The exploit posted in response to your comment is one of *SCORES* of remote exploits (most of them roots), not to mention the fact that OS X local security is non-existant.

The reason SANS labelled OS X as a security threat is because of people like you who say "I don't have to patch my OS, because I've never heard of any viruses or worms attacking it."

It's ridiculous. I don't know how many people have rooted your OS X box(en), but just because you haven't been owned by a noisy, poorly-written Windows worm isn't a reason to believe you don't have a security problem. If you don't patch your OS, you've probably been owned. It doesn't matter what OS you use.

If someone had the intellect to release a piece of botware for OS X, I bet that they would snag an overwhelming majority of the market share, rather than the < 10% hit by most common Windows warez.

The point is: a dumb or complacent admin can make any OS insecure. Too many OS X admins are far too complacent in comparison to their peers who run other OSes. The blind evangelism of the OS is, therefore, a security threat in its own right.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11359/32818#32818