View Full Version : Mac OSX drive by downloads, let the games begin!
Mac OSX drive by downloads, let the games begin!
"Malicious Web Pages Can Install Dashboard Widgets"
It was only a matter of time.... :)
I won't get Tiger until the first security update comes out anyway.
Hmmm, not much response from the Mac guys, oH! What is that I hear? Crickets?
Probably because most of us don't have Tiger yet. I'm still using Panther.
Like I said, I don't buy any operating system until some time has pass to allow for security updates.
ETA: Tried it with Panther and my current settings. It didn't automatically install. The file was put on my desktop, not in my library. It two clicks and a drag later and it was deleted.
Stupid behavior, it's clearly a bug and shouldn't work that way. Apple will fix it in a week or so, and we'll all move on. I'd be willing to bet that no malicious Widget ever turns up, leaving this as simply a brief, theoretical vulnerability...
What I do find interesting is the 'Ha, ha, Macs aren't perfect!' attitude. Macs aren't perfect, they're still just computers. Every computer crashes, has vulnerabilities, and is susceptible to attack.
Current Macs are just so much better on all these fronts than current Windows that it's getting a little silly.
I actually think that OS X is at the current minimum for security - it's pretty good, put far from perfect. It's only next to WinXP that it looks like a superstar.
That said, I just bought two new Dells for the office - travel agents have to use Windows!
Now if I can just get the CFO (my wife) to approve a new dual G5 PowerMac for me...
There are drips (OS X) and then there are ruptures (Windoze). This, my friend, is such a drip...it'll get patched.
Maybe you should mosey back on over to Slashdot and look at the serious IE problems. Tiger has been rock solid for me so far.
I'm still running jaguar on my PowerBook. I'll go to Tiger in 2 months or so.
Anybody gloating over Windows vs OS X has obviously not had to support both of these platforms in an enterprise envrionment. The Macs I've issued, I just forget about. They don't break, don't crash, and on average, have to be rebooted every 2 months.
The Windows boxes I'm responsible for are another matter. Every day I'm finding another malware site to block via the corporate firewall. Everyday I worry about antivirus. Once a month, I get to patch my Windows server IF Microsoft deigns to release patches for security vulnerabilities they've known about for MONTHS.
Also, Tiger is rock freaking solid. Did an upgrade and forgot about it.
Please note that Mac OS X 10.4.1 released today with fixes for a wide variety of real-world things that needed fixin', including the auto-download of widgets in Safari. Widgets now require explicit permission to download and install.
Time from discovery of problem to a full solution released to the public, 8 days.
# of actual malicious widgets in existance = 0
By contrast, my new copy of Spysweeper for XP went from tracing ~84,000 forms of malware last week to tracing over 100,000 when updated today.
I'll say it again - Macs aren't perfect. They're just so much better that it's easy to believe they are.
Originally posted by LittleLebowski
The Macs I've issued, I just forget about. They don't break, don't crash, and on average, have to be rebooted every 2 months.
Mine 4 home office Macs get rebooted when the power goes off. That's about it.
Just tried it with my new (refurbished) iBook with Tiger. Nada. My typical settings doesn't allow auto openings of downloaded files.
Hmmm, not much response from the Windows guys, oH! What is that I hear? Crickets?
;f ;f ;f ;f ;f ;f ;f ;f
I think I do hear crickets. Even over the hum of a liquid cooled G5. Imagine that.
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.