[Full-disclosure] Question about Mac OS X 10.4 Security

[Paul Schmehl]

--On Tuesday, February 28, 2006 00:15:10 -0800 Stephen Johnson 
<maillists at thelonecoder.com> wrote:

> Mac's have always held the distinction of being more secure by, among
> other things, not being a target.  -- Due to the lack of extensive use,
> virus and mal ware writers have ignored taking the time to write virus
> for Macs.
>
> Simple philosophy -  Why climb the wall , when you can walk through the
> door.
>
> Windows is easier and more prolific, until that changes, we are not going
> to see major attacks on the mac platform.
>
I think you're living in a fantasy world.  The recent vulnerability, which 
allows the running of arbitrary code simply by clicking on a linked zip 
file will probably result in at least a handful of new viruses/worms for 
the Mac platform within the next week or two.

Apple has made the same stupid mistake Microsoft has been making for years 
- mixing code and data and trying to make things "easy" for the user (read 
auto-launch this widget so you don't have to save and open.)  The end 
result will be disaster for the Mac, but, thankfully, not on the same scale 
as Windows because not every user is an admin, and it requires the use of 
sudo to perform administrative functions.

Still, the ignorance of Mac users, who believe their platform is somehow 
magically "secure" will contribute to the problem.

Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/