Yeah, Apple have not exactly covered themselves in glory with this one. Since they took over responsibility for Java on the Mac they have not kept pace with updates, and this one was fixed by Oracle in January, yet only now do Apple scramble to get a fix out. Being a long time Mac fanboi, I’m not pleased. With luck they will be stung by the adverse publicity this generates and lift their game. Exactly what will be done about sorting out existing infections remains to be seen. Apple need to have a really solid story about this.
While it’s important to fix things quickly, that metric says nothing about the number of vulnerabilities for a particular OS.
I think it’s ok to say MS is good at fixing, but to present that as an argument for Win being more secure than the other OS’s being compared is illogical.
Because Servers are not browsing the web
Because Server admin teams don’t fall for “For $300 you can get lifetime virus cleanup services.”
Because server admin teams often run in isolated test environments before rolling out to the working servers.
Its kinda like asking “Why don’t more people rob police stations, there is lots of cash, drugs, and guns there”
and thats just the locker room…
…even more in the evidence storage area.
There’s recently been a Trojan reported that exploits a java security flaw in OSX v10.6 and 10.7, the Java update released on April 3rd. is supposed to fix the java vulnerability by this “Flashback” malware
This article might be relevant.
Apple Macs spreading Windows malware
http://www.todayonline.com/World/EDC120425-0000115/Apple-Macs-spreading-Windows-malware
550,000 Macs infected with Flashback virus
The revelation that Macs can pass on Windows viruses is like blowing the lid off the eons-old conspiracy of silence that water is wet.
An infected Windows machines sends an email to a Mac. The infection can do nothing to the Mac, but if the Mac forwards the infected email to another Windows box, the infection is spread to the second Windows box. This has been the case since Day 1.
“Revealing” this as new, or worse yet, news, is hilarious.
This is off-topic, but the answer is code-signing. Microsoft has a mechanism by which installers can “sign” themselves with an SSL certificate (much like a HTTPS website), and it trusts installers that are signed that way and doesn’t give you that dialog.
Then the question becomes, “well, owning a SSL cert doesn’t really make it secure, right?” which is a valid issue, but since it applies to every single HTTPS site on the web as well, Microsoft’s not any worse than anybody else about that.
I’m not sure if Apple has any form of code signing set up. If they do, and if the installer/application is signed, I wager it also would not ask about executing it.
Seriously?
Look, Windows trusts SSL-signed applications. This is no better or worse (from a security perspective) than Firefox trusting SSL-signed websites or SSL-signed Java applets.
Just because you don’t understand why Windows asks you for some applications and not for others doesn’t make it evidence of a lack of “baked-in security”, or that Microsoft’s programmers are bad at their jobs, or some kind of conspiracy on Microsoft’s part. It just means you don’t understand what’s going on.
As for your UAC complaint, it seems your problem in that case is that Windows 7 has too much security, and won’t let your application get away with the crap it was getting away with on XP.
My Mac warns me every time I try to install something I’ve downloaded. However, it doesn’t warn about something being installed from a disk. I recently installed Adobe Photoshop CS5, and the installer also secretly installed a little 3rd-party utility called “Growl” that scans my whole Applications folder and looks for updates on the Internet. I didn’t know what this thing was that kept popping up alerts telling me about updates to this and that, so I found what it was and went to their web site. It turns out they were aware that it was getting automatically installed along with Photoshop, without user permission, and were kind of annoyed about that (and have told Adobe to desist). They had a handy uninstall utility for those of us who wanted to remove it.
they are no longer being called virus free by Apple.
Apple itself has changed its tune. as this article says
Apple drops virus immunity claim for Macs so Apple no longer claims to be immune to virus’s (sp?)
600,000 people got infected so we can now say that yes Macs get infected (big old roll eyes)!
PCmag says “Following April’s Flashback Trojan - which hit more than 550,000 Macs - Apple recently removed from its website the claim that its Mac operating system is not susceptible to PC viruses.”
So maybe now the fanboys can just stop, IT people have always known it would happen sooner or later. 500,000 to 600,000 infections would qualify for “out in the wild” I would think.