> On May 11, 2025, at 7:55 AM, Keith Smith via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
>
> Still do not understand how an Apple is less vulnerable when not being upgraded. I know most attacks are om M$ and the Web....
I have two thoughts on this:
1) MacOS is built on Unix, which has been around more than a decade longer than DOS and two decades longer than Windows. And since Windows was built on top of DOS and still has a lot of DOS code at its core, it has the same vulnerabilities that DOS had.
Unix, on the other hand, was named as a play on words derived from “Unix is not MULTICS” where MULTICS was the most advanced and secure OS ever devised at the time. It was funded by DARPA and built by Honeywell to be a highly-secure platform for use by the military that incorporated security features in both the hardware and the software.
Unix was built by some guys who wanted to show that you could create a secure OS without the need for specific hardware features.
That is to say, security is built into the DNA of Unix and all of its derivatives.
I don’t think anybody gave even the slightest thought to security during the development and evolution of DOS or Windows.
2) Windows is a “known danger zone” simply because it’s found on 90% of comptuers world-wide, which makes it a sitting duck for anybody looking to hack into some hardware. If you go to any random IP, you have a 90% chance of it being a Windows machine.
Even worse, by default, most Windows machines were configured out of the box with most security stuff DISABLED. Non-techie users (probably about 95% of all users) would never turn on these settings, or use complex passwords, or often even change their passwords. Which makes it even easier to break-in to them. That’s why so many machines can be broken into simply by running a script that tests a bunch of known exploits.
Right out of the box, Unix systems come with security ENABLED. There are layers, and most users don’t know what they are or how to change them anyway, including those trying to break-in.
When I learned Unix in the mid-80’s, there were files like /etc/passwd and /etc/sudoers that contained user login details in clear-text that was easily accessible. Today there are several levels of indirection needed to access these details, and their contents are partially if not completely encrypted. (I don’t even know where they’re stored today!)
Back then, I was able to use uucp to connect from one Unix box to another and update the login details on the other box without changing any settings at all. That’s impossible today, and has been for maybe 25 years now.
A version of MacOS from 2010 was far more secure than Windows 10, and still is even without upgrades. Windows has always been like a leaky boat that constantly needs patching. Unix was already pretty damn solid pre-Y2k when everybody was scrambling around trying to fix software they thought would cause the end of the world on 1/1/2000, much of which was built on DOS and early versions of Windows.
I simply don’t worry about my 10-yo Mac Mini or it’s 8-yo OS because Unix was already damn near bullet-proof in 2000, and I’m not sure how much MORE bulletproof it was fifteen years later in 2015. Windows XP, 7, 8, and 10 were ALL leaky as hell AT THEIR CORE and required constant patches and upgrades.
To be honest, Apple used Unix on the Lisa, but it wasn't on the original Macintosh. Later they released something called OS9 that I think was Unix, but I’m not sure. When Jobs was fired, he started a company named Next Computer and they adopted BSD Unix as their core OS. It was beefed-up and improved. When Jobs returned to Apple, he required that Apple also purchase Next and all of their IP. That included their OS that was renamed OSX (as in OS10) and replaced OS9. It eventually was installed in all of their hardware and remains today.
So it’s really surprising to me to hear people on a Linux group assert that they “do not undersand how an Apple is less vulnerable when not being upgraded” — in all of it’s variations and accusations, as if it’s even in the same league as anything MS has EVER released when it comes to security vulnerabilities.
Unix has **ALWAYS** BEEN LESS VULNERABLE than both DOS AND WINDOWS!!! With or without upgrades and patches.
Because security was built into its DNA, right from the start — the designers wanted to build something that was as secure as MULTICS without the hardware.
Does anybody really think it’s meaningful to compare that with an OS that still has DOS at its core?
-David Schwartz
PS: most people don’t know this, but Windows NT was supposed to be Microsoft’s answer to Unix that ran on Intel’s 286 chip in “protected mode”. The 286 architecture itself was designed by a bunch of guys who literally worked on MULTICS at Honeywell for a decade. The protected mode kernal was designed to work hand-in-glove with the 286 chip. It was supposed to be a “mini-MULTICS” machine, but it never came to be.
The problem was the chip designers made a little tweak to the design AFTER the OS team had signed-off and it was never run by the OS team before it was implemented. So when the first 286 chips started being produced, the OS team got their hands on them and discovered the change because … it BROKE THEIR SECURITY DESIGN! Which is why there was NEVER a single OS released that ran in “protected mode” on the 286. That really screwed both Microsoft as well as IBM who was working on OS/2 that was also supposed to run in “protected mode”. Intel’s response was, “We’ll fix that in the 386, but for now you can’t run in 'protected mode’".
The reason the chip guys made that change was because the context-switch time to go in and out of “protected mode” was so slow that they figured it wouldn’t be used if they couldn’t speed it up. So they tweaked it. But their tweak broke the security. And when the 386 came out, benchmarks showed protected mode was indeed too slow to be practical. As a result, it was never used by any OS vendors except some experimental designs that never caught on. I think it was undocumented in the 486 and removed in later versions of the chip.
---------------------------------------------------
PLUG-discuss mailing list:
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)