Thinking of my next PC upgrade being not so PC.

[MrRiplEy[H]]

Not true , www.zone-h.org, if they still had the OS filter function you could check the archive and see that os x machines get hacked quite a bit. Still it amounts to less than 1% of all hacks IIRC from the old stats. Most hacks are still primarily Linux then MS.

You still don't get the point - if OSX and Windows are equally vulnerable and OSX has 1 in a million of chance of hitting an attack compared to windows, which one would you deem safer to use?

[Vulcan]

You still don't get the point - if OSX and Windows are equally vulnerable and OSX has 1 in a million of chance of hitting an attack compared to windows, which one would you deem safer to use?

Take two streets, one (Street W) has 20 attempted burglaries a year, the other (Street M) has 1 attempted burglary a year. However Street M has a policy of no locks on doors, windows or burglar alarms to be fitted to houses. Which street would you rather live in?

[MrRiplEy[H]]

Take two streets, one (Street W) has 20 attempted burglaries a year, the other (Street M) has 1 attempted burglary a year. However Street M has a policy of no locks on doors, windows or burglar alarms to be fitted to houses. Which street would you rather live in?

Sorry but both of them share the policy and the ratio is much worse then 20 to 1 and you know it. The amount of zero day exploits published and actively used for windows is simply staggering. Just recently dns poisoning or something got thousands of internet bankers.

From a million infected websites you may find one that's actually targeting a mac for some weird reason.

[Ghastly]

Just recently dns poisoning or something got thousands of internet bankers

Now, hang on.  I don't have a dog in this fight at all, but if it was the DNS poisoning attack I think you are referring to, it was due to a flaw in how DNS was originally designed and was a cross platform vulnerability on pretty much all DNS servers regardless of OS - and affected every system that used the compromised DNS server equally, whether the station was Windows, OS X, Linux - or Commodore Vic 20. 

<S>

[Vulcan]

Now, hang on.  I don't have a dog in this fight at all, but if it was the DNS poisoning attack I think you are referring to, it was due to a flaw in how DNS was originally designed and was a cross platform vulnerability on pretty much all DNS servers regardless of OS - and affected every system that used the compromised DNS server equally, whether the station was Windows, OS X, Linux - or Commodore Vic 20. 

<S>

Exactly.

Not only that but this was directed as a phishing attack. Phishing is not dependent on OS. However Safari (the default browser on all mac's) has only just recently acquired phishing protection, whereas this has been common place protection for windows browsers for some time. ie (scuz the pun) a mac user is significantly more at risk from this attack than a windows user.

Would you like to try for a better example mrripley

[MrRiplEy[H]]

Now, hang on.  I don't have a dog in this fight at all, but if it was the DNS poisoning attack I think you are referring to, it was due to a flaw in how DNS was originally designed and was a cross platform vulnerability on pretty much all DNS servers regardless of OS - and affected every system that used the compromised DNS server equally, whether the station was Windows, OS X, Linux - or Commodore Vic 20. 

<S>

I'm not sure which mechanism was used but it was windows malware that directed users to a fake banking site. Most likely a virus or trojan delivered the payload since other systems were not affected.

Your anti-Apple bias is showing through guys.

[Vulcan]

I'm not sure which mechanism was used but it was windows malware that directed users to a fake banking site. Most likely a virus or trojan delivered the payload since other systems were not affected.

Your anti-Apple bias is showing through guys.

There were some DNS hijacks late last year of some significant companies including banks. DNS hijacks have nothing to do with your OS. IIRC there was an indian bank or two that got redirected to phishing sites. Perhaps you should do some research on DNS and phishing before you claim anti-apple bias. Your pro-Apple ignorance is showing through on this one.

http://en.wikipedia.org/wiki/Phishing
http://en.wikipedia.org/wiki/DNS_hijacking

[MrRiplEy[H]]

There were some DNS hijacks late last year of some significant companies including banks. DNS hijacks have nothing to do with your OS. IIRC there was an indian bank or two that got redirected to phishing sites. Perhaps you should do some research on DNS and phishing before you claim anti-apple bias. Your pro-Apple ignorance is showing through on this one.

http://en.wikipedia.org/wiki/Phishing
http://en.wikipedia.org/wiki/DNS_hijacking

So you claim that you know already better about the exploit without knowing a thing about it? Do you even know the delivery mechanisms behind Finnish internet banking? I just checked the banks report on the issue and it's a Windows based virus. They link to antivirus vendor as the solution. http://www.nordea.fi/Tietoa+Nordeasta/Nordea+varoittaa+asiakkaitaan+haittaohjelmasta/1285712.html Looks like it was a pharming attack, virus or trojan pointing the machines to a compromised DNS server.

If you notice a bank website in false language it is not allowed to use your computer for banking untill it has been disinfected (with a link to F-Secure AV)

You guys are unbelievable. I have owned 10x more PC's in my life and this is my first mac ever and even then I use it mostly for work. Now you're painting me to be some Apple biggot? LOL! You just can't face the facts thats all.  

[Vulcan]

Just recently dns poisoning or something got thousands of internet bankers.

Just recently dns poisoning or something got thousands of internet bankers.

Just recently dns poisoning or something got thousands of internet bankers.

Anyhoo, moving along, all I could find on the bank.patch malware you appear to referencing is this

Discovered: August 18, 2008
Updated: February 3, 2009 6:11:43 PM
Type: Trojan
Infection Length: Varies
Systems Affected: Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
When executed, the Trojan drops and executes one of the following files, which allows the Trojan to escalate its execution privileges:
%Temp%\conlf.ini
%Temp%\conlf[RANDOM DIGIT].ini

It's a trojan, it requires the user to run it, and oh guess what it does the exact same thing as the Mac DNS Changer trojan.

All we're doing is painting reality. Mac like to surround their platform in a lot of fud.

And funnily enough as I sit here typing I hear a mac user being told over the phone to hold down the power button to restart their mac and press the cmd-option-p-r keys as they do until it chimes 3 times. It just works..... yeaaaaaaaaaaaaaaah right.

[MrRiplEy[H]]

Anyhoo, moving along, all I could find on the bank.patch malware you appear to referencing is this

It's a trojan, it requires the user to run it, and oh guess what it does the exact same thing as the Mac DNS Changer trojan.

All we're doing is painting reality. Mac like to surround their platform in a lot of fud.

And funnily enough as I sit here typing I hear a mac user being told over the phone to hold down the power button to restart their mac and press the cmd-option-p-r keys as they do until it chimes 3 times. It just works..... yeaaaaaaaaaaaaaaah right.

LOL and yet no mac user was affected. Guess why? Too few of them to bother attacking.

The fact you didn't find anything but 2008 trojan does _not_ mean it wasn't a completely remote executed vulnerability since windows gets them developed on daily basis. There are more zero day exploits for windows coming out per year than mac exploits ever made so far. Just now there's the thread about antivirus 2010 that infected the user despite having multiple AV/malware removers etc. running, taking resources and user wasting days of time for nothing.

No near-automatic backup setup for windows like time machine has offered mac for ages. So user is hesitant to do the only move he should do, total reinstall. He probably will keep using the compromised system despite the possibility it's permanently rootkitted now.

And funnily enough if all your mac user needs to do is reset his computer after it's been running how long, 100+ days without restart? HORRIBLE! He probably would have had to reinstall XP by that time. The instant start-up times alone saved him 2 days worth of working time by that time most likely compared to a regular PC.

You're making yourself ridiculous Vulcan. What you're saying is that you have a similar risk of being attacked and killed while pacing down the isles of the white house and most infamous sections of harlem as a white man. Yeah sure, in both cases there are guns and they will hurt you - but the other place takes a remarkable exception before some insane person would turn aggressive against you.

[Vulcan]

LOL and yet no mac user was affected. Guess why? Too few of them to bother attacking.

Are you talking mac malware in general, the dns hijack or the article you linked too?

Because mac malware in general there IS an operational botnet of infected mac's. DNS hijacks affect mac's, OS is irrelevant. Last one well if its windows malware of course not.

No near-automatic backup setup for windows like time machine has offered mac for ages.

There are several solutions available that are superior to time machine, range in price, features, and have been out longer than time machines. Google CDP.

And funnily enough if all your mac user needs to do is reset his computer after it's been running how long, 100+ days without restart?

I do that with my laptop all the time. Plus there's another guy in our office still having constant issues with the Snow Leopard DNS problem (like this: http://discussions.apple.com/thread.jspa?threadID=2170105&tstart=0 )  <-- oh and note apple forums with plenty of problems.

Every mac professional I work with agrees (I work with people who work with the likes of the guys that did the animation for Avatar in case you're wondering), no OS is totally secure, and most mac users are overly complacent about security to the point of it being dangerous.

If you like your mac, cool, but don't tell me how bad windows is because I like it and I know the grass ain't as green as people make out on the mac.

[MrRiplEy[H]]

Are you talking mac malware in general, the dns hijack or the article you linked too?

Because mac malware in general there IS an operational botnet of infected mac's.

Yeah and it made big time news. Guess what, windows botnets are not even newsworthy they're just happening.

There are several solutions available that are superior to time machine, range in price, features, and have been out longer than time machines. Google CDP.

Is it free and built in windows? If then cool.

I do that with my laptop all the time. Plus there's another guy in our office still having constant issues with the Snow Leopard DNS problem (like this: http://discussions.apple.com/thread.jspa?threadID=2170105&tstart=0 )  <-- oh and note apple forums with plenty of problems.

There's something wrong with your laptop or software you run if you need to do it. None of our macs require any maintenance whatsoever if you count out plugging them to loader when battery runs out. Sure mac forums is full of people with problems. You forget the fact that any windows forum has 100 times as many people with windows problems if not more. And then there are hundreds of thousands who don't complane and do internet banking with a rootkited windows.

Every mac professional I work with agrees (I work with people who work with the likes of the guys that did the animation for Avatar in case you're wondering), no OS is totally secure, and most mac users are overly complacent about security to the point of it being dangerous.

Who said OSX was totally secure? The low amount of attacks on it however make it very very unlikely to run into any exploits, especially when visiting legal sites. It's like walking in white house. Plenty of guns around but they're not pointed at you (they're all pointed at Windows figuratively speaking) even though they could, potentially, get you killed any second. Would you be scared that statistically one of the employees might be psycho and kill you? You'd say the chances are so low it's laughable.

Windows guy would have to visit in a main battle tank and still get taken out by a 0-day hellfire missile after ruining the white house lawn.

If you like your mac, cool, but don't tell me how bad windows is because I like it and I know the grass ain't as green as people make out on the mac.

Heh untill about a year ago I hated mac. That is untill I started to like its features and ease of use over windows. I still use win7 dominantly on everything except audio/video work and office stuff.

[guncrasher]

Please let the thread go away.  U already said everyhing that needed to be said.

Semp

[Ghastly]

^^^ Is it just my simplemindedness, but does anyone else find this ^^^ to be hilariously ironic?
<S>