Daniel Eran Dilger
Random header image... Refresh for more!

Mac Shot First: 10 Reasons Why CanSecWest Targets Apple

Daniel Eran Dilger
The details emerging from the CanSecWest security contest fill out a story that is bigger than the simple “Mac Shot First” headlines convey. This was not a contest where three systems were placed in an equal foot race and the Mac simply lost due to being a slower runner. Here’s why.

The CanSecWest contest featured a number of security researchers, each with different backgrounds, motivations, and levels of expertise working to exploit flaws in the three systems running Mac OS X, Windows Vista, and Ubuntu Linux. However, rather than being a level contest to expose the flaws in the three systems, it was really a contest highlighting the knowledge and abilities of the researchers, each of whom targeted the platform of their choice.

10 Things to Remember About CanSecWest and Software Vulnerabilities.

1. Exploits discovered for the Mac have little other value outside of contests like CanSecWest. Nobody would buy the exploit Charlie Miller found, because there is no market for it. In the Windows world, there is a thriving market for selling exploits (discovered, not disclosed and “0-day” disclosed, not patched) because spammers, botneters, and identity thieves need them to stay in business. There is no malware underworld servicing the Mac, and subsequently no demand for obtaining such exploits. Once discovered, Mac exploits are patched within a few weeks, so while they make lots of heat and light for headlines, in the real world they don’t result in any catastrophic destruction in the manner that Windows exploits do.

CanSecWest was a controlled explosion designed to demonstrate how fearsome a theoretical attack on Macs might be if there were any market to support such an event from actually happening outside of an artificial contest. The tech media has reported the event as if it stands on an equal footing with the millions of successful, real world attacks on Windows PCs that occur daily, and which actually cause real damage and lost time, and demand the continual, vigilant use of performance-robbing anti-virus software at all times on the Windows platform. This is grossly misleading and hypocritical.

2. The CanSecWest contest clearly appears intent to transfer the security focus belaboring Windows to other platforms. Microsoft has repeatedly paid for research that might suggest that enterprise users could face greater theoretical security risks on Linux. Microsoft desperately desires to rid itself of its decades long reputation for abysmal security, and the best way to hide the obvious reality of the Windows security crisis is to craft misleading headlines that announce that up is down.

Mission accomplished: despite billions of dollars in real world losses annually due to the mess of Windows’ active virus and malware crisis, CanSecWest has announced that Macs are less secure than Windows, and a childlike media and idiot public have chosen to believe that the stark reality around them has been authoritatively disproved by a publicity stunt.

[Update: while the motives of those setting up CanSecWest's contest can be argued both ways, Microsoft's maximizing of the simplistic marketing message in the media can't. Jeff Jones, a director in Microsoft's security group, blogged about the winning Mac OS X crack, noting:

“I don't really care for 'hack the box' contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right circumstances. So, don't read too much into the PWN 2 OWN results. I don't.”

Jones' blog is headlined “SECURITY IS NOT SIMPLE, SO WE SHOULD TRY NOT TO SIMPLIFY IT TO THE POINT OF USELESSNESS.” However, he also added, “having said that, given how obnoxious and misleading I find those Mac OS X ads and how they've spent millions of dollars publicly criticizing Windows Vista security improvements, I find it ironic and apropos that Mac OS X was the first machine to be owned in the PWN 2 OWN contest at CanSecWest today.”

The media only reported his final line. Further, Jones' comment that Apple's 'Get a Mac' ads are “misleading” is fully unsubstantiated. Windows Enthusiasts like to work themselves into a frenzy relating how upset they are about this message, but they don't refute it. Also, saying Apple spends “millions of dollars publicly criticizing Windows Vista security improvements” is not really accurate or fair.

Jeff Jones Security Blog : Mac OS X Security - Reality Check #2]
3. The contest prominently focused attention on the brand name of the MacBook Air, while only describing the other two laptops by their manufacturer. This delivered the most sensational headline payload possible, associating the security problems dogging Windows with Mac OS X while also serving to malign Apple’s new laptop with the suggested taint of some special insecurity. Apple will have to step up its “I’m a Mac, Vista is dreadful” advertising just to balance things out.

4. The Mac exploit was something Charlie Miller had in hand when he arrived. There was nothing else he could use it for other than winning the contest. If it were a remote exploit, he could have made $20,000 rather than $10,000 by using it the first day of the contest. He knew exactly what his exploit was worth and what it could do. He’s a security expert.

[Update: Some people think this was a controversial idea I invented. It is not. Reader Don Bach sent in a link to an article interviewing Miller, and he states, with regard to the Mac OS X exploit he used to win the contest, “We sat down about three weeks ago and decided we wanted to throw our hats into the ring. It took us a couple of days to find something, then the rest of the week to work up an exploit and test it. It took us maybe a week altogether”.

Miller's comments intended to express how trivially easy it was to find an exploit by raking through FOSS code that Apple hasn't updated, but it also points out that Miller had a plan in hand and was politically motivated beyond many of his colleagues to find an exploit that would target the Mac. The rest of the article repeated portions of Jones' comments above, devoid of any context. Shame on Softpedia.

Microsoft Finds Irony in Mac OS X Getting Hacked Before Vista SP1 - Courtesy of Jeff Jones, Strategy Director in the Microsoft Security Technology Unit - Softpedia ]
5. The researcher who cracked the Vista machine was stymied by the fact that he didn’t expect it to have SP1 installed, according to a follow up report by IDG’s Robert McMillan. So Miller was better prepared than the second place winner. That’s a positive reflection on Miller more than a negative reflection on Mac OS X.

Incidentally, last year Apple released a Mac OS X update prior to CanSecWest that similarly addressed several exploits contestants were planning to use. This year, Mozilla also pushed out Firefox 2.0.013 the day before the contest, patching flaws that might otherwise have been used to attack the Ubuntu installation.

The date CanSecWest is held, relative to release of security updates by each vendor, results in a variable that can have a big impact on the contest but doesn’t really say anything about the overall security of each platform. Had the contest been held prior to the release of Vista SP1 (which was released a full year after Vista arrived), it would have reflected the actual level of security Vista users enjoyed throughout 2007. Instead, it only reflects the state of Vista for users who have elected to install SP1, which has been dogged by problems of its own.

Steve Gold complained in IT Pro Portal that “Microsoft’s problems with SP1 are on a scale of BAA’s problems with Heathrow Terminal 5, but on a worldwide scale. Like BAA they’ve had months to iron out any problems, yet it singularly failed to do so. The known problems list makes for eye-popping reading.”

Earlier this week, the day before CanSecWest’s contest was held, Stuart Johnston observed in PC World, “Service Pack 1 for Windows Vista is (almost) ready for prime time. SP1 contains a whopping 573 bug fixes and patches that have accumulated since Vista first shipped in early 2007, plus some performance improvements. I advise you to get it–but only after the wrinkles are ironed out.”

If Vista’s SP1 has so many issues holding back PC World from recommending an immediate deployment, how much does CanSecWest’s contest, which installed SP1 on the Vista test machine, really say about the relative security of the users running Vista?

Vista, MacBook Out–Only Linux Left in Hacking Contest – Yahoo! News
ITProPortal.com – Vista SP1 – I’m losing what little hair I have left…
PC World – Vista Service Pack 1: 573 Fixes in Limbo

6. Miller reported hacking something related to Safari, but the details haven’t been revealed. Whether this was a real world vulnerability in Apple’s code, a copy-and-paste attack on a FOSS library as Miller’s PCREL exploit was (or the libtiff exploit found by another researcher after PCREL was patched), or a contrived test that opened up telnet remote login on the machine and gave the researchers an account to use is still unknown. The notes so far suggest that it really had little to do with Apple’s own code, although Apple is still responsible for the versions of FOSS code it distributes as part of Mac OS X.

Incidentally, both the PCREL and libtiff vulnerabilities had exploits developed for them that were used both to demonstrate their use, and to work around security on the iPhone in order to install unsupported software. Neither were actively used to do any actual damage, and both were patched within a few weeks of their discovery.

[Update: John Gruber of the Daring Fireball says the “contest-winning exploit took advantage of an overflow bug in the PCRE regex library used by WebKit’s JavaScript engine.” That means that Miller reused his same vector of attack on the iPhone last fall, and suggests that Miller knows a lot about PCREL and identified a new bug. Gruber says the issue has been immediately addressed within WebKit's JavaScriptCore. This suggests that the entire contest was about Miller proving he could temporarily outsmart an open source development project for a few days, rather than having anything significant to do with relative platform security between Macs, Windows, and Linux.

Changeset 31388 - WebKit - Trac via Daring Fireball.]

The security problem affecting Windows users relates to the fact that there are not only more discovered flaws, but that these are being actively exploited to develop viruses, spyware, adware, and other malware. Further, there are vast numbers of machines that are not promptly updated with the patches that do exist, resulting in fleets of vulnerable botnets that actively distribute new attacks to other systems. These two problems aggravate each other to create the Windows security crisis.

Pointing out the presence of a theoretical attack vector in Mac OS X that can be easily addressed is nowhere near the scale of the actively destructive, virulently perpetuating problem that dogs Microsoft. Because there is actually very little Microsoft can now do to solve the problem it created in the 90s, it is left with only two options: doing what it can to solve security problems in Vista, which most Windows users have elected not to use, and erecting a smokescreen of misleading marketing that says the problem does not really exist and that other more secure platforms are actually somehow at greater theoretical risk.

7. Attendees with the ability to crack Linux “didn’t want to put the work into developing the exploit code that would be required to win the contest,” according to the IDG article cited above. Why not? Because they lacked the political motivation to prove Linux was easy to hack, and they lacked the financial motivation to earn $10,000 at a contest when they might be able to sell their vulnerability discovery for more than that.

8. Many exploits and vulnerabilities are not unique to “Mac, Windows, or Linux,” but instead are cross platform threats. Vista was cracked this year using a flaw related to Java Adobe Flash. Vulnerabilities discovered in Java, generic browser flaws, and other common code implementations mean that researchers can often use a given vulnerability discovery to attack the platform they chose. In the past, Miller has applied this principle to use FOSS vulnerabilities against Apple. In the same manner, experts in FOSS vulnerabilities affecting both Linux and Windows could sell their findings to Windows spammers.

This elasticity in discovered flaws demonstrates that vulnerabilities are most likely be used to gain the most value to finder, rather than being applied equally in some sort of convenient platform shootout that empirically rates the overall security reputation of each platform in one dramatic contest. Reality clearly demonstrates that in practice, discovered flaws are more often channeled into the thriving malware market related to Windows in order to create spyware, adware, and other malicious tools commonly distributed by viruses.

9. Miller has repeatedly stated that his life’s work is to discredit the security of the Apple’s platforms. The only outlet and business model for such an effort is currently CanSecWest. Last year, Miller’s partner, working for the same company, won the same contest the exact same way. Both have repeatedly stated that Macs are trivially easy to attack each time they were given the opportunity to plant that particular meme into media coverage.

Certainly, if you’re a security expert with an outdated FOSS exploit in hand, you can beat both your non-motivated colleagues on Windows who have sold their exploits to spammers, and your Linux expert colleagues who have no interest in trying to make FOSS look bad, and easily win a contest like CanSecWest by exposing a flaw in Apple’s distribution of open source code. But again, that says more about your knowledge, expertise, and motivations that it does about Mac OS X, Windows, and Linux.

10. Apple’s use of open source makes it easier for researchers like Miller to identify exploits, including those that have been patched by their FOSS project, but have not been updated and distributed by Apple. I specifically noted in yesterday’s article that this is an area where Apple has received criticism, and ideally, that Apple should be faster at keeping its FOSS components up to date. Of course, there are also issues related to using the bleeding edge of FOSS software revisions, which despite being patched for vulnerabilities, may have other problems related to their newness.

Corporate IT staff frequently do not immediately patch their critical software until they know what the patch will actually do and that it will not cause other problems or expose other vulnerabilities. Apple’s distributing of FOSS patches to its commercial customers requires a similar delay. FOSS projects can blow out patches fast and furiously, but Apple can’t or we’d all be annoyed to see patch updates in Software Update on a daily basis. Apple’s commercial customers demand software that “just works,” which requires a very different approach to version management than the “do it yourself” model in the Linux world.

It is overly simplistic to criticize Apple for not always distributing the newest version of every open source component it ships. Certainly, there are specific cases where Apple has dropped the ball and needs to improve. But making a blanket criticism that Apple doesn’t just throw together the most recent versions of every open source library available shows a gross ignorance of version management.

Apple Patches Faster than Microsoft Because it Patches More than Microsoft.
Which brings us to the other elephant in the room: Apple patches its OS software far more frequently than Microsoft, according to the same Swiss study that worked to discredit the timing of Apple’s patches relative to their vulnerabilities’ official date of disclosure.

Apple also improves its operating systems far more rapidly, with 66 updates to its Mac OS X desktop and server products (not including the iPhone) versus 7 releases of Windows desktop and server service packs over the six years of the Swiss study. That was entirely ignored by the media to focus on the completely skewed “who statistically patches flaws faster relative to the flaws’ public disclosure” metric.


For a media enraptured with titillating headlines, and an idiot public entertained by hearing what they want to hear instead of being informed of the more complex reality, CanSecWest delivers in spades. The rest of us have more facts to consider.

CanSecWest and Swiss Federal Institute of Tech Deliver Attacks on the Reality of Mac Security

CanSecWest and Swiss Federal Institute of Tech Deliver Attacks on the Reality of Mac Security

I really like to hear from readers. Comment in the Forum or email me with your ideas.

Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

Technorati Tags: , , , , , , ,

  • Bill

    Dan, I linked the article to alert you. It is not meant to refute you. I was hoping that you would refute
    some of the article’s responses, as I have seen you do before. I think that that anti-Apple FUD [or any FUD] hurts society, as it paints a picture that would impair the freedom of choice. I read here to get the real story. I post rarely as I am an MD, not an IT specialist, but have been using Macs [and Windows of course] for years, preferring the Mac OS. I only post if I think that I can give reasonable knowledge. Since I agreed with you of what I can understand [damn it Jim, I'm a doctor not a computer repairman!], I was hoping that you could refute the link too.


  • althegeo

    What a lot of people are forgetting, when they criticize Dan’s CanSecWest article, is the fact that there was only one computer on the firing line at CanSecWest last year. There was no problem pointing fingers last year when the only target was a Mac. Thus the changes this year.
    As for the contest rules, let’s face it, if updated, out of the box, Linux, Vista and Mac laptops were put on the net for an hour prior to the first hacking attempt, the Vista laptop would have been part of a botnet prior to the first hacking attempt.
    Of course the contest was rigged. Not being on the net can’t be a real world test.

  • Robb

    Well, I’m not sure what the best way to respond to CanWestSec exploit would be, but you sure stirred up a hornet’s nest this time. Maybe your response comes off as a little over the top to me, but that’s because I usually shrug off contests like this (and their FUD follow up) because they haven’t occurred in the wild.

    The bottom line for me (I’ll echo the comments of a couple others) is that I’ve been using Macs for 18 years and in that time I’ve seen two viruses (both caught by NAV) and one instance of malware activity. Now some might dismiss that because it hasn’t happened to me, but in my career I’ve supported several hundred Macs of all shapes and sizes, all sharing files with the “outside world” (i.e. beyond our corporate firewall) and I haven’t seen a virus in over ten years.

  • dustbag

    Hi Dan,
    As the first one to board this roller coaster, I would just like to step on one more time to thank you for your clarification.

    I’ve never really believed the ‘secure via obscure’ arguments. You’re original post confused me a bit. Now I understand better your point. Thanks.

    BTW – I run Norton AV on my Mac because I log on to my employer’s network from home and they insisted. In 5 years Norton has detected a total of 2 viruses on my Mac – both Windows OS specific, both forwarded via email from a co-worker on a Windows machine. In the same period my Windows XP machine at work has been plagued with a couple dozen infections, each one resulting in the company network being shutdown while they isolate, clean, and update the virus definitions.

  • thgd

    You can sure tell when Dan is getting uncomfortably close to the truth when the PC thought police start appearing in force to straighten out our thinking.

    Unfortunately for them the truth is on his side. There are no viruses or malware on OSX running uncontrolled in the wild. Using a cheap hat trick at a supposedly serious event to counter this fact proves nothing except the hubris of the hacker.
    Show me these security breaches running with the same rapacity on millions of Macs as on Windows and we’ll have a believable news story.

    Meanwhile the apologists, such as slayerjr, might want to stick to facts instead of thinly veiled attacks written with such saccharin condescension toward the messenger.

  • Pingback: Ownano Vista e Mac OS X. Resiste Ubuntu « Sudoaptget’s Weblog()

  • gus2000

    Microsoft has garnered more user share because they went with the more open IBM platform that allowed entrepreneurs the freedom to be more creative in creating any product or service they saw fit.

    Mr. freedom, welcome to Roughly Drafted. Can I take your coat? While you wait, please feel free to peruse our back catalog:

    Why the World Went Windows

    How Closed Is The iPhone?

    Windows is 5X More Expensive than OS X

    I’m sure you’ll find our articles to be satisfying, nutritious, and 99% FUD-free with no artificial filler, flavor or color.

  • gus2000

    WordPress does not like my comments. Or…it likes to eat them. Mmmmmmm, comments.

  • Pingback: Ownano Vista e Mac OS X. Resiste Ubuntu « My Weblog()

  • Pingback: The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown — RoughlyDrafted Magazine()

  • Pingback: Assistance44 | Concours de hacking : Ubuntu plus résistant que Mac OS ou Vista()

  • freedom


    Thanks for the oh so generous offer to dine on all the Apple Koolaid I can possibly drink. I expect it will be as pure as the driven snow and contain no one-sided Apple apologetics at all… The only problem is all the links you sent were from Koolaid HQ and the only thing on the menu is… you guessed it… Koolaid.

    I actually did read the first article and skimmed several of the others. Prior to that I did not think of Roughly Drafted as a Koolaid site, but now I have to consider otherwise. For every argument someone makes about Apples Marketing there is a “Good Reason” or better yet “actually a very smart thing to do”.

    To pick on one concept (and basically the excuse for overpriced hardware) is that Apple is really “selling software wrapped in hardware” WHAT LAME BS IS THAT?

    What’s really funny is Mac users joke about all the “Bloat ware” that comes on a new PC and the fact that its just free trials and not full versions etc. DUH! why should it be assumed that everybody wants all the same software and further more have to pay for it whether they like it or not? But Freedom, it’s really really gooood software and its FULL versions”. Wow from my perspective if its software that I don’t want then its merely “MORE BLOATED”.

    I do not stand behind every version of Windows ever created or every piece of software Microsoft has ever made (except for OneNote of Course). But it seems that at RoughlyDrafted Apple can do no wrong? It’s hard to read stuff that does not seem to have any unbiased representation. It’s like someone in the room ripped a really bad one, but you have gotten so used to the smell you don’t notice it any more. You need to step outside for a bit, get some fresh air and when you return maybe you can spot the Koolaid stains…

    I am getting ready to buy a Mac. Why? Because it’s the only way I can develop for the iPhone, honestly it ticks me off to pay double for a Mac vs. a PC with identical hardware simply because it comes bloated with a bunch of software I don’t need, The sad part is – my Wife is a Graphic Artist so I can (to a degree) justify the purchase since we can both make use of it and she is in need of a hardware upgrade, but as to the sad part, there is no software on there that she will need either and in fact will now have buy Mac versions of all her Adobe software.

    I’ll make a deal with you. I’ll become a Mac FanBoy if you can give one GOOD, I repeat GOOD reason that Steve won’t let me use my stereo Bluetooth headsets with my “Ultimate Music Phone” iPhone.

    Personally I think the reason is this – Steve is so into the “Perfect User Experience” that he won’t release it until it is such. Right now the Stereo headset profile can be a bit finicky, but when mountain climbing I would rather have finicky then wires hanging out of my ears. Steve, Please let me decide what user experience I am willing to deal with and include free trials of your software but allow me to choose to buy it….. Freedom please…

    BTW, I am selling a new fragrance called “That New Car Smell” but you’ll really love the packaging, it comes wrapped in a BMW.. Fragrance wrapped in Hardware… Genius idea… don’t ya think! Special pricing for Mac owners, please provide proof of Mac ownership with your orders.

  • Bill

    Freedom, you do not need to buy new software. Your Windows software will run fine if you load XP [or Vista] using Bootcamp. If you were a smart developer, you would know this.

    Also, there are many PC magazines that show a similarly equipped Mac and PC are pretty darn close in price. In fact, the SDK will work on any $1199 iMac or $1099 MacBook. If a developer cannot afford that, or the $99 SDK fee [there is a free beta version too], then I think that you are in the wrong business. Otherwise, welcome to the club. I use both Windows and MacOS, but prefer the Mac. Many of my medical partners are switching as thier kids [or themselves] are getting numerous viruses and malware. I have personally seen a total over 1,000 [no BS] viruses on a handful of their computers, as well as numerous Trojans and crippling malware that required complete reinstall after erasing the hard drives. If you have good protection, and use the web wisely [like me], there is almost no worries with Windows. But boys will be boys, and P2P is dangerous.


  • Rip Ragged

    @ Bill –

    “freedom” wasn’t looking for information. If he was he would have included verifiable facts in his diatribe. Odd how dependent flame wars are on emotion, and how fact-free they tend to be. Rational conversations rarely require the invocation of instant soft-drink mix. Flamers need Kool-Aid, and hate facts.

    He gives himself away for what he is when he says he would rather have “finicky then wires” (sic). Literacy disqualifies all the but the more polished flamers.

  • freedom


    I appreciate the advice. You are right, I am not a smart programmer simply due to the fact that programming for the iPhone will be my first venture into programming. However I am fully aware of parallels and the fact that you can run windows programs in it, but per my Mac friends Photoshop is known to choke parallels and run very slow/ tends to hang, so they recommend going with the Mac versions.

    For the record, My aversion to the price has nothing to do with what I can afford and everything to do with “My” perceived value. (Note to Fanboys, notice the use of “Opinion” here? Just because I believe the a Mac is not as good a value does not make it true)


    The use of Kool-Aid was an attempt to keep in context with the post I was responding to;

    ” I’m sure you’ll find our articles to be satisfying, nutritious, and 99% FUD-free with no artificial filler, flavor or color.”

    Kool-Aid was the perfect counter since I find the articles that Gus referred to to be the exact opposite of FUD free with no artificial filler, flavor or color.

    What I find most amazing is how FanBoys like yourself accuse everyone else of exactly what you are so guilty of, FUD and Hate facts. But more so than that, you don’t realize that just because you believe it, does not make it fact! Just because I believe it does not make it fact. I applaud addicted44 for admitting that there is some security by obscurity, and I also agree with him that that that is not the only reason (Note; this gives addicted some credibility). I would expect a Mac to be more secure simply because the hardware and software are both made by Apple. I would expect a PC to be less secure because MS only makes the OS they do not make the hardware and or the majority of the drivers etc. AND I can also say that the Mac OSX may actually be better written and more secure for that reason as well. The whole point of my original post was to point out that the arguments here do not accurately take into account the fact that you are comparing Apples to Oranges. A RATIONAL person could concede that a FanBoy could not.

    The only factual thing in your response was a Typo, the rest was purely flames. In your next post you’ll be saying your dad can kick my dad’s ass! But it won’t be flames because its factual since you believe it.

    (Note to Rip; Since you were not able to pick up on the Kool-Aid connection let me read between the lines for you here – I only threw in the “kick my Dad’s ass” line as a bit of ironic sarcasm – in case you still don’t understand; I was flaming you while accusing you of flaming me while accusing me of only flaming. If you still don’t get it just ask addicted, he has the whole nested statement thing down to a science.)


    the disqualified illiterate :-(

  • Bill

    Freedom, if you don’t own a Mac, or need another, there are some great proces on recertified models with huge savings on the 3GH quad and 2.8GHz 8 core. Go to the recert section at the on line Apple store. There are other models, but I prefer Towers. Example, Pro Tower 3GHZ quad, 2GB RAM, 250 GB HD, ATI 1900XT for $2299, with 1 yr warranty. $250 adds a 3 yr warranty. Sweet!


  • Rip Ragged


    Your opinions are valid. Opinions you disagree with are the opinions of Fanboys drinking koolaid. (That sounds like flaming to me)

    Another flamewar standard is that a site that’s primarily about Apple’s successes and advantages needs more balance. Why?

    There are plenty of places on the internet chronicling Apple’s perceived failures and shortcomings. Odd that you should come here to Apple fanboy land of your own free will and then complain about positive reporting on Apple.

    Kinda like going to a Chinese restaurant and objecting to the smell of soy sauce.

    My Dad’s last communication with another human being – just before they closed the door of the ambulance and he slipped into a coma – was to give his boss the finger. As far as I’m concerned, that kicks the ass of every other Dad I’ve heard of.

  • gus2000

    Rip, sorry about your Dad. But yeah, that kicks ass.

  • Bill

    Rip, that is a great story. I would bet that my dad is laughing has wings off with your dad about it.


  • freedom


    Wow, no wonder you can’t read between the lines, you can’t even read the lines (and you are questioning my literacy?). In a way it is pointless to quote my previous post since you did not get it the first time, why would I expect you to get it the second time? But for the sake of others;

    “just because you believe it, does not make it fact! Just because I believe it does not make it fact.”

    Not sure, but I don’t think I could have put our “opinions” on any more equal ground then that. The point of my comment was to note that so many “opinions” stated here are referred to as facts when they are merely opinions. (and for the person who is about to point out any of the “provable facts” in this thread, don’t bother, I am not saying there are no facts I am just saying many are opinions) Note; Opinion + heartfelt sincerity does not =fact. Nor does opinion +agreement by most others of my thought-persuasion =fact.

    I “willingly” came to this site, because I saw a link to this article and the title got my attention. I was expecting to be educated not opinionated. My reason for posting was to point out that I felt the article was ignoring a very important concept… ….and it seems Apple agrees with me…

    As I have said twice now,

    “The whole point of my original post was to point out that the arguments here do not accurately take into account the fact that you are comparing Apples to Oranges. A RATIONAL person could concede that, a FanBoy could not.”

    I was watching a show recorded with Windows Media Center yesterday and as I was skipping through the commercials, I noticed an “I’m a Mac” commercial, so I backed up to watch it (They are well done and I enjoy them, way to go Steve). What da ya know… I would assume this one is entitled “It’s not your fault”.

    Mac tells PC it is not his fault for having issues because… ….well let me just quote my previous post yet again

    “I would expect a Mac to be more secure simply because the hardware and software are both made by Apple. I would expect a PC to be less secure because MS only makes the OS they do not make the hardware and or the majority of the drivers etc.”

    And that is exactly what Apple claims in their commercial. I guess I need to start a Mac Fanboy Free site where Apples views can be more accurately portrayed. Lets call it http://www.ThechApple.com . And Rip since you don’t read between the lines well, allow me to decipher; chApple is a tongue-in-cheek reference to the “Cult” that is Apple Fanboys…

  • Rip Ragged


    I’m trying really hard to read between the lines, but I’ll need a little more help I guess.

    You’ve agreed with the basic premise of the original article, I think, that OS X is more secure than other operating systems. Or at least that CanSecWest didn’t prove otherwise.

    You’ve agreed with the reason why: Apple builds the whole widget, ergo they have more control over the entire system – hence security.

    Your basic disagreement, then, is that those opinions lack validity because they are opinions. The very real empirical data that us old FanBoys have (years without malware) don’t solidify our opinions (in or between your lines). Twenty-one years without malware is not an opinion. It’s a fact. I was there.

    You also seem to disagree with people who adamantly advance opinions that agree with yours because they’re “FanBoys,” or because in the comparison between Apples and Oranges we prefer Apples. That seems to be argument for its own sake from here, particularly when you agree with the basic tenets of the “cult.”

    Reading between the lines doesn’t yield facts contradictory to Daniel’s original post; just that you seem to think there should be more “balance.”

    If you have “balancing” facts, please post them. With no facts to counter our opinions we have no reason to change them.

    I have an open mind. But it’s only open to new facts. New opinions, unsupported by new facts, must be very compelling.

    Thank you for explaining the jokes. It takes all the mystery out of the comments. Really.

  • Pingback: Pharaos World()

  • Pingback: Rails Podcast Brasil - Epis()

  • Pingback: Concours de hacking : Ubuntu plus résistant que Mac OS ou Vista!()

  • Pingback: Paul Thurrott calls Apple “the Bad Guys” of Microsoft’s $300 Million Ads — RoughlyDrafted Magazine()

  • Pingback: Antivirus on a Mac Pt. 2()

  • Pingback: Concours de hacking : Ubuntu plus résistant que Mac OS ou Vista « Dionymartial’s Weblog()

  • Pingback: Mac security researcher wins Pwn2Own contest with Safari hack — RoughlyDrafted Magazine()

  • Pingback: CanSecWest security competition falsely portrayed, again — RoughlyDrafted Magazine()