Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
Member Login

Site Notices
Arrow Left Previous Page
Page / 4
Posted: 5/31/2010 7:23:42 PM EDT
[Last Edit: 5/31/2010 7:32:11 PM EDT by Z_0]
Financial Times

Google ditches Windows on security concerns

By David Gelles and Richard Waters in San Francisco
Published: May 31 2010 23:26 | Last updated: May 31 2010 23:26

Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.

The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

“We’re not doing any more Windows. It is a security effort,” said one Google employee.

“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.

New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”


In early January, some new hires were still being allowed to install Windows on their laptops, but it was not an option for their desktop computers. Google would not comment on its current policy.

Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems.

Employees wanting to stay on Windows required clearance from “quite senior levels”, one employee said. “Getting a new Windows machine now requires CIO approval,” said another employee.

In addition to being a semi-formal policy, employees themselves have grown more concerned about security since the China attacks. “Particularly since the China scare, a lot of people here are using Macs for security,” said one employee.

Employees said it was also an effort to run the company on Google’s own products, including its forthcoming Chrome OS, which will compete with Windows. “A lot of it is an effort to run things on Google product,” the employee said. “They want to run things on Chrome.”

The hacking in China hastened the move. “Before the security, there was a directive by the company to try to run things on Google products,” said the employee. “It was a long time coming.”

The move created mild discontent among some Google employees, appreciative of the choice in operating systems granted to them - an unusual feature in large companies. But many employees were relieved they could still use Macs and Linux. “It would have made more people upset if they banned Macs rather than Windows,” he added.

Google and Microsoft compete on many fronts, from search, to web-based email, to operating systems.

While Google is the clear leader in search, Windows remains the most popular operating system in the world by a large margin, with various versions accounting for more than 80 per cent of installations, according to research firm Net Applications.

This post was created using OSX.
Link Posted: 5/31/2010 7:26:56 PM EDT



Link Posted: 5/31/2010 7:29:12 PM EDT
A wise choice.  
Link Posted: 5/31/2010 7:30:07 PM EDT
Ha-ha!

Suck on that Microsoft!
Link Posted: 5/31/2010 7:32:01 PM EDT
If the Google OS is anything like Chrome I am there.
Link Posted: 5/31/2010 11:17:24 PM EDT
Nothing to do with Security...everything to do with Spin.
Link Posted: 5/31/2010 11:21:14 PM EDT
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.
Link Posted: 5/31/2010 11:34:49 PM EDT
What does this mean to me?
Link Posted: 5/31/2010 11:38:01 PM EDT



Originally Posted By arrgr:


Nothing to do with Security...everything to do with Spin.







 



Why don't you post that in some of the countless ARFCOM threads about people's PCs shitting the bed,




OSX is safer.
Link Posted: 5/31/2010 11:46:13 PM EDT
That is great!  Now Mac and Linux OS's will be more vulnerable to security exploits because the motive will exist to take them down.
Link Posted: 6/1/2010 12:55:47 AM EDT
From what little bit I've gleaned from reading about life working at Google, they're kind of unique in that you can really do your job running any OS you damn well please. The biggest reason is, that Google tends to either develop their own things in-house (they are home to more brilliant employees than your average corporation), or use products based on open standards - the underlying OS doesn't matter.



I need Windows at work, because core business processes rely on Microsoft products. Our entire company is essentially run on SQL Server. We use features of Microsoft Office applications that aren't easily duplicated in products like Open Office. Our entire development team uses .NET languages. Our massive intranet is run on Sharepoint. The software that our contact center agents use to communicate with the ACD is a Window-only application. The software that I use to write IVR and ACD scripts for said contact center, despite being nothing more than a huge collection of Java Beans, only runs on Windows, and trying to accomplish the same thing on another OS is an exercise in futility.



Google is able to do this, because from day 1, they built their company in such a way as to not depend on any given client operating system. If my company started from square one, and had a team of brilliant people in IT (something most young non-tech companies can't afford), we'd be the same way.
Link Posted: 6/1/2010 1:47:22 AM EDT
Originally Posted By arrgr:
Nothing to do with Security...everything to do with Spin.


Exactly.

The key words:

Employees said it was also an effort to run the company on Google’s own products, including its forthcoming Chrome OS, which will compete with Windows. “A lot of it is an effort to run things on Google product,” the employee said. “They want to run things on Chrome.”


That's the real reason.
Link Posted: 6/1/2010 1:48:57 AM EDT
Originally Posted By Mazeman:

Originally Posted By arrgr:
Nothing to do with Security...everything to do with Spin.


 

Why don't you post that in some of the countless ARFCOM threads about people's PCs shitting the bed,

OSX is safer.


Safer in that there are so few people using it that hackers are not targeting it?

If anything eventually replaces Windows on the desktop it will be targeted just as Windows is targeted.
Link Posted: 6/1/2010 1:49:52 AM EDT
Originally Posted By Mazeman:

Originally Posted By arrgr:
Nothing to do with Security...everything to do with Spin.


 

Why don't you post that in some of the countless ARFCOM threads about people's PCs shitting the bed,

OSX is safer.


Really?

http://www.tomshardware.com/news/hack-windows-security-snow-leopard,8704.html


Hackers just like the PC more.

Regardless of which side you're on (though as a true computing enthusiast, you shouldn't be taking sides), you've heard the arguments back and forth on the which operating system is truly safer – Mac OS X or Windows.

It is of the opinion of Charlie Miller, a well known Mac security guru, that even Snow Leopard, the latest version of Mac OS X, isn't as safe as Windows.

One key point is that Snow Leopard still doesn't have ASLR, or address space layout randomization, which randomly arranges the position of key data making it harder for hackers to target for exploits.

Miller said to TechWorld that Apple didn't change the ASLR from 10.5 to 10.6: "Apple didn't change anything. It's the exact same ASLR as in Leopard, which means it's not very good."

Apple didn’t completely missed the chance to tighten up security in Snow Leopard though, as the new QuickTime solves a lot of the issues that Mac OS X had before.

"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past."

One thing that Snow Leopard did adapt, which Windows has had since XP SP2, is DEP (data execution prevention). With DEP, buffer overflow attacks are much harder to execute.

Despite Miller's opinion that Windows is the more secure OS, the large install based of Microsoft-based systems make them a much more attractive target for hackers. Still, Miller would like to see security on all platforms.

"Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."


I think he knows more about it then you do.

And another one...

http://news.softpedia.com/news/Apple-Software-Security-Inferior-to-Microsoft-s-Says-Iconic-Hacker-139942.shtml


A security expert that build his career on identifying vulnerabilities in Microsoft software now says that the company has come a long way. Marc Maiffret, a former hacker turned legitimate security researcher, and now chief security architect at FireEye, told InSecurity Complex that Apple’s software was inferior to Microsoft’s in terms of security and the capacity of protecting end users, despite claims to the contrary by the Cupertino-based hardware company. In fact, Maiffret put Apple on the spot for marketing its software as more secure than Microsoft products, noting that it was just marketing and nothing more.

Still, the former hacker indicated that he had witnessed Apple starting to change its ways, and care more about security. “It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is,” he stated.

According to Maiffret, before Apple only recently, in the past six months, started caring more about securing its products, it was at the same level as Microsoft before the January 2002 Trustworthy Computing memo from Bill Gates. But while he slapped Apple over the wrist, Maiffret praised Microsoft not only for the progress it had done over the better part of the past decade, but also because of the Security Development Lifecycle.

“Now when you look at Microsoft today they do more to secure their software than anyone. They're the model for how to do it. They're not perfect; there's room for improvement. But they are definitely doing more than anybody else in the industry, I would say,” he underlined. “[…] From an internal process in how they go about auditing their code and securing software from a technical perspective, they do have one of the best models. The area they still have room for improvement is around time lines of how long it takes for them to fix things.”

The Security Development Lifecycle is a model deployed by Microsoft internally, designed to secure software as much as possible by doing extensive testing to filter out vulnerabilities, and also ensure that when flaws do exist, mitigations are in place to make exploits extremely difficult, if not impossible. Windows Vista, the first Windows client to be produced in accordance with the best practices of the SDL, was also the company’s most secure operating system in history. Windows 7 was built on Vista’s legacy, and is bound to be just as, if not even more, secure compared with its predecessor.

In the first week of April 2010, Microsoft published the Security Development Lifecycle (SDL) Version 5 for all third-party software developers to leverage in their products.


I'm not going to get in a big argument about the matter, because to most it's like arguing religion...in other words, like talking to a wall.  However, each OS is only as secure as the end-user, or administrator of the system, and each OS can be secured well enough not to have any major issues, barring the stupidity of the end-user.  I have no real preference, but I make my money off of Windows, not by fixing them though, I consult and train on their server products.
Link Posted: 6/1/2010 1:52:11 AM EDT
Originally Posted By Subnet:
From what little bit I've gleaned from reading about life working at Google, they're kind of unique in that you can really do your job running any OS you damn well please. The biggest reason is, that Google tends to either develop their own things in-house (they are home to more brilliant employees than your average corporation), or use products based on open standards - the underlying OS doesn't matter.


Maybe. IMO, the fact their products are browser- and server-based is the real reason they can use different OSs. On the server they are big on C++ and Python and, of course, HTML is mostly portable to every browser and OS.

If they developed rich clients like MS Office, it would be a different story.

Link Posted: 6/1/2010 1:59:50 AM EDT
Originally Posted By joshki:
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.


Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.
If that changes, they'll be easy pickings for awhile.
Link Posted: 6/1/2010 5:10:32 AM EDT
Originally Posted By Commander_Adama:
Originally Posted By joshki:
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.


Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.
If that changes, they'll be easy pickings for awhile.


OSX ain't perfect, but it's a damn sight better than Windows.  Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.
Link Posted: 6/1/2010 5:12:45 AM EDT
Originally Posted By Misery:
That is great!  Now Mac and Linux OS's will be more vulnerable to security exploits because the motive will exist to take them down.


That motive has existed for ten years, and yet there still isn't any malware out there that works on them.  Wonder why.
Link Posted: 6/1/2010 7:29:19 AM EDT
If they had been using AD enforced policies(accompanied with strict end user policies) and had their stations locked down they would avoid 99.9% of security risks.  My guess is Google won't lock down their employees stations to the necessary degree to keep them safe from being "hacked"(Google is about having their employees "free" to be creative) This is likely a gut punch to MS, trying to use the Google hype to boost adoption of Macs and Linux.  I use google as a search engine, and use chrome(it does go non-responsive a lot, especially so on facebook) but when it comes to getting work done, and compatibility with 3rd party software vendors Microsoft is still king.
Link Posted: 6/1/2010 7:41:19 AM EDT
Originally Posted By joshki:
Originally Posted By Commander_Adama:
Originally Posted By joshki:
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.


Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.
If that changes, they'll be easy pickings for awhile.


OSX ain't perfect, but it's a damn sight better than Windows. Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.


Yes it does, and yes it is.
Link Posted: 6/1/2010 9:39:51 AM EDT
Originally Posted By Nulllogik:
Originally Posted By joshki:
Originally Posted By Commander_Adama:
Originally Posted By joshki:
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.


Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.
If that changes, they'll be easy pickings for awhile.


OSX ain't perfect, but it's a damn sight better than Windows. Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.


Yes it does, and yes it is.




Your username is extraordinarily appropriate.
Link Posted: 6/1/2010 9:51:18 AM EDT
I think I may be moving away from Windows soon as well.
Link Posted: 6/1/2010 9:54:10 AM EDT
Originally Posted By joshki:
Originally Posted By Commander_Adama:
Originally Posted By joshki:
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.


Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.
If that changes, they'll be easy pickings for awhile.


OSX ain't perfect, but it's a damn sight better than Windows.  Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.


You chose to ignore the relevant proof offered above.  Macs haven't had to go up against the hackers like Windows has yet.  With Apple becoming popular it will soon be targeted.  

Link Posted: 6/1/2010 10:01:56 AM EDT



Originally Posted By joshki:



Originally Posted By Nulllogik:


Originally Posted By joshki:


Originally Posted By Commander_Adama:


Originally Posted By joshki:

Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.




Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.

If that changes, they'll be easy pickings for awhile.




OSX ain't perfect, but it's a damn sight better than Windows. Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.




Yes it does, and yes it is.









Your username is extraordinarily appropriate.


Appropriate or not he's right.  I go into small and large companies every day and it's rare to see a Mac in any of them and when I do it's usually a personal computer belonging to an employee fresh out of college.  And before you say "OSX is secure" you might want to check out the last hackers convention, where I think the winner of one event broke into OSX in something like 11 seconds.



In the computer business Apple is a niche company that makes a niche product and is, and always has been, happy in that role.  What's a shame is that Mac users can't accept that role also, instead having to pretend that Apple is the 800 pound gorilla on the block, when in reality they're not even on the block at all in any real numbers.



And the poster above is right, Google's leaving Windows behind has nothing to do with security.  It's about image and poking MS in the eye.  Neither of which MS gives a rat's ass about.



 
Link Posted: 6/1/2010 10:02:50 AM EDT
Originally Posted By Misery:
That is great!  Now Mac and Linux OS's will be more vulnerable to security exploits because the motive will exist to take them down.


Right, there is currently absolutely no motive to compromise all of the high-profile websites running Linux

Link Posted: 6/1/2010 10:12:23 AM EDT
[Last Edit: 6/1/2010 10:14:15 AM EDT by TinLeg]
Originally Posted By Subnet:
From what little bit I've gleaned from reading about life working at Google, they're kind of unique in that you can really do your job running any OS you damn well please. The biggest reason is, that Google tends to either develop their own things in-house (they are home to more brilliant employees than your average corporation), or use products based on open standards - the underlying OS doesn't matter.

I need Windows at work, because core business processes rely on Microsoft products. Our entire company is essentially run on SQL Server. We use features of Microsoft Office applications that aren't easily duplicated in products like Open Office. Our entire development team uses .NET languages. Our massive intranet is run on Sharepoint. The software that our contact center agents use to communicate with the ACD is a Window-only application. The software that I use to write IVR and ACD scripts for said contact center, despite being nothing more than a huge collection of Java Beans, only runs on Windows, and trying to accomplish the same thing on another OS is an exercise in futility.

Google is able to do this, because from day 1, they built their company in such a way as to not depend on any given client operating system. If my company started from square one, and had a team of brilliant people in IT (something most young non-tech companies can't afford), we'd be the same way.




This.


I would have an apple computer at home if i didn't have to pay for it.  Right now i get modern Dell laptops for free.


And I've never had a security issue.
Link Posted: 6/1/2010 10:43:10 AM EDT
Are the other OS's safer because they are buttoned up tight by design or is it because hackers just don't bother to target those OS's?
Link Posted: 6/1/2010 10:52:42 AM EDT
Originally Posted By BangStick1:
Are the other OS's safer because they are buttoned up tight by design or is it because hackers just don't bother to target those OS's?


Security by obscurity.
Link Posted: 6/1/2010 11:24:19 AM EDT
Originally Posted By mattja:
Originally Posted By Mazeman:

Originally Posted By arrgr:
Nothing to do with Security...everything to do with Spin.


 

Why don't you post that in some of the countless ARFCOM threads about people's PCs shitting the bed,

OSX is safer.


Safer in that there are so few people using it that hackers are not targeting it?

If anything eventually replaces Windows on the desktop it will be targeted just as Windows is targeted.


That's simply untrue.

The very nature of the OSX system is more secure than windows.

A real, remote hack for the mac is pretty much the gold medal hacking prize.
Link Posted: 6/1/2010 11:25:50 AM EDT
Onion?

Not that I'd mind if it were true.
Link Posted: 6/1/2010 11:35:08 AM EDT
Originally Posted By Zix:
Originally Posted By Mazeman:

Originally Posted By arrgr:
Nothing to do with Security...everything to do with Spin.


 

Why don't you post that in some of the countless ARFCOM threads about people's PCs shitting the bed,

OSX is safer.


Really?

http://www.tomshardware.com/news/hack-windows-security-snow-leopard,8704.html


Hackers just like the PC more.

Regardless of which side you're on (though as a true computing enthusiast, you shouldn't be taking sides), you've heard the arguments back and forth on the which operating system is truly safer – Mac OS X or Windows.

It is of the opinion of Charlie Miller, a well known Mac security guru, that even Snow Leopard, the latest version of Mac OS X, isn't as safe as Windows.

One key point is that Snow Leopard still doesn't have ASLR, or address space layout randomization, which randomly arranges the position of key data making it harder for hackers to target for exploits.

Miller said to TechWorld that Apple didn't change the ASLR from 10.5 to 10.6: "Apple didn't change anything. It's the exact same ASLR as in Leopard, which means it's not very good."

Apple didn’t completely missed the chance to tighten up security in Snow Leopard though, as the new QuickTime solves a lot of the issues that Mac OS X had before.

"Apple rewrote a bunch of QuickTime," said Miller, "which was really smart, since it's been the source of lots of bugs in the past."

One thing that Snow Leopard did adapt, which Windows has had since XP SP2, is DEP (data execution prevention). With DEP, buffer overflow attacks are much harder to execute.

Despite Miller's opinion that Windows is the more secure OS, the large install based of Microsoft-based systems make them a much more attractive target for hackers. Still, Miller would like to see security on all platforms.

"Snow Leopard's more secure than Leopard, but it's not as secure as Vista or Windows 7," he said. "When Apple has both [in place], that's when I'll stop complaining about Apple's security."


I think he knows more about it then you do.

And another one...

http://news.softpedia.com/news/Apple-Software-Security-Inferior-to-Microsoft-s-Says-Iconic-Hacker-139942.shtml


A security expert that build his career on identifying vulnerabilities in Microsoft software now says that the company has come a long way. Marc Maiffret, a former hacker turned legitimate security researcher, and now chief security architect at FireEye, told InSecurity Complex that Apple’s software was inferior to Microsoft’s in terms of security and the capacity of protecting end users, despite claims to the contrary by the Cupertino-based hardware company. In fact, Maiffret put Apple on the spot for marketing its software as more secure than Microsoft products, noting that it was just marketing and nothing more.

Still, the former hacker indicated that he had witnessed Apple starting to change its ways, and care more about security. “It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is,” he stated.

According to Maiffret, before Apple only recently, in the past six months, started caring more about securing its products, it was at the same level as Microsoft before the January 2002 Trustworthy Computing memo from Bill Gates. But while he slapped Apple over the wrist, Maiffret praised Microsoft not only for the progress it had done over the better part of the past decade, but also because of the Security Development Lifecycle.

“Now when you look at Microsoft today they do more to secure their software than anyone. They're the model for how to do it. They're not perfect; there's room for improvement. But they are definitely doing more than anybody else in the industry, I would say,” he underlined. “[…] From an internal process in how they go about auditing their code and securing software from a technical perspective, they do have one of the best models. The area they still have room for improvement is around time lines of how long it takes for them to fix things.”

The Security Development Lifecycle is a model deployed by Microsoft internally, designed to secure software as much as possible by doing extensive testing to filter out vulnerabilities, and also ensure that when flaws do exist, mitigations are in place to make exploits extremely difficult, if not impossible. Windows Vista, the first Windows client to be produced in accordance with the best practices of the SDL, was also the company’s most secure operating system in history. Windows 7 was built on Vista’s legacy, and is bound to be just as, if not even more, secure compared with its predecessor.

In the first week of April 2010, Microsoft published the Security Development Lifecycle (SDL) Version 5 for all third-party software developers to leverage in their products.


I'm not going to get in a big argument about the matter, because to most it's like arguing religion...in other words, like talking to a wall.  However, each OS is only as secure as the end-user, or administrator of the system, and each OS can be secured well enough not to have any major issues, barring the stupidity of the end-user.  I have no real preference, but I make my money off of Windows, not by fixing them though, I consult and train on their server products.


Cute how everyone keeps glossing over this post like it's not relevant. So I'll quote it. Give it a read.

Link Posted: 6/1/2010 11:37:59 AM EDT
Originally Posted By joshki:
Originally Posted By Commander_Adama:
Originally Posted By joshki:
Guess I'm not the only crazy person that thinks Macs are more secure than Windows PCs.


Mac OSX is full of holes too. They just aren't normally exploited because of their tiny market share.
If that changes, they'll be easy pickings for awhile.


OSX ain't perfect, but it's a damn sight better than Windows.  Market share has absolutely nothing to do with it, and 10% isn't "tiny" in any world I'm aware of.


Was it Mr. Jobs who said that Apple holds more of a market share than BMW or Mercedes do of the auto market, and no one complains about BMW's and Mercedes being junk because of it?
Link Posted: 6/1/2010 11:38:42 AM EDT
Originally Posted By cyrus-the-virus:
Originally Posted By BangStick1:
Are the other OS's safer because they are buttoned up tight by design or is it because hackers just don't bother to target those OS's?


Security by obscurity.


If it's good enough for the SEALs, it's good enough for me!
Link Posted: 6/1/2010 11:40:46 AM EDT
Originally Posted By Danner130:
Ha-ha!

Suck on that Microsoft!


This.  
Link Posted: 6/1/2010 11:52:23 AM EDT
Originally Posted By mattja:
Originally Posted By Subnet:
From what little bit I've gleaned from reading about life working at Google, they're kind of unique in that you can really do your job running any OS you damn well please. The biggest reason is, that Google tends to either develop their own things in-house (they are home to more brilliant employees than your average corporation), or use products based on open standards - the underlying OS doesn't matter.


Maybe. IMO, the fact their products are browser- and server-based is the real reason they can use different OSs. On the server they are big on C++ and Python and, of course, HTML is mostly portable to every browser and OS.

If they developed rich clients like MS Office, it would be a different story.



When I was interviewing there one of the questions that was in the back of my mind is do I really want to work in a environment that is like programming mainframes?
Link Posted: 6/1/2010 12:00:23 PM EDT
Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".
Link Posted: 6/1/2010 12:03:12 PM EDT
Originally Posted By Mazeman:

Originally Posted By arrgr:
Nothing to do with Security...everything to do with Spin.


 

Why don't you post that in some of the countless ARFCOM threads about people's ARs shitting the bed,

AKs are more reliable.


Link Posted: 6/1/2010 12:03:27 PM EDT
Originally Posted By Joe4567:
Originally Posted By mattja:
Originally Posted By Subnet:
From what little bit I've gleaned from reading about life working at Google, they're kind of unique in that you can really do your job running any OS you damn well please. The biggest reason is, that Google tends to either develop their own things in-house (they are home to more brilliant employees than your average corporation), or use products based on open standards - the underlying OS doesn't matter.


Maybe. IMO, the fact their products are browser- and server-based is the real reason they can use different OSs. On the server they are big on C++ and Python and, of course, HTML is mostly portable to every browser and OS.

If they developed rich clients like MS Office, it would be a different story.



When I was interviewing there one of the questions that was in the back of my mind is do I really want to work in a environment that is like programming mainframes?



Yeah I'm sure there's a lot of cobol and pl1 programming going on at Google.  Did they hire you?  
Link Posted: 6/1/2010 12:04:49 PM EDT



Originally Posted By amd_dude:


Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".


And now the worm is turning.



Put money on it.



 
Link Posted: 6/1/2010 12:05:01 PM EDT
Originally Posted By amd_dude:
Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".


And racking the slide on a shotgun will chase the burglars away.
Link Posted: 6/1/2010 12:09:24 PM EDT



Originally Posted By HarryStone:



Originally Posted By amd_dude:

Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".




And racking the slide on a shotgun will chase the burglars away.




You realize it's kinda like the LifeLock guy posting his Social Security number all over the place, right?
 
Link Posted: 6/1/2010 12:17:17 PM EDT
Originally Posted By gonzo_beyondo:

Originally Posted By HarryStone:
Originally Posted By amd_dude:
Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".


And racking the slide on a shotgun will chase the burglars away.


You realize it's kinda like the LifeLock guy posting his Social Security number all over the place, right?



 


What is, putting a Mac on the internet?  I've been doing it for years now with no problem.  No anti-virus software, no anti-malware, and no problems.  I have one mac connected to the net for a few years now with a public IP.  But really it's no risk at all, because market share is what creates or negates security problems.  If tomorrow the market share of Macs magically became 98%, security holes would appear in the code that weren't there before.

Right?  
Link Posted: 6/1/2010 12:18:15 PM EDT
Originally Posted By cyrus-the-virus:
Originally Posted By BangStick1:
Are the other OS's safer because they are buttoned up tight by design or is it because hackers just don't bother to target those OS's?


Security by obscurity.


Exactly. Last Defcon should have woken up the Mac users if they weren't so perpetually smug.
Link Posted: 6/1/2010 12:19:10 PM EDT



Originally Posted By HarryStone:



Right?  



Sure dude.




Remember this thread.



 
Link Posted: 6/1/2010 12:19:28 PM EDT
[Last Edit: 6/1/2010 12:19:46 PM EDT by N1Rampage]





Originally Posted By HarryStone:





Originally Posted By gonzo_beyondo:
Originally Posted By HarryStone:




Originally Posted By amd_dude:


Mac is not more secure, it's actually less secure but because (for now) it has less market share it is targeted less it appears "safer".






And racking the slide on a shotgun will chase the burglars away.






You realize it's kinda like the LifeLock guy posting his Social Security number all over the place, right?
 






What is, putting a Mac on the internet?  I've been doing it for years now with no problem.  No anti-virus software, no anti-malware, and no problems.  I have one mac connected to the net for a few years now with a public IP.  But really it's no risk at all, because market share is what creates or negates security problems.  If tomorrow the market share of Macs magically became 98%, security holes would appear in the code that weren't there before.





Right?  


Computer don't find the holes, people do.
 
Link Posted: 6/1/2010 12:23:48 PM EDT
Link Posted: 6/1/2010 12:24:36 PM EDT


June 01, 2010 11:20 AM

Security Firm Discovers Spyware in Mac Software












By David Chartier, Macworld






Intego, makers of security and privacy apps for the Mac, warned on
Tuesday that some Mac software include a new piece of invasive spyware.
Macworld has obtained a preliminary list of the applications with the
spyware.



In a press release, Intego states that a number of apps and screen
savers distributed through sites like MacUpdate, VersionTracker, and
Softpedia are installing a little more software than users bargain for;
Apple's Mac OS X Downloads site also contained entries for some of the
apps, though the download links appear to now be inactive. The spyware
in question is called OSX/OpinionSpy and it's a variant of Windows
spyware that has existed since 2008.



As to the spyware's invasive actions, it allegedly dupes users into
handing over their admin passwords with a dialog claiming that it
"market research" software will be installed to collect browsing and
purchasing history. OSX/OpinionSpy then installs a process called
"PremierOpinion" that runs as root. Intego says the spyware then opens
an HTTP backdoor on port 8254, scans all accessible local and networked
volumes, and injects code into Safari, Firefox, and iChat in memory
(meaning it doesn't alter the applications themselves). It also
regularly transmits encrypted data to a variety of servers, which
contains e-mail addresses, iChat message headers, and URLs––as well as
potentially personal data like usernames, passwords, credit card
numbers, bookmarks, and browsing history.



OSX/OpinionSpy can also upgrade itself automatically with no user
intervention and relaunch itself via Mac OS X's launchd, the system-wide
process that manages a number of automated systems, background daemons,
and launch processes. Furthermore, upon uninstalling the original
program, OSX/OpinionSpy remains installed on your Mac.



So far, Intego has found OSX/OpinionSpy in one application––MishInc
FLV To Mp3––and a number of screensavers (here's a MacUpdate example link) that are all made
by 7art-screensavers:






  • Secret Land ScreenSaver v.2.8



  • Color Therapy Clock
    ScreenSaver v.2.8



  • 7art Foliage Clock ScreenSaver v.2.8



  • Nature
    Harmony Clock ScreenSaver v.2.8



  • Fiesta Clock ScreenSaver v.2.8



  • Fractal
    Sun Clock ScreenSaver v.2.8



  • Full Moon Clock ScreenSaver v.2.8



  • Sky
    Flight Clock ScreenSaverv.2.8



  • Sunny Bubbles Clock ScreenSaver
    v.2.9



  • Everlasting Flowering Clock ScreenSaver v.2.8



  • Magic
    Forest Clock ScreenSaver v.2.8



  • Freezelight Clock ScreenSaver
    v.2.9



  • Precious Stone Clock ScreenSaver v.2.8



  • Silver Snow
    Clock ScreenSaver v.2.8



  • Water Color Clock ScreenSaver v.2.8



  • Love
    Dance Clock ScreenSaver v.2.8



  • Galaxy Rhythm Clock ScreenSaver
    v.2.8



  • 7art Eternal Love Clock ScreenSaver v.2.8



  • Fire
    Element Clock ScreenSaver v.2.8



  • Water Element Clock ScreenSaver
    v.2.8



  • Emerald Clock ScreenSaver v.2.8



  • Radiating Clock
    ScreenSaver v.2.8



  • Rocket Clock ScreenSaver v.2.8



  • Serenity
    Clock ScreenSaver v.2.8



  • Gravity Free Clock ScreenSaver v.2.8



  • Crystal
    Clock ScreenSaver v.2.6



  • One World Clock ScreenSaver v.2.8



  • Sky
    Watch ScreenSaver v.2.8



  • Lighthouse Clock ScreenSaver v.2.8



  • PremierOpinion,
    an "elite research community" that provides the namesake software,
    offers a privacy policy, a snippet of which is a bit
    alarming:



    For certain commercial customers, we may provide individual-level
    information. We make this data available so that these customers may
    enhance their own understanding of Internet usage and online commercial
    trends. In all cases, we make commercially viable efforts to
    automatically filter confidential personally identifiable information
    such as UserID, password, credit card numbers, and account numbers from
    the data being provided.



    While the policy also states that "customers" can opt out of the
    program at any time, it only offers uninstall instructions for Windows,
    not Mac OS X. It also explains that PremierOpinion gave OSX/OpinionSpy
    the ability to analyze, repair, or reinstall itself out of concerns over
    system stability, in case third-party software does more harm than good
    while attempting to remove it.



    That said, Intego claims that as long as VirusBarrier X5 and X6
    users update to the latest version of its threat filters, released May
    31, 2010, its software should be able to remove OSX/OpinionSpy
    successfully.







    Wait, Harry, what was that?



    No anti-virus software, no anti-malware, and no problems.




    Oh damn.





    http://www.pcworld.com/businesscenter/article/197696/security_firm_discovers_spyware_in_mac_software.html
     
     
    Link Posted: 6/1/2010 12:26:42 PM EDT
    Originally Posted By gonzo_beyondo:

    Originally Posted By HarryStone:

    Right?  

    Sure dude.

    Remember this thread.
     


    I'll try to wait patiently for the magic market share number that writes its own code.  I know I'm kind of wacky believing that unix is more secure than Windows.
    Link Posted: 6/1/2010 12:26:56 PM EDT





    OSX/OpinionSpy performs the following actions:


    • This application, which has no interface, runs as root (it requests an
    administrator's password on installation) with full rights to access
    and change any file on the infected user's computer.


    • If for any reason the application stops running, it is re-launched via
    launchd, the system-wide application and service launching facility.


    • It opens an HTTP backdoor using port 8254.


    •  It scans all accessible volumes, analyzing files, and using a great
    deal of CPU time. It is not clear what data it copies and sends to its
    servers, but it scans files on both local and network volumes,
    potentially opening up large numbers of confidential files on a network
    to intrusion.


    • It analyzes packets entering and leaving the infected Mac over a local
    network, analyzing data coming from and being sent to other computers.
    One infected Mac can therefore collect a great deal of data from
    different computers on a local network, such as in a business or school.


    • It injects code, without user intervention, into Safari, Firefox and
    iChat, and copies personal data from these applications. Code injection
    is a form of behavior similar to that of a virus, and this malware
    "infects" applications when they are running to be able to carry out its
    operations. (It infects the applications' code in the Mac's memory, and
    does not infect the actual applications' files on the user's hard
    disk.)


    • It regularly sends data, in encrypted form, to a number of servers
    using ports 80 and 443. It sends data to these servers about files it
    has scanned locally, and also sends e-mail addresses, iChat message
    headers and URLs, as well as other data. This data may include personal
    data, such as user names, passwords, credit card numbers, web browser
    bookmarks, history and much more.


    • Given the type of data that it collects, the company behind this
    spyware can store detailed records of users, their habits, their
    contacts, their location and much more.


    • The application can be upgraded automatically, with new features
    added, with no user intervention, and without the user being aware of
    this. It occasionally asks users for information, via the display of
    dialogs, such as their name, or asks them to fill out surveys.


    • In some cases, computers with this spyware installed no longer work
    correctly after a certain period of time; it is necessary to
    force-reboot such Macs.


    • If a user deletes the original application or screen saver that
    installed this spyware, the spyware itself will remain installed and
    continue to operate.





    As can be seen above, this application that purports to collect
    information for marketing reasons does much more, going as far as
    scanning all the files on an infected Mac. Users have no way of knowing
    exactly what data is collected and sent to remote servers; such data may
    include user names, passwords, credit card numbers and more. The risk
    of this data being collected and used without users' permission makes
    this spyware particularly dangerous to users' privacy.


    Link Posted: 6/1/2010 12:28:46 PM EDT



    Originally Posted By HarryStone:



    I know I'm kind of wacky believing that unix is more secure than Windows.


    No OS can protect users from themselves



     
    Link Posted: 6/1/2010 12:30:41 PM EDT
    Originally Posted By gonzo_beyondo:

    Oh damn.


    http://www.pcworld.com/businesscenter/article/197696/security_firm_discovers_spyware_in_mac_software.html


       [/div]

    I'll be on the lookout for spyware that I have to install myself.  I'm downloading it now, I'll report back about how it insidiously asked me for my password in order to install.  Those crafty bastards.  
    Arrow Left Previous Page
    Page / 4
    Top Top