Network News

X My Profile
View More Activity

Coming in January: "Month of Apple Bugs"

A pair of security researchers has picked January 2007 as the starting point for a month-long project in which each passing day will feature a previously undocumented security hole in Apple's OS X operating system or in Apple applications that run on top of it.

The "Month of Apple Bugs" project, currently slated to begin on Jan. 1, is being orchestrated in part by a security researcher who asked to be identified only by his online alias "LMH." This is the same researcher who in November ran the "Month of Kernel Bugs" project. LMH's partner in this project is Kevin Finisterre, a researcher who has reported numerous bugs to Apple over the past few years.

The current craze for featuring a new bug each day for a specific time period began this summer with researcher HD Moore's "Month of Browser Bugs," which highlighted unpatched security holes in Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari browser, and even Opera. With most of the browser bugs, Moore alerted the affected software vendors prior to publishing his findings.

To the chagrin of some security experts, however, LMH declined to give affected vendors advance noticed before posting evidence of kernel bugs on his Web site last month. Eleven of those kernel bugs were related to Apple software and applications, including a serious security hole that prompted a software update from Apple just two weeks later. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said in an interview conducted over instant message.

LMH said that while his upcoming project had the potential to at least temporarily make security more tenuous for the average Mac user, he believes that in the long run the project will improve OS X security.

"Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way," LMH said.

It should be interesting to see whether Apple does anything to try and scuttle this pending project. In November, a researcher who focuses most of his attention on bugs in database giant Oracle's software announced his intention to launch a "Week of Oracle Database Bugs" project during the first week of December. The researcher abruptly canceled the project shortly after the initial announcement, without offering any explanation.

By Brian Krebs  |  December 19, 2006; 9:50 AM ET
Categories:  From the Bunker , Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Ransom-Mail: All Your E-Mails Are Belong to Us
Next: New Firefox Version Fixes 8 Security Holes

Comments

I wonder if Apple is nervous at all over this. Here they get to wake up each day and find a new bug of theirs slapped in their face with no fix available.

I'm sure Apple will do the best they can to fix the ones that really need fixing but it is kind of funny to see them playing in Micro$oftie's normal mode of damage control.

Posted by: blast3r | December 19, 2006 10:26 AM | Report abuse

Interestingly, ZDNet Australia is currently carrying a story pointing the finger at OS X. However, there is perhaps some over-enthusiastic editorializing (by Munir Kotadia) in that case, since this primarily rests on a claim by a researcher at Otago (Mark Borrie) that he's come across botnets run from OS X machines but the Borrie himself says their being compromised was down to mis-configurations and weak passwords.

http://www.zdnetasia.com/news/security/0,39044215,61976105,00.htm

Posted by: Nick | December 19, 2006 10:47 AM | Report abuse

Uh oh, here comes a rehash of the usual fruitless debate between Mac fans and Mac haters about security of the Mac OS compared to Windows. How about we try to avoid some of the usual straw men?

No reasonable user of any computer system, including Mac users, believes their system is "bulletproof." Every system has flaws, and everyone needs to be cautious.

It's just that, relatively speaking, there is very little in the way of real malware "in the wild" that affects the Mac OS. This is due to a combination of the small marketshare of the Mac AND its security architecture (it is harder for malware to be installed without generating a prompt for administrative password).

So Mac fans and haters can both be right to a degree.

Posted by: Thor | December 19, 2006 11:03 AM | Report abuse

As a Mac user, I have to say, we have become rather complacent when it comes to security issues with our software. Mac's do get viruses. I know this through an unhappy experience.

I will not join "The sky is falling!" gang but I will keep myself informed and download the latest OSX security software (as I have always done.)

Posted by: P. Kraemer | December 19, 2006 11:11 AM | Report abuse

LMH could (1) tell Apple about security problems, thereby encouraging remedies, or (2) publicize the problems first, thereby encouraging abuse.

Which is the responsible course? Anyone? Anyone?

Posted by: MiddleMiddle | December 19, 2006 11:13 AM | Report abuse

As a casual MAC user - I can tell you that there are problems. Screen Freeze, crashing, and lack of support are not unusual. Funny how the MAC commercials say those things don't happen. I was also amazed at the lack of software for MAC. After spending 2K I feel like I could have bought a state of the art PC.

Posted by: Ben Kelly in Tampa | December 19, 2006 11:27 AM | Report abuse

LMH has a big dose of E-G-O I think by not publishing them first to those he 'claims' he is trying to help.

Posted by: Andrew | December 19, 2006 11:40 AM | Report abuse

No, "the sky isn't falling".

Nor is security software, with satbility and performance troubles to bring of its own necessarily the answer. But it's not a bad time to review your practices:

http://www.macgeekery.com/tips/security/basic_mac_os_x_security

Or check out the Common Criteria recommendations on Apple's website.

Posted by: Ghost in teh machine | December 19, 2006 11:53 AM | Report abuse

I used to think Macs were bulletproof until one day I experienced something akin to the blue screen of death. It is a rare thing called a Kernal Panic. Nobody has been able to provide any info on how to resolve this issue and my poor G4 out of warranty has sat the last couple years collecting dust because I don't want to throw away what ammounts to a giant expensive paper weight. I have followed all proposed sollutions in numerous combinations to no avail. Rather than replace the logic board for a couple hundred, I figured when I've got that kind of money to spend, I would be better of putting it to use on a Dell, or a newer intel mac... but now that I've been burned it's scary to think about the possibility of throwing away a thousand dollars when you know an unfixable crash is possible. At least with a PC parts are relatively cheap and easy to swap.

Posted by: Chris | December 19, 2006 11:53 AM | Report abuse

Ben, if you are getting screen freezes and crashes, there is something wrong with your system, beit hardware or software. That is not the norm and if you remedy the culprit, those issues will go away and you'll be happy with your $2k PC. BTW, did you call Apple???

Posted by: Barrett Schmidt | December 19, 2006 11:53 AM | Report abuse

A couple of points come to mind regarding this "threat?!?" to disclose OS X vulnerabilities--or whatever you wish to call it:

Isn't it time for serious researchers, aficionados, etc. in the computer genre to stop acting like teenagers and act like grown-ups? For example:

a. UNLESS it is an Apple insider disclosing vulnerabilities without compromising their identity, it is totally reprehensible and irresponsible (and frankly immature) NOT to notify the manufacturer and allow them to research (and, if necessary, rectify any bugs of consequence) prior to publication; serious computer researchers should follow this protocol; and

b. it is time for serious computer enthusiasts to stop living behind the juvenile precepts of "p$u3d0nym$." It is hard to take a researcher seriously who hides behind initials and is only available for interview by instant messaging.

It is just this sort of behavior that renders this population as caricatures of overweight and sloppy 30-something adult social misfits relegated to their Mom's basement (ala the Warcraft episode of "South Park").

Posted by: T. Kawles | December 19, 2006 11:56 AM | Report abuse

A month of OS X OS X Bugs won't change the fundamental truth: there are no exploits IN THE WILD for OS X. Of course OS X is not bulletproof, but the threat of your machine being compromised by casually surfing the web is close to nil.

Posted by: Lib | December 19, 2006 12:21 PM | Report abuse

Chris,

Kernel panics are indeed rare, but I've had a couple over the past five years. If rare like this, there may be nothing to fix, but reinstalling the OS would be a good idea. Regular backups should be part of everyone's routine.

If you were getting frequent kernel panics, on the other hand, the source can be difficult to diagnose, but don't let that deter you from getting finding someone experienced enough to fix the problem. One common source is cheap, third-party memory. If you had memory installed after purchase, try removing the chip and see what happens.

If you are talking about a laptop, there were some batches with bad logic boards. Apple has a recall on these and will repair them regardless of warranty. Worth checking into.

Good luck.

Posted by: Thor | December 19, 2006 12:25 PM | Report abuse

To respond to T. Kawles, Apple has a recognizable history of fighting anyone who releases information about their products, from the ThinkSecret fiasco to problems with the OS X drivers for wireless networking.

If I has a list of 31 Apple security holes, I'd want to hide behind a pseudonym too.

Posted by: J | December 19, 2006 12:25 PM | Report abuse

Chris, Ben,

Like any electronic device, flaws and failures do occur, no matter whose name is on the outside case. I have had a few problems with my old G4 -- mostly on account of my own screw-ups. Had to buy a new USB card when it mysteriously died. But your claim that Apple is harder to fix than a PC is simply hard to believe. I have spent infinitely more time reconfiguring my parent's and my work PC's to operate as advertised than my trusty Mac - many, many security issues and software conflicts. Never had that problem with my Mac. FYI, if it is hardware that is the source of your problem, internals for an Apple come from the same suppliers as any other PC maker. If yours is a modern system (G4 or later), you will find that Apple internals are also easy to replace & upgrade yourself, thanks to several excellent retailers like Other World Computing, SmallDog, and of course Apple's own online and retail stores. Apple's support has won industry awards, so take your finicky machine to your local Apple store for a quick free consultation. (Try that with a Dell).

As for finding the software you need, well, Macs will run PC software too (Parallels, Boot Camp). Not sure what esoteric software you absolutely need that is not available for the Mac, but a quick search at Versiontracker.com ought to hook you up.

If you believe that Windows is as secure as OSX, then go ahead and save the small initial purchase price difference (usually smaller than one is led to believe because of vastly different "standard configurations" - http://www.systemshootouts.org) and instead spend your cash on monthly Antivirus updates. Some of us prefer to spend our time any money accomplishing tasks rather than fixing problems.

Posted by: malbeau | December 19, 2006 12:26 PM | Report abuse

The reason to post the bugs to the public instead of reporting them first to Apple is most likely money or other compensation. Just like the Oracle postings never materialized at the last moment. They're probably hoping a corporate offer will materialize -- notice that these are always precluded by tons of publicity (like this WP article). And although supposedly annonymous, I'm sure the corporate geeks can trace or communicate with the 'bug exposer'.

Posted by: JimmyJoe | December 19, 2006 12:34 PM | Report abuse

@Chris -

Kernel panics happen, but they're not the end of the world. I had some now and again with my old G4 tower (usually heat related... go figure). Have you gone through the basic steps of calling Apple, talking to a local support shop, etc?

Your level of 'fear' if it is that is akin to my saying that I once got a bluescreen on a laptop, so now it's a 2k paperweight!

Grow up. Computers crash. Every computer crashes, even the ones with super-nice realtime operating systems (like Satellites, etc). You just need to do the basic things to figure out what's wrong and fix it. At worst, donate it to someone who will.

-WS

Posted by: WinterSolstice | December 19, 2006 12:40 PM | Report abuse

What is the VALUE to the CONSUMER and the SOCIETY in NOT TELLING the vendors before releasing this information?

THERE IS NO ADDED VALUE!

It is the way a little man with a big chip on his shoulder chooses to operate as self appointed "punisher". He should tell the vendors first, then make the releases.

Posted by: Long Beach Ca | December 19, 2006 12:44 PM | Report abuse

If this 'security researcher' (yeah, right) was instead intending to publish the secret location of a stash of guns, how long do you think it would take the first person to get shot with one of them to file a lawsuit?

Posted by: K | December 19, 2006 12:49 PM | Report abuse

To Lib:

Where have you been hiding at? There are NUMEROUS exploits in the wild for Mac OS X. You sound so positive in your statement and it is total rubbish.

If you Google: site:milw0rm.com "mac os x" you will get 154 hits for exploits. Some of the Mac fanatics remind me of religious fanatics who keep forgetting about the bad stuff in the bible.

Posted by: blast3r | December 19, 2006 12:51 PM | Report abuse

Coming in January: "Year of PC Bugs"

Oh, wait, I'm sorry that's not at all accurate. It should be "Decade of PC Bugs" or maybe "Millenia of PC Bugs." Find me an Apple machine that's rendered inoperable by malware/spyware. On a yearly basis thousands (if not millions) of PC's certainly are.

Posted by: Judge C. Crater | December 19, 2006 1:00 PM | Report abuse

To Long Beach and others,

One (value adding) reason to not tell Apple before hand, is to embarrass them into doing the job they should have done in the first place, namely, write better code. If Apple is seen as losing its edge over MS in security, then maybe they will beef up their testing division.

Posted by: BAC | December 19, 2006 1:04 PM | Report abuse

Chris,

My son's old G4 crashed - I think it was after I installed a scanner for him. My other son showed up with a disk with "CodeWarrior" (I believe it was called, which found multiple problems and fixed them. If it had not worked, I was prepared to re-install OS-X from scratch. It's a good machine.

Posted by: John Heizer | December 19, 2006 1:05 PM | Report abuse

"'Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way,' LMH said."

I have no beef with the exercise itself, but LMH is clearly an idiot. "Many" OS X users do not think their system is "bulletproof," i.e. that it could never be exploited under any circumstances. Rather, they think that there are several orders of magnitude fewer exploits actually implemented and circulating in the wild for OS X than there are for Windows. And they are absolutely correct - this is an empirically verified fact.

LMH is clearly dragging out the tired old Artie MacStrawman* for yet another debate, because s/he can't effectively make his/her point without resorting to exaggeration or lies.

*http://www.crazyapplerumors.com/?p=664

Posted by: Mike A | December 19, 2006 1:10 PM | Report abuse

Judge C. Crater> "Millenia of PC Bugs."

Double n in millennia, please. "Millenia", should we accept it as a word, would be the combination of "mill" ("a thousand") and "ani", plural of "anus". (I laugh every time I see a Mazda Millenia).

Although perhaps that's what you meant after all...

Posted by: aeschylus | December 19, 2006 1:15 PM | Report abuse

BEN KELLEY. Don't be so obvious as a troll. No real Mac users spell out Mac in all capital letters as you did. It's a common mistake among PEE CEE users, possibly due to their having to fool around with arcane settings like MAC addresses all the time. "Screen Freeze, crashing, and lack of support are not unusual". Actually, in the Mac world yes they are. Screen Freeze, crashing? Not anything I ever hear about, online or at our user group meetings. B.T.W.,Apple always ranks at the top of consumer satisfaction ratings. So do us all a favor, quit trying to pose as a disgruntled Mac user, and come clean as a disgruntled PC user which you really are.

Posted by: Toby Furrire | December 19, 2006 1:15 PM | Report abuse

To blast3r:

Yeah, I've heard that one before. These are published vulverabilities with exploit code published there. What that is NOT is a list of released viruses, worms, trojans, etc., because there are no such now in the wild. Most or all of those 'exploits' are currently patched, and those with actual released trojans are Proof of Concepts that never really made it into the wild in the first place.

Stop spreading your FUD.

This is an attempt to make Apple look bad, first and foremost, and secondly, an attempt to garner publicity and notoriety.

We'll see at the end of the day (month) how many of these released vulnerabilities are previously patched stuff.

Posted by: rwahrens | December 19, 2006 1:22 PM | Report abuse

Well, let's just put it this way, I've been running Mac OS X since the beta came out, and am online with a high speed network 24/7, and I don't run any type of antivirus/antispyware, and I've never had any kind of infections/worms/trackers. How many on the P.C. side can say that honestly. Additionally, the "security through obscurity" excuse holds no water. If you like working on your computer, buy a PC. If you like working WITH your computer, buy a Mac.

Posted by: Kristoff | December 19, 2006 1:26 PM | Report abuse

Excuse me, but how is this group LMH any different from illegal hackers? If they want to warn Apple of vulnerabilities they find, that's one thing. Give them six months or so to correct the problem, the way it is done by genuine security experts. No, they want publicity, so they can show off their hacking talents in the hacking market, and get to parade their teenage sensibilities around. Are they doing the users any good by doing this? No, not at all.

Posted by: Jim H | December 19, 2006 1:26 PM | Report abuse

Toby Furrire, it may surprise you to know that some Mac users do write MAC, perhaps because they're confused by seeing PC all the time. I saw it happen just yesterday with one of my users, and thought of correcting her, but decided not to bother.

It's interesting that you think PC users have to "fool around with arcane" MAC addresses. As a network admin, I often have to look at MAC addresses when dealing with PCs, Macs, routers, printers, and any other ethernet or 802.11 device. But as far as I know, my PC users are as oblivious to them as my Mac users are. Please elaborate on your experience.

Posted by: antibozo | December 19, 2006 1:30 PM | Report abuse

"Rather than replace the logic board for a couple hundred, I figured when I've got that kind of money to spend, I would be better of putting it to use on a Dell, or a newer intel mac."

A kernel panic is a rare occasion. I've had about three since 2000, on various machines. Its causes are various, including, in your case, a logic board that failed. (Are you sure that's the cause?)

In many cases, it's fixed just rebooting. Disk utilities run on bootup automatically, especially after a panic.

Posted by: Anonymous | December 19, 2006 1:33 PM | Report abuse

@Kristoff

So you don't have any anti-spyware, or anti-virus software? How then, would you even know if you were infected?

Mac owners who preach that there is nothing to be concerned about are no better than people who claim that mobile viruses are fictional.

Everything has bugs, and just about everything has exploitable bugs. What LMH is setting out to do is to show people that Apple's software is just not secure as people have spun it to be.

Posted by: havvok | December 19, 2006 1:41 PM | Report abuse


Rwahrens:
The previous asshat stated there are no exploits in the wild. That is misrepresenting the current actual status of exploits for Mac OS X. That kind of statement is crafted in a way to make it sound like exploits don't even exist for Apple systems. This is exactly how Apple seems to talk as well and I will happily wait for the Month of Mac OS X bugs to arrive. The smugness needs to be slapped off of a lot of people's faces. SOOOOO defensive!!!! One of the biggest problems with people who defend Mac systems is those that were carried over from the 'too dumb to learn how to use a pc' group of people who rode in on the coat tails of the new and improved UNIX based OS. It is mostly these people who now try to act like they are experts when before they could barely point and click on anything. No skillz! Of course there are some Mac users out there from the old days that know what they are talking about but overall this is how the Mac system is advertised. So easy to use. Just like AOL Internet (which I wouldn't be caught dead on). The people that are not experienced will go to AOL.

Posted by: blast3r | December 19, 2006 1:51 PM | Report abuse

What this is is a way to stem the Mac OS X tide timed to coincide with MacWorld in Jan, and announcement of an updated new OS version known as Leopard wich will supercede both XP and Vista.

As noted above, 'in the wild' is what counts.

Posted by: Blank | December 19, 2006 1:53 PM | Report abuse

Chris.... the previous post about third part memory being the cause of your kernel panic is right on the money. Try removing one stick of memory at a time and rebooting, if the panic ensues, then replace the memory you removed and take out another stick. This happened on my G4 dual when I got memory from Crucial.

Billy... if you have a new mac, you have available to you ALL of the software published for Windows and for Mac. I'm running XPsp2 on my iMac and have a two windows progs there, then the rest of the stuff is on my mac. You already own a high end PC. It's called a mac.

Posted by: Jim | December 19, 2006 1:54 PM | Report abuse

There was always a nice big slice of swiss cheese along with Apple's security.

Now everyone will know about it! Just think of it as a little "value added".

And remember, "security through obscurity" is not security. But the OS-X, Lunix, FireFox, and OSS crowds wants you to believe it is.

Posted by: JustSomeGuy | December 19, 2006 1:56 PM | Report abuse

This is just a desperate attempt at publicity and adds up to a load of FUD, again. LHM or whatever his initials are is undoubtedly sucking his thumb in his mother's basement right now.

Just like in November, anythign that is found is totally overblown by the PC press, who are just looking for headlines. Maybe it is the PC press who are paying this 'researcher' (yeah, that is the word...) to come up with this tripe, or perhaps it's someone even more closely connected with Redmond.

Apple touts their security in their ads because they have a HUGE advantage over Microsoft in this area.

It is so sad that the pathetic Mac haters hate Macs so much they troll stories like this. Mac users are here because we are genuinely intersted in the system. PC trolls are here because they are fundamentally psychotic morons who, deep inside are embarrased that they have been so wrong about Macs for so long, and that all the 'innovations' that Microsoft comes up with are nothing more than lame imitations of Apple's vastly superior software.

Come clean windows fanboys. You told your grandma not to buy a Mac 10 years ago because they were 'going out of business' and she still rides you about it...

Posted by: B. Serious | December 19, 2006 2:07 PM | Report abuse

Havok
"So you don't have any anti-spyware, or anti-virus software? How then, would you even know if you were infected?"

I run anti virus software on my macs to be a good net citizen. I am convinced that I personally don't need it because since the release of OSX six years ago I have received zero mac viruses from websites, email, or other internet activities. I have however received many windows viruses that I have deleted so as to not pass them along the net. It's an expense for me, but I want to stay in the good graces of my PC friends.

Contrary to blast3r's postings above, there are no viruses in the wild for the Mac platform. There are "proof of concept" viruses, that need the administrator's password to give permission to installation to work, but that is all. His reference to a particular virus and a link to an explanation of it was exactly one of these type of trojan horse files.

I work with PCs and Macs. And since the invention of Boot Camp we're replacing our PC's at work with Mac minis and installing windows XPsp2.

It's not about Windows vs Mac anymore. Mac is now the best PC on the market and runs more software (both windows and apple) than any other computer offered. That's why I use it. It's a better tool. Microsoft shouldn't worry about Apple's resurgence, Dell and Gateway should... as is evidenced by Apple's market cap surge in the last year and Dell's market cap fall.

Posted by: Jim | December 19, 2006 2:13 PM | Report abuse

@justsomeguy

Security through obscurity is a myth. Take the time to read some info at this link and you'll understand.

http://www.macgeekery.com/tips/security/basic_mac_os_x_security

Posted by: Jim | December 19, 2006 2:17 PM | Report abuse

"Billy... if you have a new mac, you have available to you ALL of the software published for Windows and for Mac."

No, you don't. Example: you can't run Stamps.com software. In fact, there's no software available that lets a Mac do desktop shipping at Parcel Post rates.

Nor do you have software that lets you run a token-ring network.

Nor can you get drivers to work for many printers, scanners, digitizing tablets, and webcams.

What's the difference between Mac owners, scientologists, and christian scientists? The scientologists and christian scientists admit that they are members of a religion.

Posted by: Anonymous | December 19, 2006 2:19 PM | Report abuse

At the previous poster above who said I couldn't run "Stamps.com software"...

I'm sorry to tell you but you're wrong. You don't understand that I can run windows xpsp2 software on my mac. I can run WINDOWS XP SP2 on my mac. I can now install and run any piece of software for windows on my mac. I can also download any driver or other piece of software to drive any piece of hardware on my mac.

Your information is incorrect.

Posted by: Jim | December 19, 2006 2:23 PM | Report abuse

Also... it's got nothing to do with a religious zeal, it's just a statement of fact. Can we have a conversation about this like adults without it degenerating into silly insults?

Posted by: Jim | December 19, 2006 2:24 PM | Report abuse

Normal ethical policy dictates that a vendor get advance warning. We all know that. Normally a vendor is expected to respond in a fortnight.

The issue is vendors who refuse to recognise the advisories sent to them. It's a race between the white hats and the black hats and ordinary users stand to suffer as a result.

If a vendor response is not forthcoming in a fortnight, the bug should be fully disclosed so all are aware of the danger and have a fighting chance to protect themselves.

Both Kevin and LMH have a long history of battling Apple to recognise rather obvious security holes in OS X and the industry consensus is that in general Apple will not respond to such an alert. This coupled with the snooty aloofness of those not in the know makes for a provocative and potentially explosive situation.

I rather think Kevin and LMH, like so many others especially including the authors of Opener and Oompa, are just sick and tired of the incessant rantings of the zealots and the 'security through obscurity' approach of Cupertino. And as they're probably Apple users themselves, their objective is to shake Apple out of their sycophantic complacency and get things moving so the BIG GREAT CATASTROPHE does indeed never happen.

For you've got to give them this: they know more than most posters here by a light year.

So kick back, watch and enjoy, and try to not get your knickers in a knot. This can only be for the good.

Posted by: Rick | December 19, 2006 2:31 PM | Report abuse

@rick

"the industry consensus is that in general Apple will not respond to such an alert."

This hasn't been my experience with Apple. And I've owned Macs and PC's since 1984. When there has been a proven issue I've seen them respond within a couple of weeks with software updates that address the issue. Ie... iWeb, quicktime, safari, and OSX security updates. Many of these came within a short time of reported security reports in the past few years. Far faster than my needs were met by Redmond.

I agree with you though - Kevin and LMH should give apple two weeks notice of their findings, but even if they don't. It's all good. If they find anything serious, past experience shows that Apple will fix it asap. Your right, it will be an interesting month to watch.

It's still my assertion though, that it's not about Windows vs OSX anymore. Microsoft stands to make more $$ from Apple now than before with the number of people switching PC manufacturers to an Apple preference. It's about computer platforms, and Dell is certainly in trouble, and Gateway isn't far behind. The Mac is simply the best PC available on the market currently.

"tired of the incessant rantings of the zealots" could well describe some of the winfanboi rantings above. As I read the postings there are zealots on both sides, but most of the reasoned arguments have come from Mac aficionados and the rantings have come from those who continue to believe that "security through obscurity" is fact and not myth.

Posted by: Jim | December 19, 2006 2:45 PM | Report abuse

Sounds like another BS publicity ploy. No disclosure to the company? Irresponsible. Much like the "Wifi Vulnerability" that was proved to be a bunch of nonsense (that i still see people referencing as if it were real, and even claiming that "Apple pressured them into silence" haha - what a joke.)

Funny how 31 bugs in OS X is news, but 300 new exploits in XP no longer headline-material.

My prediction? - 25 bugs that are dependent on non-factory settings, 3rd party add-ons, or outdated software. maybe 6 real bugs that can cause problems, but are either unusable in the wild, or quickly patched by Apple.

I dont know anyone who thinks that their OS X box is bullet-proof, but i also dont know anyone who runs anti-virus, nor do i know anyone who has ever had any spyware or a single virus since 10.0. (and i know quite a bit of mac users.) So empirically, the smugness is almost justified.

Posted by: Jeff | December 19, 2006 2:45 PM | Report abuse

Wow, this is funny to see the Mac folks grappling with the age-old (in Internet time) problem of full disclosure v. responsible disclosure debate. Windows and Linux users have been dealing with it for years now.

The first gut reaction is to slam a researcher for releasing stuff directly to the public, but if you do some research, you'll find that full disclosure is a valid response to what vendors have typically done in response to researchers who find bad flaws in thier software Given the EULA's you sign, you have good cause to disclose vulnerabilities because your software vendor offers no warranties to you. The bad guys already know about these often times long before they are disclosed.

Posted by: Not a Noob | December 19, 2006 3:00 PM | Report abuse

I'll bite, Jim. Why won't Stamps.com work on a Core Duo class Mac running Windows? The site does not provide any warnings about peculiar hardware requirements, just a comp, a printer, and an account.

I am not in the US, so the service is useless to me, but I'd be interested in knowing just what the hitch is.

Also, your point is not fully made. I can show you lots of modern PC laptops that "can't run" Windows software because they do not have the ports required by the software. So if you want to use steam powered software and hardware, you are just as out of luck with a new laptop PC as a Mac user would be.

Posted by: M. T. MacPhee | December 19, 2006 3:03 PM | Report abuse

A word to the wise: Most, if not all, of the negative crap about Mac's being posted here, and the "month of Apple bugs" itself, is BLACK PR. Professionally written lies, designed to stop Windows users from switching to Mac.

Posted by: Steve | December 19, 2006 3:05 PM | Report abuse

No, Rick, it might not ONLY be for the good.

Apple credited 'LMH' as the reporting source for one of the patches in its most recent Security Update.

So apparently you can't really honestly say that Apple has "mistreated" LMH or ignored him and his bug reports. In fact, it proves that they are paying attention, because they regularly credit bug contributions on the Security Update Notices they publish.

So what is the chip on your shoulder, LMH?

You didn't like the way some Mac users treated Brian Krebs? Or George Ou? Or the Maynor/Ellch guys? You didn't like the way some people behaved, so you decided to start the Month of Kernel Bugs to announce Zero-Day flaws and force everyone to pay attention.

So let's look at the logic here - despite any protest you might put up, you cannot defend these actions.

So if I don't like the way some bloggers (like LMH) publish zero-day exploits, I think I'll start a "Month of Blog Bugs" campaign that will point out flaws in the various blog sites allowing people to hack in and delete accounts or compromise their passwords.

And this would be ok, because your stance is that it's fine to put EVERYONE in a class of people at risk in order to punish the smug or crass behavior of a few. What an incredibly shallow, short-sighted, childishly emotional and illogical process of thinking you have there, LMH.

It almost makes one hope that LMH's Mac Bugs cause someone, somewhere a serious financial loss, and that said individual (or business) decides to ascertain LMH's identity and sue his pants off.

Posted by: Blucaso | December 19, 2006 3:10 PM | Report abuse

Rick,

I agree with much of what you said in your post, but then you got to the part about "Opener" and "Oompa Loompa." Why drag out these things? They undermine the rest of your post.

The so-called Oompa Loompa (or Leap-A) was a trojan that fooled users into opening an application disguised as a picture file. The app would then try to send itself to the user's buddies via iChat. Apple issued an update in February that changed the handling of files sent through iChat to warn users if such files contained an application. Complacency indeed. Anyone who keeps their system up-to-date and is careful to install files only from trusted sources is fine.

Opener is a nasty script but has no effective vector to spread itself. Anyone familiar with a Unix command line can write an equally nasty script. One line will do. The trick is spreading the script and getting users to run it on their system with administrative privileges.

Anytime a user can be fooled into giving permission to install something they shouldn't, they are vulnerable. That applies to every operating system.

I look forward to the month of Apple bugs as well, though for different reasons. For years now, Mac haters keep licking their chops waiting for "the big catastrophe." Objective people will be able assess how significant these bugs really are. Apple will issue appropriate patches as needed. Try not to get your knickers in a knot when life goes on as usual.

FWIW, I think that LMH should report them to Apple NOW and follow up later if Apple fails to act.


Posted by: Thor | December 19, 2006 3:16 PM | Report abuse

"Nor do you have software that lets you run a token-ring network."

Seriously? token-ring? A bit out dated don't you think? My dot matrix printer might now work either!

Posted by: Jeremy | December 19, 2006 3:17 PM | Report abuse

Who cares how many vulnerabilities there are? Or how many exploits in the wild? It only counts if people have been damaged by them, either directly, or by having their computer turned into a base for other users.

So instead of counting how many exploits have been announced, or how many are out there in the wild, why don't we count time and expense required to repair damage.

All the Mac users who have had any kind of problems attributable to malware, please stand on the left. All Windows users who have had any kind of problems attributable to malware, please stand on the right.

Now let's count heads...

Posted by: lgp | December 19, 2006 3:29 PM | Report abuse

As a Mac user for more years than some of the posters may have lived, and as someone who has also worked professionally in the Information Technology field for the same time working predominantly with Microsoft based systems, I have to agree that the problems experienced between platforms is a matter of degree.

I cannot tell you how many times my life has been interrupted by exploits being unleashed targeting the "Windows Infrastructure".
I cannot explain how much money has ( and will be ) spent on software and devices so that my organization may be spared from the financial impact of another "Zero Day Exploit".

Human Stupidity is unavoidable since, by definition, half of the populace is below average intelligence. Those of us that choose a computing platform for ourselves, and recommend to friends and family to purchase Macs, are doing ourselves a favor. But the recommendation should come with a warning - nothing is perfect - Macs only minimize risk at this point ... at some additional cost... but what is the cost of quality of life and productivity?
Safe Computing Habits and frequent updates are necessary whatever computing choice is made.

I use Windows XP at work and find it to be extremely stable and virus free ..... ( But it is patched automatically due to extensive and expensive infrastructure/software that my organization deploys). I use it from home via a VPN from my Mac, and consider it as a "high maintenance, ugly interface application launcher" - but it gets things done.

In my mind, the problem is the typical WalMart shopper buying the "cheapest" machine and hooking it up to "cheap" Internet.
"I Just Want to Run these games ... actually honey, they're called Programs ... "
These are the lower 50% that I previously commented on.
These are the ones who have no clue about security or the need to patch/update their systems - NetBot Paradise.

Fanboiz - PC or Mac ... you have your arguments, but the average "Joe" doesn't have a clue. If you like your friends calling you up in the middle of the night, suggest a cheap PC.
If you value your friendships and family, please suggest a Mac.

In either case - teach them what they need to do from a security perspective - we are all in this together.

Posted by: e-twelve | December 19, 2006 3:32 PM | Report abuse

Yep.....here's how this idea came into being.....

LMH: Let's do a research project called the Month of Windows Bugs.

Kevin Finisterre: Ok....here's the undocumented bugs we've found so
far.

(slams down a five thousand page printout on the table)

LMH: Uhhhhhhh....how about the Quarter of Windows Bugs.

Kevin Finisterre: Don't think so. By the way, Vista is coming out
soon.

LMH: Uhhhhhhh...how about the Half-Year of....

Kevin Finisterre: Be real.

LMH: 5 Years of....

Kevin Finisterre: Nope

LMH: Decade?

(Kevin Finisterre shakes head)

(pause)

(LMH suddenly snaps his fingers)

LMH: I got it! The Month of Apple Bugs!!!!

Kevin Finisterre: PERFECT!!!

Posted by: ChrisClement | December 19, 2006 3:37 PM | Report abuse

I find it astounding that, without proof, there is an assumption that Oracle stopped the "Week of Oracle Database Bugs" project. Wouldn't it be easier to assume that the project was halted because the project team couldn't meet their goal?

Posted by: SteveA | December 19, 2006 3:44 PM | Report abuse

This is a stupid stunt. There are much better ways to deal with the inevitable bugs to be found in any software. This is designed to generate clicks, nothing more, and has nothing to do with actual security.

Posted by: ddh | December 19, 2006 3:49 PM | Report abuse

Wel i had the experience with installing it into a larger scalle network. Its fair to say that mac had/have it's own troubles. But they could do the updating way faster.. they are making good sales last year. Now to hope some of that $$ is putted into debuging labor

Posted by: Sjoerd | December 19, 2006 3:58 PM | Report abuse

Hmm ... I don't know about Apple's rushing to fix vulnerabilities. It's been said before that OS X has had some holes that were fixed literally *years* before on other Unix-like systems. Doesn't sound like rushing to me.

I just tried Googling, and you know what? I found that applies to one of the MoK bugs:

"The bug was fixed by FreeBSD on Tue Jun 27 23:08:36 2000 UTC (6 years, 4 months ago)."

http://projects.info-pull.com/mokb/MOKB-09-11-2006.html

Apple, of course, cannot simply roll in what the FreeBSD people do, because their kernel is hybrid not pure FreeBSD. They had to write their own fix, and they evidently were in no hurry to do so. So, yes, it would appear that they were relying on "security through obscurity". Yes, OS X is not an abortion like Windows. But it has still had numerous vulnerabilities, and. despite assertions to the contrary, they have not always been fixed very promptly.

And it does not follow, as one poster asserted above, that LMH and Kevin Finnisterre want to punish Mac users for their smugness and ignorance and are, therefore, being "childish". The smugness of all too many Mac users is relevant because it gives Apple a motive not to pay as much attention to security as it might - because many Mac users will defend the company out of a misplaced tribal loyalty rather than, as intelligent users would, holding the company to account. I suspect it would take an anthropologist to explain this - presumably deracinated individuals living in modern cities are seeking an ersatz group-identity.

However, that doesn't mean I'm not skeptical of the researchers' motives. As OS X users themselves they may well think that Apple's feet need be held to the fire to make them do as they should. But, yes, as has already been observed, it's all good publicity for them and may help bring good work their way.

Posted by: Nick | December 19, 2006 4:05 PM | Report abuse

Kernal Panics are generally associated with an external device like mice, printers, scanners or even memory that has a problem and the system does not know what to do. I had an apple mouse that had a bad cable that was causing panics. Unplug everything and try to boot up.

Posted by: bwr | December 19, 2006 4:12 PM | Report abuse

LMH has a very good reason for wanting to wipe the smugness off Apple users' faces, in my opinion. Back during the Month of Kernel Bugs, when he found a kernel vulnerability in the handling of DMG files (at least a crash, and potentially arbitrary code execution), Mac fanboys promptly denied that anything was wrong - and I can tell you that they were much louder and more clueless than the Windows and Linux ones who spoke up.

What's more, due to Safari's brain-damaged default settings, unless users had changed them to something saner it was remotely exploitable by any webpage visited, without any further user intervention. (Automatically opening DMGs has caused security problems before, but did Apple change it? No. Probably because user-friendly beats secure for them any day.) Nothing to be smug about there.

Posted by: mmk | December 19, 2006 4:13 PM | Report abuse

mmk,

Here is what LMH said about the DMG bug you are talking about.

"I never said there was code execution right away, but a potential risk, and that risk also exists in others [bugs] that didn't make it to the MOKB schedule, and there will be a risk until DMG-handling is fixed in order to validate the data being read from the DMG disk image."

So there is a potential risk for code execution until handling of these malformed DMG images is corrected. Yes, that should be addressed, but the world is not coming to an end.

The fact that a few Mac fans protested does not indicate that the average Mac user is smug. They are the extreme and do not represent everyone. If LMH posts a serious flaw that can be exploited immediately, he/she would be exposing lots of innocent people to threats just to punish a few annoying teenagers posting from their basement. Classy.

Posted by: Thor | December 19, 2006 4:42 PM | Report abuse

Ben,

Your Mac is sick dude.

I have a headless G4 sawtooth here (old G4 tower) which I use a debugging target / MySQL / postgreSQL / PHP / FTP / Mail /Internal Web server for all my development work (software and web) - and that machine get's absolutely hammered day in day out. And it hasn't been rebooted, powered down or crashed once in over 2.5 years... (yeah, it's still runnning 10.2). It's online, but firewalled and behind a NAT router.

As for LMH - Good on him.

If he can uncover a new bug every day for 31 days then I say go for it, I'm sure that there are at least that many vulnerabilities to be found, not in just in OS X but in any other BSD UNIX based system including various Linux distributions.

The fact is that these vulnerabilites are so obscure that for them to be any real threat would require someone highly skilled to exploit the weakness. I can tell you right now that 98%+ of cracks are done by skript-kiddies, using downloadable root-kits which do not target OS X, and that is the reason why OS X has remained secure for the last 5 years. Skript-Kiddies are not crackers - they're thrill seekers who enjoy taking peoples systems down. It's easy to do it to Windows because the tools are already at hand, but OS X is a different story.

Posted by: Tom | December 19, 2006 4:56 PM | Report abuse

malbeau, Jim, and others who would suggest Parallels or Boot Camp as alternatives--how do you think running Windows on a virtual host on a Mac makes it more secure? What is the point of purchasing a Mac to run Windows software? You simply pay a premium for the hardware and the hype, and you have to buy a Windows license anyway. The purported security benefit of having a virtualized NAT IP in Parallels is no different from what you get by putting your PC behind a $30 DSL router, with no performance or compatibility hits.

What's more, I've had advanced users totally trash their Macs with Boot Camp and have to reinstall MacOS from scratch. It's still a beta, and it's not even a virtualized PC, so you are running either MacOS or Windows and you have to reboot to switch.

So I don't follow your argument. You say "Macs are more secure than Windows PCs," and others respond, "But I can't run the applications I need on MacOS," and you say "Then buy a Mac, a Windows license, Parallels, and run Windows in a VM on MacOS." That sounds completely irrational to me. What am I missing?

Posted by: antibozo | December 19, 2006 5:32 PM | Report abuse

January ? Isnt that around the Vista release for the public..?
why did they choose January and why the title which when i read it made me think there a bunch of new bugs where beingpredicted to be found...
I cant be bothered with such pathetic journalisim.
Time to get a life and stop slagging other companies with more FUD.. anyway I suppose you need to announce this now as when the public can buy Vista there will be 4 billions blogs and articles every 10 seconds on TV about the Vista release.. so really it will all be totally drowned in the media

Posted by: shane blyth | December 19, 2006 5:51 PM | Report abuse

@Thor

"Apple issued an update in February that changed the handling of files sent through iChat to warn users if such files contained an application. Complacency indeed."

No, they didn't fix the two real underlying problems.

a) /Library/InputManagers and ~/Library/InputManagers still allow arbitrary execution of code with no checks on what is being run. Nothing should be allowed to run without the user's or system's permission. While not running as an admin for day-to-day tasks may offer some protection at the system level, you still have to lock down InputManagers in your non-privileged user's ~/Library.

The recent iAdware fiasco took advantage of InputManagers just as much as Oompa and Inqtana.B did.

b) Oompa fooled users into executing the file through a custom icon - a "feature" in OS X as much as the InputManagers "feature." Social engineering indeed, but that should not be allowed to happen. Unless you're viewing the file in question in column view or you get info on it, you still have no way of knowing if you really are opening a JPEG as opposed to an executable.

Posted by: Alpha | December 19, 2006 5:56 PM | Report abuse

Antibozo put forth: "So I don't follow your argument. You say "Macs are more secure than Windows PCs," and others respond, "But I can't run the applications I need on MacOS," and you say "Then buy a Mac, a Windows license, Parallels, and run Windows in a VM on MacOS." That sounds completely irrational to me. What am I missing?"

What you are missing that you would be running a Windows app., not accessing the web through either Microsoft's browser or mail client. (The way most exploits are introduced).

Posted by: Link Greene | December 19, 2006 6:13 PM | Report abuse

Link Greene> What you are missing that you would be running a Windows app., not accessing the web through either Microsoft's browser or mail client. (The way most exploits are introduced).

And you think you need a Mac and Parallels to accomplish that? Try using Firefox and Thunderbird instead.

And in any case, your suggestion is possible only with Parallels, not with Boot Camp, and still relies on the user to choose to go back to MacOS for all browsing and email. And the application may well run only in the Windows browser (e.g. a web application relying on ActiveX). And meanwhile, all the other non-browser/email vectors are still there.

So, you were saying...?

Posted by: antibozo | December 19, 2006 6:20 PM | Report abuse

I find the timing suspicious as well. Microsoft seems to be running scared in reaction to the increase in defections to the other side (Apple), and considering what a shell of it's formerly promised self Vista (Longhorn) turned out to be, they have a LOT to lose if the rollout is a bust. I'm seeing more people choosing Macs now, people who normally wouldn't have made that decision were it not for the increasing insecurity and mounting headaches associated with running a Windows machine.

Posted by: E. Gantree | December 19, 2006 6:32 PM | Report abuse

I have a Windows PC and two Mac's and I use them every day. Most problems (excl: virus, malware, spyware problems) come from the PC and some from Mac, but 98 out of 100 I am to blame (for the Mac problems).

But I think that LMH is playing a very dangerous game, because if there are, and there will be some "open doors" in OS X. Hackers will have an advantage and many Mac's will be less secure.

Posted by: KBR | December 19, 2006 6:36 PM | Report abuse

I think the apple kids should embrace this, finally they get to play in the big kids world. The fact of the matter is most PCs are configured by user error, not by running per microsoft's best practices. You can sudo -s to root, i can runas /user: cmd and execute. Thats how the big kids in M$ world do it. And as kernel panics being a rare thing, ha ha ha, i see them happen all the time and i dont work on Macs.

Posted by: Anonymous | December 19, 2006 6:36 PM | Report abuse

And in any case, your suggestion is possible only with Parallels, not with Boot Camp, and still relies on the user to choose to go back to MacOS for all browsing and email.

Not true. There is no reason you couldn't do that in Boot Camp as well. It would only require a quick re-boot.

And the application may well run only in the Windows browser (e.g. a web application relying on ActiveX).

Which means it wouldn't work with Firefox...

And meanwhile, all the other non-browser/email vectors are still there.

Well, hopefully you wouldn't be using more than one or two Windows specific apps, so you would still be running the Mac in it's native mode most of the time, running apps, doing some web browsing, photo editing, maybe working on a website, and not spending your time checking current system health with AVG and Spybot.

Posted by: Link Greene | December 19, 2006 6:51 PM | Report abuse

Big Kids, little kids, the fact remains, most people for home use leave their OS settings exactly the way it came out of the box, and that leaves them vulnerable. I don't care if they are not running per Microsoft's best practices, that's the way the machine was sold to them. They shouldn't have to make corrections after the fact to try and secure their machines from vulnerabilities that were left open by default by Microsoft (with the blessings of Dell, Sony, etc.) No matter which way you slice it, you're still way safer on a Mac, and that's of primary importance to a lot of people today, and apparently becoming more so day by day.

Posted by: Arnie Rumsden | December 19, 2006 7:00 PM | Report abuse

@Thor:

Alpha is right. The 'fix' Apple introduced works only for their own web apps. Anything else - Firefox, Camino, you name it - is still wide open. Because the flaw was not in the apps themselves but in what Alpha points to in his last graf.

There was quite a big stink in the media at the time about it and nothing's been added by Cupertino since then. Any web apps not emanating from One Infinite Loop are still wide open. And that's just a fact. A sad fact - but a fact.

Posted by: Rick | December 19, 2006 7:10 PM | Report abuse

MAC is WACK

Posted by: IDOUBTIT | December 19, 2006 7:20 PM | Report abuse

macgots can continue to gloat, once your bastardized version of linux has been around for 10+ years come talk about how "secure" you are. lol @ apple and damage control and their little company mindset. good thing the world runs on PCs, apple is incompitent at business level deliverance. Server 10.3, what a joke.

Posted by: Anonymous | December 19, 2006 7:30 PM | Report abuse

Mac is Wack
I Doubt It

Unintentional truth!

For all the pertinent information all you need to do is visit this link.
http://www.apple.com/getamac/ads/

Posted by: Lindsey Aber | December 19, 2006 7:30 PM | Report abuse

Link Greene> Not true. There is no reason you couldn't do that in Boot Camp as well. It would only require a quick re-boot.

I see. You're suggesting that a user will boot Windows, do some work with his Windows-only app, reboot into MacOS to check his email, reboot back into Windows to do some more work with the Windows app, reboot back to MacOS to Google something, ad nauseam...

I can see you don't work with users very often.

Link Greene> Which means it wouldn't work with Firefox...

Your point being...?

Link Greene> Well, hopefully you wouldn't be using more than one or two Windows specific apps, so you would still be running the Mac in it's native mode most of the time, running apps, doing some web browsing, photo editing, maybe working on a website, and not spending your time checking current system health with AVG and Spybot.

So now you're saying that if you boot back and forth between MacOS and Windows, you don't need anti-virus or anti-spyware software?

And is "running apps, doing some web browsing, photo editing, and maybe working on a website" what a Mac is good for? Because, other than web browsing, I don't do much of that, but if I did, I would do it in GNU/Linux/KDE on PC hardware (as I do nearly everything), at dramatically lower cost, and with a far more configurable GUI. IOW, your use case doesn't argue for Mac; it argues for Linux.

Posted by: antibozo | December 19, 2006 7:55 PM | Report abuse

"macgots can continue to gloat, once your bastardized version of linux has been around for 10+ years come talk about how "secure" you are."

OS X isn't based on Linux.

Posted by: Alpha | December 19, 2006 8:09 PM | Report abuse

You're suggesting that a user will boot Windows, do some work with his Windows-only app, reboot into MacOS to check his email, reboot back into Windows to do some more work with the Windows app, reboot back to MacOS to Google something, ad nauseam...
Well, that would provide the incentive to find a Mac app. that would make that unnecessary.

Link Greene> Which means it wouldn't work with Firefox...

Your point being...?

That you would still have to use Internet Explorer to run those web based apps that require active x.


So now you're saying that if you boot back and forth between MacOS and Windows, you don't need anti-virus or anti-spyware software?

If you stayed offline while running the WIndows apps, probably not.

And is "running apps, doing some web browsing, photo editing, and maybe working on a website" what a Mac is good for? Because, other than web browsing, I don't do much of that, but if I did, I would do it in GNU/Linux/KDE on PC hardware (as I do nearly everything), at dramatically lower cost, and with a far more configurable GUI. IOW, your use case doesn't argue for Mac; it argues for Linux.

Those are just some of the things that a Mac is good for. Linux has it's place, but for the everyday user it is still a little raw. Configuring a Linux setup properly still requires above average computer skills. As far as the "dramatically lower cost" argument goes, I think most people find out that when you figure in the included software and capabilities of the Mac out of the box and then equip a PC comparably there's little difference. And that ignores the benefits of OS X and hardware designed specifically to work with it.

Posted by: Anonymous | December 19, 2006 8:28 PM | Report abuse

You're suggesting that a user will boot Windows, do some work with his Windows-only app, reboot into MacOS to check his email, reboot back into Windows to do some more work with the Windows app, reboot back to MacOS to Google something, ad nauseam...

Well, that would provide the incentive to find a Mac app. that would make that unnecessary.

Link Greene> Which means it wouldn't work with Firefox...

Your point being...?

That you would still have to use Internet Explorer to run those web based apps that require active-x, therefore exposing yourself to all it's exploits.

So now you're saying that if you boot back and forth between MacOS and Windows, you don't need anti-virus or anti-spyware software?

If you stayed offline while running the WIndows apps, probably not.

And is "running apps, doing some web browsing, photo editing, and maybe working on a website" what a Mac is good for? Because, other than web browsing, I don't do much of that, but if I did, I would do it in GNU/Linux/KDE on PC hardware (as I do nearly everything), at dramatically lower cost, and with a far more configurable GUI. IOW, your use case doesn't argue for Mac; it argues for Linux.

Those are just some of the things that a Mac is good for. Linux has it's place, but for the everyday user it is still a little raw. Configuring a Linux setup properly still requires above average computer skills. As far as the "dramatically lower cost" argument goes, I think most people find out that when you figure in the included software and capabilities of the Mac out of the box and then equip a PC comparably there's little difference. And that ignores the benefits of OS X and hardware designed specifically to work with it.

Posted by: Link Greene | December 19, 2006 8:30 PM | Report abuse

Well...I am an "Apple kid" if one wants to call me that way and I am an Apple big fun...but it's a matter of preference rather than anything else.I was working on PC's since 1992 and I could do my job without any problems.I wanted to try Apple product so I switched to Mac in 2004 and I still can do my job perfectly.In terms of security: whatever OS you use there will always be a "hole" or vulnerability in the system the hackers could take advantage of.The only thing developers can do is to prevent that and both Microsoft, Apple and Open Source are making progress to do so.Microsoft has the biggest market share and it is normal that their products are more targeted by hackers.Recently there are more and more people switching to Macs and it is a matter of time when hackers are likely to focus on Mac OS as well.What we can do is just to get updated and trace the news.As for now I don't know about any malicious code that can seriously affect the updated Mac (10.4.8).

Posted by: ralph | December 19, 2006 8:39 PM | Report abuse

It would be really nice if you would make some effort to distinguish your comments from my quoted material.

Link Greene> That you would still have to use Internet Explorer to run those web based apps that require active x.

Again, I don't know what point you're trying to make. Yes, I believe this is something that I said earlier. Is this like that Mac commercial where they argue about the meaning of "touche'"?

Link Greene> Configuring a Linux setup properly still requires above average computer skills.

Configuring any setup properly requires above-average computer skills.

But that's not relevant to the topic at hand, which is: if you're going to have to run Windows anyway to do your work because the application isn't available on MacOS, then what's the point of buying a Mac?

Posted by: antibozo | December 19, 2006 9:07 PM | Report abuse

Still loving my Mac! No issues with viruses, spyware, malware or keystroke loggers. Maybe someday I'll have to worry about all that junk, but not today, and that's what matters to me. Get a Mac. You won't be sorry.

Posted by: V.J. Tucker | December 19, 2006 9:18 PM | Report abuse

Antibozo said: "But that's not relevant to the topic at hand, which is: if you're going to have to run Windows anyway to do your work because the application isn't available on MacOS, then what's the point of buying a Mac?"

Actually, that's not the topic at hand. The topic is the "Month of Apple Bugs", and whether or not the Mac OS is more secure from attacks. I would say yes, if your main use of your computer required a Windows only program, then buying a Mac may not make sense. However if that was only the case on one program, and your other computing needs could be met with Mac applications, I would have to seriously consider buying a Mac, due to it's superiority in certain areas such as system security and seamless integration of software and hardware. It always amuses me when I have a PC using friend over, and watch their reaction when I hook up new peripherals and they just work. No installing drivers, no rebooting, no queries from the computer wanting me to type in a serial number to "prove" that I'm not running a hot copy of the OS. The ease of use, the truly innovative apps that Apple and it's developers constantly come out with are always viewed with awe and disbelief by my PC using friends, and more and more I see them considering the switch to a Mac as not only a possibility, but a desirable alternative.

Posted by: L. Greene | December 19, 2006 9:35 PM | Report abuse

Geez... why not just tell Apple about the security holes? By reporting them publicly you are making it easier for malicious hackers to exploit the findings. Real smart.

Posted by: Future Apple user | December 19, 2006 9:52 PM | Report abuse

AAPL $86.31
MSFT $29.99

now thats funny

Posted by: Anonymous | December 19, 2006 10:23 PM | Report abuse

"Geez... why not just tell Apple about the security holes? By reporting them publicly you are making it easier for malicious hackers to exploit the findings. Real smart."

You don't think the black hats already know about these holes?

Posted by: Alpha | December 19, 2006 10:34 PM | Report abuse

I call BS on the whole proposition.

"LMH" doesn't have one single security hole to disclose. Not one! It's completely made up.

And when he "mysteriously" doesn't produce them, watch the huge uproar claiming Apple paid him off! Hahahaa!

You mooks are easy marks.

Posted by: Frank the Apple Guy | December 19, 2006 10:42 PM | Report abuse

>>AAPL $86.31
>>MSFT $29.99

>>now thats funny

You fail to understand how stock prices work. There is no humor in that.

Posted by: Alex | December 19, 2006 11:32 PM | Report abuse

L. Greene> Actually, that's not the topic at hand. The topic is the "Month of Apple Bugs", and whether or not the Mac OS is more secure from attacks. I would say yes, if your main use of your computer required a Windows only program, then buying a Mac may not make sense.

Which was the thesis of my original statement, and the topic of this thread of conversation. If you want to change the topic to something else, that's fine.

I'm sure your comments represent your experience; I personally cannot recall the last time I ran into a device that works readily on a Mac and not on a Windows PC. What I will say from a network admin's perspective is that managing Macs in a heterogeneous network with *NIX and Windows systems has always been a major PITA. This has improved somewhat with OS X, mainly because they added an ssh server, but they continue to insist on doing commonplace things in an arcane fashion under the hood.

L. Greene> The ease of use, the truly innovative apps that Apple and it's developers constantly come out with...

Ease of use... it took them what? 15 years? to figure out that a mouse should have more than one button.

As for innovation, the only truly innovative thing I've seen Apple do since the Apple ][ came out is to design the iPod dial to mimic sexual stimulation. And I'll give them two points for iTunes. Everything else they nicked from someone else (remember XEROX?), put in a shiny box, and showed off in a TV commercial, and people who like bright shiny objects do eat it up.

Posted by: antibozo | December 19, 2006 11:42 PM | Report abuse

There could be vulnerabilities in OS X but who cares... I prefer to deal in reality...

Here is what I know. I had been plagued by bugs, viruses, crashes, blue screens of death, worms, spyware and adware for many years. I spent lots of money and time fixing (trying to at least) these issues on my own computers and at work as a network admin. And then I bought a Mac...and then I bought another Mac, and then I sold all my PC's and vowed never again to buy another machine that could run Windows, for it is far to buggy... and then I installed Parallels and installed Windows on my Macs...for old time sake.

The point is, there very well could be vulnerabilities in Mac OS X, but they are not real, they don't affect anyone... especially not in the way that millions of PC users' machines are crippled by exploits and spyware and essentially rendered useless because of a weak operating system. I don't have that problem at all. So go ahead and dredge up some sensationalist exploits for 30 days. Instead of religiously running Norton's live update each and every day, I will actually be getting some work done on my Macs.

Posted by: Ben | December 19, 2006 11:47 PM | Report abuse

It's this way, many OS X users KNOW their system is better than Microsoft's XP or its new Vista[s]. It is not hubris--it's just a proven fact.

The reason why crackers go after M$ is not because there is a lot of them, but because they are like banks with the safe open, with lots of cash, and no one around. So why rob Fort Knox?

By the way, this LMH borders on being a cracker. This person is pushing the ethical boundary. Sounds like an emotionally immature male who needs help.

Posted by: Ardie | December 20, 2006 12:54 AM | Report abuse

Re Kernel panics, "unfixable" crashes, etc.:

*Mourn the loss of your data for an appropriate time
*Get out the system DVD
*Use Disk Utility to wipe the drive
*Reinstall the system
*Learn AND USE a reliable backup method.

I've owned a computer since 1978. You WILL lose your drive now and then. (and your expensive software WILL be obsoleted)(and so will that language you spent 100s of hours learning)(and your drives)(and your database) ....

On Macs, I make it a yearly exercise to wipe the system drive and start fresh. Install partitions. BUT ALSO: have a system on a second drive... they don't cost that much, and you'll be able to drag-copy stuff that isn't backed up before you wipe/install.

Posted by: Tony | December 20, 2006 1:14 AM | Report abuse

"LMH has a very good reason for wanting to wipe the smugness off Apple users' faces, in my opinion. Back during the Month of Kernel Bugs, when he found a kernel vulnerability in the handling of DMG files (at least a crash, and potentially arbitrary code execution), Mac fanboys promptly denied that anything was wrong -"

No that is not what happened at all you are a complete liar. It was only pointed out that LHM did not do his work properly by someone who is really knowlegable. Non of the usual mac fan bloggers did any denying that I saw. LHW made a very typical mistake. He was looking for evidence to support his beliefs and was a little to easy satisfied and uncritical when he found it

Posted by: werd | December 20, 2006 1:35 AM | Report abuse

Apropos Month of Browser Bugs: It would be great to have another one of these, but this time NOT security related but with the undeterred focus on standards (W3C) compliance! Economically speaking this would, IMHO, make much more sense than fixing a few potential exploits which in almost all cases boil down to user stupidness. Just imagine if all the major web browsers were 100% standard comliant? This would save tremedous amounts of web dev money and virtually any business who runs a decent website could benefit from that. We're easily talking about worldwise savings of billions of dollars!

Posted by: Dominik Schmid | December 20, 2006 3:11 AM | Report abuse

Antibozo said: "But that's not relevant to the topic at hand, which is: if you're going to have to run Windows anyway to do your work because the application isn't available on MacOS, then what's the point of buying a Mac?"

Though I am a novice I can understand your point. The whole Mac vs PC, like most wars, distorts facts.
Both platforms have their uses and Windows is king in the business world while Mac seems to be on top of things in the entertainment industry.

Currently my household has 4 Macs and 1 PC all networked and running fine. My PC has suffered crashes with WinXP right from the first time I went to Windows Update so I switched to 2003 and must admit problems have been reduced greatly. But the fact still remains that Windows is more vulnerable to attack as it is shipped with OEM computers than any Mac I've ever had. Sure I've had kernal panics but mostly due to the fact that I take more risks than most people would. It all comes down to preference in the end. I use my PC because that is what 90 percent of the world uses. I use my mac because it just feels good.

Posted by: Xeon | December 20, 2006 3:29 AM | Report abuse

@e-twelve
"by definition, half of the populace is below average intelligence."
and your math is clearly far beneath avarage.

Posted by: Anonymous | December 20, 2006 5:27 AM | Report abuse

If Mac OS X is so rubbish according to PC users, why do govenement bodies around the world use Macs???????

http://macslash.org/article.pl?sid=04/01/29/0139205

Also go anywhere and ask someone - How many people do you know with a PC with problems? - Ho many people do you know with a Mac with problems?

Posted by: Chris | December 20, 2006 5:59 AM | Report abuse

http://www.pcpro.co.uk/news/99772/microsoft-exec-warned-bill-gates-i-would-buy-a-mac-today.html

Why would a Senior MS employee buy a Mac if they are so crap?

Please read included article.

In my experience most Mac haters have not used or owned a Mac. If they have used a Mac, it was many years ago or for less than a couple of hours.

All Mac users have used a PC for a very long time and prefer Mac.

Posted by: Chris | December 20, 2006 6:14 AM | Report abuse

http://www.neoseeker.com/news/story/5436/

IBM Germany moves to Linux.

Posted by: Chris | December 20, 2006 6:42 AM | Report abuse

http://www.lockergnome.com/nexus/linux/2005/11/28/mits-100-laptop-to-run-redhat/

Imagine third world countries with a whole generation brought up on Linux. They will have an experience of an OS with no security problems.

Posted by: Chris | December 20, 2006 6:47 AM | Report abuse

I don't usually respond to crap like this, but you got my attention.

So many people claiming to be cumputer professionals, and experts on everything.
Me.., I'm far from being an expert on anything, but I know a bit about Macs.

With the exception of a hand full of posts, the rest of you are full of crap when it comes to Macs, spouting BS, and outright hate, for a machine, you know nearly nothing about.

About security, go check a few reputable security sites, read the pie charts, check the numbers, the history, etc, etc.
There's a story to be told.

Google this.
"most secure operating system"
(leave the qoutation marks)
You are going to see three, more than others.
BSD, Unix, OS X
(OS X is built on BSD and Unix)

Sure, no OS, or software, is imune to bugs, but in my opinion, a Mac out of the box, without any additional security software, or on board security software optimized, is still safer than a Dell or HP, with a fully patched, Windows XP, with securuty software running, and probably still more secure than Vista will be.

About Windows on Mac.
Bootcamp and Parrallels have been mentioned and guffawed by a few, not understanding, what it does.

You can run Windows on Apple hardware, using Bootcamp, but you have to reboot, to switch OS's.

With Parrallels on Mac, ($69.00 US, I think), you can run OS X, Widows XP, maybe Vista, and any number of Linux distros, in parallel, without having to reboot between them.

Get a Mac, buy Parallels, load your bootleg copy of XP, a couple Linux distros, openBSD, and whatever else you might like, and enjoy.

(here comes my pitch)
Anyone thinking of switching to a Mac.

If you want a durable, reliable, stable, more secure, full featured computer, that comes with a bundle of high quality apps, and will run nearly any OS, and software you can throw at it, get a Mac and Parallels.

If you can't justify the extra couple hundred more, you might have to pay for a Mac, then stick with what you got, or buy a cheap box, with Vista pre loaded.

If you don't like Macs, and are worried about security, then think about BSD.

If you're stuck on Windows, then you're "stuck", on Windows.

Currently I'm running OS 10.4.8, Ubuntu, Kubuntu, on my G4 iMac lamp, and looking at a couple other Linux, and BSD distros.
My G4 is nearly at the end of it's Mac lifecycle, of five years between hardware upgrades, and will be retired to the living room, as a jukebox/DVD player, and plugged into my stereo.
(I abused this iMac, and it won't die)

My needs have grown, I need more power, and I will be buying my third Mac, with Parallels, and I won't be running Windows on it.

Posted by: Big Bill | December 20, 2006 7:52 AM | Report abuse

@e-twelve wrote.
"by definition, half of the populace is below average intelligence."
and your math is clearly far beneath avarage.

Thanks for the insult but as I said I am a novice so I don't dig deep for statistics. Of course any one of minimal intelligence can tell a generalization when they read one.

Posted by: Xeon | December 20, 2006 8:06 AM | Report abuse

I wonder how (a)many of you have a Mac and are in favor and how many don't have?(b) Who uses a Mac? (C) who did work on a Mac? Because how can you juge something that you didn't even try? It is like saying BMW is a bad car because it is a BMW of because BMW drivers say that it is a good car.

(A) I have two mac's pro
(b) every day
(c) a+b= yes :)

Posted by: KBR | December 20, 2006 8:46 AM | Report abuse

I have been using Macs for over ten years.

(a) Own around 7 Macs
(b) everyday for over 8 hours a day
(c) average work day 6 hours

Posted by: Chris | December 20, 2006 8:53 AM | Report abuse

Well, the whole format of this smacks of a cry for attention by LMH, but such is life. I can't help but wonder what the article writer thinks Apple might do to prevent this? He says in his own article that Apple is not being given any advance notice of the vulnerabilities.

Posted by: llamatron | December 20, 2006 9:06 AM | Report abuse

Antibozo,
Apple paid Xerox for using elements from it's graphical interface. Microsoft stole their whole Windows interface from Apple.
For that matter, they didn't even create DOS. They bought (some say robbed) it from a small company who was calling it QDOS. Who called it "Quick and dirty operating system". As as far as I can tell, that would still be an apt description for What lies underneath Windows today.

Posted by: L. Greene | December 20, 2006 10:21 AM | Report abuse

Antibozo.
Your ignorance is showing. Who do you think first included a mouse with their systems? Yet another Apple innovation, rapidly copied by you know who.

Posted by: L. Greene | December 20, 2006 10:31 AM | Report abuse

Xerox first used the mouse. Apple copied the idea from them.

Posted by: linuxelf | December 20, 2006 10:34 AM | Report abuse

"Xerox first used the mouse. Apple copied the idea from them."

Apple paid for all elements that it used from the Xerox machine, which incidentally was never sold as anything but a commercial workstation. The Alto was in no way meant to become a commercially mass-produced item, and never did.
The mouse was not invented by Xerox but in fact by Doug Englebart.
Additionally for Antibozo, Mac OS X has supported 2 button mice (if you must have them) since it's beta release in 1999.

Posted by: Link Greene | December 20, 2006 11:07 AM | Report abuse

IMHO, it's not about who copied from whom. If company A copies from company B for the users' benefit that's fine. If they improve the original idea that's even better. This is basically what Apple (and others) have done with the original Xerox ideas. Xerox obviously didn't have a clue what they had developed there so there's nothing wrong with other companies taking up the idea and bringing it to a market. Otherwise we might all still be working in a mainframe/terminal environment with next to zero GUI.

@KBR:
I have owned, upgraded, tuned and abused 6 Macs in the last 12+ years. This, I think qualifies me as being in favour of Macs. I use my present boxen daily, though not so much on the job (I work in a Windows/Linux shop). It's my way of separating work from leisure.

Posted by: Dominik Schmid | December 20, 2006 11:18 AM | Report abuse

Big Bill> Bootcamp and Parrallels have been mentioned and guffawed by a few, not understanding, what it does.

No one has guffawed at Parallels or Boot Camp, and I'm perfectly aware of what they do. I've been using the same technology on other OSes (e.g. VMware, user-mode Linux, even a Mac VM on AmigaOS) for around 15 years.

Since you didn't read what I said very carefully, I'll say it again. There was a dialog I will paraphrase here:

M: Mac's are more secure than Windows PCs.
P: But I have to run Windows-only apps.
M: Then buy a Mac and you can run your Windows apps using Parallels or Boot Camp.

...and to which I responded:

How does running Windows under Parallels or Boot Camp make it secure? And what's the point of purchasing a Mac in order to run Windows on it in a VM?

If you're going to advocate a Mac as more secure than a Windows PC (I generally agree), don't then turn around and tell people to run Windows on it. Windows is exactly as [in]secure running under Parallels (behind any cheap NAT router) or Boot Camp as it is running on a standalone Windows PC.

Posted by: antibozo | December 20, 2006 12:00 PM | Report abuse

"Apple paid for all elements that it used from the Xerox machine, which incidentally was never sold as anything but a commercial workstation."

Certainly, I'm just saying that the GUI was not an Apple innovation. They certainly were the first to make a mass marketed implementation, but if we're considering marketing to be part of innovation, them Microsoft is the king of innovation.

For the record, I really like macintosh and especially OSX, but you have to admit that they do some pretty strange things behind the scenes. I am not a fan of the whole Data Fork/Resource Fork methodology that Apple uses. It makes the system very easy to use for the end user, but as an administrator, having to keep track of all components (especially when copying files to and from alternate operating systems) becomes a chore. I don't like their hybrid case-sensitivity. On OSX, you can have a file named MyFile.txt in the same directory as a file called myfile.txt. However, in the Mac GUI, you'll see only one of these files. Which one you see depends on which one got there first. This may not be a big deal at all if you're totally a macintosh shop, but if you're integrating macintoshes with an existing Windows/Unix environment, it can really bite you.

Posted by: linuxelf | December 20, 2006 12:25 PM | Report abuse

Again, I find myself having to repeat everything I say because people don't read...

L. Greene> Apple paid Xerox for using elements from it's graphical interface. Microsoft stole their whole Windows interface from Apple.

Why does everyone drag Microsoft into the discussion every time someone disparages Apple? It's 100% predictable. "Apple is not so great". "Oh yeah? Well Microsoft sucks."

It doesn't matter what Microsoft did. The point at issue, which you again missed, was that the mouse wasn't Apple's innovation. It was, as always, their marketing. And your statement, "Apple paid Xerox..." substantiates my point.

L. Greene> Your ignorance is showing. Who do you think first included a mouse with their systems? Yet another Apple innovation, rapidly copied by you know who.

You have some nerve calling me ignorant. Again, the mouse wasn't Apple's innovation. And they did it wrong by putting only one button on it. More on this below...

L. Greene> The mouse was not invented by Xerox but in fact by Doug Englebart.

Which again substantiates my point: Apple does not innovate (except in rare instances); they repackage and market.

L. Greene> Additionally for Antibozo, Mac OS X has supported 2 button mice (if you must have them) since it's beta release in 1999.

[Friendly aside: you consistently use "it's" where you mean "its". It's easy to remember; just think of "his" vs. "he's"--"its" vs. "it's" follows the same pattern.]

Yes, and you could tack a two-button mouse onto a Mac for years before that. And then you had to screw around with a special driver, trying to convince the Mac that the right button means this, the middle button means that, in various applications. Believe me--I've been there.

And 1999--that's about 15 years, like I said, since the first Mac came out, isn't it?

Yet even now, the support is weak. Other OSes have included normalized semantics for the behavior of additional buttons for many years, but Macs haven't. Consequently, additional button semantics on MacOS are inconsistent.

What *has* finally happened, if I understand correctly, is that Apple is considering multi-button mice standard equipment. So finally Apple is catching up with the rest of the market, 20 years later, on this basic input device.

Posted by: antibozo | December 20, 2006 12:25 PM | Report abuse

MacOS X is like "bullet proof glass." It isn't really "bullet PROOF," it's "bullet RESISTANT." People in the physical security industry don't call it "bullet proof glass" because they know better. Big enough bullet, at a high enough velocity, and it's coming through.

MacOS 10.4.x could stand some improvement in the security department. Some of those areas require significant code changes, and are addressed in the upcoming 10.5 (Leopard) version.

Some have stated that the "smugness" in the latest round of Apple Mac ads about viruses and spyware means that Apple doesn't take security threats seriously. I'd say it's just the opposite. Apple management would have to be pretty clueless to make that assertion without making sure that they stay on top of those issues, and get fixes out quickly. It's a competitive advantage. I don't think Apple wants to lose that.

It will be interesting to see what LMH finds. Dedicated focus on finding bugs in OS X is a good thing. Plastering a list of security holes all over the media before giving the vendor a change to patch it first is juvenile and unprofessional. That hurts his credibility, and I that doesn't helps the user community. It just gets LMH's initials more publicity.

Every platform has bugs. That's not going to change. The code is written by humans. Humans make mistakes. But some have more bugs than others, due to differences in design and QA priorities. Windows XP and older versions have had a well-deserved reputation for poor security. It just wasn't a priority during development. Vista is different, but we'll see how much difference the changes really make.

I still recommend Macs for most people. Out of the box, it is more usable and secure than the typical Windows XP system.
Invincible? Of course not. But better is still better.

Posted by: Wyseguy | December 20, 2006 12:30 PM | Report abuse

I have a quesiton and I hope it wasn't answered yet. Someone on here, I think "Jim", mentioned that any Windows app can run on Mac through Bootcamp and Parallels. I am not disagreeing or arguing about whether a Mac or PC is better, I have a real question. If I needed to run a Windows pc or app as a "server or master" how would one go about getting Windows to start automatically on the Mac??? One could obviously put Paralles into the login Items but how would you get the Windows VM to start without user interaction?? Say for a power failure.....

just a question.

Posted by: MikeyB | December 20, 2006 12:43 PM | Report abuse

MikeyB, this thread has degenerated into mostly Windows and Mac fanboys battling it out. Your best bet with your Parallels question is to take it to http://forum.parallels.com/forum53.html

Posted by: Wyseguy | December 20, 2006 1:00 PM | Report abuse

Wyseguy -
Thanks for the link, I will check it out.

But I did want to throw a small wrench into the equation ;)

Posted by: MikeyB | December 20, 2006 1:13 PM | Report abuse

Neither Boot Camp nor Parallels are emulation. You are actually running Windows at native speed on the processor when you are using them. Mac OS X files don't have the seperate data and resource forks. Those were used in earlier systems, which in fact allowed users not to be bothered with those pesky file type extensions. Say, wasn't Microsoft talking about doing away with them a while back?
And no, you can't dismiss Apple as just being successful because of marketing. They were the first to implement these new technologies into their machines. They were the ones that made USB a standard. Sure, the bus had been around in the PC world, but nobody was using it. The iMac made that happen. Now it's optional to have a floppy drive in your machine. Let's see, who was it that did that first, and suffered much derision from the PC crowd over doing so, oh yeah, Apple again. 3.5" floppies? Sony made 'em but nobody was using them till Apple put them in their first Macs back in '84. A properly designed interface shouldn't require a two button mouse. Apple's certainly didn't but the poorly designed menu structure of Windows made that a must. More complication, more clutter. You really don't seem to know very much about modern Macs, or computer history in general. I'm tired of arguing these points. Apple is a more innovative company than Microsoft. Steve Jobs said it best when he stated that MS had no taste. Ethically, MS is bankrupt. There are example after example where MS has used dirty tactics to beat their competition. I can't believe that "the world" has been willing to settle for such a third rate architecture as Windows. Buggy, insecure, full of obsolete code, but CHEAP (at least on the surface) and that's what counts to many. Apple did it first, Apple was and still is better, and as more and more people are discovering, Macs are a better choice for a personal computer. Now go look for that driver you need to make your sound card work, and hope there are no conflicts.

Posted by: Link Greene | December 20, 2006 1:48 PM | Report abuse

This is a very lively discussion (save for the trolls). Thanks for the entertainment!

For the record: I've been using computers since 1974. I've used numerous kinds of interfaces and GUIs, some that have not seen the light of day. I own a PC running XP and a MacBookPro running 10.4.8 and XP SP2 (when I need it).

To most people, I have recommended a Mac. Like all present interfaces, it has its quirks, but it's the most enjoyable and reliable so far.

I look forward to seeing what LMH may have to disclose regarding any OS X security issues, so that I and other IT professionals may close them as best we can. Oddly enough, it's also coming on the cusp of Leopard arriving on the scene, which may make many of his issues moot.

Relax. It's a challenge, not an insult!

@antibozo: You are right, Windows is no more secure on a Mac than on a PC. A Mac running windows can get just as many viruses as a generic PC.

However, the fortunate aspect is the problems are relegated to the PC side, only. If my Windows partition becomes horribly infested, it's small act to delete and reinstall the partition (assuming I've backed up my valuable data). Apple informs Bootcamp users of the Windows vulnerabilities, that Mac Windows users need to run the same protection software as the typical Windows user. I would imagine most Bootcamp users are all too aware, as well.

The Mac as an average whole is, nevertheless, still more secure.

Posted by: sheldonc | December 20, 2006 1:58 PM | Report abuse

I use Virtual PC 7 to run Windows 2000 in Mac OS X for testing the web sites I create on different versions of Internet Explorer. If I had a newer Mac I'd use Parallels.

Running Windows in a virtual machine is the safest way to run Windows. The virtual machine is in a sandbox so it can't do any damage to the Mac side -- the guest OS thinks it's running on a PC. There is little I personally need to do in Windows that would require special drivers for the hardware attached to the Mac. If I'd need to scan, I'd scan on the Mac side and drag and drop it onto Virtual PC to hand it to Windows. If I need to print something out of Windows - well, it just sees the Mac-networked printer.

I do find it annoying to see people calling each other Windows or Mac fanboys and zealots. The aim here should be getting at the undiluted facts and sharing information. Name-calling undermines that aim.

Fact: Mac OS X is inherently more secure than all versions of Windows, though Vista is catching up.

Fact: Windows Vista vastly improves security over Windows XP.

Fact: Apple and Microsoft both innovate where it is warranted, and borrow from existing projects when it accomplishes something well.

Fact: I have personally never gotten a virus on any Mac I've owned for the past 12 years, some of which were running as webservers 24/7 for years. One server did get hacked - due to a weak password!

Fact: The Mac is a smarter platform for developers. Microsoft Visual Studio is $300. Apple XCode is FREE. And the Mac comes with every scripting language under the sun, plus you're learning to program in a meaningful environment: A real Unix shell. Cross-platform tools are easy to come by as well, for game developers especially.

Add your own facts to the mix...

Posted by: Windows in Mac OS X | December 20, 2006 1:59 PM | Report abuse

This posting of bugs will make absolutely no difference at all. Apple Computer will continue to make the Mac OS X a tight and secure system as it always does, always finding and repairing any problems. And any of these that may be posted will be "business as usual" for Apple, fixing what is found and needs to be fixed. It's an on-going thing and no users have to worry -- because the operating system is in the good hands of Apple Computer.

All this talk about the month of bugs is simply a publicity stunt for the posters. Who knows..., someone may be trying to get more money or attention for themselves. That's all this amounts to.

For Macintosh OX X users, there's no worry -- as there have been no worries through the present. It continues as usually. "Move on..., nothing here..."

Posted by: Eliakim | December 20, 2006 2:18 PM | Report abuse

There are SO MANY sources for this kind of information on the web, it must be terribly embarassing for Microsoft ;^)

http://www.mcmillan.cx/innovation.html

http://www.dwheeler.com/innovation/microsoft.html

http://www.2near.com/edge/editorials/ms.html

The list goes on and on, but as anyone with half a breain and internet access can plainly see, Microsoft has never "innovated" much of anything.

Just what were those computers that you mention using a mouse before a Mac? Compac, HP, IBM? Please send me some info on that.

Posted by: Link Greene | December 20, 2006 2:30 PM | Report abuse

Link Greene> A properly designed interface shouldn't require a two button mouse.

A properly designed interface shouldn't *require* a mouse at all. Also, a properly designed interface should take advantage of a multi-button mouse, and provide consistent semantics for additional buttons.

Link Greene> Apple's certainly didn't but the poorly designed menu structure of Windows made that a must. More complication, more clutter.

Again, you drag Microsoft into the picture. X11-based systems were supporting and making good use of 3-button mice 15 years ago. AmigaOS supported 3-button mice. BeOS, NextStep, DEC, Symbolics, Sun, AT&T... IOW, *everyone* but Apple saw the benefit of multi-button mice all along. And it has nothing to do with how well-designed the menu system is--you can make a system navigable with one button, but why you would want to when people have two readily independent fingers sitting on the button area? If you're making a mouse part of the picture, let people get the most out of it.

And anyone who finds a two-button mouse "complicated" must have a heck of a time dealing with a 100+-key keyboard. But I guess if you spent your whole life stuck with one button, having two or three (or, heavens forbid, a scroll wheel) must really try your right-hand dexterity.

Link Greene> You really don't seem to know very much about modern Macs, or computer history in general.

I don't know whom you're talking to, since you seem to be answering multiple people's posts in one confused paragraph, but one thing that's clear is that you don't know much about any modern system *other* than a Mac. I haven't seen a device conflict under Windows in years, and I don't believe I've ever seen one under Linux, *BSD, or Solaris x86.

Link Greene> Apple is a more innovative company than Microsoft.

Maybe, but, again, Microsoft is irrelevant. They're both derivative stooges. Apple is shinier. Preciousssssssss...

Apple's biggest step forward in its entire history was to switch to the Intel processor (and please don't call that innovation). This finally makes it possible--theoretically, at least--to easily repurpose a Mac to be anything but a desktop box, e.g. run Solaris, *BSD, Linux and use it as a proper server. (Yes, you could run Linux before but the PowerPC port was never as well supported.)

I'm glad to see Apple finally start building boxes that are at least capable of playing with the big boys (and please don't drag out the straw man again; I'm *not* talking about Microsoft). The new quad core Mac "Pro" systems actually look like they might start to compete with some of the middle tier PC hardware that's been available for 2-3 years now.

Posted by: antibozo | December 20, 2006 2:37 PM | Report abuse

Greene> Mac OS X files don't have the seperate data and resource forks. Those were used in earlier systems, which in fact allowed users not to be bothered with those pesky file type extensions.

Couldn't be more wrong, and it shows that you don't have to admin OS X servers in a mixed environment. Here's something to try: Find your favorite font on your OSX box. Drop into a terminal session, and FTP that file to your friend's machine. Now have that friend install the font. It won't work. Now, from the Mac GUI, take that font and stuff it (with StuffIt) or place it inside a dmg, and send the resultant file to your friend and try again. This time it works fine. Why? Because when you ftp the font file, you're only sending the data fork, not the resource fork. The mac on the other end sees the file and has no idea what to do with it. When you create your sit or dmg through your GUI, the gui handles keeping the parts together.

Posted by: linuxelf | December 20, 2006 2:56 PM | Report abuse

I like the fact that no Windows user has picked up on my link I thoughtfully found on the net.

You know, I think if Steve Jobs could get away with it, he would give a Mac to every Windows user just to prove his point.

A Mac is designed to be a joy to use.

He's not trying to annoy you or make you feel bad for using Windows, he's just offering you the best computing experience he can possibly give you from his company.

Posted by: Chris | December 20, 2006 2:58 PM | Report abuse

I forgot to mention that I have many Macs from the SE up and I'm only 27. I really enjoy using all my Macs.

Posted by: Chris | December 20, 2006 3:01 PM | Report abuse

But I AM talking about Microsoft. That's where the security issue in PCs comes from. Apple could (and has) use almost any processor, and still be secure. Their track record proves it. Switching to Intel was no big deal for Apple. Their crown jewel is the OS, and that's what you're paying for when you buy a Mac.

Posted by: Green, L. | December 20, 2006 3:30 PM | Report abuse

Sorry, not into that supernerd stuff. Just interested in a reliable, secure home computing platform, and that ain't Windows.

Posted by: Lancelot Link, secret chimp | December 20, 2006 4:06 PM | Report abuse

I'll say ahead of time, I am sure they will be able to come up with 31 bugs ("a bug a day"). As someone who writes code for a living, believe me, I know that no software is without bugs. But there is a difference between a bug and the kind of serious security vulnerability that these bozos are alleging to exist widespread on OS X.

Also, I chuckle every time I see someone say that because OS X is such a small percentage of users, no one tries to exploit them. You can tell those people don't have a clue what Unix is or how widely it is used (and how much hackers try to find holes in it). Hey, there's a reason people say Unix is more secure than Windows. It is.

I'll make Mr. "LMH" a challenge. I'll give you the entire month of January to hack into my Mac. It's a Powerbook, I travel with it from home to work and back. I'll use it the entire month the way I usually do, for work and leisure, browsing whatever sites I browse and so on. If you can hack into it, it's yours, along with the unquestionable fame you'll enjoy. How about it?

Posted by: Johnny Ringo | December 20, 2006 5:02 PM | Report abuse

If anything is secure it must be the xbox 360. i'm waiting to see if someone could put linux on it but it's going to be tough

Posted by: arielb | December 20, 2006 5:04 PM | Report abuse

@Johnny Ringo

Wow. You're more of a moron than that Gruber.

Posted by: Fred Fanboy Fighter | December 20, 2006 5:14 PM | Report abuse

antibozo

Look..., you've got enough wars going on without me.
I don't know your reasons, maybe you're a schill, but you really seem to dislike Macs.

(I like your comment about playing with the big boys, as a midrange PC, I feel put in my place)

About the one button mouse myth.
Macs have been multi button aware, for a long time, as mentioned elsewhere in this thread.
So what's the big deal, blow twenty big ones, and buy a 2, 3, 4 button, whatever. (control + click)

I use three mice, for different jobs.
I can plug them in, one at a time, or all at once, and sometimes I have all three plugged in, depending on what I'm doing.
My main mouse, is a programmable, 6 button mouse, with scroll wheel, by logitech.
If the application/program I'm using, recognizes all my bottons, great.
If not, I open my mouse preferences, and tell it what I want it to do.
Same with my MaCally trackball.
I can dial in each individual app, or universal settings, or system default, or whatever, and use whichever mouse I choose, for whatever task I choose, as it should be, not a lot different than any other OS.
Takes a few seconds.

Listen, nice to hear from you, good luck, say hello to everyone at corporate HQ, Best Buy, Starbucks, or wherever you hang around.

Seasons Greetings, and try being a little less anal retentive.

Posted by: Big Bill | December 20, 2006 5:20 PM | Report abuse

"Apple's biggest step forward in its entire history was to switch to the Intel processor" Baloney!
Maybe in the eyes of someone that has been locked into the X86 architecture since the '80s, but the real reason Apple adopted that chip was to have access to cooler running chips, and a supplier that kept it's processor speeds progressing on a regular basis. The PPC chip was and is in many ways still a better processor than the X86 is, but Motorola wasn't interested in the continued development of that chip for personal computers. Rather they were steering it towards use as an embedded processor for commonplace appliances and the like. Changing processors had little or no effect on the average Mac users computing experience. Again it's the Mac OS that makes the difference.

Posted by: Fan of Green Links | December 20, 2006 5:55 PM | Report abuse

Ok now I'm just sick of PC users.

Look us Mac users are sick of you PC users give us so much hassle when we give you advice about trying Mac OS X.

All we hear from PC users is "Do you know how to fix this problem?" "Do you know how to avoid that problem?" "What do I do about this virus?" What do I do about that malware?" Why is my freakin PC not working AGAIN?"

We Mac users get high a mighty because we wish you would take the hint and leave us alone instead of hounding us because of your choice of OS that keeps breaking.

Please either stop asking us about OS X and accept your Win OS or try it OS X YOURSELVES and see that we are not telling lies.

OS X isn't perfect, no one said it was, it just works for Mac users and that's why we stick with it.

I'm willing to be that Windows ports to Unix in the end anyway.

If you ask me, PC users are always so angry is because they get so frustrated with Windows.


Posted by: Chris | December 20, 2006 6:03 PM | Report abuse

Big Bill> I don't know your reasons, maybe you're a schill, but you really seem to dislike Macs.

If you mean shill, no, I'm not a shill. I'm a network security consultant. I dislike systems that don't play well with other systems, and Macs certainly qualify in certain areas, though they've improved markedly with OS X. See linuxelf's postings if you want to understand this better.

Big Bill> My main mouse, is a programmable, 6 button mouse, with scroll wheel, by logitech.

Exactly. Multi-button mouse by Logitech, not Apple. (You should try Wacom too if you're interested in a tablet with multi-button mouse support.)

Big Bill> If the application/program I'm using, recognizes all my bottons, great.

Exactly. If it recognizes your buttons, great.

Big Bill> If not, I open my mouse preferences, and tell it what I want it to do.

Exactly. You have to tell it what you want it to do.

You should go back and read more carefully. The comment that started this particular thread was Link Greene's assertion that Apple is focused on ease of use. I mentioned the one-button mouse as a fairly obvious example of how Apple has been antagonistic to ease of use for nearly as long as they've been operating. Now you're chiming in to provide evidence that substatiates my statements, while tossing in a few personal attacks.

So what's you're point again? Focus this time.

Posted by: antibozo | December 20, 2006 6:08 PM | Report abuse

antibozo "network security consultant"

What is the most used server system in the world??

It is Microsoft? NO it's bloody not. Infact most server software is more like OS X back end that Microsoft.

If you can't get your servers to work well with OS X then maybe it's you not working well with your software.

As for Logitec, ever heard of a Mighty Mouse? Didn't think so mate.

Also just for your entertainment:-

By Mitch Wagner, InternetWeek

5:23 PM EST Wed., Aug. 20, 2003
Microsoft has made a big deal out of asserting that Linux is not fit for the enterprise. But Microsoft itself is using Linux to help protect its servers against denial-of-service attacks.


Mmmmmmm Microsoft really seems to trust it's own software so much it doesn't use it on some of it's servers.

Posted by: Chris | December 20, 2006 6:21 PM | Report abuse

Chris, if you would read you would see that I am not a Windows advocate. So please reserve your remarks for someone who is. You're preaching to the choir.

Posted by: antibozo | December 20, 2006 6:26 PM | Report abuse

Thank god for that, well maybe you should explain yourself better.

Posted by: Chris | December 20, 2006 6:29 PM | Report abuse

Chris> Thank god for that, well maybe you should explain yourself better.

I've been perfectly clear. You should read.

Posted by: antibozo | December 20, 2006 6:44 PM | Report abuse

"I mentioned the one-button mouse as a fairly obvious example of how Apple has been antagonistic to ease of use for nearly as long as they've been operating."

That has to be one of the stupidest things I've ever heard anyone say. You are an idiot. Just because you don't like one button mice you come up with the "fact" that multi button mice are easier to use. Many studies were done with subjects at Apple during the development stage of the Macintosh that proved that more people worked more efficiently, and learned how to operate the machine faster with a single button mouse. These studies have been repeated in later years, and found to be true today as well with new computer users. Keep It Simple Stupid is the saying, and in this case it applies. For so many years, all the Windows fanboys could come up with when asked why "Macs suck" were these two old saws. "You have to throw the disk away to eject it" and "the mouse only has one button". I think I know where your opinions are coming from. Another possibility, your very career (if in fact it's true), that you are some kind of "network security specialist". That would automatically place you in an antagonistic position against Mac enthusiasts, because you have little or no place in our world, and probably despise having the inherent security of Macs in your face. Anyway, I'm done here. I think anyone reading back thorugh your rants can see you for what you are. A bigoted PC user.
Adios

Posted by: Link Greene | December 20, 2006 6:48 PM | Report abuse

I wonder if there is a normal person here. Because I see Mac advocates and windows advocates. But what I don't see is the normal person. Is here a normal person? And if so what is your opinion?

Posted by: KBR | December 20, 2006 7:23 PM | Report abuse

Link Greene> Just because you don't like one button mice you come up with the "fact" that multi button mice are easier to use.

I don't know why you're quoting the word "fact"; I don't believe I've used that word once in this entire conversation. You must have me confused with someone else, perhaps one of the many other posters (including you), who keep touting "facts".

Multi-button mice *are* easier to use--this is obvious to anyone who spends any amount of time using both single-button and multi-button mice--and every GUI-based system I know of other than the Mac (there are quite a few) has featured at least two buttons for as long as I can remember.

Link Greene> that more people worked more efficiently, and learned how to operate the machine faster with a single button mouse.

Yes, and people learn to type faster when they confine themselves to the home row. You're confusing "easy to learn" with "easy to use". You really don't think a scroll wheel or right-click context submenu makes a system easier to use? Have you never used a system with these features?

Link Greene> probably despise having the inherent security of Macs in your face

To the extent that Macs are "in my face" it is as a network admin having to figure out how to get them to cooperate with the other systems on my networks. I rarely encounter MacOS in my security work because my focus is on server software, very little of which runs on MacOS (and most of that which does is platform-agnostic, i.e. Java-based).

Link Greene> I think anyone reading back thorugh your rants can see you for what you are. A bigoted PC user.

I think anyone who takes the time to read back through my postings will see that I specifically do not advocate the use of Windows, that I generally agree that Mac OS X is more secure than Windows, and that I prefer GNU/Linux/KDE (you should try it). Those people would have to read what I actually wrote, of course, and not depend on their own zeal and prejudice to inform them.

But it is true that I run Linux on PC hardware.

Link Greene> Adios

Tchau. See you on the funway.

Posted by: antibozo | December 20, 2006 7:52 PM | Report abuse

@antibozo: Apple has come out with one of the nicest 4 button mice with a scroll "pea" (scrolls up, down, sideways and diagonally) on the market, I think. It's called the Mighty Mouse (yes, they licensed the name).

Late to the party, but still stylish!

Posted by: sheldon c | December 20, 2006 8:56 PM | Report abuse

sheldon c> Late to the party, but still stylish!

Agreed--that's what I was alluding to when I said earlier that it took them so long to figure out that a mouse should have more than one button, and that they were finally treating a multi-button mouse as standard equipment (though I don't know if it's in any of their standard packages right now).

I'm not sure about the scroll pea, or "scroll ball" as they call it; lateral articulation in the middle finger is relatively weak (unless you're Charles Bronson in "The Mechanic"), and the lateral range of motion is tiny compared to the longitudinal. But we'll see. I have yet to try one. I'm happy to hear others' reviews.

One unfortunate thing I notice from the web site is that they're still touting Bluetooth as "secure".

Posted by: antibozo | December 20, 2006 9:42 PM | Report abuse

antibozo:

Your arguments seem to be based on the idea that it's better to buy cheap PC hardware. I've been a PC user since the original IBM PC and was a Windoze fanboy since Win2k, trashing Macs as many have been doing here.

Then a friend of mine bought a 15" MacBook. I played with it for about half an hour and only a few weeks later picked up a 13" MacBook of my own.

Why? Because it's an awesome laptop. It's small, light, stylish and has pretty much every bell and whistle you could ask for, and a bunch I would never have thought of myself such as the magnetic power cable, HD saving motion sensors, slot-load DVD, magnetic lid clasp and more. And all for a comparable price to the competition.

It's also the most flexible in terms of software: If you have to use Windoze it will do that. If you prefer Linux it will do that too. And, unlike most laptops, if you like OSX it will also run that.

Of course it depends on your needs, but what I've found is that OSX does everything you'd need on a personal level, and it will also run Windoze for those with more specific needs. Personally I use OSX at home and Windoze at work and find it to be an excellent combination of amazing hardware and software suited to the task at hand.

I guess this isn't really on the topic of security, but to that end I will say that I have no experienced any problems with that on my Mac whereas even with my advanced knowledge of Windows and security I have still run into the odd bit of malware on my PC desktop.

I've used both and I have the knowledge and experience to make a sound, unbiased judgement, and in my opinion a better computing solution simply doesn't exist today.

Posted by: Graham J | December 21, 2006 12:13 AM | Report abuse

To all Win fanboys that criticize Apple's late introduction of a multibutton mouse:

It clearly shows you have never really looked at the classic Mac OS (9.x and before). On the classic Mac OS YOU DIDN'T NEED two or more mouse buttons for everything to work. That was the beauty of the classic Mac OS' simplicity of use! As a general rule for a user interface it's still valid to say that more button, more options create more confusion. Not all computer users are total 'puter nerds like you and I who are hanging out at places like this instead of getting a life.

Posted by: Dominik Schmid | December 21, 2006 2:43 AM | Report abuse

To all Win fanboys that criticize Apple's late introduction of a multibutton mouse:

It clearly shows you have never really looked at the classic Mac OS (9.x and before). On the classic Mac OS YOU DIDN'T NEED two or more mouse buttons for everything to work. That was the beauty of the classic Mac OS' simplicity of use! As a general rule for a user interface it's still valid to say that more button, more options create more confusion. Not all computer users are 'puter nerds like you and I who are hanging out at places like this instead of getting a life.

Posted by: Dominik Schmid | December 21, 2006 2:44 AM | Report abuse

To all Win fanboys that criticize Apple's late introduction of a multibutton mouse:

It clearly shows you have never really looked at the classic Mac OS (9.x and before). On the classic Mac OS YOU DIDN'T NEED two or more mouse buttons for everything to work. That was the beauty of the classic Mac OS' simplicity of use! As a general rule for a user interface it's still valid to say that more button, more options create more confusion. Not all computer users are total 'puter nerds like you and I who are hanging out at places like this instead of getting a life.

Posted by: Dominik Schmid | December 21, 2006 2:45 AM | Report abuse

Sorry for the triple post. My Firefox 2.0.0.1 is misbehaving... On my work PC under Win 2K, BTW.

Posted by: Dominik Schmid | December 21, 2006 2:57 AM | Report abuse

Dominik Schmid> To all Win fanboys that criticize Apple's late introduction of a multibutton mouse:
Dominik Schmid> It clearly shows you have never really looked at the classic Mac OS (9.x and before). On the classic Mac OS YOU DIDN'T NEED two or more mouse buttons for everything to work.

Ah, another one with the reactionary non sequiturs. Go back and read what I posted until you begin to see the words I actually wrote, rather than the words you imagine that I wrote. You'll be able to tell this is happening when you discover, to your amazement and surprise, that I am not a "Windows fanboy". Then maybe we'll have a basis for further discussion.

Dominik Schmid> As a general rule for a user interface it's still valid to say that more button, more options create more confusion.
Dominik Schmid> Sorry for the triple post. My Firefox 2.0.0.1 is misbehaving... On my work PC under Win 2K, BTW.

Maybe you got confused by the extra button and scroll wheel on your mouse. The whole system would be easier to use if you'd just stop using that button, actually. A lot of people find it just presents too many options. ;^)

Posted by: antibozo | December 21, 2006 4:39 AM | Report abuse

Graham J> Your arguments seem to be based on the idea that it's better to buy cheap PC hardware.

Not sure which specific discussion you're referring to, but I'll try to clarify.

I prefer to buy not cheap hardware, but easily repurposed hardware. I regularly spec Intel systems that cost in excess of $30K. I also spec inexpensive desktop systems. It's nice when the server systems and the desktop systems share the same architecture because then binaries built for one target work on the other. It's also nice when a system can be repurposed from a sysadmin's desktop to an HR drone's desktop, or even serve as a development server. The platform that works for all of this historically is the Intel PC platform.

Now that Macs are running on Intel, there is the hope for them to participate in this kind of scenario, which I why I say it's the biggest step forward for Apple in their history. They're still a long way from having systems that could replace the heavier Intel servers I buy, but at least it's moving in that direction. The Xserve is a good start, though it seems to lack onboard RAID 5, and has no track record as of yet.

Of course, one would need the option of buying the Mac for less without an OS and then running another OS on it natively without having to install MacOS on it first for this to be really worthwhile.

I'm sure your Macbook is very nice and that you enjoy it a lot. But the desktop and laptop are only part of the picture for the enterprise, and Apple has a ways to go yet.

Posted by: antibozo | December 21, 2006 5:19 AM | Report abuse

antibozo: Hello? WTF are you talking about? I wasn't calling you specifically a Win fanboy. I wasn't even specifically replying to your statements. So chill it, dude...

Oh, and I mentioned a Firefox problem, not a mouse problem. OK?

Posted by: Dominik Schmid | December 21, 2006 6:10 AM | Report abuse

Besides: Did you even read the point I was trying to make? That under the classic Mac OS you didn't need more than one mouse button? Shall I repeat myself?

Posted by: Dominik Schmid | December 21, 2006 6:20 AM | Report abuse

Linux *IS* the most secure and always will be; besides the point I have been using Windows XP for 4 years and never have had a Virus. How you say? Easy, simply used the Firewall and Anti-Virus that came already installed (McAffe) which would update silently and I never went to shady sites nor executed suspicious programs. As long as my Firewall is running the chance of Malware getting past that is very *SLIM*; even if it *SOMEHOW* did get past this then my computer would be updated so if I was still vulnerable then it would be detected and deleted. If all else failed which would never happen because I also have a Router-Firewall then I would just do a system restore. I also get work done twice as fast then Mac because I am able to right click which is twice as efficient then holding one *MASSIVE* button down. Don't forget Mac is based on an *OLD* obsolete kernel which is updated by absurd developers. So is Mac right for anyone? Nope. It sucks. BTW recent trends have shown the popular Linux distribution Ubuntu infamous for its user-friendly user interface to be more popular then Mac; Pwnt? I think so!

Posted by: Ryu | December 21, 2006 6:59 AM | Report abuse

Oh; I forgot, most of you don't know but early Viruses were programmed towards Apple systems first; LOL? Also Web Browsers featured on Mac, Windows, and Linux all have flaws as soon they are found it doesn't matter what system you have. Though thats just another reason to run Web Browsers with hardly and privileges ;)

Posted by: Ryu | December 21, 2006 7:07 AM | Report abuse

Does this Ryu guy make any sense at all? What language is he writing in?

No-one who feels "pwnt" and "lol" are part of a serious discussion is liable to be listened to, honestly.

Most of Mac users here are not trying to prove anything - we're happy with our machines, and most will be very interested to see what bugs are uncovered, and how quickly Apple plugs the holes. Quite why as always others who have little or no experience of MacOS ("old obsolete kernel... absurd developers..." *sigh*) feel that it's an excuse to get on their high horse and try to prove a point is beyond me.

Seriously though, why do people get so irate over this? You don't see people screaming about why their food-processor is better than someone else's, do you? Grow up.

Posted by: Richard | December 21, 2006 7:15 AM | Report abuse

Ryu you are showing your age. Peronsally I think you have a few friends that got you into Linux, but mostly your a Windows person. I also think you are qouting facts that you think you know and have over heard from proper Linux people.

Mac OS X is based on UNIX chum, not Linux.

Posted by: Chris | December 21, 2006 8:50 AM | Report abuse

Any Ryu, this link is my christmas present to you my friend.

http://www.apple.com/macosx/features/unix/

Enjoy.

Oh and everyone, lets not forget that Bill Gates has 25 million dollars in Apple shares.

Posted by: Chris | December 21, 2006 8:54 AM | Report abuse

I love Apple

Posted by: Chris | December 21, 2006 8:56 AM | Report abuse

Windows went Pear shaped a long time ago.

Posted by: Chris | December 21, 2006 8:59 AM | Report abuse

Nicely put, Chris. Happy Christmas to everybody!

Posted by: Dominik Schmid | December 21, 2006 9:12 AM | Report abuse

Thanks Dominik, Happy Christmas to Mac, Windows and Linux/Unix users

Posted by: Chris | December 21, 2006 9:42 AM | Report abuse

This all sounds like ; "My bowl of cornflakes is better than your bowl of Cheerios". CHEESES!!!
What happened to LMH ??

Confusion will be my epitaph.
As I crawl a cracked and broken path
If we make it we can all sit back
And laugh.
But I fear tomorrow Ill be crying,
Yes I fear tomorrow Ill be crying.
King Crimson

Posted by: forget about it | December 21, 2006 10:11 AM | Report abuse

Chris: You're the one with the faulty G4, right? Could you solve the issue or narrow its causes down yet?

Posted by: Dominik Schmid | December 21, 2006 10:12 AM | Report abuse

Hi Dominik, sorry no that isn't me. I've fixed many many of my own Macs in the past. Never had one I couldn't fix yet.

Posted by: Chris | December 21, 2006 10:27 AM | Report abuse

I think the person with kernal panics probably needs new RAM or more ram and a fresh install/Permissions check. Plus older Macs can benefit from newer faster HDs.

Posted by: Chris | December 21, 2006 10:30 AM | Report abuse

Also one thing all OS users need to remember is that any OS system likes to have plenty of free HD space.

Posted by: Chris | December 21, 2006 10:31 AM | Report abuse

OK...
I have to say, I'm using my Mac for almost 5 years now; just about when MacOS 10.1 came out. Next to it I still use a Windows PC too. But ever since I stopped using the Windows PC for browsing the internet of email, the thing didn't make me spent the well-known long nights of reinstalling. Most PC users probably recognise it too... It's 8 pm and you just briefly want to check the email - then it's 1 am; you still haven't checked the email and you're about to do a fresh reinstall of Windows (again!) because Outlook still isn't doing what you want. By 3:30am you decide to go to bed, to at least get a few hours of sleep before work.

Eventually I switched to harddisk imaging software to quicken the restoring process, but still... late late nights.

But that stopped when I bought my first Mac... If there are late late late very late nights... then I actually am working, and not reinstalling and cursing out loud.

Wel... nowadays the PC is still connected to the network, but since I started to use a hardware firewall that blocks serveral malicious protocols like Microsoft's Active-X, the PC didn't need as much of reinstalling as before. It also blocks most advertiser servers, which removed the need for spyware-scanners installed on the PC itself.

Maybe LMH could point their arrows to those criminal advertisers like doubleclick.com and valueclick.com - these guys actually install spyware (even on a Mac).

Posted by: PB | December 21, 2006 11:18 AM | Report abuse

Chris> Mac OS X is based on UNIX chum, not Linux.

Chris, Ryu didn't assert that OS X was based on Linux. And OS X is only indirectly based on UNIX; BSD is not UNIX--it's derived from UNIX. You might want to get that straight in your own head before you go correcting someone else on something he didn't even say.

Posted by: antibozo | December 21, 2006 11:44 AM | Report abuse

http://www.apple.com/macosx/features/unix/

Antibozo your just picking small holes in overal facts.

Posted by: Chris | December 21, 2006 11:59 AM | Report abuse

Ryu didn't assert that OS X was based on Linux. Your right antibozo. But he didn't say it wasn't either.

Posted by: Chris | December 21, 2006 12:03 PM | Report abuse

Dominik Schmid> Hello? WTF are you talking about? I wasn't calling you specifically a Win fanboy. I wasn't even specifically replying to your statements. So chill it, dude...

Oh dear--it's worse than I thought. You don't even know that you were replying to me. I was the person who was chastising Apple here for failing to understand multi-button mice for so long.

Dominik Schmid> Besides: Did you even read the point I was trying to make? That under the classic Mac OS you didn't need more than one mouse button? Shall I repeat myself?

Feel free, but read what I wrote first. Your point has already been addressed in full in the postings you were responding to, hence the non-sequitur nature of your statements. Apparently you didn't even read what you're responding to now.

[sigh]

Dominik Schmid> Oh, and I mentioned a Firefox problem, not a mouse problem. OK?

Yes, but it certainly did make for an amusing juxtaposition.

Posted by: antibozo | December 21, 2006 12:05 PM | Report abuse

Chris> Antibozo your just picking small holes in overal facts.

That BSD is not UNIX is not a small fact. If you learn about the history of UNIX and its derivatives you'll understand why. There's a whole legal story there with important precedents, and large swathes of other software are either incidentally affected or governed by a BSD license. UNIX, furthermore, is a trademark that is only applied when an OS satisfies a number of functional criteria and a testing process, and a license fee is paid.

Chris> Ryu didn't assert that OS X was based on Linux. Your right antibozo. But he didn't say it wasn't either.

That sounds like something right out of "Animal Farm".

Posted by: antibozo | December 21, 2006 12:11 PM | Report abuse

Chris, this should give you an idea of the scope of the UNIX lineage:

http://www.levenez.com/unix/history.html

Posted by: antibozo | December 21, 2006 12:20 PM | Report abuse

antibozo are you calling Apple a Lier?

Look at the link I posted and you will see that on Apple's own website they say that OS X is "based" on Unix. Yes they do talk about BSD if you had gone to the link i posted...

Dawin 2000.

http://en.wikipedia.org/wiki/Unix-like

http://en.wikipedia.org/wiki/Darwin_BSD

"There is no formal standard for defining the term, and some difference of opinion is possible as to whether a certain OS is "Unix-like" or not."

Posted by: Chris | December 21, 2006 2:36 PM | Report abuse

I'm going to the pub!

Posted by: Chris | December 21, 2006 2:42 PM | Report abuse

Now I've posted, I'm going to the pub!

Posted by: Chris | December 21, 2006 2:44 PM | Report abuse

I'll have a pint for you antibozo.

Posted by: Chris | December 21, 2006 2:45 PM | Report abuse

Chris> "There is no formal standard for defining the term, and some difference of opinion is possible as to whether a certain OS is "Unix-like" or not."

It would be interesting if that were true of "UNIX". "UNIX-like" is the term people who know what UNIX is use to describe these other OSes.

Here is where you can find some info about the formal standard defining what UNIX is:

http://www.unix.org/what_is_unix.html

Enjoy the pint. Cheers!

Posted by: antibozo | December 21, 2006 2:58 PM | Report abuse

antibozo

Are you disagreeing with the terms used by Apple on their website? Just out of interest?

Posted by: Chris | December 21, 2006 7:12 PM | Report abuse

Are you disagreeing with terms used by Unix developers?

I said "based on". Apple said "based on".

Dawin 2000.

Posted by: chris | December 21, 2006 7:19 PM | Report abuse

antibozo Ballmer

Posted by: Chris | December 21, 2006 7:26 PM | Report abuse

I loved my cider and it was really good to see my mates. Thanks antibozo.

Posted by: chris | December 21, 2006 7:28 PM | Report abuse

http://www.youtube.com/watch?v=j02b8Fuz73A

What did Jobs bring to Mac?

Posted by: Chris | December 21, 2006 7:54 PM | Report abuse

If you look at my earlier comment, you'll see I said that "OS X is only indirectly based on UNIX."

Saying "OS X is based on UNIX" is sort of like saying "Windows Vista is based on MS-DOS"--technically true in terms of partial code lineage, but a lot happened in the middle that is glossed over by the simplified characterization. I suspect Apple's precocious marketing department prefers to cite UNIX because it has a lot more name recognition than BSD.

Can't watch youtube at this time; is that Ballmer's monkey dance? If so, that's a riot. :^)

Posted by: antibozo | December 21, 2006 8:13 PM | Report abuse

Oh, and happy Winter. The solstice passed at 0023 UTC.

Posted by: antibozo | December 21, 2006 8:16 PM | Report abuse

In addition, the Open Group officially disdains the term "UNIX-based". See section 2.1 of the PDF trademark usage guide linked to from this page:

http://www.unix.org/trademark.html

So I would say Apple is using the trademark in an unauthorized way. For practical purposes, it gets a point across, so it's not really a big deal, but I brought up the issue because I suspected you didn't know the ins and outs of this term when you confronted Ryu.

Posted by: antibozo | December 21, 2006 8:35 PM | Report abuse

I think I have proved my point now...antibozo

keep dodging my questions, if politics is what your good at antibozo.

Posted by: Chris | December 21, 2006 8:37 PM | Report abuse

And keep dodging my points...

Posted by: Chris | December 21, 2006 8:38 PM | Report abuse

Chris> I think I have proved my point now...antibozo

Really? What was your point? Please state clearly.

Posted by: antibozo | December 21, 2006 8:40 PM | Report abuse

You should now what I meant by Baller

And... you should know what I meant by the link to Jobs...

Posted by: Chris | December 21, 2006 8:42 PM | Report abuse

Chris> You should now what I meant by Baller

Chris, I haven't the slightest notion what you're on about. You're being far too oblique for me. Maybe that pint went to your head...? :^) Again, please state clearly what your point is.

Posted by: antibozo | December 21, 2006 8:44 PM | Report abuse

My head is fine. Your just use a smoke screen of questions and politics antibozo.

Posted by: Chris | December 21, 2006 8:48 PM | Report abuse

Night night people. Got a job to go to tomorrow.

Posted by: Chris | December 21, 2006 8:49 PM | Report abuse

Mt point was always about getting Ryu to learn a bit more about OS X.

Posted by: Chris | December 21, 2006 8:53 PM | Report abuse

Damn my fingers

Posted by: Chris | December 21, 2006 8:57 PM | Report abuse

Merry Christmas everyone

And it's good night from him (antibozo) and it's good night from me.

Posted by: chris | December 21, 2006 8:58 PM | Report abuse

Please ignore Antibozo he is just a pompus pain in the ass and if we all ignore him maybe he'll go away.

Get a life you geeky little pin-head. You must have got you ass kicked too much as a child and need a reminder of what it was like.

Posted by: NoneOfYourBee'sWax | December 21, 2006 10:24 PM | Report abuse

NoneOfYourBee'sWax> Please ignore Antibozo he is just a pompus pain in the ass

Some folks call me a joker. Some call me the gangster of love. Some folks call me Maurice, 'cause they think I'm a "pompus" pain in the ass.

NoneOfYourBee'sWax> and if we all ignore him maybe he'll go away.

Well, you're off to a great start with that whole ignoring me thing.

NoneOfYourBee'sWax> Get a life you geeky little pin-head.

Well argued, Gruesome.

NoneOfYourBee'sWax> You must have got you ass kicked too much as a child and need a reminder of what it was like.

Congratulations. You win the race to violence. Here--have a lollipop.

Posted by: antibozo | December 22, 2006 4:00 AM | Report abuse

antibozo: I start to like you. No, honestly! Not that I agree with you, but there's something about your humour that makes me like you.

Or maybe it's just Christmas? Who knows. Happy Hanukkah.

Posted by: Dominik Schmid | December 22, 2006 4:51 AM | Report abuse

attn: Ben Kelly in Tampa

"As a casual MAC user" Casual MAC user? Casual MAC users apparently don't know the diff between MAC and a Mac.

"lack of software for MAC" Since Apple conv'd to a UNIX based os the software titles available have grown logarithmically. (look it up)

"After spending 2K I feel like I could have bought a state of the art PC." Hmm... a casual MAC user spends $2000 on a MAC? Sure. Your "2 cents" is obviously a windows user's poorly veiled REcitation of old myths. You are a Mac user just like Bill Gates is. goofball!

Posted by: E Jensen | December 22, 2006 3:04 PM | Report abuse

The Month of Apple Bugs is a rudimentary way of getting attention for oneself after the success of other such "Month of Bugs" campaigns. The people in question who advertise such bugs should also be forthcoming in their solutions to such bugs.

Any simpleton can discover problems especially in software (if there were no problems, the need to upgrade would be moot), but it takes an intelligent person to solve the problems. Based off LMH's commentary, I believe he considers Apple intelligent to do so. Considering he is waiting to expose these bugs on a daily schedule, he also assumes such bugs only take Apple a day to solve, so long as they are dedicated to one problem at a time, though I'm certain LMH has no solutions to these bugs himself or he would have just mentioned directly to Apple. The other possibility is that these "bugs" can be avoided by the average computer user and therefore is being mentioned to the public as opposed to the people who have the power to actually "fix" the bugs.

The Mac OS as well as Microsoft's OS have Software Update programs: neither company wants bugs in their system and even rely on their customers to improve their product, updating their products constantly (hopefully) without breaking anything else that makes their products useable. The fact that this self-important individual knows about problems with an OS and decided to hold back such information must mean he is very happy with they way the OS is currently.

After all, without the OS in its current state, he wouldn't have a month to promote the OS as is. Fortunately, the OS, like most modern OS, will most likely be updated before LMH reaches the end of his laundry list, which according to LMH, is the whole point of his exercise: he's arguing a problem that already has a solution.

Unless LMH has a better solution to the current method, it will be fortunate that Apple and its customers have to deal with this sole person for 30 days.

Posted by: David | December 22, 2006 3:08 PM | Report abuse

E Jensen> Since Apple conv'd to a UNIX based os the software titles available have grown logarithmically. (look it up)

One suspects that you meant to say "grown exponentially". Logarithmic growth would be a big disappointment to most organizations.

Posted by: aeschylus | December 22, 2006 4:01 PM | Report abuse

You know what guys, I hope that this guy trys his month of bug testing and gets caught out.

My guess is he's looking for a job.

Posted by: Chris | December 22, 2006 5:38 PM | Report abuse

It he chooses to make all these bugs public, then he may as
well write down every security flaw and mail it to every hacker
he can find.

I don't know about everyone else, but this seems like a
pointless waste of time. And it's hardly fair, Mac OS X 10.4.9 is
expected around soon with several security updates which they
would not have taken in to account in this upcoming month.

Posted by: iMac600 | December 23, 2006 8:13 AM | Report abuse

iMac600,

I'll agree, for reasons that are perhaps different from yours, that LMH and whoever he's working with are behaving unethically.

And if the vulnerabilities they announce are of low severity, then there's no problem. So let's also assume there will be some severe vulnerabilities among the lot.

So which of the following do you think makes the world safer?

A. Only an anonymous group of unethical people knows about these vulnerabilities, and no one else knows how to protect him- or herself.

B. Everyone knows about these vulnerabilities, and everyone knows how to protect him- or herself.

I suggest you read the following articles to learn more about this issue:

http://en.wikipedia.org/wiki/Full_disclosure
http://en.wikipedia.org/wiki/Security_through_obscurity
http://en.wikipedia.org/wiki/Kerckhoffs%27_principle

Posted by: antibozo | December 23, 2006 6:39 PM | Report abuse

As a Mac developer and user, I've reported a number of security issues to Apple over the years. This type of 'lol i found sumtheeng bad lol' programming is irresponsible at best, and potentially harmful.

He's not going to have any impact on Mac security, as Apple will patch any serious problems he has within days of the news, the same way they've handled most security issues in the past. However, I sincerely hope that if anyone tries to use his exploits to do something nefarious, he will be held accountable in the same way he would be if his site published 'ways to break into my next door neighbor's house'.

There is NOTHING that can be gained by his actions, other than an increase in his own attention whoring. Apple has been very diligent in patching security bugs in the past, this won't change that for better or worse. He's just being a jerk.

-Chilton

Posted by: Chilton Webb | December 24, 2006 8:16 AM | Report abuse

I second those points by antibozo, iMac600 and Chilton Webb, LMH is an unethical jerk!

I would be happy to put money into an account with the intention of taking LMH to court, ok not likely to happen, but still...

Posted by: Chris | December 24, 2006 10:54 AM | Report abuse

@ Nick
>>botnets run from OS X machines but the Borrie himself says their being compromised was down to mis-configurations and weak passwords.

Well, hell's bells, that's what the vast majority of Windows machines being compromised is down to.

@ ""
>>The fact of the matter is most PCs are configured by user error, not by running per microsoft's best practices.

What "user error" are you referring to? "The user trusted Microsoft"?

If "microsoft's best practices" really are so "best", then why doesn't Microsoft ship the OS that way, by default, from the factory?

@ Arnie Rumsden
>>Big Kids, little kids, the fact remains, most people for home use leave their OS settings exactly the way it came out of the box, and that leaves them vulnerable. I don't care if they are not running per Microsoft's best practices, that's the way the machine was sold to them. They shouldn't have to make corrections after the fact to try and secure their machines from vulnerabilities that were left open by default by Microsoft (with the blessings of Dell, Sony, etc.)

(Score: +5, Insightful)

Posted by: Mark Odell | December 24, 2006 3:16 PM | Report abuse

Mark Odell> They shouldn't have to make corrections after the fact to try and secure their machines from vulnerabilities that were left open by default by Microsoft

What in particular are you referring to?

A fully patched Windows PC is not *that* bad, most of the time, especially if you stick with Firefox (and keep Firefox patched). The trick is to get the Windows box patched before it gets compromised. This can be really heinous for people reinstalling a box from CD, because the patch downloads take quite a while.

I don't recommend Windows for most people. But really, everyone should have all their machines--Macs, PCs, whatever--behind a firewall, which will largely mitigate the patch download issue, and also protects against sharing misconfigurations, which can affect Macs, PCs, or anything else equally.

Mark Odell> (Score: +5, Insightful)

Good grief. And people call *me* "pompus". Really, if you want to score yourself this way, try to say something that hasn't already been said fifty million times.

Posted by: antibozo | December 24, 2006 3:58 PM | Report abuse

I have been using both Mac (home) and PCs (0ffice) since 1985 and been through every iteration of Mac laptop from the first 140 to the current Powermac G4. I have used the internet both at home and office with both my Mac and "their" PC. My Wife also has and prefers her PC, which I try and maintain for her.

To sum up my experiences with troubles: I had 1 virus on a Mac in 1994 and fixed it easily, and have had occassional problems that I usually created with my own experimentations. I have ALWAYS been able to fix/repair any problem on my Macs without having to go to an Mac "shop". Not so with the PCs at work, or my Wifes various PCs. They crash, they do weird things with no easily discerned explanation, get mysterious problems that often turn out to be cause by MacAfee or Norton which was supposed to stop them in the first place. But if you goof on a PC and trash a key file, you're screwed! With a Mac I've always been able to transfer a file from a backup and fix whatever was wrong. Good Bless Macs!

Posted by: Dave Gabriel | December 25, 2006 1:25 PM | Report abuse

Did someone say this was funny? Not if you're a Mac user. Month of Bugs will do little but draw hackers to the Mac looking for a challenge and trying to take Mac down, for which Apple will then have to issue a bunch of patches which all we Mac users will then have to download and install. Thanks a lot, Kevin Finisterre and LMH - I always wanted my Mac to be just as *(&^%%3ed up as my PC!

Posted by: JKM | December 26, 2006 2:12 PM | Report abuse

antibozo,

>>Mark Odell> They shouldn't have to make corrections after the fact to try and secure their machines from vulnerabilities that were left open by default by Microsoft
>>
>>What in particular are you referring to?

First, those words are Arnie Rumsden's, not mine (scroll back up and note the ">>").

Second, to answer your question:
http://www.hsc.fr/ressources/breves/min_w2k3_net_srv.html.en
http://windowssecrets.com/comp/061026#story1

>>Good grief. And people call *me* "pompus". Really, if you want to score yourself this way, try to say something that hasn't already been said fifty million times.

You misunderstand; again, I was quoting Mr. Rumsden, and scoring *him*.

Posted by: Mark Odell | December 26, 2006 2:32 PM | Report abuse

Mark Odell> You misunderstand; again, I was quoting Mr. Rumsden, and scoring *him*.

In that case, I take it back, but mod you -1 Unclear, and -1 Excessive quoting. Sorry, but if you put a Slashdot score at the end of a comment, it looks like a score on the comment, not on the quoted material.

Posted by: antibozo | December 26, 2006 2:49 PM | Report abuse

To be honest I am looking forward to January, to see how Tiger will score. But one thing does worry me, and that is the fact that somewhere on the web there will be a route-map how to break in, or damage my macs. It is the same as a route-map on how to break in into my house. And that makes me (...). I wouldn't mind that it was first presented to Apple, Apple would then make a fix and than publish the findings.

I wonder, how it is in the home country of LMH, when somebody gives information to an other person on how the steal, break in, or even give hints on how to do this things? Because in my country LMH can be held as an accomplice.

So I wonder, could it be possible to start a legal procedure for accessory against LMH because?

Posted by: KBR | December 26, 2006 5:02 PM | Report abuse

KBR> I wonder, how it is in the home country of LMH, when somebody gives information to an other person on how the steal, break in, or even give hints on how to do this things? Because in my country LMH can be held as an accomplice.

Nonsense. To be an accomplice, one must actively participate in a specific crime which one knows is being committed.

LMH is not telling anyone how to break in to *your* system; LMH doesn't even know you, and certainly doesn't know whether you have a Mac. LMH may reveal information about vulnerabilities most or all Macs have, but he or she will be revealing them to *everyone*, including you, so you'll be able to protect yourself. If LMH shared the information only with his or her acquaintances, and one of those acquaintances used it to break into your computer, then LMH *might* conceivably be held as an accomplice, accessory, or conspirator if he or she provided specific guidance on how to use the information in a crime that he or she knew about. Providing general information to the public that someone else later uses to commit a crime does not make one a party to the crime.

Earlier, someone called 'K' tried to draw a parallel with revealing the location of a "secret stash of guns". This is also nonsense. A better analogy would be someone's informing everyone that there is a secret stash of guns under a paving stone on every street corner, so people had better either go secure all those guns, or buy themselves Kevlar vests and be careful.

I agree that LMH should give Apple advance warning. I vehemently disagree with the suggestion that he or she is somehow abetting a crime which hasn't even occurred yet.

Posted by: antibozo | December 26, 2006 7:04 PM | Report abuse

Here's food for thought, if OS X is such a great operating system, then why doesn't Apple allow PCs built by other manufacturers to install it? That really bothers me.

I think that a lot of Mac users don't realize that their Mac is actually just another PC. It has similar hardware (Intel Macs at least) and can run most Operating Systems natively (well, almost). The only difference is that it comes preloaded with OS X instead of another Operating System.

My point is this: I think OS X has great qualities, but being limited to only using Apple hardware is a HUGE setback IMO. Until OS X can run on non-Apple hardware, I will never truly consider it comparable to other Operating Systems. I don't want to be locked in to one computer manufacturer based on the operating system that I use.

If Windows can run on Apple PCs, why shouldn't OS X run on a Dell, Acer, Custom-built, etc ? Is it driver issues? If it is, then why do other operating systems have better driver support and why can't OS X?

As sick as this may sound, I don't want an Apple PC. I want to run OS X on my Dell or any other spare PC that I have just like I do with Linux and Windows. That's my biggest turnoff towards Apple.

Posted by: Boyd | December 28, 2006 9:50 AM | Report abuse

Anyone who says 'MAC' when discussing Macintosh computers is a tard.

-Owl

Posted by: OwlBoy | December 28, 2006 2:16 PM | Report abuse

Apple is a hardware and software manufacturer. It makes its money on both. Microsoft, on the other hand, was always primarily a software company.

Apple did go the third party route for a brief time in the 1990s, but it didn't work. If I recall that coincided with their lowest point as a company. Their recent huge gains, besides happening at the direction of Jobs, also took place as their hardware sales (including iPods) fared much better.

Posted by: Johnny Ringo | December 28, 2006 6:18 PM | Report abuse

Posted by: Steve | December 31, 2006 6:04 AM | Report abuse

In case it's not clear, the links posted by Steve above are for the official blog about the Month Of Apple Bugs and the MOAB site itself, respectively. No bugs posted as of this moment, but there is an FAQ on the latter site.

Happy new year to everyone.

Posted by: antibozo | January 1, 2007 11:42 AM | Report abuse

Posted by: Alpha | January 2, 2007 2:58 AM | Report abuse

The only thing that bugs me is he, she, it included the code!!!

Posted by: kaekae | January 2, 2007 4:52 PM | Report abuse

I think all these OS X haters have a tremendous inferiority complex because of what they have to endure with Windows. They see things that aren't there. They seem to be the only ones who claim that OS X is invulnerable. No Mac users I have ever talked to or read about ever said that. All Mac users are smug? No, not really. It just appears that way to you. I have seen far more rabid Windows fans.

Posted by: Radius | January 2, 2007 6:48 PM | Report abuse

"In my experience most Mac haters have not used or owned a Mac. If they have used a Mac, it was many years ago or for less than a couple of hours."

I Started on a MAC and used one for years. I will never use a MAC again as long as I live. I consider anything from Apple: Over priced, useless trash from the most arrogant company on the planet.

I agree with not informing Apple or any other vendor in advance. At least it would get due attention rather than just falling into the Apple bug reporting void!

But, with the case of the Videolan exploit, since this is an open source project, why not just download the source code and fix it? I do not consider this Apple's responsibility to fix this exploit!

As for the SlowTime exploit, well that useless player should just be eliminated from the planet. The best option for that is to uninstall

Posted by: gazoo | January 2, 2007 8:13 PM | Report abuse

gazoo> But, with the case of the Videolan exploit, since this is an open source project, why not just download the source code and fix it? I do not consider this Apple's responsibility to fix this exploit!

You miss the point of the exploit, which is to show that the no-execute page mappings on Intel Macs are not sufficient to prevent real-world attacks, and that Apple hasn't done as much as others have to mitigate heap-based attacks. For example, some Linux distros employ heap and shared library base address randomization to mitigate heap and return-into-libc type exploits. For example, see:

http://en.wikipedia.org/wiki/Exec_Shield

And read the "Non eXecutable Stack Lovin on OSX86" document that is linked to from the advisory.

Posted by: antibozo | January 3, 2007 2:48 AM | Report abuse

Just an observation. So far, the first two bugs/flaws/whatever they have found would seem to be applicable to Windows as well. So... Perhaps they should think of renaming their "Month of Apple Bugs" to the "Month of Apple Bugs Affecting Windows too" (MOAB to MOABAW if you like).

Posted by: zkiwi | January 3, 2007 5:46 AM | Report abuse

zkiwi> Perhaps they should think of renaming their "Month of Apple Bugs" to the "Month of Apple Bugs Affecting Windows too" (MOAB to MOABAW if you like).

First of all, it's a bit premature to make generalizations about the vulnerabilities.

Second, perhaps you missed the name of the campaign: it's the "Month of Apple Bugs", not the "Month of Mac OS X Bugs". The QuickTime vulnerabilities may affect every OS that Apple chooses to release QuickTime for; if that happens to include Windows, that's Apple's choice. The VideoLAN vulnerability may also affect Windows, BeOS, Linux, QNX, FreeBSD, NetBSD, Solaris, and possibly others. So what?

Posted by: antibozo | January 4, 2007 12:35 AM | Report abuse

Yawn...Pretty underwhelming showing so far by the MOAB boys. Not a surprise however. I think this is pretty much what we all expected. But now we know why they don't want to identify themselves. Might make it a little tough when they have to head out into the real world and look for a job. :-)

Posted by: Lebowski | January 4, 2007 11:26 AM | Report abuse

I'm not much of a computer person but use a couple 1-2 hours a day. PC at work and mac at home. A mac friend told me about this MOAB and I have read all these posts, very funny btw. The main reason I am writing this is for somebody to really dumb this stuff down because I have also read all of LMH'S MOAB posts on the web and don't understand any of it. Is there really any threat, I have not had any probs w/ my mac. Is anybody really uninstalling QuickTime? I do drink lots of Apple Kool-Aid, is there a real threat for a generic mac user like me? Just wondering.

Posted by: Football Guy | January 5, 2007 1:08 AM | Report abuse

This is not a pair of researchers. From the diversity of styles of coding I've seen in the proof-of-concept scripts, it appears there are several people working on this.

The anonymity of the people raises questions as to their motivations. Although the side-effects of their efforts are beneficial to us in the long run, there's no question that their main motivation is to embarrass Apple and denigrate its user base. The comments in their scripts and on their web site overrides any feigned pretense of seeking to help the community.

Where is their funding coming from? Some suspects have the motivation to humiliate Apple, not too hard to guess who. I wouldn't be surprised if there is a wealthy contributor funding MOAB. In that case, this becomes more an act of terror than of open source idealism.

Posted by: HG | January 5, 2007 8:24 AM | Report abuse

@Football Guy

I wouldn't remove QuickTime or any Apple application for that matter over this.

There is a big hurdle to overcome to get from the proof-of-concept materials that MOAB is releasing to an attack that hits Mac users.

1) There aren't that many people who understand this low a level vulnerability either. So the motivated attackers will be few.

2) The Mac user base is small. So if one Mac is attacked finding another Mac to attack nearby will be difficult. This makes it unnattractive for would-be attackers to even take up the jihad because there isn't the big payoff of having a lot of damage done all at once. (Does this sound familiar? Not unlike Alkaida.)

3) These vulnerabilities are being patched by third parties immediately as they're announced. See Landon Fuller's web site (http://landonf.bikemonkey.org/code/macosx/).

4) Apple is not far behind in patching what is their responsibility in this. Mac OS X has the ability to run updates automatically. So leave this feature on and you'll see patches coming from Apple soon.

5) The vulnerabilities MOAB has produced so far are file based. That means you have to accept the file onto your computer and then be tricked into running it. The common sense thing to do in this situation is to not accept any files in emails from strangers and avoid web sites that are not reputable.

Hope that helps.

Posted by: HG | January 5, 2007 8:46 AM | Report abuse

HG> 1) There aren't that many people who understand this low a level vulnerability either.

Yes, there are.

HG> 5) The vulnerabilities MOAB has produced so far are file based.

No they aren't.

HG> 2) The Mac user base is small. So if one Mac is attacked finding another Mac to attack nearby will be difficult.

So you're saying that a Mac OS worm won't propagate as fast as a Windows worm. So what? And I thought you said the vulnerabilities were "file-based".

Even if worms were the issue of concern, consider the SQL Slammer worm. That worm caused massive disruption to Internet operations, even though it only infected Windows boxes with unpatched MS SQL Server or MSDE installed.

HG> 4) Apple is not far behind in patching what is their responsibility in this.

It's all their responsibility, so far. And don't expect to see a patch for the issue in MOAB #2 for a long time. Putting in better mitigation for the underlying issue (lack of address space randomization) requires modifying the dynamic loader as well as recompiling all the system libraries. That's going to take some major testing, and may involve changing other things.

It's silly beyond words to attempt to estimate the risk of these vulnerabilities' becoming a problem for a given user. Even if we knew the user's browsing habits, we wouldn't have enough information to even begin to judge the risk. Will someone roll one of these exploits into the next MySpace worm? Who knows?

Posted by: antibozo | January 5, 2007 12:32 PM | Report abuse

The "Month of Apple Bugs" is an appropriate and necessary response to Apple's recent mis-leading ad campaigns. Security Experts claim that there's nothing inherent in MacOS that makes it any safer. For a good commentary, see this article:

http://www.angryfrozenhead.com/articles/Jan2007/TwoCities.html

Posted by: Robert | January 5, 2007 3:49 PM | Report abuse

"At least it would get due attention"
Actually, it probably gets LESS attention simply because it is a "stunt".

"rather than just falling into the Apple bug reporting void!"
What "Apple bug reporting void" would that be?


Besides, usually bugs are sent to the company and released to the public after a few weeks. This is to allow the company time to fix it.
As it is, it's simply (attempting) to punish users, assuming the bugs get exploited and screw up someones system.

Posted by: Chris | January 5, 2007 6:23 PM | Report abuse

Chris> Besides, usually bugs are sent to the company and released to the public after a few weeks. This is to allow the company time to fix it.

One might conjecture that LMH &c observed what happened to Kevin Maynor and Johnny Cache when they attempted responsible disclosure with Apple, and decided they wouldn't take any chances with Apple's PR department.

Posted by: antibozo | January 5, 2007 6:52 PM | Report abuse

Thanks for the help HG. Hey antibozo or anyone else, so what is going to happen if I come across this stuff and realistically will I. Will I know I have. What will happen to my computer.I never open stupid email attachments and other click for a free PSP or that kind of nonsense, you know like the ones from nigeria wanting me to help them get 25,000,000 dollars etc. Do I really need to be careful opening QT or anything else?? Who is truly targeted by this stuff, serious computer people or just regular ho-hum users. If anyone is really BORED it would great if you would explain these bugs in laymen's terms, I mean really really bored. I am especially curious what the bug on Jan 5th does, Totally Greek to me. I checked out the link by Robert, does anyone elses mac freeze like that, mine never has, does something in particular trigger that?

Posted by: Football Guy | January 5, 2007 9:53 PM | Report abuse

Robert says: "Apple's recent mis-leading ad campaigns."

Please provide the evidence. I've never seen it.

Posted by: HG | January 6, 2007 12:17 AM | Report abuse

Robert writes: "The "Month of Apple Bugs" is an appropriate and necessary response to Apple's recent mis-leading ad campaigns."

I read your link. Without presenting examples the claims are pointless. I don't know what you mean by saying 'misleading' or what the blogger means by saying 'viral marketing strategy'.

Can you show me or illustrate a viral marketing campaign Apple has done that claims or even implies that Macs are 100% secure?

You mean to tell me that the NSA's approval of Panther's (10.3) default security model was bought by Apple? Here's a paragraph:

"The system's default configuration is one of the most important security features provided by Mac OS X. First, as stated above, the root account comes disabled in Mac OS X. Second, network services are all initially disabled. Third, the initial logging setup is consistent with good security practice."

From http://www.nsa.gov/snac/os/applemac/osx_client_final_v_1_1.pdf

Apple filled a void. They introduced common sense and easy to use security features when Microsoft and Linux couldn't. If any disproportionate sentiment toward Apple security exists, it's as much due to these failed attempts by Apple's competitors. I doubt the sentiment is as gushing or delusional as you and your kind suggest though.

The MOAB project reminds us that security is a moving target. What was acceptable, even by NSA just three years ago, isn't enough today, especially with all the rapid development Apple is churning out these days.

MOAB could lead Apple (and Darwin) into an unprecedented rapid development cycle--fixing bugs more quickly. The dynamic has started...
http://landonf.bikemonkey.org/code/macosx/

Posted by: HG | January 6, 2007 2:08 AM | Report abuse

@Football Guy

I don't have time to answer all your questions, but here are the important points.

One couldn't say if you'll come across an attack without knowing more about your computing habits.

Will anyone be attacked? It's a bit early to tell. I haven't heard of an attack in the wild yet, but the clock is ticking. The sooner you patch the better, especially if you're not able to monitor the sites you visit or email you get. I strongly urge seeing Landon Fuller's site, http://landonf.bikemonkey.org/code/macosx/. He's currently holding down the fort, providing fixes to the vulnerabilities as they're being released.

How will you know if you've been attacked is hard to tell. It depends on what the intent of the attacker is. Some attacks are stealthy, intended to run under your nose without you knowing it. Some are intended to deface or degrade your system. You'll definitely know when you have the latter. As to the former, they're harder to detect, but once a profile of the attack is understood, tools or steps are usually made available to fix things. Since no attackers have yet materialized, no one can say which sadistic, egomaniacal path they'll take.

Another important thing to do is back up your personal files. Not applications. Those you can download again or install from CD. But back up your home folder with the photos, documents, music, etc. You can get an inexpensive 250GB Firewire drive these days and backup to it with any number of personal backup solutions available.

Finally, until you're confident that your computer is patched, avoid clicking on spam email links or opening attachments.

Posted by: HG | January 6, 2007 3:24 AM | Report abuse

antibozo writes: "One might conjecture that LMH &c observed what happened to Kevin Maynor and Johnny Cache when they attempted responsible disclosure with Apple, and decided they wouldn't take any chances with Apple's PR department."

Excuse me. Maynor and Cache hung themselves without any assist from Apple. Their message didn't match the pictures. They were going to expose an Apple wireless vulnerability (implying Apple's wireless card--who gets a Mac laptop without one anyway?) and instead used a third party wireless card! Obviously, movie making isn't their forte, but they should have consulted with a screenwriter to help them see the inconsistencies of their presentation.

And somehow Apple is pulling strings. How do you know that? The statement sounds so believable when said with such confidence, but you know, it's demeaning and disrespectful to my intelligence.

Posted by: HG | January 6, 2007 4:05 AM | Report abuse

HG> Will anyone be attacked? It's a bit early to tell. I haven't heard of an attack in the wild yet, but the clock is ticking.

You didn't read MOAB #5. It specifically states the exploit is being used in the wild.

HG> I strongly urge seeing Landon Fuller's site...

Wouldn't it be funny if the whole Landon Fuller thing is just a social engineering technique for getting a bunch of back doors installed on people's Macs? I wonder how many people are actually recompiling the fixes from source. Not many, I'll bet.

HG> You can get an inexpensive 250GB Firewire drive these days and backup to it with any number of personal backup solutions available.

I would agree with that advice, regardless of this whole MOAB thing. Also, keep the backup drive disconnected from your system except when you're actually doing backups, and if something terrible does come to pass, don't connect the backup drive back to your system until the system's been reinstalled or otherwise cleaned up.

HG> Finally, until you're confident that your computer is patched, avoid clicking on spam email links or opening attachments.

It might be a good idea to refrain from unnecessary e-commerce or online banking activity until official Apple patches are released and installed on your system.

Posted by: antibozo | January 6, 2007 4:18 AM | Report abuse

HG> Excuse me. Maynor and Cache hung themselves without any assist from Apple. Their message didn't match the pictures.

So what?

The fact is that there were vulnerabilities in Apple's wireless driver. Whether M&C successfully exploited them isn't very important; they were there to be exploited by someone, if not them.

If M&C had reported vulnerabilities in a wireless driver on Windows, everyone would have shrugged, regardless of the brand of card they demonstrated it to Brian Krebs with. For some reason, because it was Mac OS, they just *had* to be lying.

HG> And somehow Apple is pulling strings. How do you know that? The statement sounds so believable when said with such confidence, but you know, it's demeaning and disrespectful to my intelligence.

I don't think you read what I wrote. I made no claims about Apple pulling strings. I said that LMH &c may have perceived it a certain way. Viewing how Apple's PR denied M&C's report, while Apple nevertheless issued patches for strikingly similar vulnerabilities with no credit to M&C, LMH &c may have settled on full disclosure as the only way to ensure proper credit.

Posted by: Anonymous | January 6, 2007 4:38 AM | Report abuse

That last bit was me, obviously.

Posted by: antibozo | January 6, 2007 4:39 AM | Report abuse

Robert says: "Apple's recent mis-leading ad campaigns."

HG says: Please provide the evidence. I've never seen it.

http://www.apple.com/getamac/ads/

Watch the "Trust Mac" commercial, where the 'Mac' character says to 'PC', "I don't have to worry about your spyware & viruses."

Watch the "Viruses" commercial, where the 'PC' character says there were "114,000 known viruses for PCs" last year, and the 'Mac' dude replies, "PCs, not Macs."

The overall impression of both those ads is that Mac users do not have to worry about spyware and viruses. Yes, if you parse the language carefully the 'Mac' character says he doesn't have to worry about those PC-specific viruses and spyware (obviously) and he doesn't state that Macs NEVER get viruses/spyware, but that is the intended inference and impression.

I have long been annoyed by co-workers who smugly claim that Macs are inherently more secure than PCs. The article "A Tale of Two Cities" summarizes my main argument well, but my co-workers simply laugh that off and say the OS is simply designed so that viruses and spyware ARE NOT POSSIBLE ON A MAC (Yes, that's what they've said to me).

http://www.angryfrozenhead.com/articles/Jan2007/TwoCities.html


Posted by: PC & Mac User | January 6, 2007 7:54 AM | Report abuse

Robert writes: "I have long been annoyed by co-workers who smugly claim that Macs are inherently more secure than PCs."

You have issues with your workers and Microsoft. And so, it seems, does every angry Windows user prostheletizing , from what I can tell reading their personal blogs.

There is a recurring theme in this thread from you et. al (antibozo) that Apple somehow has the market cornered on marketing. I don't buy it. Microsoft is just as active funding directly or indirectly many blogs intending to convince us that we're reading honest unbiased personal first-hand accounts from the grass roots. Then there's C|Net and the

As for Apple's statement "we don't have viruses".

Posted by: HG | January 6, 2007 11:17 AM | Report abuse

Robert writes: "I have long been annoyed by co-workers who smugly claim that Macs are inherently more secure than PCs."

You have issues with your workers and Microsoft. And so, it seems, does every angry Windows user prostheletizing their views in blogs today.

There is a recurring theme in this thread from you et. al (antibozo) that Apple somehow has the market cornered on marketing. I don't buy it. Microsoft has been more active pushing back than anyone will admit. Their latest strategy is funding directly or indirectly many blogs intending to convince us that we're reading honest unbiased personal first-hand accounts from the grass roots. Then there are their traditional channels of propaganda like C|Net and the other Microsoft sponsored web-journals who will never write an honest, unbiased article.

You know what the differences is? You can point directly to Apple and its customer base for examples of biased marketing. That makes Apple and its base an easy target. Where do you see that Microsoft is doing biased marketing? You don't. They do it indirectly, creating a sense that they're not involved in any of these online shinanigans. That's stealthy targeted marketing intended to portray unquestionable presence. They've become like the air we breath. But we know better.

As for Apple's statement "we don't have viruses". They're marketing to the frustrated Windows user. If that angers the die-hards, then, as I say take the issue to Microsoft. They're the ones how have let you down. Apple is just pointing out the facts.

What other market do you know where people buy a flawed product but keep coming back for more of it? Microsoft has been coasting on the built-in inertia that they've created. All because they have a monopoly with the OEMs. If the Windows community had walked away from Microsoft, you don't think Microsoft would have addressed their security issues long ago?

As for Apple's vulnerabilities today. Obviously, Mac OS X's days of security by obscurity are over. We don't know what Apple has up its sleeves with regard to security. I do know is that Leopard will have dynamic firewall port filtering. That's a start. I'd like to see the kernel processing more adept at chrooting processes. Tehe mach based core is getting long in the tooth for many reasons besides security. I'd find it difficult to believe that Apple is not working on these issues.

Posted by: HG | January 6, 2007 12:12 PM | Report abuse

antibozo writes: "Wouldn't it be funny if the whole Landon Fuller thing is just a social engineering technique for getting a bunch of back doors installed on people's Macs?"

That's a pathically cynical statement to make about someone who has the respect of the Apple developer community.

Posted by: HG | January 6, 2007 5:41 PM | Report abuse

HG> That's a pathically cynical statement to make about someone who has the respect of the Apple developer community.

Oh, don't get your panties in a bunch. I said, "wouldn't it be funny," and I didn't assert anything about his most high worshipfulness, Lord Fuller. I reckon it's all on the level. But what with all the conspiracy nuts claiming that Microsoft or maybe space aliens are funding the MOAB, I think it's amusing how readily throngs of disciples of the great Jobs in the sky, who've never even heard of his holiness Landon Fuller before, will throw His code on their systems. It contributes to the perception that some (not all) Mac users are caught up in a kind of religious fervor, especially after all that talk about how quickly Apple would have official patches out (I'm sure they will soon).

Before ye zealots (no offense to the non-zealots) call me a Windows fanboy again, please note that I'm posting this from a Fedora Core system. And keep your tongues firmly in your cheeks, if you please.

Posted by: antibozo | January 6, 2007 6:09 PM | Report abuse

antibozo writes: "I think it's amusing how readily throngs of disciples of the great Jobs in the sky, who've never even heard of his holiness Landon Fuller before"

I don't know what you're talking about throngs. I think I'm the only one in this thread who's mentioned him.

I forgive you for your ignorant statements, since you're coming from Linux and the Linux community tends to revise history and ignore everything that preceded papa Linus' creation.

Let me educate you a bit. BSD begat NeXT which begat Darwin which begat Mac OS X. See genealogy...

http://www.levenez.com/unix/history.html

I don't expect the Linux community to know who the heavy weights are along this path, but Landon is just one of the cogs who's contributed to the Darwin project. He's not a pompous person, but rather a very modest person.

Behind that apparition that you obsess over called Steve Jobs is a network of developers and systems administrators who's experiences intertwine over a span of 20 years. To understand the dedication this community has to Apple today, you have to understand what computing was like in the mid '80s and the revolutionary concepts that NeXT introduced at that time. If you really can't do you own Google searches to discover this, just go to Wikipedia to find out. Needless to say, the Apple/Darwin/NeXT/BSD network is deep and intertwined. I'm part of that network. I communicate to its members through its mailing lists and conferences. I'm in no way close to being a heavy weight in its ongoing stream but I'm also not a naive and ignorant end-user, as you like to portray us. I started with SunOS 4 in the early '90s and switched to Mac OS X in 1991. I have never felt compelled to go to Linux (although on occassion work with it) because I felt nothing was broken with BSD. The switch to Mac OS X was natural. It included all that I knew and then some. The GUI is very productive. The development and management tools very good. I don't want to argue the minutiae of these systems with anyone. Suffice it to say they're good enough for me. I get a lot of work done with them.

Now Apple is gaining momentum. The tools and technologies that were developed over the years are finally being put to astonshingly good use. And the dedicated and convicted community that stuck it out these past 20 years and helped with each layer of Apple technology are fiinally getting their just recognition.

So you see it's not about Steve Jobs. You ought to attend an Apple developers conference and you'd know this.

About your rudeness. I expect more from Linux users than what you're revealing with your comments. Typically, those I meet are highly intellegent and really no different than me in their interests in technology, coding, and systems administration. You need to lighten up.

Posted by: HG | January 6, 2007 9:39 PM | Report abuse

HG> [pontificates, having no idea whom he's talking to]

Boy, you really don't know how to take a joke, do you?

Posted by: antibozo | January 6, 2007 9:49 PM | Report abuse

antibozo writes: "[pontificates, having no idea whom he's talking to]"

You're absolutely right. We don't know anything about you. But at least you know a bit more about one member of the Mac community. I hope it makes you think before you make gross generalizations about people.

Hope you enjoy some of the links. In particular, the genealogy link. Linux is in there too.

Posted by: HG | January 7, 2007 1:16 AM | Report abuse

HG> I hope it makes you think before you make gross generalizations about people.

I was quite careful not to speak ill of anyone in particular. You seem to have taken my explicitly tongue-in-cheek comments as directed specifically at you, when they clearly were about some, and not all, Mac users. If anything, I gave you the benefit of the doubt as to not being overzealous, but your subsequent humorless, ranting generalizations about Linux users have made me think better of it. I'd still have a beer with you, though, if I ran into you.

You may well be the only person mentioning Landon Fuller in this particular thread, but if you look around you'll see there's plenty of discussion elsewhere, including in other SecurityFix blog entries.

HG> Hope you enjoy some of the links. In particular, the genealogy link.

You are so silly. Look back in my earlier postings to this thread. You really should read through before posting...

Posted by: antibozo | January 7, 2007 2:01 AM | Report abuse

Posted by: X | January 8, 2007 5:25 PM | Report abuse

Posted by: blahblahblah | January 8, 2007 5:28 PM | Report abuse

To follow up on my intentionally silly commentary about Landon Fuller's patches, see MOAB #8:

http://projects.info-pull.com/moab/MOAB-08-01-2007.html

Posted by: antibozo | January 8, 2007 7:15 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company