January 2007 to be the month of Apple Bugs

john, fanboys might be annoying, but not anywhere near as annoying as those who yell "fanboy" when it isn't warranted, and when they're trying to use it as a subtle lift for their arguments. ad hominem circumstantial and all that.

On too many occasions we have seen "big news" about a supposed "hole" in OSX security, only to find, after further investigation, that the security flaw is either non-existent, not anything to do with Apple, dependent on unrealistic alterations to default settings, requiring of the most bizarre and unlikely actions by users, or is just unexploitable.

That's the key - holes and potential flaws are only minor problems. Windows has many holes and flaws; most of them aren't a problem for that platform either. No, what matters are exploits. Being able to use, and actually using, a flaw or hole to achieve something, that is the real problem.

Exploits are what Windows users do suffer from, regularly. Exploits are what we don't see on OSX. Are these guys actually going to be detailing exploitable holes? I seriously doubt it; in fact, I expect nothing more than a re-hash of many known holes and flaws that are unexploitable.

Hmm.. my last comment was deleted so I'll repeat:

Maybe when they've finished showing teh secuirty bugs they'll bring even more attention o the glacial performance of the AIrport cards in the Core2 Duo iMacs - this has been flagged for a good while now but no response from Apple.

While I don't necessarily agree with releasing exploits (or the bugs that lead to them) to the wild I do agree with John. Making the bugs public puts pressure on Apple to fix them sooner rather than later.

So what are they going to do after the third day?
;)

@john - get off your high horse, thats all...

i bet these will all be the most asinine little quarks that theyll refer to as bugs. 'sometimes the screen will lock up but the mouse will move, that could allow a hacked sitting at your computer to possibly click something without you knowing and thats only if the system is actually responding.' stuff like that, i bet.

im looking forward to reading it though, even if it will be another '15 gripes about os x' type article.

I understand that this is one of the finest sites for fanboys, but some of these points are rediculous.

Edsel & G: Do you honestly think that this is some conspiracy started in Redmond to boost sales of Vista? That's simply rediculous. If the researchers were spreading FUD, then why did Apple patch the most dangerous bug (DMG) which was part of the month of kernel bugs?

Scott: part of the reason why many of these vulnerabilites are shared before Apple patches them is that Apple is very slow to patch. True, they got the DMG patch out, but only because of how critical a flaw it was. There are countless bugs which sit on Apple's desk for months without being patched.

Moreover, if a researcher presents them to Apple with the pledge to keep it quiet, they have no incentive to patch it except the fear that someone else will discover it.

None of this has anything to do with Vista. It's only a matter of time before more holes in it are made public. The Blue Pill vulnerability is frightening enough and it's existence has been public since Blackhat.

Anything that encourages your OS provider (whether it be Apple, MSFT, or the Open Source Community) to give you a more secure system is a good thing, not bad.

It's a pure FUD campaign. See, they dan't have the manpower to do this for Vista. It would take 10 times as many people, ten times as long.

If they really wanted to make OS X more secure, they would do the responsible thing and tell Apple about one bug for every day of January. Let Apple have the time to fix them (a couple of weeks?), and if they don't, then release them to the wild.

Also, should we bet on how many of these are going to along the lines of "...if you type your administrator password into program, you can gain control of the system"?

Come to think of it, why would any "security researcher" ever post any bugs into the wild if they were really that concerned with safety?

BS, all the Apple "security holes" are from things like having your computer on FTP mode or such without a password...

great... so publically detail to malware writers exactly what they can hit... and a new one every day !

clever...