I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts.
I generally counter with what is apparently a secret carefully hidden from Mac zealots: "That's because only a fraction of the world uses Macs. What's the point of attacking a niche market? No one will notice!"
But the mindlessly superior retort is always the same, "No, it's because the Apple OS does not have the same holes as Windows. OS X is just a better operating system."
Given this recent development, my question is, "Will you be stuffing that superior attitude in your crow or eating it separately, sir?"
This is a significant hole. The original report, found on Carrel.org, puts a frightening spin on the problem:
"A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings."
So an attacker who can gain access to your network ó over a wired connection or wirelessly ó can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.
The truth is that the Mac OS is just as vulnerable as Microsoft Windows. Overall, maybe OS X is better than Windows, but that's not the point. Panther, for example, is a great OS, but it's also complex, and complexity leaves room for gaps ó some small, some not.
OS X 10.x may not be as widely used as Windows (let's face it, it isn't) but some of its devotees seem far more fanatical than Windows users. Those who toil in Windows ó me, for instance ó care about their OS to a certain degree, but hardly feel the need to jump to its defense or come up with ridiculous conspiracy theories to explain why, say, Bob bombed or Windows Me stank.
So I am by no means a Windows apologist or Microsoft partisan. I began my computing career as a Mac patriot, in fact. I used a Mac SE/30 with PageMaker version 1.2 and laughed at the lowly IBM PS/2, which could just hobble along on the subpar Windows 3.0 and had virtually no font support. I trained people on Macs, converted entire print production systems over to the Mac and PageMaker, and salivated over every software upgrade and hardware enhancement.
But even back then, I had this gnawing suspicion that 18-month software development cycles could somehow hurt the platform. Before the tide really turned, however, I switched to PCs. I had joined PC Magazine, and the editorial staff used them.
My introduction to the PC came at precisely the same time as Microsoft launched Windows 3.1. I was no longer focusing on the Mac, and Microsoft had finally released a viable GUI. It didn't beat the then-current Mac OS (System 7), but it was a start, and of course, people began buying millions of PCs with Windows 3.1 preloaded.
The rest is history.
When Microsoft released Windows 95 three years and some months later, for the first time there was a degree of parity between the graphical interfaces. I found things to grumble about, but they were minor.
Microsoft's less-than-stellar OS security took a while to become apparent. In fact, the problem wasn't epidemic until a few years after the Internet took off. Windows' market domination makes it a target for the virus authoring community.
The OS also bears the burden of user wrath because those who depend on Windows so often feel let down. But nothing drives me crazier than Mac true believers shaking their heads and grinning at me every time another Windows virus hits.
This past summer was particularly difficult. As Blaster and SoBig wreaked havoc across the Internet and with millions of Windows PCs, Mac users would tell me with mock sympathy, "This wouldn't happen if we all ran Macs".
We don't, of course, and again, that's the point.
The discovery of this OS X security hole will be like a tree falling in a particularly remote forest. So few people actually use Macs (notwithstanding, of course, what you see in the alternate universe of movies, where everyone appears to use them), that I think it's unlikely this problem will have any long-term effect. Hackers are unlikely to exploit this hole the way they have Windows failings.
If the Macintosh OS ever became dominant, the tables would turn, and there would be just as many reports of viruses, security holes, and attacks on it as we currently have with Windows. As one Macophile I spoke with noted, no one has even bothered to exploit this security flaw. I doubt anyone will.
Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.
An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking ó and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.
Ultimately, those on the Mac fringe have to face facts: Panther and Jaguar were not better at outrunning vulnerabilities than Windows.
I expect other gaps will emerge, and while the Mac OS may still draw far fewer attacks, this discovery might suck a little wind (or is it Windows?) out of Mac radicals' sails. They can scarcely claim this was a minor hole. OS root access is serious stuff.
How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here http://abcnews.go.com/sections/scitech/ZDM/mac_vulnerablility_pcmag_031211.html