Attention mac OS tiger users!!


Status
Not open for further replies.

nightpiper

Senior Member
Oct 20, 2003
2,152
0
0
#3
whats a FUD? sorry, i need to catch up on this kind of jargon.
 

matthew

New Member
Apr 19, 2002
122
0
0
Sydney
www.sleeper.apana.org.au
#5
nightpiper said:
whats a FUD? sorry, i need to catch up on this kind of jargon.
Fear Uncertainty Doubt.

A technique often used by a certain large software company to 'scare' people away from Open Source and various free sofwares.

This Apple security issue is understandable. It's a re-run of the latest Mozilla XPI issue and the entire the entire class of IE/Windows Active X issues.

If you are going to allow a web browser to download code from the net, you are in trouble. The bad guys are continuely going to try and breach the 'trust' model you wrap around this 'feature'.

Apple at least doesn't run Safari in the kernel contex like MS does with IE. I haven't looked at the dashboard app in detail yet. I hope Apple haven't been as stupid as to give the dashboard app implied admin rights...


Interestingly most of the past Apple security patches have been in OSS parts of OSX (although there have been patches for the proprietory components as well). The security fixes for the OSS components have been mostly for POTENTIAL security issues found by code inspection. Very few make it to a real exploit. As apposed to another popular OS's security patches which are generally in response to an exploit getting out into the 'wild'.
 

laugh

New Member
Jun 2, 2003
285
0
0
Visit site
#6
i guess the more services you have listening on your machine, you will always be prone to more attacks. With Mac, we arent too afraid of kernel level attacks as we do not run as root most of the time, but believe me, an attack on the middleware or services could proof as troublesome. Patching and updates is still a must. Not so much of FUD....
 

nightpiper

Senior Member
Oct 20, 2003
2,152
0
0
#7
matthew said:
Fear Uncertainty Doubt.

A technique often used by a certain large software company to 'scare' people away from Open Source and various free sofwares.

This Apple security issue is understandable. It's a re-run of the latest Mozilla XPI issue and the entire the entire class of IE/Windows Active X issues.

If you are going to allow a web browser to download code from the net, you are in trouble. The bad guys are continuely going to try and breach the 'trust' model you wrap around this 'feature'.

Apple at least doesn't run Safari in the kernel contex like MS does with IE. I haven't looked at the dashboard app in detail yet. I hope Apple haven't been as stupid as to give the dashboard app implied admin rights...


Interestingly most of the past Apple security patches have been in OSS parts of OSX (although there have been patches for the proprietory components as well). The security fixes for the OSS components have been mostly for POTENTIAL security issues found by code inspection. Very few make it to a real exploit. As apposed to another popular OS's security patches which are generally in response to an exploit getting out into the 'wild'.


thx for clearing the FUD. :) also thx u for the more detail info. i dun know much about the macs & their kernel. greatly appreciated. :thumbsup: :lovegrin:
 

Status
Not open for further replies.
Top Bottom