[Mac_Jack]

Hi,

Does a security update fix prorgam bugs, or potential cracks in the OS, or both?

I've understood that Macs are virtually impervious to viruses. If that's the case, why does Apple call them security updates? Is the security update designed to fix potential OS vulnerabilites before they become problems?

Also, a big question. Why are macs so secure against viruses? Something to do with "root privelages?" Lay-explinations work best.

Thanks,

Mac_Jack

[SpaceMonkey]

Originally Posted by Mac_Jack

Hi,

Does a security update fix prorgam bugs, or potential cracks in the OS, or both?

Both. The most recent update fixed some security-related bugs in Mail, for example.

I've understood that Macs are virtually impervious to viruses. If that's the case, why does Apple call them security updates? Is the security update designed to fix potential OS vulnerabilites before they become problems?

Exactly. Virtually all of Apple's security updates fix vulnerabilities before they are exploited.

Also, a big question. Why are macs so secure against viruses? Something to do with "root privelages?" Lay-explinations work best.

The biggest single reason that Mac OS X is secure against viruses is that no viruses have been written for OS X. Beyond that, OS X is generally thought of as more secure than Windows because it is essentially UNIX with a pretty GUI on top of it. The way that the internal architecture works is such that a few vulnerable applications can't ruin your whole day, because, unlike Windows, application installations generally aren't allowed to mess with the internal workings of the OS (this is what the administrator password is for). This is very different from the way that Microsoft has integrated vulnerable applications right into its OS. For example, Internet Explorer serves as the Windows version of Finder.

Also, from a networking perspective, OS X ships "secure" out of the box, meaning that when you install it, nearly all of its network services (file sharing, etc.) are turned off by default. Generally, a default Windows installation ships with many unneeded network services turned on, making your computer a virtual bulls-eye online.

[ghporter]

Your understanding about Mac OS being "impervious" to viruses is incorrect. There have been a number of them. The structure of the OS, however, has kept those from being a major concern, and the virus writers continue to target Windows because of the much larger "audience" for their viruses.

The security update is just that-it fixes a potential security problem. Most of the time Microsoft only puts out fixes for problems that have been proven and verified to be there, rather than just potentials.

Now for an explanation-the difference between Mac OS (particularly OS X) and Windows and why one has so much problem with viruses. Firstly, these two operating systems are significantly different in both design philosophy and structure. Where OS X has a relatively new code base, Microsoft has worked hard at "maintaining compatibility" with the millions of software packages in the world that expect certain (pretty stupid) "features" in the OS that are actually glitches, oversights or even simple bad coding, so Windows is laden with what's termed "legacy code" or at least "legacy-compatible code." It is here that the major problems lie, because most of this old code was written in the pre-Internet days when a computer just sat there and maybe talked to a printer.

The structure of the two systems, as I mentioned, is also significantly different. Windows depends on a huge and complex network of interlocking "hooks" that connect various chunks of code so programs or the OS can complete various tasks. OS X, on the other hand, while well integrated, is not interdependent on various random bits and pieces of code; it is made up of modules that have well delineated functions and responsibilities. Like its Berkley foundation, these modules are independent and stand on their own, unlike the components of Windows that serve a variety of functions at different times.

Finally, with a much lower market penetration than Windows, OS X doesn't seem like the juicy target for hackers and virus jerks that Windows does. Let's face it, if you get your kicks from hosing someone's computer/network/server, it's way more satisfying to hose up millions of users than to hose up tens of thousands. And since Windows is so complex for some people to keep secure-compared to OS X which is fairly easy to keep secure-there are a lot of Windows machines with un-plugged holes out there-easy pickings for the digital thugs.

[Mac_Jack]

Thanks for the very detailed responses! I appreciate it immensely. Let me ask an alternate question. I've heard that something like 97,000 viruses exist for MS OS, and less than 100 for the Mac OS, with most of them only able to affect pre-OS X.

So, let's say for a second that Apple and Microsoft each had 50% of the market, which would be enough temptation for all those creeps who write viruses to want to target the Mac OS. What could they do? What I mean is, if a virus could be written for the Mac OS, what could it be capable of doing, worse-case scenario?

Thanks again in advance.

[Millennium]

If you truly want the worst-case scenario, a virus on OSX could do anything that a virus on Windows could do. However, it would have a much harder time getting to the worst-case scenario, because it would have to get around many different security mechanisms. Pretty much the only way it could do this would be to trick the user into running the malware as root, and that requires an Admin password.

The security mechanisms included in Windows actually aren't half bad, except for anything dealing with ActiveX. The real problem is that Microsoft doesn't bother using what they've got effectively, and so many of the most important security measures are turned off by default rather than on and mandatory. The result is almost worse than having no security measures at all, because people think they're being protected when in fact they aren't. If Windows were to make all of its security features mandatory, it would be almost as good as OSX in many areas and even better than OSX in some cases. ActiveX would still be a problem, but that would be pretty much it.

[ghporter]

I agree with Millenium in much of his post. But Microsoft has finally figured out that people don't want "easy" when it also means "buggered up by viruses within minutes of going online." And unfortunately any unprotected Windows computer actually would be attacked in one way or another within the first fifteen to twenty minutes of being visible online. So what those nice people in Redmond have done is turn ON all the "normal" security features in XP SP2.

SP2 is more an updated OS than a set of patches, and one of the big improvements was the Security Center. While they still don't provide an antivirus application of any kind, they DO at least tell you that your butt is out in the breeze if you don't install one (and most big vendors give you at least a trial version of a good AV package when you buy one of their comptuers).

And ActiveX is STILL a major security issue, since, unlike some Java, there's no real security checking or signing of ActiveX items. (Yes, there is a 'signing mechanism" for them, but they don't have a way to track back the validity of the signature to a trusted root, like with certificates, so they just say "trust me, I'm good," whether they are or not.) They're just 'there' and they do whatever they do, good or bad. You CAN have IE look at them before you run them, and there are a number of options to customize how they're handled, but they are all set to "go for it!" as a default. Great security, huh? It's also kind of hard to find where to play with those settings and what they actually do. Not good for a novice user at all.

[Mac_Jack]

Thanks again to all. So, the way I understand it is in terms of a compartmentalized hull on a ship. The Mac OS is a compartmentalized hull. If something does penetrate one section, it just affects that section. The ship doesn't sink. In order to get it to affect the other compartments, an actual person has to go down there with a chisel and make holes in the rest of the compartments, thus flooding the rest of the hull. Windows is non-compartmentalized. One hold is capable of spreading water to the entire hold, thus potentially sinking the ship. Is that a fair assessment?

Jack

[Jacob]

[Millennium]

Originally Posted by Mac_Jack

Thanks again to all. So, the way I understand it is in terms of a compartmentalized hull on a ship. The Mac OS is a compartmentalized hull. If something does penetrate one section, it just affects that section. The ship doesn't sink. In order to get it to affect the other compartments, an actual person has to go down there with a chisel and make holes in the rest of the compartments, thus flooding the rest of the hull. Windows is non-compartmentalized. One hold is capable of spreading water to the entire hold, thus potentially sinking the ship. Is that a fair assessment?

You're close, but I'd extend your metaphor just a little. Windows is like the Titanic, which had a compartmentalized hull much like you describe, and it was one of the reasons the ship was reputed to be unsinkable. However, the Titanic's compartments were only sealed on the bottom, not at the top, so when it hit the iceberg the compartments didn't matter, because they hadn't been sealed properly. Water flooded the whole ship, and the rest is history.

[Person Man]

Originally Posted by Jacob

[IMG][/IMG]

WTF??? Reported.

[JellyBeen]

Originally Posted by Millennium

You're close, but I'd extend your metaphor just a little. Windows is like the Titanic, which had a compartmentalized hull much like you describe, and it was one of the reasons the ship was reputed to be unsinkable. However, the Titanic's compartments were only sealed on the bottom, not at the top, so when it hit the iceberg the compartments didn't matter, because they hadn't been sealed properly. Water flooded the whole ship, and the rest is history.