Re: Question about Mac OS X 10.4 Security

["Dave Korn" <davek_throwaway () hotmail com>]

Stef wrote:
> On 2/28/06, Paul Schmehl <pauls () utdallas edu> wrote:
> <snip>
> > Still, the ignorance of Mac users, who believe their platform is
> > somehow magically "secure" will contribute to the problem.

> I am sorry, Paul, but I have to take you up on this, especially with
> your tendency of generalizing everything.
> original migration. As a repository of security and network tools, I
> have thrown at this baby everything I can possible think of, and still
> haven't found a way to break it ...

  Never mistake a lack of imagination for an insight into necessity.  I 
guess you didn't think of writing a virus, renaming it to "funny_game.exe", 
and emailing it to yourself with an email body saying "Hi!  Here's that 
flash game we were chatting about the other day!" ?

  The point I'm making is that the vast majority of windows virus infections 
aren't delivered by remote network exploit, they're delivered by people 
double-clicking on executables attached to email, and that would work on 
Macs just as it does on windows.  There's nothing about the Mac that would 
make Mac users less vulnerable to social engineering than windows users, and 
as long as the attitude persists that Macs are somehow special and secure, 
then uneducated Mac users will be even /more/ likely to open an executable 
attachment, because they won't believe it can harm them, because they've 
been told over and over how their Mac is "secure" and all those viruses are 
only a problem on windows.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/