computer (opver the internet), whereas the 1337 haxxor had LOCAL access as a user. Two VERY different pairs fo shoes.

According to Heise.de, the Mac had a LDAP server running, which allowed local users to create new users on that machine. With this new user, the haxxor was able to use a unpublished security hole to gain root.

My take: BS.
With an open LDAP server and local acess, a haxxor might as well get PHYSICAL access. As we all know, all bets are off then.

Edit:
FInally someone got a clue:
http://blogs.zdnet.com/Apple/?p=152

"The story made headlines on Monday, but it incorrectly presented the break-in as a genuine hack where it should have been described as a privilege escalation for a legitimate user."

Originally Posted by Kevin

What is this I hear about Apple running code in root without authentication?

Links ?

-t

[Kevin]

http://www.theinquirer.net/?article=30091

According to Rixstep here, although Tiger does sort out a lot of these issues, one of the main problems is that OS X is not true Unix.

The site says that no self-respecting Unix designer would be so stupid as to allow arbitrary code to run as root without authentication. µ

[Gamoe]

I must say-- Good on MacNN for the latest articles on this issue. It's nice to see MacNN picking up the other, more logical side to this issue.

[alphasubzero949]

Originally Posted by Kevin

http://www.theinquirer.net/?article=30091

While I don't fully see eye to eye with Rick on what he thinks of OS X, he does have valid points and critiques. Call him what you want but he is right.

[turtle777]

Originally Posted by Gabriel Morales

I must say-- Good on MacNN for the latest articles on this issue. It's nice to see MacNN picking up the other, more logical side to this issue.

What do you mean ?

Those morons from the MacNN news editing staff still don't understand that there were TWO DIFFERENT CONTESTS. They write in their latest article:

A university systems engineer who presented a "hack-my-Mac" contest closed down his own challenge on Tuesday, saying that even after 4,000 log-in attempts and two denial-of-service attacks, his Mac mini remained untouched. One attacker claimed he had breached security in less than 30 minutes, but this individual turned out to have an account on the machine already.

Idiots.

The supposed "30 min hack" happened in Sweden, the university iMac contest happened at the University of Wisconsin.

Aaaaarrrrrgh.

-t

[Gamoe]

Originally Posted by what_the_heck

The supposed "30 min hack" happened in Sweden, the university iMac contest happened at the University of Wisconsin.

Oh my. Well, brownie points for trying I guess....

[tooki]

I think the reporter there did understand that it was two events, but the wording made it very, very ambiguous.

tooki

[mkbhatia]

Yeah, the wording was ambigous (even though the link was there). I have updated it. I have also told the reporter about the mistake.

m.

[turtle777]

Well, that's why I only read MacNN occasionally now. I used to be a daily (if not hourly) reader of the news section, but now, it's just not worth it. I'm just getting too excited about all the errors, I guess

-t