I need to stop going to computer forums....

[Scali]

If a user is able to ruin the operating system, then there is a serious flaw in that system. In a well-designed operating system, a user is not privileged to make critical, system-wide changes that will screw things up.

Wake up and smell Windows NT.
Ever since the early 90s it's been possible to set up an environment where a user does not have rights to make critical, system-wide changes that will screw things up.

There are only two problems with that:
1) The system must be configured that way in order for it to be effective. People running software with all rights enabled aren't getting any of the benefits.

2) Because so few people run with limited rights, a lot of software isn't developed to work with a minimum of rights in the first place, and simply fails to work unless you run as administrator.

So it's not any flaw in Windows itself (in fact, the Windows rights system is far more advanced than that of linux and various other *nix systems, because it goes well beyond simple filesystem rights with a few flags for user, group and world. You have access control lists, and not only on files, but on many other objects). It's a combination of a large userbase not having enough knowledge to set up a secure environment for themselves, and the fact that a lot of third-party software is poorly written, and simply cannot be run in a secure way.
That's what you get with such a large userbase. You get a lot of idiots as users and developers, who don't use your nicely designed system in the way it was intended.

 

[El Caco]

I very much doubt that will happen, and I have no idea what you are basing that statement on. If it does happen, OS X will certainly lose much of its appeal. Not to me, though, as I use it for music-related programs only. Also, its built-in firewall configuration utility is not the same as a third-party application that you will most likely have to pay for in order to keep your system safe.

Us OS X users enjoy security by obscurity. OS X is not inherently safer than other operating systems in fact it is very debatable as to which OS is the most secure but I do think the Mac experience is better. I am basing my statement on Apples growing market share and the fact that hackers are finally starting to explore OS X's weaknesses. In the past it has not made economic sense for hackers to waste their time with OS X but times are changing. Not only is OS X growing in market share but the fact that Safari is now cross platform and the iphone being so popular are all reasons for more people to develop exploits aimed at OS X. Just do a quick google search on the latest security update for confirmation.

Wake up and smell Windows NT.
Ever since the early 90s it's been possible to set up an environment where a user does not have rights to make critical, system-wide changes that will screw things up.

There are only two problems with that:
1) The system must be configured that way in order for it to be effective. People running software with all rights enabled aren't getting any of the benefits.

2) Because so few people run with limited rights, a lot of software isn't developed to work with a minimum of rights in the first place, and simply fails to work unless you run as administrator.

So it's not any flaw in Windows itself (in fact, the Windows rights system is far more advanced than that of linux and various other *nix systems, because it goes well beyond simple filesystem rights with a few flags for user, group and world. You have access control lists, and not only on files, but on many other objects). It's a combination of a large userbase not having enough knowledge to set up a secure environment for themselves, and the fact that a lot of third-party software is poorly written, and simply cannot be run in a secure way.
That's what you get with such a large userbase. You get a lot of idiots as users and developers, who don't use your nicely designed system in the way it was intended.

I absolutely never run in admin mode, the way OS X handles priveledges is perfect IMO.

 

[TonalArchitect]

Here are my thoughts, some of which has already been said by other posters.

I've used Windows and only Windows on computers that I own. Aside from programs occasionally closing in XP, which is not in my experience too common an occurrence, the only problems I've experienced due to the operating system were the "illegal operation" errors that Windows 95 gave out every hour or two while running a computer game.

I have no idea what people do to their computers to experience such problems that they have epic struggles.

In a well-designed operating system, a user is not privileged to make critical, system-wide changes that will screw things up.

Two words: Linux; root.

One of my best friends-- a computer science major-- uses Linux and constantly tweaks it and installs various versions. It may appeal to some who want to customize their systems more or something, but to the average user (that is, buy it for work or recreation) I can see it generally being a major pain in the ass.

I'm sure that there are more user-friendly versions, but having to run many programs through WINE would irritate the flying crap out of me. This is especially true for the aforementioned group of people. I don't know how well my mom's bookkeeping or payroll programs would fare. And many games also.

So Linux is, in my opinion, at least a little better suited for people who are more computer-literate than most.

About OS X being more secure, it probably is, although I wonder if it's because of the design of the system or that the people who make viruses design them for Windows because such a substantial portion of the computer-using population uses it.

Same thing with Linux. I know that more and more people are using Linux, but what is the ratio compared to Mac users or Windows users?

So I'm unsure. Some things just happen, and some people have better and worse experiences with certain products.

 

[Naren]

I did not really hate windows until I started using OS X, the key difference for me is Windows forced me to learn about computers and it's not very forgiving to the ignorant. I like the fact that the more I use OS X the more ignorant about computers I am becoming.

When I was a kid (maybe around 1992-1994 or so), I had 2 apples and an IBM. Later, I owned several Windows PCs and worked on some Macs. It's changed since then, but I would say, "The problem with IBM-compatible PCs is that they overload you with information, telling you way too much. The problem with Macs is that they don't tell you anything at all and you don't even know the most basic specs of your system."

It's not as applicable since XP and Vista have really really decreased the amount of info they throw at you (although you can still find all that info if you search for it) and Apple/Macs now tell you much more info about your system, but the basic idea is still there.

 

[wannabguitarist]

I've asked this question everyday since I got a job at Geek Squad lol. It's been about 3 weeks now and I'm still shocked by some of the questions people ask. I had a temporary IT job over the summer and I thought a 19 year old kid (me) teaching employees how to correctly use their email and not to click on the funny links in spam was bad, but the shit I've seen so far at Best Buy amazes me.

 

[Scali]

I absolutely never run in admin mode, the way OS X handles priveledges is perfect IMO.

I'm quite sure that you'll have the same issues as Windows has when running legacy applications. Older MacOS versions didn't have rights management and some of their applications probably don't behave properly unless run as administrator.

 

[Thomas]

Wake up and smell Windows NT.
Ever since the early 90s it's been possible to set up an environment where a user does not have rights to make critical, system-wide changes that will screw things up.

Really? If you know how, please share it with the world. I am sure a lot of users would be very happy to learn that they no longer have to waste their money on anti-virus software subscriptions.

There are only two problems with that:
1) The system must be configured that way in order for it to be effective. People running software with all rights enabled aren't getting any of the benefits.

2) Because so few people run with limited rights, a lot of software isn't developed to work with a minimum of rights in the first place, and simply fails to work unless you run as administrator.

So it's not any flaw in Windows itself (in fact, the Windows rights system is far more advanced than that of linux and various other *nix systems, because it goes well beyond simple filesystem rights with a few flags for user, group and world. You have access control lists, and not only on files, but on many other objects). It's a combination of a large userbase not having enough knowledge to set up a secure environment for themselves, and the fact that a lot of third-party software is poorly written, and simply cannot be run in a secure way.
That's what you get with such a large userbase. You get a lot of idiots as users and developers, who don't use your nicely designed system in the way it was intended.

If Windows tolerates programs to do things they are not supposed to do, it is a flaw in Windows, and obviously it does, since these programs were designed to run on Windows in the first place. I am well aware that the file permission system in Windows is more complex than that of *nix, but that does not mean anything at all, it doesn't automatically make it superior. There is a reason the traditional UNIX permission system is lived for decades and still continues to thrive well. It's both simple and effective.

Us OS X users enjoy security by obscurity.

I strongly disagree with this. Obscurity? That just doesn't make sense. I think Apple had a lot of great ideas with how they built their system on top of a Unix-like foundation. For example, take a look at how the filesystem is organized. There is absolutely nothing obscure about it. You have Apple's stuff coexisting peacefully with the rest.

OS X is not inherently safer than other operating systems in fact it is very debatable as to which OS is the most secure

I think it is provable which operating system is the more secure, but that would require extensive knowledge about *all* the systems that you are comparing, something I don't have. I have a really strong feeling Windows would not do well in such a comparison, though.

I am basing my statement on Apples growing market share and the fact that hackers are finally starting to explore OS X's weaknesses. In the past it has not made economic sense for hackers to waste their time with OS X but times are changing. Not only is OS X growing in market share but the fact that Safari is now cross platform and the iphone being so popular are all reasons for more people to develop exploits aimed at OS X. Just do a quick google search on the latest security update for confirmation.

It's very important to seperate the operating system itself from the programs running on it. A bug in Safari is not a bug in OS X. As I said, I use OS X myself, so I do read the security stuff.

 

[Scali]

Really? If you know how, please share it with the world. I am sure a lot of users would be very happy to learn that they no longer have to waste their money on anti-virus software subscriptions.

Create a user, don't give him rights he shouldn't have. That's system administration 101. Every decent organization has been doing that since the early Windows NT days (it wasn't possible in DOS-based versions of Windows, but that's obvious, considering the market it was aimed at and the (lack of) capabilities of the hardware. These DOS-based versions of Windows have disappeared almost a decade ago, so it's useless to get into a debate on that now).

Vista does it by default, although UAC still makes it too easy for users to click 'yes' and still screw up their systems, obviously. Regardless, I've not heard of major exploits or virus epidemics since the introduction of Vista, so apparently it does help to some extent.

If Windows tolerates programs to do things they are not supposed to do, it is a flaw in Windows, and obviously it does, since these programs were designed to run on Windows in the first place. I am well aware that the file permission system in Windows is more complex than that of *nix, but that does not mean anything at all, it doesn't automatically make it superior. There is a reason the traditional UNIX permission system is lived for decades and still continues to thrive well. It's both simple and effective.

This is nonsense.
*nix tolerates the same thing as Windows just as easily... You can run as root, and then every application you run can freely exploit and mess up your system.
The difference is that for generations, home users (who are not system administrators, and have no clue about rights management) have been running as administrator because else "some things don't work".
People rarely use *nix at home in the first place, and the ones that do, are knowledgable enough to set up the user rights properly. Aside from that, there is less of an issue with rights in *nix because of its heritage (it was a multi-user system from day 1).

So these are not technical reasons, let alone 'flaws' in Windows. You can quite easily run Windows in a protected user environment and many companies with competent system administrators have been doing such for decades (I think a lot of people who use Windows in the office will recognize the phenomenon that they have to contact the admin to install certain software for them, because they don't have the rights).

I think it is provable which operating system is the more secure, but that would require extensive knowledge about *all* the systems that you are comparing, something I don't have. I have a really strong feeling Windows would not do well in such a comparison, though.

Shows exactly how little you know. You might want to read up on the security model in Windows, and you'll see it's actually more flexible and more powerful than that of most *nix variations, including linux, FreeBSD and OS X.

It's very important to seperate the operating system itself from the programs running on it. A bug in Safari is not a bug in OS X. As I said, I use OS X myself, so I do read the security stuff.

I think that's irrelevant. A bug is a bug, doesn't matter what the name of its 'container' is.

There are pros and cons to having shared components.
For example, if you have a bug in a shared component, then patching that component will fix all applications using it.
However, if the same component is used across multiple applications (which it often is), but linked into each application statically, then each application requires a patch, and it's much harder to find out which applications are affected, and where to get patches for them.

 

[The Dark Wolf]

I strongly disagree with this. Obscurity? That just doesn't make sense. I think Apple had a lot of great ideas with how they built their system on top of a Unix-like foundation. For example, take a look at how the filesystem is organized. There is absolutely nothing obscure about it. You have Apple's stuff coexisting peacefully with the rest.

You're totally wrong on this. I think you're misunderstanding what S7eve said.

He's not saying Apple's ideas weren't good - security by obscurity (in this case) means the OS isn't exploited because it makes far less sense to do so, considering the overwhelming majority of computer users use non-Apple operating systems.

That's all. And it's not an opinion, it's a well-known and long-standing fact, based simply on market share.

 

[Scali]

He's not saying Apple's ideas weren't good - security by obscurity (in this case) means the OS isn't exploited because it makes far less sense to do so, considering the overwhelming majority of computer users use non-Apple operating systems.

That's all. And it's not an opinion, it's a well-known and long-standing fact, based simply on market share.

Indeed, same goes for other *nix systems.
Ironically enough they appear more secure than Windows, but technically they are not.
It reminds me of a holiday in a backwater town years ago. I saw brand new bicycles that were not even locked. Apparently there was no need, because nobody would steal them, even though it was easy. In my city, even rusty old bikes get stolen, even if they are locked.

 

[Thomas]

Scali,

I am not going to argue with you. This could drag on to no end. However, let me comment on this:

I think that's irrelevant. A bug is a bug, doesn't matter what the name of its 'container' is.

That is ridiculous. From a security point of view, where the bug is located means EVERYTHING. For instance, there could be a buffer overflow bug in my web browser. The worst thing that could happen is that a malicious web site exploits this and injects its own code. However, that code will still be run by an unprivileged user (me). It could destroy all my personal files, but the system will be alright.

If it were in the kernel, or in something that has to run with root privileges (e.g. the X server), that is very different. An exploit could compromise the entire system.

So, before you make any accusations of other's lack of knowledge, I suggest you check your own, because you are what you are saying here is just stupid. I personally don't think you have much credibility.

There are pros and cons to having shared components.
For example, if you have a bug in a shared component, then patching that component will fix all applications using it.
However, if the same component is used across multiple applications (which it often is), but linked into each application statically, then each application requires a patch, and it's much harder to find out which applications are affected, and where to get patches for them.

Thanks for the lesson. I am well aware of how dynamic and static libraries work.

You're totally wrong on this. I think you're misunderstanding what S7eve said.

He's not saying Apple's ideas weren't good - security by obscurity (in this case) means the OS isn't exploited because it makes far less sense to do so, considering the overwhelming majority of computer users use non-Apple operating systems.

That's all. And it's not an opinion, it's a well-known and long-standing fact, based simply on market share.

I misunderstood S7eve's post then. Sorry about that.

However, saying that an operating system's perceived security is caused by its low market share is an extremely cheap claim to make, because it doesn't require knowing anything at all about it. Anyone can say that.

 

[Scali]

Scali,

I am not going to argue with you. This could drag on to no end.

Not really, I've only stated some basic facts about the Windows security model, which you apparently weren't familiar with. Facts cannot be argued.
Fanboys and ignorant individuals can however drag any discussion into an endless argument however.

That is ridiculous. From a security point of view, where the bug is located means EVERYTHING. For instance, there could be a buffer overflow bug in my web browser. The worst thing that could happen is that a malicious web site exploits this and injects its own code. However, that code will still be run by an unprivileged user (me). It could destroy all my personal files, but the system will be alright.

If were in the kernel, or in something that has to run with root privileges (e.g. the X server), that is very different. An exploit could compromise the entire system.

Hold on a second. You never said anything about it being in the kernel or running with root privileges before. You were talking about a bug in Safari (a web browser).
A web browser is never in the kernel, and in general doesn't require to be run with root privileges (although you might temporarily require elevated permissions for installing certain browser plugins ofcourse).
In fact, most of an OS is not in the kernel, or running with root privileges.
So you're now arguing a completely different point than you were in your previous post.

So, before you make any accusations of other's lack of knowledge, I suggest you check your own, because you are what you are saying here is just stupid. I personally don't think you have much credibility.

No need to insult, especially if you are putting words in my mouth.
You are now basically trying to twist the argument into me saying that a web browser should be inside the kernel, running with root privileges.
Which I obviously never said, and by the way Windows doesn't do.

It's the same everywhere. Instead of a proper technical, factual discussion, the *nix crowd always needs to resort to insults and fallacies.
Now I can handle a technical discussion on the matter. I'm a long-time FreeBSD user who also has experience with linux, HP-UX and Solaris. And I develop Windows software professionally these days. So I'm intimately familiar with both sides.

 

[El Caco]

When I was a kid (maybe around 1992-1994 or so), I had 2 apples and an IBM. Later, I owned several Windows PCs and worked on some Macs. It's changed since then, but I would say, "The problem with IBM-compatible PCs is that they overload you with information, telling you way too much. The problem with Macs is that they don't tell you anything at all and you don't even know the most basic specs of your system."

It's not as applicable since XP and Vista have really really decreased the amount of info they throw at you (although you can still find all that info if you search for it) and Apple/Macs now tell you much more info about your system, but the basic idea is still there.

Actually I'm referring to user input into the OS. With windows you need to have at least a moderate knowledge of the OS and how to use it safely and maintain it, with OS X you only need a very basic knowledge about safety and you have no input into it's maintenance. What I like about OS X is it's transparency, you don't have to study how to use it, It took me only a few hours to learn how to set it up properly and learn how to use it (I could have left it exactly as it installs but I am paranoid and wanted to be as secure as is practical). After that initial phase I don't think about the OS, I only need to know how to use the applications. To me that is what makes an ideal OS for the average user, one that you do not think about, one that just lets you run the programs that you need to without hassle and takes care of itself.

I'm quite sure that you'll have the same issues as Windows has when running legacy applications. Older MacOS versions didn't have rights management and some of their applications probably don't behave properly unless run as administrator.

I'm not sure why I would need to run legacy apps OS X comes with most of the software that I could want, I can get it to 99% with trustworthy freely available software, it is ridiculous how few apps I have had to purchase. Yes I could spend some big $'s and get some impressive upgrades but I don't need it and some of the upgrades I have tried have turned out to be downgrades in other areas.

I strongly disagree with this. Obscurity? That just doesn't make sense. I think Apple had a lot of great ideas with how they built their system on top of a Unix-like foundation. For example, take a look at how the filesystem is organized. There is absolutely nothing obscure about it. You have Apple's stuff coexisting peacefully with the rest.

What Bob said

I think it is provable which operating system is the more secure, but that would require extensive knowledge about *all* the systems that you are comparing, something I don't have. I have a really strong feeling Windows would not do well in such a comparison, though.

You are correct, it is quite provable but real world data is more relevant than theory and there are plenty of examples from testing, exploits and hacking competitions in recent times that have shown Windows to be just as if not more secure than the competition.

It's very important to seperate the operating system itself from the programs running on it. A bug in Safari is not a bug in OS X. As I said, I use OS X myself, so I do read the security stuff.

Again we are talking about real life here, if an OS comes with default applications that the majority of it's user base will continue to use then I think it is fair to consider these applications when considering security. I think this is especially the case with OS X as the applications that come with the OS are designed to interact together so seamlessly that it appears to be part of the OS and just one giant application.

Indeed, same goes for other *nix systems.
Ironically enough they appear more secure than Windows, but technically they are not.
It reminds me of a holiday in a backwater town years ago. I saw brand new bicycles that were not even locked. Apparently there was no need, because nobody would steal them, even though it was easy. In my city, even rusty old bikes get stolen, even if they are locked.

I live in a town in which some people do not feel the need to lock their home or car, sometime they will not even bother to shut their doors or windows.

 

[El Caco]

It's the same everywhere. Instead of a proper technical, factual discussion, the *nix crowd always needs to resort to insults and fallacies.

[action=s7eve]thinks that this thread and I do not support your claim.[/action]

 

[Scali]

I'm not sure why I would need to run legacy apps OS X comes with most of the software that I could want, I can get it to 99% with trustworthy freely available software, it is ridiculous how few apps I have had to purchase. Yes I could spend some big $'s and get some impressive upgrades but I don't need it and some of the upgrades I have tried have turned out to be downgrades in other areas.

Well I think it doesn't really apply to most Windows users anymore either. I suppose that triggered the move to finally run Vista with a limited user account by default (had they done that at the time of XP, they'd get even MORE criticism on that than they did with Vista, because no Windows 9x software was aware of any kind of user permissions. The technology was there, it just wasn't a feasible default option for that day and age).
But I have seen some pretty funky old applications still in use, sometimes even rather critical to an operation, sometimes even MS-DOS.
Because the Windows userbase and software base are so much larger than any other OS, there really is no direct comparison.

There is probably a good deal of 'natural selection' with Apple or *nix users in the first place. They wouldn't use a non-Windows system if they needed DOS or Windows applications. DOS and Windows just have been around much longer than *nix, at least at home and in the office.
Apple has been around for about as long, but they've had more control over the situation, because they're in a niche market, and control both the hardware and a good deal of the software. Even so, before OS X, Apple had its share of performance problems, instability and all that.

I live in a town in which some people do not feel the need to lock their home or car, sometime they will not even bother to shut their doors or windows.

Indeed, it's not their homes or cars that are more secure, it's their environment that's less hostile.

* s7eve thinks that this thread and I do not support your claim.

Well, not literally... But I am of the opinion that in most cases, *nix advocates are more blow-hards than that they actually have a good grasp of the technological side. Especially their Windows-knowledge seems lacking, and mostly based on assuming that whatever Windows has must be worse than *nix by default.

The more people understand about security, stability, performance and such and how the different OSes attempt to solve these issues, the less they seem to pick sides, and rely more on "right tool for the right job" mentality.

 

[DomitianX]

Every operating system is only as secure as the user using it and the admin that secured it. There have been Mac viruses out there, so far they have been relatively harmless. Mostly proof of concept type "viruses". But the proof is there, it can be done. If MacOSX get to be 80% of the computer market, it will get exploited as well. Anyone that says it wont is a fool. You can read articles from the top computer scientists and programmers and is pretty much universally agreed that *ANY* OS that lets a user into super user mode and has root access is open to vulns. Because at that point its only as secure as the user using it.

There are plenty of BSD/*nix exploits over the years which need to be patched. If you go through Bugtraq and the other security lists there are way more vulns in *nix OSes and applications than you see in Windows.

Windows gets more press because its the most prevalent OS. But when Apache has an exploit that affects 80% of the web servers in the world, the IT world gets into a panic for sure. But soccer moms never hear about it. It doesnt affect them. The ones that affect them and get all the press are the ones that usually directly involves them.

If you run *nix as root on a daily basis and never worry about what you are installing and doing you will fuck it up.

If you run OSX as root all day and never worry about what you are installing and doing you will fuck it up.

If you run Windows with admin privileges and never worry about what you are installing and doing, you will fuck it up.

The problem is Windows by default gives everybody (at least the first general user on the machine anyways) elevated privileges unless you go through and lock it down. The other OSes dont do it that way.

Anyone that says OSX is more secure, or *nix is more secure, or BSD is more secure generally means that they consider that in a properly secured system. Most of the people that get into these debates seems have some sort of moral obligation to justify their favorite OS and they dont really take a neutral look at all the OSes.

Every OS can turn into a flaming pile of crap very easily if its not setup and secured properly and are being used by users in the proper privilege level.

As root I can delete damn near the entire files system on BSD/*nix while its running. You cant really do that in Windows. Which is more secure?

I can tell you that as root I have way more power and can screw up way more stuff in *nix/BSD/OSX than an admin can in Windows. So which is more secure?

 

[Scali]

The problem is Windows by default gives everybody (at least the first general user on the machine anyways) elevated privileges unless you go through and lock it down. The other OSes dont do it that way.

Not anymore, Vista now does the same on a default installation. Which is what the whole UAC thing is about. Basically it triggers a sort of 'sudo' operation when required, after issuing a popup, which the user has to accept. However, despite it being a very effective security measure, most users just lambast it for being 'annoying'.
If your userbase doesn't have a clue what security is about, your OS doesn't stand a chance, does it?

 

[DomitianX]

yeah the UAC popup thing is a joke. So instead of just giving them root rights by default, they pop up a box and ask them if they want them instead. At least on new linux distros like Ubuntu they popup a box, but it asks for their password.

Windows = "Do you want to install.run this app?"
Ubuntu = "You are tying to do something that requires root privileges, please enter your password so we know that you are really trying to do this"

At least with the UAC it doesnt just do things without the user knowing about it, I think thats the major point of it. It at least requires a user confirmation before it is run even if it just gets clicked so the user can view the naked pictures.

 

[Naren]

yeah the UAC popup thing is a joke. So instead of just giving them root rights by default, they pop up a box and ask them if they want them instead. At least on new linux distros like Ubuntu they popup a box, but it asks for their password.

Windows = "Do you want to install.run this app?"
Ubuntu = "You are tying to do something that requires root privileges, please enter your password so we know that you are really trying to do this"

At least with the UAC it doesnt just do things without the user knowing about it, I think thats the major point of it. It at least requires a user confirmation before it is run even if it just gets clicked so the user can view the naked pictures.

Windows doesn't ask for a password, but it gives a message saying, "A program is trying to get installed. This may be dangerous. What do you do?" and then the options "allow" and "reject" pop up and you can choose which one. If you are running the computer without admin rights, it will tell you that you need to have admin rights to install the software and it will not let you install it.

You can, of course, turn off User Account Control and give yourself full user rights. But so what?

 

[Scali]

Windows = "Do you want to install.run this app?"
Ubuntu = "You are tying to do something that requires root privileges, please enter your password so we know that you are really trying to do this"

A fundamental difference here is that Windows requires this on an operation rather than running an application entirely as a different user.
Ubuntu only knows root and normal users. If you need rights, you run as root. Windows has access rights on various objects and things, and ACLs for them, so you don't necessarily need to be member of a certain group to get certain access rights.

In fact, linux isn't very secure anyway... Anyone can be root, you just need the root password. At least in FreeBSD you actually have to be a member of the wheel-group before you can use the su-command.