Top 12 Operating Systems Vulnerability Survey

markmcb writes "Have you ever wondered how vulnerable your computer is from the first bit you write to the hard drive all the way until you have a fully patched system? If so, Matthew Vea has posted a concise summary of security strengths and shortcomings for twelve of the major operating systems of 2006/2007. In his summary, Matt tests each OS with widely available tools like nmap and Nessus, and notes responses at install, pre-patch, and post-patch times for each system. After the tedious job is done, he produces results that will make both the Apple and Windows communities cringe with regards to security. From the article: 'As far as straight-out-of-box conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities ... The UNIX and Linux variants present a much more robust exterior to the outside. Even when the pre-configured server binaries are enabled, each [Linux] system generally maintained its integrity against remote attacks.'"

published on Thursday, the 29. March 2007, apple-slashdot

Inside Apple's Leopard Server OS

An anonymous reader writes "Mac expert John Welch, author of the widely read OS X versus Vista comparison, delves into Apple's Leopard Server OS. He and Information week have on offer a deep dive into what's known so far about OS X Server 10.5, which will be showcased at Apple's Worldwide Developers Conference in June. Welch weighs in on Leopard's iCal, Wiki, file, Quicktime, and mail services, along with Xgrid 2, Open Directory 4, and 64-bit capabilities. What does it all add up to? His assessment: Apple probably isn't aiming at 'big' enterprises; just the same, Leopard Server is shaping up to be a great SMB (small and mid-sized business) product. Welch writes: 'For about a thousand bucks on existing hardware, or for the cost of an Xserve, you get a really solid server, able to support Web services, collaboration, groupware, IM, and file services. You can run it with its own directory service, or as part of an Active Directory implementation out of the box. It provides some features that due to pricing and/or setup requirements, have traditionally been reserved for big enterprises — in particular clustering of both email and calendaring servers.'"

published on Tuesday, the 27. March 2007, apple-slashdot

The Best Mac OS X Software Tools

An anonymous reader writes "Mac advocate John C. Welch weighs in with his list of the top 20 Mac OS X products (except Welch manages to list 22). The collection of software tools ranges from the obvious, such as Boot Camp, to the obscure but perhaps more useful — little-known apps like Peter Borg's Lingon, for creating launchd configuration files. What's on your personal list of indispensable Mac productivity aids and programming tools? Also, do you think Welch gives too much air time to built-in OS X tools at the expense of third-party products such as NetworkLocation?"

published on Sunday, the 11. March 2007, apple-slashdot

Why Consumer Macs Are Enterprise-Worthy

cyberkahn tips us to an article in Computerworld that makes the case for Apple's consumer machines moving into corporations. (The article dismisses Linux desktops in the enterprise in a single bullet item.) With the press that Vista has been getting, is Apple moving into a perfect storm? Quoting: "There is no comparison between Apple's 'consumer' machines and the consumer lines of its competitors. All of Apple's machines are ready to move into the enterprise, depending on the job at hand. The company's simple and elegant product line, which is also highly customizable, will be Apple's entree to the business market — if IT decision-makers can get over their prejudice against equipment that's traditionally been aimed at consumers."

published on Saturday, the 10. March 2007, apple-slashdot

The Prospects For Virtualizing OS X

seriouslywtf writes in with a look at the current state of the question: will people eventually be able to run Mac OS X in a virtual machine, either on the Mac or under Windows? Ars Technica has articles outlining the positions of two VM vendors, Parallels and VMWare. Both have told Ars unequivocally that they won't enable users to virtualize OS X until Apple explicitly gives them the thumbs up. First, Parallels: "'We won't enable this kind of functionality until Apple gives their blessing for a few reasons,' Rudolph told Ars. 'First, we're concerned about our users — we are never going to encourage illegal activity that could open our users up to compromised machines or any sort of legal action. This is the same reason why we always insist on using a fully-licensed, genuine copy of Windows in a virtual machine — it's safer, more stable, fully supported, and completely legal.'" And from VMWare: "'We're very interested in running Mac OS X in a virtual machine because it opens up a ton of interesting use cases, but until Apple changes its licensing policy, we prefer to not speculate about running Mac OS X in a virtualized environment,' Krishnamurti added."

published on Monday, the 12. February 2007, apple-slashdot

MacResearch Introduces OpenMacGrid

Drew McCormack writes "MacResearch.org has just introduced OpenMacGrid. It is a distributed computing grid similar to SETI@home, but unlike other networks, it is built up entirely of Macs utilizing Xgrid, and access is unrestricted. Anyone with Mac OS X 10.4 can donate cycles, and any scientist with a reasonable project can burn cycles."

published on Monday, the 12. February 2007, apple-slashdot

Overall Mac OS usage market share declining?

Apple Computer tops the news when it comes to analyzing recent operating system usage market share numbers, but one market research firm says its data indicates overall Mac OS usage has suddenly hit a slight decline. "Mac Intel OS usage is growing...

published on Monday, the 18. September 2006, appleinsider

Hack Mac OS X With Installer Packages

nezmar writes, "MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to 'insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.'" The article notes that this issue was brought up on the Apple Discussion Boards 6 weeks back and that it was noted there as a duplicate / known issue. It also gives as an example the installation of Parallels, the popular virtualization software, which uses the described technique, but not for nefarious purposes.

published on Saturday, the 16. September 2006, apple-slashdot

Managing Mac OS Updates in an Enterprise?

An anonymous reader asks: "What's the best way to manage updates for an office of about 150 Macs of various models with different releases of Mac OS X installed? I would assume the solution involves Apple Remote Desktop Administrator which makes it possible to install updates on client machines without interrupting the user — but then the question becomes how do you keep track of which updates to install? Does Apple have some page squirreled away that lists updates they've released in chronological order with the ability to filter based on OS version and model? Is there an RSS feed or mailing list that announces new updates? For the uninitiated, ARD Admin only lets you install specified packages, so you have to download the updates manually from Apple's website, then queue the packages to be installed on a particular set of machines. This problem would be far simpler if it were possible to simply instruct client machines to run Software Update and install all available updates, or even better, if Apple included automatic update functionality within the OS, a la Windows XP."

published on Friday, the 15. September 2006, apple-slashdot

Briefly: Leopard preview updated, 10.4.8 in testing, Apple announcements soon?

Apple released an update to its Leopard preview to developers, as well as the first build of Mac OS X 10.4.8 this week. Also: details of Apple's Sept. 12 media event and other pending announcements this month.

published on Friday, the 1. September 2006, think-secret