Thanks David!! I now understand.
You said : "So it’s really surprising to me to hear people on a Linux
group assert that they “do not undersand how an Apple is less vulnerable
when not being upgraded”. In all fairness that was me and I am a PHP
developer. I have used and played with Linux since around 98. I am by
no means as informed as you. Most of my focus has been LAMP usage.
Most recent Ubuntu, Apache, MySQL (MariaDB), and PHP.
Thank you for this great explanation!!
- Keith
On 2025-05-11 16:22, David Schwartz via PLUG-discuss wrote:
On May 11, 2025, at 7:55 AM, Keith Smith via PLUG-discuss
<[email protected]> wrote:
Still do not understand how an Apple is less vulnerable when not being
upgraded. I know most attacks are om M$ and the Web....
I have two thoughts on this:
1) MacOS is built on Unix, which has been around more than a decade
longer than DOS and two decades longer than Windows. And since Windows
was built on top of DOS and still has a lot of DOS code at its core, it
has the same vulnerabilities that DOS had.
Unix, on the other hand, was named as a play on words derived from
“Unix is not MULTICS” where MULTICS was the most advanced and secure OS
ever devised at the time. It was funded by DARPA and built by Honeywell
to be a highly-secure platform for use by the military that
incorporated security features in both the hardware and the software.
Unix was built by some guys who wanted to show that you could create a
secure OS without the need for specific hardware features.
That is to say, security is built into the DNA of Unix and all of its
derivatives.
I don’t think anybody gave even the slightest thought to security
during the development and evolution of DOS or Windows.
2) Windows is a “known danger zone” simply because it’s found on 90% of
comptuers world-wide, which makes it a sitting duck for anybody looking
to hack into some hardware. If you go to any random IP, you have a 90%
chance of it being a Windows machine.
Even worse, by default, most Windows machines were configured out of
the box with most security stuff DISABLED. Non-techie users (probably
about 95% of all users) would never turn on these settings, or use
complex passwords, or often even change their passwords. Which makes it
even easier to break-in to them. That’s why so many machines can be
broken into simply by running a script that tests a bunch of known
exploits.
Right out of the box, Unix systems come with security ENABLED. There
are layers, and most users don’t know what they are or how to change
them anyway, including those trying to break-in.
When I learned Unix in the mid-80’s, there were files like /etc/passwd
and /etc/sudoers that contained user login details in clear-text that
was easily accessible. Today there are several levels of indirection
needed to access these details, and their contents are partially if not
completely encrypted. (I don’t even know where they’re stored today!)
Back then, I was able to use uucp to connect from one Unix box to
another and update the login details on the other box without changing
any settings at all. That’s impossible today, and has been for maybe 25
years now.
A version of MacOS from 2010 was far more secure than Windows 10, and
still is even without upgrades. Windows has always been like a leaky
boat that constantly needs patching. Unix was already pretty damn solid
pre-Y2k when everybody was scrambling around trying to fix software
they thought would cause the end of the world on 1/1/2000, much of
which was built on DOS and early versions of Windows.
I simply don’t worry about my 10-yo Mac Mini or it’s 8-yo OS because
Unix was already damn near bullet-proof in 2000, and I’m not sure how
much MORE bulletproof it was fifteen years later in 2015. Windows XP,
7, 8, and 10 were ALL leaky as hell AT THEIR CORE and required constant
patches and upgrades.
To be honest, Apple used Unix on the Lisa, but it wasn't on the
original Macintosh. Later they released something called OS9 that I
think was Unix, but I’m not sure. When Jobs was fired, he started a
company named Next Computer and they adopted BSD Unix as their core OS.
It was beefed-up and improved. When Jobs returned to Apple, he required
that Apple also purchase Next and all of their IP. That included their
OS that was renamed OSX (as in OS10) and replaced OS9. It eventually
was installed in all of their hardware and remains today.
So it’s really surprising to me to hear people on a Linux group assert
that they “do not undersand how an Apple is less vulnerable when not
being upgraded” — in all of it’s variations and accusations, as if it’s
even in the same league as anything MS has EVER released when it comes
to security vulnerabilities.
Unix has **ALWAYS** BEEN LESS VULNERABLE than both DOS AND WINDOWS!!!
With or without upgrades and patches.
Because security was built into its DNA, right from the start — the
designers wanted to build something that was as secure as MULTICS
without the hardware.
Does anybody really think it’s meaningful to compare that with an OS
that still has DOS at its core?
-David Schwartz
PS: most people don’t know this, but Windows NT was supposed to be
Microsoft’s answer to Unix that ran on Intel’s 286 chip in “protected
mode”. The 286 architecture itself was designed by a bunch of guys who
literally worked on MULTICS at Honeywell for a decade. The protected
mode kernal was designed to work hand-in-glove with the 286 chip. It
was supposed to be a “mini-MULTICS” machine, but it never came to be.
The problem was the chip designers made a little tweak to the design
AFTER the OS team had signed-off and it was never run by the OS team
before it was implemented. So when the first 286 chips started being
produced, the OS team got their hands on them and discovered the change
because … it BROKE THEIR SECURITY DESIGN! Which is why there was NEVER
a single OS released that ran in “protected mode” on the 286. That
really screwed both Microsoft as well as IBM who was working on OS/2
that was also supposed to run in “protected mode”. Intel’s response
was, “We’ll fix that in the 386, but for now you can’t run in
'protected mode’".
The reason the chip guys made that change was because the
context-switch time to go in and out of “protected mode” was so slow
that they figured it wouldn’t be used if they couldn’t speed it up. So
they tweaked it. But their tweak broke the security. And when the 386
came out, benchmarks showed protected mode was indeed too slow to be
practical. As a result, it was never used by any OS vendors except some
experimental designs that never caught on. I think it was undocumented
in the 486 and removed in later versions of the chip.
---------------------------------------------------
PLUG-discuss mailing list: [email protected]
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list: [email protected]
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
