Re: [Fed-Talk] Apple's security belly-flop
Re: [Fed-Talk] Apple's security belly-flop
- Subject: Re: [Fed-Talk] Apple's security belly-flop
- From: Michael Pike <email@hidden>
- Date: Fri, 24 Feb 2006 20:30:32 -0700
We use iChat all the time, for hundreds of our federal employees
nationwide.
I totally agree with your Unix comments... also, the only ones
creating hype are Symantec, McAfee, and the others who benefit from
these things. Thats why I love to see the open source scanners,
because at least you don;t have to give in to their propaganda from
the commercial vendors.
In regards to prying open the minds of upper management, let me give
you a few of the scenarios we have in "the skid mark agency of the
government" (not my words, someone else's).
Most managers who will not buy Apple do not like Apple and will
always find reasons to not use it. Even if Apple offered $50 intel
imacs, they would still say no. Most of them do not have any
knowledge, and they know the bare minimum about windows and that's
all they want. Most upper managers are pretty much idiots and have
no clue. They sit and leave emails all day, and forward messages.
(I'm talking govt upper managers, not Apple or other private industry).
Apple users in general are more intelligent and demand more of what
they work with (doctors, scientists, artists), while Windows users
typically "go with the flow", are average at best (and thats at best,
most are below average).
In fact, I am going to go ahead and throw out I have yet to respect
anyone in our agency (IHS) for anything, other than the physicians
and a few people in HR. The so called "day to day management" are
generally bottom of the barrel and have no idea what works and what
doesn't. 95% of the "managers" in our agency probably couldn't hold
a job anywhere else, even something as simple as running a McDonalds.
Those are the battles you will have - trying to educate the
uneducatable (thats not in the dictionary, but it should be), and
convincing them to try something different for the good of your
overall mission.
mike
On Feb 24, 2006, at 3:14 PM, David Poteet wrote:
... how many people use iChat at work or even at home? I've tried,
but bc I'm 52 I can't seem to find other folks who want to IM for
hours at a time. My 17 year old daughter says it just isn't done to
IM with your mom or dad. The iChat vulnerability is not a risk in
most govt environments. If your kid picks it up and is also on your
family LAN, you still won't get it unless you IM with your teens. I
can barely get more than a few verbal sentences out of mine, much
less an IM. Email is cool to do with old folks, she tells me, and I
have a virus checker for my email.
... whoever said Apple is below the radar may not be aware of the
virulence of the antagonism on both sides of the Windows vs. OS X
debate. A hacker would launch something in the wild out of spite or
maybe for profit, but it hasn't happened for a variety of good
reasons. I check the major Apple blogs and websites each day and
there is no widespread concern expressed except by companies that
make a living selling solutions. If you want the latest scoop and
mild reaction, go to today's MacFixit at http://www.macfixit.com/.
The proof's in the pudding, and there ain't none... after nearly 30
years of UNIX refinement, Open Source checking and reporting and a
nearly instantaneous response by Apple (vs. years later w/ MS),
there just aren't many problems.
... I agree w/ the remark about bad reporting, but I also agree w/
Rex Sanders that Apple doesn't do enough PR about this kind of
thing. The argument can be made to IS mgmt that Apple is much less
vulnerable to viruses, but it takes an open mind. Apple needs to
help start prying some of the heads open at upper mgmt levels...
more timely information about security risks would offer just that,
but Apple has always held its cards close.
On Feb 24, 2006, at 3:08 PM, Michael Pike wrote:
Well, there are 149,999 MORE reasons to not use windows... one
stupid little program that does nothing is far from a threat.
There is no problem for Apple to work on. If the file tries to
move, it will ASK the recipient if they want to accept it. What
more can Apple do? If the person on the other end is stupid
enough to accept a file without knowing what it is, in a way they
probably shouldn't be using a computer to begin with.
One thing I like about Mac is it doesnt ask me "are you sure?",
"are you sure you're sure?" "Are you sure you are sure about what
you are sure about?"
The software doesn't propagate unknowingly, the user has to know
about it... so the defense isn't Apple, it's making sure the users
have 1/10th of a brain and don't accept files they do not know
what they are.
A .TGZ file to begin with should make most users think.
On Feb 24, 2006, at 10:22 AM, Rex Sanders wrote:
One of the few arguments for keeping Macs "under the radar" and
on the
desktop at many locations is a reputation for good security.
With the new Mac OS X scripting vulnerability(*), and Apple's
silence on
the issue, that reputation is evaporating rapidly. If Upper IT
Management
perceives that Macs are as big a security headache as Windows,
they'll push
even harder to throw out the Macs.
When are we going to hear that Apple is even working on this
problem? How
soon can we expect a fix?
What can Apple say to regain their reputation for secure computing?
-- Rex
(*) In case you haven't heard, Mac OS X has a serious design
flaw opening
a huge security vulnerability:
http://isc.sans.org/diary.php?storyid=1138
http://www.macintouch.com/readerreports/security/topic4055.html
Read carefully through the end of the last link. The problem is not
limited to Safari, Mail.app, or Terminal. No workaround proposed
so far
closes all the exploit paths. First reported on February 20, we
have no
acknowledgement or "we're working on it" from Apple.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden