Not to burst your allz bubble, but my machine was broken into. It wasnt by a hacked passwd or anything like that..

They got in via SSH while my machine was in stealth mode. AND SSH was OFF...

Im not going into specifics, but they got access to the tmp dir by bouncing SSH requests off my machine to our AD server.. Eventually it (AD server) was granted access to the tmp dir. From there they installed some programs to do something that alerted the campus security team to 'pull the plug' and take it away for forensics.

I have ALWAYS believed i was somewhat immune to this, but that is not the case. It happened a lot sooner than i thought.

They were not allowed to do anything outside of the tmp dir, but they did have r-w access to it.

Something to think about....

I believe the very first post in the thread covered the 'real' argument here. Percentages of repaired patches does not mean anything. The total number of vulnerabilities is what matters.

And any time a research study is done and it finds in favor of the company paying for the study, one has to question the methods used to come to said conclusion.

"Obviously a company like IBM is not just going to make stuff up."

Think again. And they just happened to discover that their own OS was the best. Fancy that. Oh, no, IBM, or Apple, or Dell, or Microsoft would NEVER make something up to enhance their profitability. Perish the thought.

"Obviously a company like IBM is not just going to make stuff up."

Think again. And they just happened to discover that their own OS was the best. Fancy that. Oh, no, IBM, or Apple, or Dell, or Microsoft would NEVER make something up to enhance their profitability. Perish the thought.

Geeks need to stop trying to make themselves sound cool or important by using names reserved for counter terrorism or covert ops divisions. If your girl friend can't explain to you what your job is in one sentence you can't have X-Force as a division name."He fixes computers" doesn't count... that's taken by Geek Squad.The exception is if you wear some kind of tight spandex jump suit to work every day.

In the entire report, Mac OS X appears only on one page. The page with disclosed vulnerabilities chart. The aggregate number of disclosed vulnerabilities has no bearing on the actual security of an operating system. A better indication of OS security would be a total threat quotient based on the Common Vulnerability Scoring System evaluation of unpatched vulnerabilities.

Another problem with this study is found in the term "disclosed vulnerabilities". Mac OS X's UNIX underpinnings are open source, so there are a lot of eyes outside Apple to find vulnerabilities before they are exploited. Windows is closed source, so a vulnerability actually has to be exploited to be discovered. What scares me is not the number of unpatched vulnerabilities in OS X, but the number of undisclosed vulnerabilities in Windows.

The benchmark used for this comparison is totally impractical and purely academic. Data can be made to show just about anything. In this case the data doesn't represent the actual vulnerability of each OS. They might as well have said that OS X is the most crash prone, not based on the number of crashes, but on the number of "potential crash causing issues" Apple hasn't fixed. Never mind that to get one of those triggers to occur, you'd have to press a specific 154 key combination by standing on your head--on a Wednesday in the Eastern Time Zone--all while it's raining.

The issue here is what "vulnerability" means. If one can't have the most secure OS, hey...let's just redefine the term.

SDW

users, but in a network they are a pain in the a**. The becoming unbinded issue is a joke, it's like having a bad NIC.