Hacker News new | past | comments | ask | show | jobs | submit login

I'm not sure about this. Anyone who wants to use a decent Linux distro will get fairly frequent updates - Fedora, Debian, SuSE, Ubuntu and even Slackware get frequent updates and Fedora, Debian and SuSE are well known for backporting security fixes.

Apple are known to be tardy in taking their time to release security fixes unfortunately. This whole point might be mitigated if they were more responsive, but they aren't terribly. Your average Linux distro is far faster at updates even on LTS releases than Apple...




Windows is still targeted far more than Mac, it could be argued that the lack of impetus originates from this phenomenon.

I'm worried about when (not "if") this changes, people are snapping up Macs all around me and thusly the platform won't be protected from worms due to" hacker disinterest" forever.


Windows has UAC that does something similar, and the Windows\System32 directory can't be written to by an ordinary user. The malware I see doesn't install in this directory, but in Program Files - and they can't really lock this down.

The way that folks get themselves into a mess and get malware installed are largely via programs with network access. Locking down the /usr directory isn't going to prevent this sort of thing from occuring - what will stop it is not allowing users to run as admins by default, which OS X is doing already.

At which point, the way malware will get installed is via software vulnerabilities, in things like git. It won't be occurring because Apple stopped me from turning off the execute flag on potentially vulnerable programs like the git that they install by default.


> the Windows\System32 directory can't be written to by an ordinary user.

You need to be able take claim ownership from TrustedInstaller, so administrators only: yes (you'll need to acquire a UAC token, but the GUI prompts you automatically). You'll also need to turn off installation integrity to prevent Windows from replacing the file. All documented. It isn't obfuscated in any way whatsoever and I figured it out first time in 2 minutes with no Google.

Security through obfuscation is known to be a broken concept.


Yep, I know. What you are basically saying is that you need to turn off some settings and security mechanisms to bypass the integrity of the system. Which is precisely what most folks are doing on OS X - except they have to reboot their system, which I personally find insane. But given this, I don't see the point you are making.

Isn't this security through obfuscation precisely what Apple are doing right now?


I think we may be arguing the same point.


I suspect so, too :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: