Thanks David!! I now understand.
You said : "So it’s really surprising to me to hear people on a Linux
group assert that they “do not undersand how an Apple is less vulnerable
when not being upgraded”. In all fairness that was me and I am a PHP
developer. I have used and played with Linux since around 98. I am by
no means as informed as you. Most of my focus has been LAMP usage.
Most recent Ubuntu, Apache, MySQL (MariaDB), and PHP.
Thank you for this great explanation!!
- Keith
On 2025-05-11 16:22, David Schwartz via PLUG-discuss wrote:
>> On May 11, 2025, at 7:55 AM, Keith Smith via PLUG-discuss
>> <plug-discuss@lists.phxlinux.org> wrote:
>>
>> Still do not understand how an Apple is less vulnerable when not being
>> upgraded. I know most attacks are om M$ and the Web....
>
> I have two thoughts on this:
>
> 1) MacOS is built on Unix, which has been around more than a decade
> longer than DOS and two decades longer than Windows. And since Windows
> was built on top of DOS and still has a lot of DOS code at its core, it
> has the same vulnerabilities that DOS had.
>
> Unix, on the other hand, was named as a play on words derived from
> “Unix is not MULTICS” where MULTICS was the most advanced and secure OS
> ever devised at the time. It was funded by DARPA and built by Honeywell
> to be a highly-secure platform for use by the military that
> incorporated security features in both the hardware and the software.
>
> Unix was built by some guys who wanted to show that you could create a
> secure OS without the need for specific hardware features.
>
> That is to say, security is built into the DNA of Unix and all of its
> derivatives.
>
> I don’t think anybody gave even the slightest thought to security
> during the development and evolution of DOS or Windows.
>
> 2) Windows is a “known danger zone” simply because it’s found on 90% of
> comptuers world-wide, which makes it a sitting duck for anybody looking
> to hack into some hardware. If you go to any random IP, you have a 90%
> chance of it being a Windows machine.
>
> Even worse, by default, most Windows machines were configured out of
> the box with most security stuff DISABLED. Non-techie users (probably
> about 95% of all users) would never turn on these settings, or use
> complex passwords, or often even change their passwords. Which makes it
> even easier to break-in to them. That’s why so many machines can be
> broken into simply by running a script that tests a bunch of known
> exploits.
>
> Right out of the box, Unix systems come with security ENABLED. There
> are layers, and most users don’t know what they are or how to change
> them anyway, including those trying to break-in.
>
> When I learned Unix in the mid-80’s, there were files like /etc/passwd
> and /etc/sudoers that contained user login details in clear-text that
> was easily accessible. Today there are several levels of indirection
> needed to access these details, and their contents are partially if not
> completely encrypted. (I don’t even know where they’re stored today!)
>
> Back then, I was able to use uucp to connect from one Unix box to
> another and update the login details on the other box without changing
> any settings at all. That’s impossible today, and has been for maybe 25
> years now.
>
> A version of MacOS from 2010 was far more secure than Windows 10, and
> still is even without upgrades. Windows has always been like a leaky
> boat that constantly needs patching. Unix was already pretty damn solid
> pre-Y2k when everybody was scrambling around trying to fix software
> they thought would cause the end of the world on 1/1/2000, much of
> which was built on DOS and early versions of Windows.
>
> I simply don’t worry about my 10-yo Mac Mini or it’s 8-yo OS because
> Unix was already damn near bullet-proof in 2000, and I’m not sure how
> much MORE bulletproof it was fifteen years later in 2015. Windows XP,
> 7, 8, and 10 were ALL leaky as hell AT THEIR CORE and required constant
> patches and upgrades.
>
> To be honest, Apple used Unix on the Lisa, but it wasn't on the
> original Macintosh. Later they released something called OS9 that I
> think was Unix, but I’m not sure. When Jobs was fired, he started a
> company named Next Computer and they adopted BSD Unix as their core OS.
> It was beefed-up and improved. When Jobs returned to Apple, he required
> that Apple also purchase Next and all of their IP. That included their
> OS that was renamed OSX (as in OS10) and replaced OS9. It eventually
> was installed in all of their hardware and remains today.
>
> So it’s really surprising to me to hear people on a Linux group assert
> that they “do not undersand how an Apple is less vulnerable when not
> being upgraded” — in all of it’s variations and accusations, as if it’s
> even in the same league as anything MS has EVER released when it comes
> to security vulnerabilities.
>
> Unix has **ALWAYS** BEEN LESS VULNERABLE than both DOS AND WINDOWS!!!
> With or without upgrades and patches.
>
> Because security was built into its DNA, right from the start — the
> designers wanted to build something that was as secure as MULTICS
> without the hardware.
>
> Does anybody really think it’s meaningful to compare that with an OS
> that still has DOS at its core?
>
> -David Schwartz
>
> PS: most people don’t know this, but Windows NT was supposed to be
> Microsoft’s answer to Unix that ran on Intel’s 286 chip in “protected
> mode”. The 286 architecture itself was designed by a bunch of guys who
> literally worked on MULTICS at Honeywell for a decade. The protected
> mode kernal was designed to work hand-in-glove with the 286 chip. It
> was supposed to be a “mini-MULTICS” machine, but it never came to be.
>
> The problem was the chip designers made a little tweak to the design
> AFTER the OS team had signed-off and it was never run by the OS team
> before it was implemented. So when the first 286 chips started being
> produced, the OS team got their hands on them and discovered the change
> because … it BROKE THEIR SECURITY DESIGN! Which is why there was NEVER
> a single OS released that ran in “protected mode” on the 286. That
> really screwed both Microsoft as well as IBM who was working on OS/2
> that was also supposed to run in “protected mode”. Intel’s response
> was, “We’ll fix that in the 386, but for now you can’t run in
> 'protected mode’".
>
> The reason the chip guys made that change was because the
> context-switch time to go in and out of “protected mode” was so slow
> that they figured it wouldn’t be used if they couldn’t speed it up. So
> they tweaked it. But their tweak broke the security. And when the 386
> came out, benchmarks showed protected mode was indeed too slow to be
> practical. As a result, it was never used by any OS vendors except some
> experimental designs that never caught on. I think it was undocumented
> in the 486 and removed in later versions of the chip.
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list:
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)