Forums | MacLife

I believe it.

Apple needs to pay attention to who can do what with files and folders in the Application's folder.

It would seem that someone set up a Mac Mini as a server, with a variety of services enabled, and issued a "hack me" challenge, which got the Mac cracked in six hours.

Not much more beyond that. The article lacks many important details.

MacBoy4139 wrote:

Plugging in a brand new XP box and hooking it up to a broadband connection gets its first virus in about 3-7 minutes.

We are less secure?

More windows viruses out there. We may be a little more secure in some ways, but ultimately, it just goes to show you that nothing is 100% safe.

dvpierce wrote:

MacBoy4139 wrote:

Plugging in a brand new XP box and hooking it up to a broadband connection gets its first virus in about 3-7 minutes.

We are less secure?

More windows viruses out there. We may be a little more secure in some ways, but ultimately, it just goes to show you that nothing is 100% safe.

I don't believe that plugging a windows XP box will result in a virus in 3-7 minutes.
If you run services without patching them, you may get some worms installed rather quickly. But I don't believe viruses in 3-7 minutes.

resedit wrote:

dvpierce wrote:

MacBoy4139 wrote:

Plugging in a brand new XP box and hooking it up to a broadband connection gets its first virus in about 3-7 minutes.

We are less secure?

More windows viruses out there. We may be a little more secure in some ways, but ultimately, it just goes to show you that nothing is 100% safe.

I don't believe that plugging a windows XP box will result in a virus in 3-7 minutes.
If you run services without patching them, you may get some worms installed rather quickly. But I don't believe viruses in 3-7 minutes.

You're right.  It's 9 minutes.  I apologize.

http://www.tweakhound.com/xp/security/page_1.htm

How about most services turned off and with a firewall? now i'm getting worried as i run a web server

http://rm-my-mac.wideopenbsd.org/

That's the guys website.
From the looks of it - I won't believe any claims about it until the vulnerability used is published and known to be an OS X problem.

MacBoy4139 wrote:

resedit wrote:

dvpierce wrote:

More windows viruses out there. We may be a little more secure in some ways, but ultimately, it just goes to show you that nothing is 100% safe.

I don't believe that plugging a windows XP box will result in a virus in 3-7 minutes.
If you run services without patching them, you may get some worms installed rather quickly. But I don't believe viruses in 3-7 minutes.

You're right.  It's 9 minutes.  I apologize.

http://www.tweakhound.com/xp/security/page_1.htm

In fact, the current "survival time" (the average time for an unprotected system to be attacked and compromised) is only 9 minutes. This means that a newly installed unprotected operating system connecting to the Internet for the first time will, on average, be attacked within 9 minutes and compromised in some way.

I'd like to see where that stat comes from.
Really.

I'm guessing that by "compromised in some way" they mean either the windows messenger spam (which is not a virus) - or that users are pretty quick to install software of questionable origin.

MacBoy4139 wrote:

resedit wrote:

http://rm-my-mac.wideopenbsd.org/

That's the guys website.
From the looks of it - I won't believe any claims about it until the vulnerability used is published and known to be an OS X problem.

Do you believe anything?

If you know me - you know that I bitch about Apple all the time.

The "drag and drop" installation is a bad thing - it results in systemwide applications that a user (and thus virus running as that user) has permission to write to / modify (indeed - most word macro viruses indect by modifying templates - that no user should have write permission to).

I'm known for bitching about their rather insecure default sudo install.

I am no Mac OS X fanboy - Apple certainly substitutes security for easo of use.

However - from that guys website, I have serious questions as to how legitimate the claim is.
This "hack a mac" contest was not being run by a reliable source.

pcguy wrote:

security vs ease of general public use is always the key to the problem, a win system can be make as secure as anything else with all those service, java, plugin etc turn off and ask for permission for just about everything. imo

Well, there are ways to make things more secure with limited ease of use issues.
I don't have a problem with java and browser plugins enabled etc. - but Windows is really difficult to use as a non admin user. OS X and other *nixes are pretty straightforward to use as a non admin user.

Try installing palm software for use as a non admin user, for example.
On windows - it wants to be installed for the user, but won't install unless that user is admin.

resedit wrote:

MacBoy4139 wrote:

resedit wrote:

I don't believe that plugging a windows XP box will result in a virus in 3-7 minutes.
If you run services without patching them, you may get some worms installed rather quickly. But I don't believe viruses in 3-7 minutes.

You're right.  It's 9 minutes.  I apologize.

http://www.tweakhound.com/xp/security/page_1.htm

In fact, the current "survival time" (the average time for an unprotected system to be attacked and compromised) is only 9 minutes. This means that a newly installed unprotected operating system connecting to the Internet for the first time will, on average, be attacked within 9 minutes and compromised in some way.

I'd like to see where that stat comes from.
Really.

I'm guessing that by "compromised in some way" they mean either the windows messenger spam (which is not a virus) - or that users are pretty quick to install software of questionable origin.

i will agree with resedit and call bs on that.  i want to know what they are doing to have their system compromised that quickly.  i know that from my own experiences it takes a heck of a lot longer then that, and even then the user has to go out a vist a few sites and download some crap.  as bad as the security on windows is most of the viruses and spyware that get intalled are becuase the user is stupid and decides to install some free AIM smily icons or a free screensaver or something like that and it comes with spyware in it.  and the virues they get are from emails and whatnot.  i have been working as a restech at my college for the als 3 years fixing student comptuers and from my experiences, most problems are caused by the users.  now that is not saying that all problems are caused that way but just most.

http://test.doit.wisc.edu/

A response