rdowns
May 5, 12:00 PM
FWIW, I got many more dropped calls with Verizon than I do with ATT in the Queens-Long Island NY areas.
Interesting how iPad 3G owners are claiming that signal strength and speed are much better than on their iPhones. Couldn't possibly be Apple's doing. :rolleyes:
Interesting how iPad 3G owners are claiming that signal strength and speed are much better than on their iPhones. Couldn't possibly be Apple's doing. :rolleyes:
KnightWRX
May 2, 04:17 PM
It auto-executes the installer because installers are marked as safe if "open safe files after downloading" is turned on.
Fine, so I can write an installer that will just wipe your user account while you read my EULA and you'll happily execute it because "hey, it's just an installer" ? :rolleyes:
This is not an example of shellcode being injected into a running application to execute code in user space.
This is not, but I'm interested in the mechanics because next time, it could very well be. That's my point. Some of you guys aren't cut out for computer security...
Fine, so I can write an installer that will just wipe your user account while you read my EULA and you'll happily execute it because "hey, it's just an installer" ? :rolleyes:
This is not an example of shellcode being injected into a running application to execute code in user space.
This is not, but I'm interested in the mechanics because next time, it could very well be. That's my point. Some of you guys aren't cut out for computer security...
rkriheli
Sep 25, 11:39 PM
yeah, this will be great if we want to run a small country with.
Winni
Apr 21, 03:21 AM
Android is to Windows, as iOS is to Mac OS.
The similarities are astounding � Google is doing the same thing Microsoft did back in the day.
As much as Apple cares about marketshare, the experience is more important to them then the product itself. That's really something.
If they really cared that much about user experience, then iOS wouldn't be the Walled Garden that it is and iTunes wouldn't be such a royal pain in the neck to use.
Just an anecdote from my last week with an iPhone and a first generation Google G1 phone (which I have to use when I'm on 7/24-on call-duty): I moved to a new house where I do not yet have a DSL line and also no 3G/UMTS connectivity. Both the iPhone and the G1 use Deutsche Telekom, and while the iPhone always tells me that "it cannot activate the data network", the G1 manages to give me Internet access at the same location with the same carrier.
So in real world use, the iPhone lets me down while the Android phone does not.
The similarities are astounding � Google is doing the same thing Microsoft did back in the day.
As much as Apple cares about marketshare, the experience is more important to them then the product itself. That's really something.
If they really cared that much about user experience, then iOS wouldn't be the Walled Garden that it is and iTunes wouldn't be such a royal pain in the neck to use.
Just an anecdote from my last week with an iPhone and a first generation Google G1 phone (which I have to use when I'm on 7/24-on call-duty): I moved to a new house where I do not yet have a DSL line and also no 3G/UMTS connectivity. Both the iPhone and the G1 use Deutsche Telekom, and while the iPhone always tells me that "it cannot activate the data network", the G1 manages to give me Internet access at the same location with the same carrier.
So in real world use, the iPhone lets me down while the Android phone does not.
TheUndertow
May 2, 12:00 PM
"Bigger".
I prefer More Magical...
The fact that this is news says something about the relative lack of threats.
Seems like "Child's Play" compared to Malware and Viruses on most Windows devices I've owned, despite anti-spyware, malware, and anti-virus loaded, updated, and in "full" protection mode.
I prefer More Magical...
The fact that this is news says something about the relative lack of threats.
Seems like "Child's Play" compared to Malware and Viruses on most Windows devices I've owned, despite anti-spyware, malware, and anti-virus loaded, updated, and in "full" protection mode.
edifyingGerbil
Apr 24, 07:11 PM
Including a completely identifiable chief god and pantheon shared with other local polytheistic religions. The only difference was that in the case of Judaism, Christianity and Islam, the polytheism was suppressed and the chief god reigned unchallenged.
Maybe not in those exact words, butandcome pretty damned close.
The Old Testament is absolutely valid for Christians. Without the Old Testament, the entire dynastic myth collapses on itself.
Those verses you quoted are, as I said, historical. They're not a commandment or an exhortation to continue doing those things. Sharia law hasn't been developed using those verses.
No, Jesus Christ's law takes over all laws from the old testament, and anyway those verses you quoted aren't laws, they're just saying what happened, they're not prescriptions of how to act or behave. The Qur'an is prescriptive.
The Ahmadiyya sect goes against the first pillar of Islam. :/
so you admit that freedom of conscience is prohibited in Islam and that people who leave their Islamic religion should be sentenced to death? Or are you saying blasphemers should be punished?
In the West we would tolerate the Ahmadiyya, not persecute them. Would Muslims in the West disobey our tolerance of the Ahmadiyya because it contravenes Sharia law?
Maybe not in those exact words, butandcome pretty damned close.
The Old Testament is absolutely valid for Christians. Without the Old Testament, the entire dynastic myth collapses on itself.
Those verses you quoted are, as I said, historical. They're not a commandment or an exhortation to continue doing those things. Sharia law hasn't been developed using those verses.
No, Jesus Christ's law takes over all laws from the old testament, and anyway those verses you quoted aren't laws, they're just saying what happened, they're not prescriptions of how to act or behave. The Qur'an is prescriptive.
The Ahmadiyya sect goes against the first pillar of Islam. :/
so you admit that freedom of conscience is prohibited in Islam and that people who leave their Islamic religion should be sentenced to death? Or are you saying blasphemers should be punished?
In the West we would tolerate the Ahmadiyya, not persecute them. Would Muslims in the West disobey our tolerance of the Ahmadiyya because it contravenes Sharia law?
torbjoern
Mar 13, 03:03 PM
Nuclear Power is fine by me as long as they have proper safety routines and actually follow them. Not like the ones they had in Soviet Ukraine. However, if an earthquake is enough to cause a meltdown, I doubt that I would build the plant in the first place.
WoFat
May 2, 10:23 AM
Is it still the cold & flu season?
Waiting for the 1st complaint here how they got a virus on their Mac by doing absolutely nothing after clicking & downloading and unzipping and installing & entering admin password only to be stumped as to which credit card they should use when a panel pops up to buy MacDefender.
Where are these peoples parents when they�re doing this?
Waiting for the 1st complaint here how they got a virus on their Mac by doing absolutely nothing after clicking & downloading and unzipping and installing & entering admin password only to be stumped as to which credit card they should use when a panel pops up to buy MacDefender.
Where are these peoples parents when they�re doing this?
diamond.g
Apr 21, 09:52 AM
1. What "punch"? If we're going to use arbitrary words, iPhones beat Android to the "desert". FACT
2. Phone carriers selling Android devices and offering incentives helps the needs of those who do not afford to buy an iPhone but need a smartphone. I fixed it for you.
3. No, they aren't. Please link some sources stating so?
4. Sure, I'll give you that if you want to say it's a ripoff. This is a whole other issue.
5. Sure. It's bound to.
6. That tends to be the way of the Open Source area.
7. I'd hope so. Any competitors selling iPhones should probably be sued, since you know, that'd be a blatant rip off.
8. Sure.
9. Yes, yes and yes.
10. They're really just as bad as Apple's fanboys. I've noticed that the only difference in comments from the huge Apple fanboys and anti Apple fanboys are generally the words "Best" and "Worst" get flip flopped.
HTC is a valid example for #3. If Android hadn't came along, there was a pretty good chance HTC would have gone away.
2. Phone carriers selling Android devices and offering incentives helps the needs of those who do not afford to buy an iPhone but need a smartphone. I fixed it for you.
3. No, they aren't. Please link some sources stating so?
4. Sure, I'll give you that if you want to say it's a ripoff. This is a whole other issue.
5. Sure. It's bound to.
6. That tends to be the way of the Open Source area.
7. I'd hope so. Any competitors selling iPhones should probably be sued, since you know, that'd be a blatant rip off.
8. Sure.
9. Yes, yes and yes.
10. They're really just as bad as Apple's fanboys. I've noticed that the only difference in comments from the huge Apple fanboys and anti Apple fanboys are generally the words "Best" and "Worst" get flip flopped.
HTC is a valid example for #3. If Android hadn't came along, there was a pretty good chance HTC would have gone away.
UnixMac
Oct 7, 07:27 PM
No....you did no such thing, and no offense was taken. I didn't join this thread till the last post. I only used Hitler as an example becasue it rang true of the same kind of "head in the sand" attitude we in the Mac community take at times.
deannnnn
May 5, 10:23 AM
I'm wondering what the specifics about dropped calls in New York City would look like.
On average I get about 3-4 dropped calls every day. Every. Single. Day.
My roommate on Verizon has had one dropped call in the year that we have lived together.
On average I get about 3-4 dropped calls every day. Every. Single. Day.
My roommate on Verizon has had one dropped call in the year that we have lived together.
archipellago
May 2, 04:28 PM
Well, we have indisputable proof now! :rolleyes:
google...
'windows more secure than OSX'
check the results, you have people who are professional coders telling it how it is... and has been since 2007.
ignorance of facts doesn't equal knowledge, if no one is trying to break the door down you don't need a big lock.
google...
'windows more secure than OSX'
check the results, you have people who are professional coders telling it how it is... and has been since 2007.
ignorance of facts doesn't equal knowledge, if no one is trying to break the door down you don't need a big lock.
roland.g
Sep 20, 10:10 AM
This is good news. When they announced it, I was pretty convinced they weren't talking about a box that required an additional computer, although USB storage or a dedicated server box seemed likely based upon the absense of evidence for an in-built hard disk.
So it's actually confirmed it can be used standalone. The missing piece is complete. This is iTunes for the rest of us. For those who don't want cable, who want to be able to subscribe to (and fund) specific TV shows and order movies on demand, this is for you. No computer required. Go home, flop on the couch, and watch what you want. Want something more powerful? Well, it'll integrate with your computers and presumably if someone wants to create devices that export iTunes libraries, like some sort of networked DVR, then it'll work with that too.
Wonderful. This deserves to be a success.
what r u talking about
So it's actually confirmed it can be used standalone. The missing piece is complete. This is iTunes for the rest of us. For those who don't want cable, who want to be able to subscribe to (and fund) specific TV shows and order movies on demand, this is for you. No computer required. Go home, flop on the couch, and watch what you want. Want something more powerful? Well, it'll integrate with your computers and presumably if someone wants to create devices that export iTunes libraries, like some sort of networked DVR, then it'll work with that too.
Wonderful. This deserves to be a success.
what r u talking about
Huntn
Apr 25, 08:41 AM
As soon as you start down the slippery slope of stating that some things in the Bible (I use the Bible as an example but this applies equally to all religions) are not true (i.e the world was created in seven days) or that certain parts are meant to be interpreted by the reader (who's interpretation is correct?) you lose all credibility. If you are so determined to change your religion so that it fits in with modern science what is the point of being religious?
This is an excellent point. If you go with the all or nothing, then as soon as anything is suspect in your favorite holy document, then it all is. If any logic prevails then one must admit they don't know as much as they thought they did. Unfortunately this area is not a place where logic shines.
Part of the problem is that God has always been a terrible communicator. ;)
Floptical cube's post sounds like an excellent description of agnosticism. But every atheist I've ever met has believed that there's God.
I think it's important to remember that, although people can feel emotions about beliefs, beliefs aren't emotions. I don't feel that there's a God. I believe that there is one. I feel happiness, sadness, loneliness, hurt, and so forth. I believe that those feelings exist, but I don't believe that happiness, say, is either a truth or a falsehood. I don't believe that it's a conformity between my intellect and reality. My belief that there's a pine tree in my front yard is true because there is a pine tree there that causes my belief to be true. The tree will still be there 10 minutes from now, even if someone or something fools me into believing that it's gone. The truth or falsehood of my belief depends on the way things are in the world. I can't cause that tree to exist by merely believing that it does exist. I can't make it stop existing by simply believing that it doesn't exist, can I?
When someone talks about "not believing" my initial knee jerk reaction is to think this is a threshold as strong as "belief" but in actuality it's simply anything short of reaching the threshold of believing. In my case instead of saying "I don't believe" I think it is more accurate to say "I don't know."
This is an excellent point. If you go with the all or nothing, then as soon as anything is suspect in your favorite holy document, then it all is. If any logic prevails then one must admit they don't know as much as they thought they did. Unfortunately this area is not a place where logic shines.
Part of the problem is that God has always been a terrible communicator. ;)
Floptical cube's post sounds like an excellent description of agnosticism. But every atheist I've ever met has believed that there's God.
I think it's important to remember that, although people can feel emotions about beliefs, beliefs aren't emotions. I don't feel that there's a God. I believe that there is one. I feel happiness, sadness, loneliness, hurt, and so forth. I believe that those feelings exist, but I don't believe that happiness, say, is either a truth or a falsehood. I don't believe that it's a conformity between my intellect and reality. My belief that there's a pine tree in my front yard is true because there is a pine tree there that causes my belief to be true. The tree will still be there 10 minutes from now, even if someone or something fools me into believing that it's gone. The truth or falsehood of my belief depends on the way things are in the world. I can't cause that tree to exist by merely believing that it does exist. I can't make it stop existing by simply believing that it doesn't exist, can I?
When someone talks about "not believing" my initial knee jerk reaction is to think this is a threshold as strong as "belief" but in actuality it's simply anything short of reaching the threshold of believing. In my case instead of saying "I don't believe" I think it is more accurate to say "I don't know."
eleven59
Apr 10, 11:00 AM
This must be me but I've never cared to have a program maximized on my Mac... Not even games. I always prefer to see multiple programs so I can click easily on any when needed.... It's also nice that just hovering over one let's you scroll thru it without actually clicking on it....
And resizing.. That takes me less than a second to drag and resize a window to what I want it to be.. if I even have to
And resizing.. That takes me less than a second to drag and resize a window to what I want it to be.. if I even have to
maclaptop
Apr 10, 11:41 AM
This shows how much Apple has learned from the past. They will not make the same mistake they did during the Mac vs. PC era by ignoring games. They're throwing the best mobile GPUs into their products and advertising gaming heavily, good for them.
Sometimes Apple is a very slow learner. They finally realize that the harder they go after the kids, the more money their parents will cough up. This is especially crucial as Apple centers its business on entertainment. Hook the little kids on games andthey'll be Apple's new faithful.
Make the interface of the laptops look like iOS, load them with games, and focus on simplification. The kids market is ripe for Apple.
Sometimes Apple is a very slow learner. They finally realize that the harder they go after the kids, the more money their parents will cough up. This is especially crucial as Apple centers its business on entertainment. Hook the little kids on games andthey'll be Apple's new faithful.
Make the interface of the laptops look like iOS, load them with games, and focus on simplification. The kids market is ripe for Apple.
mpstrex
Aug 29, 04:09 PM
Actually, he's on the Al Gore movement. ;)
NO! Al Gore is in it for himself? I thought he was a selfless guy, out for the environment. I mean, his movie DID make over $20 million and the budget was REAL low, and the majority of the crew worked on it for free...
http://boxofficemojo.com/movies/?id=inconvenienttruth.htm
NO! Al Gore is in it for himself? I thought he was a selfless guy, out for the environment. I mean, his movie DID make over $20 million and the budget was REAL low, and the majority of the crew worked on it for free...
http://boxofficemojo.com/movies/?id=inconvenienttruth.htm
brent0saurus
Apr 9, 01:21 PM
Velly Intelrsting. Did they start out making games from rocks?
Nope, paper. They started off making card games in the 1800s.
Nope, paper. They started off making card games in the 1800s.
lipinski77
Sep 20, 01:36 PM
The iTV makes the elgato eyetv hybrid even more appealing. :)
http://www.elgato.com/index.php?file=products_eyetvhybridna
Use it to record your shows and then stream it to the iTV.
-bye bye comcast DVR.
what about calling it the iStream (ha)
http://www.elgato.com/index.php?file=products_eyetvhybridna
Use it to record your shows and then stream it to the iTV.
-bye bye comcast DVR.
what about calling it the iStream (ha)
dscuber9000
Mar 24, 07:42 PM
So they can't do it to you, but you can do it to them?
Remind me how that makes one different from them?
That's hypocritical at best. :rolleyes:
1. I'm not gay. Just putting that out there. :D
2. I guess it is hypocritical in a sense: They hate gays for being gay and I hate bigots for being bigoted. Whether or not that puts me on the same level as them is up to you, I guess.
As cool as that poster might be..
3. Don't wear sunglasses for nothing. :cool:
Remind me how that makes one different from them?
That's hypocritical at best. :rolleyes:
1. I'm not gay. Just putting that out there. :D
2. I guess it is hypocritical in a sense: They hate gays for being gay and I hate bigots for being bigoted. Whether or not that puts me on the same level as them is up to you, I guess.
As cool as that poster might be..
3. Don't wear sunglasses for nothing. :cool:
tbrinkma
Apr 28, 08:27 AM
Right, but how is that not a fad? By definition, it doesn't matter how said fad ends, it simply means that it's overall existence is temporary.
I agree that it it was replaced by newer technology that does more, but it still was a fad in the end.
By that definition, the internal combustion engine is nothing but a fad. I think maybe you're just not familiar with what the word "fad" actually means Check it out: http://dictionary.reference.com/browse/fad
I agree that it it was replaced by newer technology that does more, but it still was a fad in the end.
By that definition, the internal combustion engine is nothing but a fad. I think maybe you're just not familiar with what the word "fad" actually means Check it out: http://dictionary.reference.com/browse/fad
matticus008
Mar 20, 03:27 PM
What a silly thought. Of course it's not free. I'm saying that it is just as unethical for Apple to ignore Linux as it is for DVD Jon to try and play music on Linux. We are not talking about what is technically wrong here. After all, every country has a different set of laws. We are talking about what is the right thing to do. It would hardly be a burden for Apple to port iTunes and open up Airport drivers.
The main concern of mine is Apple's stubborn refusal to adapt to simple standards. They haven't kept up with GNU standards in GCC, they won't port Quicktime or iTunes to Linux, they won't make open drivers available for Airport cards. Apple is losing quite a few fans. I was a huge Apple fan for a long time (3/4 of my life). Now, I am losing respect for Apple's ridiculous money-making stubborness.
And don't try and argue that Mac OS X is just the same as linux. It isn't.
It is NOT unethical to keep drivers for your own hardware and distribute them how you choose. Apple has an obligation to keep up with their own hardware and software. They have no moral or legal obligation to make drivers for any OS they don't want to. Is it frustrating? Yes, if you want to run Linux on your PowerBook. But in that situation, you have to know that Linux doesn't have mainstream support for tons of hardware, and nothing is stopping you from writing your own driver, except a lack of knowledge or time on how to do so. If you need assistance or technical information, join Apple's Developer program. That's exactly why it exists, and why I participate. If they don't want to port their software to another platform, they don't have to.
You might say that iTunes should be on Linux, and that it will make more money for Apple, so it's a good idea. It doesn't mean that someone violating the TOS is an ethical action. DVD Jon might want his iTunes on Linux, but he has no right to it. Like I've said previously, he can just as easily import the audio from CDs into Linux and stream purchased music over his network from a Windows or Mac machine with iTunes legally installed. Or, as it turns out, you can buy CrossoverOffice (or modify Wine yourself to avoid having to pay for it) and install iTunes that way. Those are legal alternatives to accomplishing what you want, and that's that.
Doing something you are specifically not supposed to do is NOT the same as not doing something you could do, but don't have to do.
The main concern of mine is Apple's stubborn refusal to adapt to simple standards. They haven't kept up with GNU standards in GCC, they won't port Quicktime or iTunes to Linux, they won't make open drivers available for Airport cards. Apple is losing quite a few fans. I was a huge Apple fan for a long time (3/4 of my life). Now, I am losing respect for Apple's ridiculous money-making stubborness.
And don't try and argue that Mac OS X is just the same as linux. It isn't.
It is NOT unethical to keep drivers for your own hardware and distribute them how you choose. Apple has an obligation to keep up with their own hardware and software. They have no moral or legal obligation to make drivers for any OS they don't want to. Is it frustrating? Yes, if you want to run Linux on your PowerBook. But in that situation, you have to know that Linux doesn't have mainstream support for tons of hardware, and nothing is stopping you from writing your own driver, except a lack of knowledge or time on how to do so. If you need assistance or technical information, join Apple's Developer program. That's exactly why it exists, and why I participate. If they don't want to port their software to another platform, they don't have to.
You might say that iTunes should be on Linux, and that it will make more money for Apple, so it's a good idea. It doesn't mean that someone violating the TOS is an ethical action. DVD Jon might want his iTunes on Linux, but he has no right to it. Like I've said previously, he can just as easily import the audio from CDs into Linux and stream purchased music over his network from a Windows or Mac machine with iTunes legally installed. Or, as it turns out, you can buy CrossoverOffice (or modify Wine yourself to avoid having to pay for it) and install iTunes that way. Those are legal alternatives to accomplishing what you want, and that's that.
Doing something you are specifically not supposed to do is NOT the same as not doing something you could do, but don't have to do.
KnightWRX
May 2, 05:51 PM
Until Vista and Win 7, it was effectively impossible to run a Windows NT system as anything but Administrator. To the point that other than locked-down corporate sites where an IT Professional was required to install the Corporate Approved version of any software you need to do your job, I never knew anyone running XP (or 2k, or for that matter NT 3.x) who in a day-to-day fashion used a Standard user account.
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
In contrast, an "Administrator" account on OS X was in reality a limited user account, just with some system-level privileges like being able to install apps that other people could run. A "Standard" user account was far more usable on OS X than the equivalent on Windows, because "Standard" users could install software into their user sandbox, etc. Still, most people I know run OS X as Administrator.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
It's no different than if instead of writing my preferences to $HOME/.myapp/ I'd write a software that required writing everything to /usr/share/myapp/username/. That would require root in any decent Unix installation, or it would require me to set permissions on that folder to 775 and make all users of myapp part of the owning group. Or I could just go the lazy route, make the binary 4755 and set mount opts to suid on the filesystem where this binary resides... (ugh...).
This is no different on Windows NT based architectures. If you were so inclined, with tools like Filemon and Regmon, you could granularly set permissions in a way to install these misbehaving software so that they would work for regular users.
I know I did many times in a past life (back when I was sort of forced to do Windows systems administration... ugh... Windows NT 4.0 Terminal Server edition... what a wreck...).
Let's face it, Windows NT and Unix systems have very similar security models (in fact, Windows NT has superior ACL support out of the box, akin to Novell's close to perfect ACLs, Unix is far more limited with it's read/write/execute permission scheme, even with Posix ACLs in place). It's the hoops that software vendors outside the control of Microsoft made you go through that forced lazy users to run as Administrator all the time and gave Microsoft such headaches.
As far back as I remember (when I did some Windows systems programming), Microsoft was already advising to use the user's home folder/the user's registry hive for preferences and to never write to system locations.
The real differenc, though, is that an NT Administrator was really equivalent to the Unix root account. An OS X Administrator was a Unix non-root user with 'admin' group access. You could not start up the UI as the 'root' user (and the 'root' account was disabled by default).
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
All that having been said, UAC has really evened the bar for Windows Vista and 7 (moreso in 7 after the usability tweaks Microsoft put in to stop people from disabling it). I see no functional security difference between the OS X authorization scheme and the Windows UAC scheme.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
My response, why bother worrying about this when the attacker can do the same thing via shellcode generated in the background by exploiting a running process so the the user is unaware that code is being executed on the system
Because this required no particular exploit or vulnerability. A simple Javascript auto-download and Safari auto-opening an archive and running code.
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
That's the thing, infecting a computer at the system level is fine if you want to build a DoS botnet or something (and even then, you don't really need privilege escalation for that, just set login items for the current user, and run off a non-privilege port, root privileges are not required for ICMP access, only raw sockets).
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
In contrast, an "Administrator" account on OS X was in reality a limited user account, just with some system-level privileges like being able to install apps that other people could run. A "Standard" user account was far more usable on OS X than the equivalent on Windows, because "Standard" users could install software into their user sandbox, etc. Still, most people I know run OS X as Administrator.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
It's no different than if instead of writing my preferences to $HOME/.myapp/ I'd write a software that required writing everything to /usr/share/myapp/username/. That would require root in any decent Unix installation, or it would require me to set permissions on that folder to 775 and make all users of myapp part of the owning group. Or I could just go the lazy route, make the binary 4755 and set mount opts to suid on the filesystem where this binary resides... (ugh...).
This is no different on Windows NT based architectures. If you were so inclined, with tools like Filemon and Regmon, you could granularly set permissions in a way to install these misbehaving software so that they would work for regular users.
I know I did many times in a past life (back when I was sort of forced to do Windows systems administration... ugh... Windows NT 4.0 Terminal Server edition... what a wreck...).
Let's face it, Windows NT and Unix systems have very similar security models (in fact, Windows NT has superior ACL support out of the box, akin to Novell's close to perfect ACLs, Unix is far more limited with it's read/write/execute permission scheme, even with Posix ACLs in place). It's the hoops that software vendors outside the control of Microsoft made you go through that forced lazy users to run as Administrator all the time and gave Microsoft such headaches.
As far back as I remember (when I did some Windows systems programming), Microsoft was already advising to use the user's home folder/the user's registry hive for preferences and to never write to system locations.
The real differenc, though, is that an NT Administrator was really equivalent to the Unix root account. An OS X Administrator was a Unix non-root user with 'admin' group access. You could not start up the UI as the 'root' user (and the 'root' account was disabled by default).
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
All that having been said, UAC has really evened the bar for Windows Vista and 7 (moreso in 7 after the usability tweaks Microsoft put in to stop people from disabling it). I see no functional security difference between the OS X authorization scheme and the Windows UAC scheme.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
My response, why bother worrying about this when the attacker can do the same thing via shellcode generated in the background by exploiting a running process so the the user is unaware that code is being executed on the system
Because this required no particular exploit or vulnerability. A simple Javascript auto-download and Safari auto-opening an archive and running code.
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
That's the thing, infecting a computer at the system level is fine if you want to build a DoS botnet or something (and even then, you don't really need privilege escalation for that, just set login items for the current user, and run off a non-privilege port, root privileges are not required for ICMP access, only raw sockets).
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
Apple OC
Apr 22, 09:19 PM
I would be willing to bet that if given time this thread will be a carbon copy of that one.
That thread should be stickied, because I can't really think of any issue(relevant to this topic) we didn't cover in it.
well let it be the Mods to merge them ... why tell someone to post in an old thread that died and tell them not to post in this thread?
That thread should be stickied, because I can't really think of any issue(relevant to this topic) we didn't cover in it.
well let it be the Mods to merge them ... why tell someone to post in an old thread that died and tell them not to post in this thread?