Bob Sneidar wrote:
>> On Aug 23, 2017, at 13:23 , Richard Gaskin wrote:
>>
>> Stock Android is safer than just about any desktop OS, including
>> macOS.
>
> Gotta disagree there. Not sure how you would quantify it either.
Without quantification there would be no objective means to see if you
had grounds to disagree. :)
In general desktop OSes have a larger attack surface than mobile OSes,
and are often laden with legacy subsystems.
On macOS the problem is compounded in a few packages by Apple's decision
to not deploy anything using GPLv3 (apparently they're not fans of the
patent assertion clause), so for example the version of rsync included
is years out of date and includes known vulnerabilities fixed in more
recent versions.
If one were serious about security in a desktop OS (nope, don't have a
quantification method for "serious" either <g>), consider Qubes, where
apps are run in dynamically-instantiated containers, along with other
built-in safety measures:
<https://www.qubes-os.org/>
Don't get me wrong: macOS, and even OS X before it, are quite good.
And as Google delivers it, so is Android.
(The older Mac OS -- v9 and earlier -- was a different story, but
thankfully almost no one bothered to exploit its many holes.)
> I have yet to see an exploit for OS X that elevated priveleges,
I find O'Reilly's Security Newsletter helpful
(<http://www.oreilly.com/security/newsletter>), along with adding
"computer security" and "cybersecurity" to my news aggregators like
Google News.
Sean Martin and the rest of the crew at ITSP Magazine deliver a steady
stream of useful stuff too:
<https://itspmagazine.com/>
But here I just did a Google search - this was the first one I found:
Get root on an OS X 10.10 Mac: The exploit is so trivial it fits
in a tweet; If you want it fixed, upgrade to the El Capitan beta
<https://www.theregister.co.uk/2015/07/22/os_x_root_hole/>
> allowed software to be installed silently,
If they elevate privileges they can install what they want.
> and didn't require user interaction of some sort.
Of course. Turn off any device and the device becomes 100% safe. :)
> Lots of press, but when you get down to where they talk about the
> delivery and payload (and they may not do that at ALL) someone has
> to click something.
Exactly my point, as it pretty much applies to all OSes and the
reporting on them from click-hungry publishers.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
