From owner-freebsd-security Wed May 2 14:21:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from sol.cc.u-szeged.hu (sol.cc.u-szeged.hu [160.114.8.24]) by hub.freebsd.org (Postfix) with ESMTP id 6DE7F37B422 for ; Wed, 2 May 2001 14:21:07 -0700 (PDT) (envelope-from sziszi@petra.hos.u-szeged.hu) Received: from petra.hos.u-szeged.hu by sol.cc.u-szeged.hu (8.9.3+Sun/SMI-SVR4) id XAA10135; Wed, 2 May 2001 23:21:05 +0200 (MEST) Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian)) id 14v43V-0006vV-00 for ; Wed, 02 May 2001 23:21:05 +0200 Date: Wed, 2 May 2001 23:21:05 +0200 From: Szilveszter Adam To: security@freebsd.org Subject: Re: What do folks think of this article? Message-ID: <20010502232105.C24364@petra.hos.u-szeged.hu> Mail-Followup-To: Szilveszter Adam , security@freebsd.org References: <200105021702.LAA24669@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200105021702.LAA24669@lariat.org>; from brett@lariat.org on Wed, May 02, 2001 at 11:02:20AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 02, 2001 at 11:02:20AM -0600, Brett Glass wrote: > http://www.businessweek.com/bwdaily/dnflash/apr2001/nf2001051_727.htm > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Hello, While the article contains quite some mix-matching and is spreading a great deal of FUD (just as any article that obscure "security experts" use to plug their services), the part about the state of Mac security response capabilities is true. In this respect, Apple is in the same shoes now as MS was when Internet access using Windows became commonplace. This was not even the case with the release of Win95, only later. It is only recently, for example, that MS security engineers are engaging into direct correspondence on BUGTRAQ wrt security problems. They too had to learn that this was the only way. Apple will IMHO go the same way, because it will be forced to do so. Waiting until the next release to fix that bug is no longer enough. As for other assertions of the article, they are at least "interesting". 1) The fact that there were only few Mac viruses (there were a few, and say macro viruses for MS Office sometimes were operable also on Macs) does not mean more than there are few Macs. 2) That there were not many Mac exploits is a) questionable: what is "many"? I have seen some. b) hacking a Mac under MacOS would have been approx. as much fun as hacking win3.11. Great. Easier to simply circumvent the login prompt:-) 3) UNIX type systems are not any more insecure than the Mac was. The fact that there are many advisories for them means that it actually makes sense to publish them and trying to patch the holes, while say for win95 or older, these efforts are largely wasted. 4) That UNIX attracts hackers is simply untrue, when used generally. What attracts them is insecure machines with known holes, and most of those happen to be from the Windows (and in lesser numbers from the commercial UNIX) variety. This sentiment merely reinforces those who think that security against intrusions is something that only UNIX admins need to concern themselves about. No. If you are on the Net, you must protect yourself. 5) Show me a UNIX virus. Not an email virus that can spread through a UNIX machine's MTA to windows machines, but an actual UNIX virus. Worms do not count. They are worms, not virii. Some other blatant errors have already been pointed out. It seems it is not only Apple that needs to read up on what the name of the game is. Also some PC centric allegedly technical mags must grow up to the task and stop that Windows centric attitude that says: "Either it is windows or at least it must look like and feel like windows (see most of their Linux coverage) otherwise we don't have a clue." -- Regards: Szilveszter ADAM Szeged University Szeged Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message