PC vs Mac Simply Explained

Great Debates
381

Earlier I wrote:

Which is not complete - I should have written: Piracy is a lot easier on the PC - there are a lot more PC users to share with AND a lot more software to share…

This would take too long. Essentially you can have two completely independent instantiations of the MacOS environment. Apple calls these “virtual Macintoshes”. On NT, I have three different logins that give me different setups. There are many things that are unique to each, but there are many that are shared (desktop pattern, mouse and keyboard settings, screen settings, etc.)

Not that I’m aware of, but then I don’t really know what you’re talking about with Windows. Maybe a Win2K thing?

No, actually I tried this and it didn’t work.

Example?

Yeah, I can do all of that on a Mac, but some of these are not options under NT.

As I said, I don’t know Win2K.

382

Another retraction: Apparently the Multiple Users configurations can be shared from a server on the Macintosh. I’ve not seen it or tried it myself, but a buddy claims that he has.

Now he questioned the usability of this capability under Windows. With the MacOS, it’s fairly straighforward to set up configurations in the location manager to compensate for different physical hardware configurations that you might be logging in from. How does Win2K manage this, if everything is configurable? Just curious.

383

You also don’t know security. Many of the features you cite are, from a security standpoint, complete jokes. Security is the last place the MacOS camp wants to go spouting off. I shall explain why.

At Ease and Simple Finder are only protection from a) casually malicious users who don’t actually know much, and b) cluless people who would accidentally screw things up. They cannot be rightfully considered “security”. They’re “ease of use” tools (and fine ones at that). The machine has a built-in ROM monitor which will let you execute whatever code you want in supervisor mode, fer christ’s sakes! What more do you need?

On MacOS, file permissions do nothing for someone sitting at the machine, last I checked. Has this changed? If not, there is effectively no security. In any security model which can be considered more than a toy, all file access, whether through the network or local, goes through the permissions mechanism. Not only does this protect files from malicious users and clueless idiots, it protects experienced users from making mistakes.

Limiting access to the control panels is false security. What you need to limit access to is the things the control panels change, which the mac fails to do. On NT, this is handled by granting user rights (in other words, a user is granted or denied the right to use the low level system functions that change the network parameters, rather than being granted or denied the right to use the network control panel). This is a much better security model. After all, control panels are not magic. Any application can do the same stuff a control panel does on the mac, especially given the lack of protected memory. Give me a copy of the control panel in question and macsbug and a day, and I’ll write you an application which does the same thing, but is not hampered by your silly control panel check.

KeyChain: NT has got it, but I don’t personally consider this a plus. I think the feature should be renamed “BasketForAllYourEggs”.

File and Disk encryption: of course NT has it. My question for you: is the password for accessing a powerbook as a shared disk actually used to encrypt the data on the disk? I was under the impression that it wasn’t. If not: useless. Pop the disk in a linux machine and you’re reading to your heart’s content. Can’t do that with an password-protected disk from an NT system.

The Vulcan Neck Pinch is critical. You got that right. In a nutshell, the OS controls access to the hardware from software (a rudeness MacOS would never dream of), which means that it can set up the interrupts such that when this key sequence is hit, all programs are preempted and you are 100% guaranteed that the next screen you see will be one you can trust with your password. There’s a very good reason this is required for government “orange book” security certification.

So, of the mountainous list of advantages you’ve cited, you’re left with the novelty feature: VoicePrint. And you still lack several feature which are critical to any kind of security which can be taken seriously.

384

Actually, it’s easier to make an ERD for WinNT than it is for Win98. It must be done manually in 98, while in NT there is an option to do this (I’ll get you specific directions on what to do as soon as I can).

Joey, there is also a web site which I want to reference that has some very specific tweaks that you can do for Windows by adding a couple lines to the registry. As soon as I find it, I want you to tell me if a Mac can do the same through a control panel, ok?

385

JoeyBlades:

Hmm? Last I checked, these are all configurable for different user profiles.

Nope, it’s been in since NT 3.

I used to work for a large county medical facility in California, with hundreds of workstations. I could log in on any workstation, and my settings would follow me around - desktop wallpaper, control panel settings, application preferences (thanks to the registry), and so on.

Ah… perhaps you need a $20 tape recorder. Or a PCI digital audio capture card. :wink:

Previously, on this thread:

So there.

Please remember that Windows 2000 is NT 5. Maybe some of them aren’t available under NT 4; I haven’t used it NT 4 for months so I can’t say.

Also, as galt has pointed out, MacOS’s control panel security is like a screen door compared to NT’s deadbolt. You can disable the Time & Date control panel… I can prevent users from changing the time, period.

386

I’ve been using the WinXP Professional Beta 2 quite a bit, and it has more functions and options than Win2k, with a great level of easy usage.

Also, a lot of other Windows ‘quirks’ mentioned earlier in this thread are non-existant in XP, and it’s only in Beta. The only problem I had was installing it from Win98, but as soon as I booted from the CD it installed just fine.

(I’m loving XP!)

387

BTW, all those workstations were maintained by an IT staff of about three people. Because of roaming profiles and the network setup, if a computer broke, it could simply be replaced after hours, and the user wouldn’t know the difference.

You can set a “home share” for users, so that their documents are saved on a network share. They don’t need access to the local disk at all. Log in on a different machine, and along with your settings, your documents are just how you left them.

388

galt:

One of us doesn’t know security… There are many different types of security. I would never use AtEase or SimpleFinder to try and protect my system from maliscious hackers. I HAVE used them to protect my family from themselves. A good security target not only protects from invasive attacks, but also from casual damage by inexperienced users.

Yes, it has. You’ll want to investigate the Multiple Users capability in MacOS 9 before you continue to malign Mac security.

Again, this is a "clumsy users " protection from themselves feature.

Apparently. I know someone who lost a disk because he forgot his password. Apple told him it was a lost cause. I’m sure the entire contents of the disk aren’t encrypted (just as they’re not with NT).

While OS 9 may not meet orange book requirements without secure ROMs, it’s not as bad as you paint it. Macs have been available that meet orange book specifications for quite some time - you just have to special order them. On the other hand, I haven’t heard of any security breaches with the Multiple Users security system on the Mac. So until you can show some evidence that there’s a problem with it…
BTW, for the record, NT did pass the Orange Book C2 specifications, but here’s what the NSA had to say about it in their evaluation:

The devil is in the details…

389

THat’s the setup in this office. We have a few hundred workstations, I think there’s 5 or 6 people in the IT department.

390

Well, I wasn’t able to find the original site I wanted to provide, but I found another one that has a lot more content.

From this site, I have found the following (among others):

-Change the Start button text (Can be changed to any 5 digit word)
-Control Application Focus Settings (Control how Windows pop up and flash in the taskbar)
-Removing the “Shortcut to” test on shortcuts
-Change the position of the desktop wallpaper to however you want
-Add expanding Control Panel in the Start menu (Works with other special system folders)
-Remove the Favorites folder from the Start menu
-Disable 8.3 Name Creation (For NTFS Partitions)

There is pretty much a tweak in the registry for everything. Granted, some tweaks are simply manually changing what can be done in control panels, and others can destroy your system if one thing is done wrong. However, this provides the fine tuning that many Windows power users prefer. I highly doubt Mac OS can match this amount of optimization through control panels…you’d have a gazillion controls to do so.

391

JoeyBlades says:

Yet they feature prominently in your post which claims the Mac has superior security to NT. Fascinating.

And a really lousy security target protects from casual damage, but not from invasive attacks.

Considering there’s nothing actually stopping me from running any code I want on the computer, including jumping right into the OS if I want, I seriously doubt the effectiveness of these settings. Here’s the way it works. I’ve done it many times before on the mac, and it’s not difficult if you know assembly language: on my test machine, I put a macsbug breakpoint on the entry point to the file I/O routine. I step into it until I find the point where it makes the decision about whether or not I’m allowed to write to the file. This takes hours of repeated runs with various variables set. Once I find the spot, I replace a branch instruction with a couple no-op instructions, and the test is disabled. Now that I know the offset into the code and the bytes to change, I can sit down on your machine and make this change in 30 seconds.

This is why copy protection never works on video game software – some nerd just sits down and figures out what three bytes of code to patch, and it’s disabled. The difference between video game software and file I/O permissions is that on most OS’s, the place where the file I/O is done (the kernel) is protected from users being able to stomp around in a debugger. On a mac, I can walk all the way through the ROMs and see what bits are getting poked into the hardware at the lowest level if I want. It’s a nightmare.

From where?

392

On the subject of security I wanted to add something that I overlooked earlier. As I have already stated, there are many more things to consider in a security target than merely restricting access. I don’t want to try and enumerate them here. Many of them are either the same for both platforms or are not implemented because they are overkill for most users and may impact performance or user friendliness. However there is one thing that was mentioned much earlier in this thread, but it bears rementioning with regard to security. That is the execution model. A reasonably secure execution model will prevent or restrict the execution of non targeted code (viruses, trojan horses, and worms are examples of non targeted code execution). The Macintosh execution model is better than Windows, because code can only manifest itself and be executed if identified as such (via specific resource namining conventions). Under Windows, code can be disguised as practically anything, which is one reason why Windows is so susceptible to viruses and the like.

Monster:

Well, I’m struggling for an exact analogy, but I think the Finder Apple menu may come the closest. You can change any and all of the Finder menus. I think the limit is 255 characters for each item, though you’re not restricted to text. You can actually change these menus to pictorial representations, as well (the Apple menu is an example). You can also, change the hot keys associated with Finder menus. There are even a few “hidden” menus that you can enable. All of this can be done via ResEdit (or other tools).

There are a few default window focus behavior changes that can be made in the MacOS, via ResEdit but many of the focus capabilities are always on and accessible via keyboard modifiers.

You can change the alias default naming convention via ResEdit.

In the MacOS, some “wallpaper” positioning changes are made via control panels, others can be made via ResEdit.

Easily done on the Mac using the “Apple Menu Items” and hierarchial menus.

It’s a Control Panel setting on the Mac. Thanks for the link, BTW. I’ve been looking for a way to get rid of the “Documents” folder (which, incidentally I view as a security risk). It also shows how to get rid of some of these irritating icons that needlessly litter my desktop.

Well, you’ve got me on that one… the MacOS has no facilities for tweaking 8.3 filenames.

In the interest of fairness, I went through the entire list (I think) and here are a few registry tweaks that don’t seem to have MacOS equivalents (I ignored the ones that have no meaningful analogy):

  • Automatically View Thumbnails of Bitmap Files
    With the MacOS, many graphics applications will replace the desktop icon with thumbnails. Also, the open file dialogs have a feature that will display a preview (larger than a thumbnail). Both of these features are supported for all image formats (not just bitmaps). However, there’s nothing in the OS that automatically maps thumbnails. It’s not even an interesting feature, for me, but I can see how some people might find it useful (depending on where their graphics come from and what tools they use to view/edit them).

  • Change the Message Shown on the Logon Box
    Just not sure in the MacOS. This doesn’t sound like a very good idea, though (from a security perspective).

  • Disable Windows Hotkeys
    I don’t think there’s a way to disable them all in the MacOS in one fell swoop, except with a third party extension.

  • Hide the Display Settings Page
    I don’t know of a way in the Mac OS to hide a control Panel but still have it active.
    There may be others that I missed or misunderstood.

Ironic, don’t you think, that I end up being the one that successfully answers my own challenge:

Of course, credit-where-credit-is-due, Monster did point me in the right direction.

Do we want to get into tweaks you can do on a Mac that you can’t in Windows discussion??? I think my list would be much longer…

393

Does ResEdit come with MacOS these days? I remember having to download it. If that’s still the situation, I think that would disqualify it according to your own standards.

394

Mr2001:

You are correct; it doesn’t ship with MacOS (it’s a free download, though).

I don’t believe I imposed such a standard on system tweaks and power user tools.
Here are the relevant statements and challenges that I can find:

and

and

and

Maybe you can show me where I might have snookered myself???

395

Joey, the examples I chose of what you can tweak in the registry wasn’t necessarily options to be compared directly against options on a Mac, but rather an example of some of the things you can do in Windows.

Why don’t you list some things that can be done on Macs that you think can’t be done on PC’s?

I believe this is what they are referring to when they talk about your standards. You like limiting Windows to the bare OS while referring to free applications for the Mac (You know, Mac OS doesn’t sound that great if you have to download apps to get advanced functionality.)

396

JoeyBlades:

Just noticed this…

Would that be the same execution model that lets applications modify system memory at will, effectively rewriting the OS’s security features to suit their own dastardly purposes?

Nonsense. Viruses in Windows travel by attaching themselves to executable code… unless you’re talking about macro viruses, which aren’t machine code at all.

The CPU (x86 or PPC) doesn’t care whether code is stored on disk in a code resource or a text resource, only whether the page in RAM is executable. The only time code can be executed is if it’s loaded to an executable page, and then jumped to.

397

JoeyBlades says:

Wow, I missed that too. Not only is this a silly distinction, but it’s dead wrong. You can store executable code in whatever resource types you want on the Mac. You can store executable code as ‘MENU’ resources if you want. What makes you think otherwise?

398

Monster:

I only set that standard for security because it would be impossible to list and compare all of the third party security systems available for both platforms. This would include everything from secure versions of the ROM, to OS patches, to software solutions, to hardware dongles, to “who-knows-what”.

When it comes to power user tweaks, it’s not the tools that matter, it’s the capability. ResEdit doesn’t ship with the MacOS because neophyte Mac users would see it, double click, and could conceivably cause damage. On the other hand, I don’t need ResEdit to perform these tweaks. I could accomplish the same tasks with AppleScript, which does ship with the OS.
Mr2001:

I assume you’re talking about the INIT and/or DRVR mechanism? Surely you’re not suggesting that Windows doesn’t suffer from the same threat.

Viruses in the Mac OS cannot attach themselves to executable code easily. First they have to be of a particular resource type. Second they have to have the right resource ID, which means they have to replace another code resource without causing the application to halt abnormally. Third, to delete resources, write resources and change resource IDs, they must go through the OS mechanisms, which makes them very easy to detect.

No but some macro viruses carry embedded machine code to be executed.

Ahhh… but this is the key. There are many ways to load whatever you want into RAM on a Mac, there’s only one mechanism to execute code. The Mac OS won’t just jump to any old block of RAM and start executing.
galt:

You’re right, you can STORE code into any kind of resource. The important (non silly) distinction is (as I said in the statement that you quoted) the MacOS can’t EXECUTE these other kinds of resources as code.
I seem to be repeating myself again…

Note: I’m not claiming that the MacOS is immune to viruses. Only that they are much more resistant and easier to protect than PCs because of the constraints on how code can be executed.

399

JoeyBlades:

No, I’m talking about the lack of low-level memory protection. Notice how when one application crashes, the others often come with it.

Or append themselves to the resource, like on every other OS.

Third, to delete resources, write resources and change resource IDs, they must go through the OS mechanisms, which makes them very easy to detect.

No? What hardware process keeps a program from jumping to an arbitrary point in memory?

400

Mr2001:

Sorry to inform you, but my NT with it’s protected memory, blue screens much more often than my Mac requires a full restart. I’ll admit that back in system 6 and a bit in system 7 an application crashing would frequently bring down the entire Mac OS, but that rarely happens to me these days. Mac OS8. and beyond is very, very stable (actually, since 8.1). I very rarely have a hang that can’t be resolved with Cmd-Opt-Esc (I always ignore the advice to restart).

You’re still missing the point. The executable code in the MacOS is not saved as a simple byte stream that you can append to. The only way to do what you suggest is to go through the MacOS commands for managing resources. There are very specific low level routines that provide the only access mechanism and these are easily monitored and protected.

Nothing in hardware, per se. Let me answer your question with an analogy. Let’s say I have a room with three doors. The walls, ceiling and floor are concrete, 10 feet thick. I’ve just installed multiple alarms on all of the doors. The alarm system and all of the wiring are inside the room. You’re asking, “What if someone installs a new door?” I say, “That someone has to get inside the room first, before a new door can be installed.”
As I said earlier, it’s not impossible to develop viruses for the MacOS, it’s just very, very difficult and if basic virus detection is engaged, the virus has to find a new “secret” door first.