Apple flaws put both Macs and PCs at risk (http://msn-cnet.com.com/Apple+flaws+put+both+Macs+and+PCs+at+risk/2100-1002_3-6071833.html?part=msn-cnet&subj=ns_2510&tag=mymsn)

"Serious flaws in Mac OS X and QuickTime software could put Macintosh and Windows systems at risk of cyberattack, Apple Computer has warned."

:p

Apple flaws put both Macs and PCs at risk (http://msn-cnet.com.com/Apple+flaws+put+both+Macs+and+PCs+at+risk/2100-1002_3-6071833.html?part=msn-cnet&subj=ns_2510&tag=mymsn)

"Serious flaws in Mac OS X and QuickTime software could put Macintosh and Windows systems at risk of cyberattack, Apple Computer has warned."

:p

Davey,

Thanks. That reminded me to get my computer system updated. Indeed, there is an security update for both the OSX system and Quicktime. While I agree that it is a definite vulnerability, all types of files that you download from a web site pose a problem. There has not yet been an worm or virus associated with Quicktime since 1998. I am not sure that I am convinced that this represents a significant vulnerability and the vulnerability had always been there. The writer of the virus or worm will have to do three things in order to make the file damaging actions on OSX:

1. The virus or worm in a Quicktime would have to be targetted to Apple OSX. Apple OSX would not be affected by a virus trying to execute system commands for Windows. Most of OSX most damaging commands such as installing a program are protected by password. So, the worm or virus would have to be specifically targetted at Apple OSX. Because Quicktime is used only by a minority of Windows computers, most virus/worm writers would not want to use it as a vehicle.

2. Quicktime cannot do everything. While it can call up programs to play its files and read files, it should not install programs.

3. There was a quicktime worm called autostart 9805 (http://www.macintouch.com/hkvirus.html) that was first discovered in May 1998. It added invisible files to every disk partition and periodically caused extensive disk activity (and network activity on mounted disks). It was targetted at MacOS. It just compied itself to other disk partitions where it can become active. It is sometimes called the Hong Kong virus because its first reported appearance was in Hong Kong and spread rapidly amongs the desktop publishing industry. Several Quicktime viruses did hit the PC world (http://www.pcworld.com/howto/article/0,aid,62225,00.asp) but there have been no Quicktime virus or worm reported that targetted the Mac OSX.

Quicktime has always been a bit of an orphan child in the Mac world. When it came out, it broke almost all the interface rules of Mac operating systems. Most of its features were invisible or cannot be accessed. One cannot set its preferences. It was difficult to turn off. It often could not open certain files and you don't know why. In other words, it had many of the characteristics of Windows applications. A lot of Mac users did not like it.

On 10 March 2006, eEye pointed two Quicktime and iTunes vulnerabilities (http://www.eweek.com/article2/0,1895,1936596,00.asp). This announcement came shortly after the recent release of exploit code for the Safari browser that execute the codes if a viewer simply viewed a maliciously rigged Web page. A lot of secruity experts have become quite interested in cracking the so-called Apple OSX invulnerabiity to malware. This is good because we should not assume that Apple will be forever invulnerable to hackers. All systems are and must be vulnerable. We have been too complacent.

Wise.

Researcher: Apple Patch falls short
Independent researcher Tom Ferris said there were still holes in Safari, QuickTime, and iTunes that he reported to Apple but were not patched in the latest release

By Paul F. Roberts (http://www.infoworld.com/article/06/05/12/78305_HNmacpatch_1.html)
May 12, 2006

Apple Computer released its third major patch this year for the OS X operating system on Thursday, fixing 31 software vulnerabilities in a range of products that could be used by remote attackers to compromise Mac OS systems.

But independent security researcher Tom Ferris told InfoWorld the latest patch doesn't cover other critical holes he reported to Apple, and that he may soon publish the details of those flaws, too.

Security Update 2006-003 was published on Apple's Web site and includes software fixes for holes in OS X, the Safari Web browser, and Mac components for viewing image and video files. Included are fixes for a number of security flaws publicized by Ferris in April.

InfoWorld (http://www.infoworld.com/article/06/05/12/78305_HNmacpatch_1.html)

Is it any surprise that article is on MSN? :p I still feel much safer regarding software security with my two Macs than I ever did with my past Windows machines (and I never had much trouble/worry with them).

http://mac1.no/files/images/linux.preview.jpg

Is Linux safe?

I believe that Linux is safe, but there is no such thing as 100% security. I think that Microsoft got into trouble with Windows XP because of many reasons. The word on the street was that the program was designed without security in mind, even though Steve Ballmer said right after its release that it was the safest operating system ever. After Microsoft started having all the security issues with XP, Steve Ballmer demanded and wanted to know what needed to be done to make this software safe, and therefore Microsoft released SP-2. Your question should really be answered by a programmer (maybe one from Microsoft will reply), but it is my understanding that when code was written for XP, it was done in teams where for instance one group worked on how to get the “OK button” to work and another team worked on another part of the program. With all these teams working on different parts, no one really knew what was going on with the entire system. Also, the mindset of the programmer is, “How can I get this to work,” and the mindset of the hacker is, “How can I make this break?”

Microsoft’s first job, second job, and third job is to make sure that Vista is released in January of 2007, and this program has to be rock-solid.

Hackers attack MS because it's the biggest kid on the block. If only Mac or Linux existed they'd be going after them with just as much fervor and success. Hackers want the biggest bang for their buck so go after MS' OS and just to rile up Bill Gates! :)