Blog


apple_vs_windows

I was in CompUSA the the other day and noticed quite a few people in the Apple section. I realized that this was becoming increasingly common everywhere I went. Indeed, much Apple love these days. But why now?

I mentioned to an employee in the PC section that Apple interest seemed to be getting stronger overall, and asked if he had seen the same thing there in the store. He said he’d been there for around three years and that Apple awareness was at an all-time high.

I asked him when he thought things started turning around for Apple.

Me: Was it the new iMacs? The iPod halo effect finally kicking in? When did you start noticing a difference? CompUSA Employee: Oh, I know exactly when it was…it was quite obvious.

Me: When?

CompUSA Employee: Around the middle of January of this year [2007].

Me: Really, what came out then that made the difference? [I was thinking Apple]

CompUSA Employee: Vista.

The guy was totally nonchalant about it. He didn’t even seem to care. He didn’t laugh. He didn’t smile. He wasn’t joking. He was just relaying what he saw, and he was right.

Apple didn’t give OS X the popularity it has today — Vista did.:

Well my Vista box is already hung. I made the mistake of closing an explorer Window when it wasn’t responding. This crashed your box in Windows 95. It crashed your box in 98. It crashed your box in ME. It crashed your box in 2000. It crashed your box in XP. It even crashes your box in Server 2003.

So now, in the new and redesigned flagship Vista operating system? It crashes your box. My machine is completely unresponsive (I don’t even have a taskbar or start menu). I’ve installed only one program — Office 2007 Enterprise. I’d blame it on VMware if this wasn’t the same exact issue that I’ve seen in every version of Windows I’ve used.

Keep in mind here — my OS is unresponsive because I clicked on a button that they offered to me as an option. They presented me with an interface which, if used, would hamstring my machine.

Nice job on Windows 95 version 7 here, guys. You make me sad.:

Evidently the new version of VMware for OS X lets you run a virtual session right off of your bootcamp partition! Pretty cool stuff.

My buddy Craig has it working.

vista_vmware

[ Link: Vista Running From OS X Bootcamp Partition Within OS X ]

So for those of you who are into blogging you’re probably all aware of Robert Scoble, a former Microsoft employee who became popular by bringing blogging to that company for the first time.

He’s famous for being highly biased towards Microsoft, but now that he’s left it seems his exposure to the “real world” has caused him to see things differently. In a blogpost titled, “I love my new Mac (list of cool utilities from Twitter)“, he says this:

I just switched my life over to a 17-inch MacBookPro. Don’t worry Microsoft fans. I still have Vista and Office 2007 loaded too.

He didn’t say he’s trying it. No. He “switched his life over” to it. And he just referred to those left behind as “Microsoft fans”. Think about it: Robert Scoble is keenly aware of all the available technologies out there — especially those from Microsoft. And if he made found the Mac to be better then there’s probably something to it, don’t you think?

Is this proof that Mac is better? No. Is it a good indication that anyone refusing to look at Mac is probably doing themselves a disservice? Yeah, I’d say so…

I’ve been trying to get Chris to the Mac for over a year now, and he’s put my latest attempt up on his site. I’ve received a number of emails commending me on my efforts, but a few pointed out something I’d not considered:

The guy is an absolute Windows icon. He can’t just up and defect like this. It would likely be extremely bad for business.

And when I say business, I mean the roughly $10K/month he makes from Google AdSense. Essentially, he’s been a known Windows expert since before 99.9% of people were on the Internet. He has a massive fan base. So no matter how cool OS X is he’s probably not going to switch due to the potential impact it may have on his income and Internet status.

And to be honest, I can’t say I blame him. I personally would still do it, but I can definitely see why he wouldn’t. Oh well…I’ll keep at it. When Leopard drops and makes Vista look silly, it’ll get a bit easier.

You might be saying no such thing exists, but I beg to differ. I’ve dumped XP as a Windows platform. I now use it only when something specifically requires it (which isn’t often).

I prefer to use Windows Server 2003 as a workstation instead. Why? Mostly because of raw socket limitations. I hate the fact that security software is hit or miss on XP. I simply lack the time to worry about whether or not XP will gimp up a given security tool.

So I’ve just built my latest Windows VMware image (for Outlook, Word and Visio) using Server 2003. Office 2007, by the way, is awesome. I very much like the ribbon concept, as well as the other more subtle improvements. And Office 2007 runs great on Server 2003, so this is a good thing.

It’s become very clear to me that XP is an OS designed for the masses. It’s edges have been rounded so that people don’t cut themselves, which is unfortunate since I was actually using them to get work done. Luckily for me there’s another Microsoft platform that runs Office, and until the next version of server comes out this is what I’ll be running as my Windows “desktop”.

Has anyone else noticed this strategy by Microsoft? Their only means of defending Vista’s flopping seems to be to talk about how cool the next version of Windows will be. It’s like they’re saying:

We know Vista let everyone down, but trust us — the next version of Windows is going to be really, really, extra-super cool! Even better than Leopard, which is about to come out and make us look like fools. So remember, when Leopard does lanuch, and it makes us look completely silly…keep in mind that we have something WAY better than that coming in just two years.

Uh, yeah…I believe you.

Best…Mac…Ad…Ever

February 21st, 2007 | Mac | Microsoft | OS X | Security | Vista | Windows

Yesterday I wrote about Joanna Rutkowska’s work that highlighted a serious security flaw in Windows Vista. Her finding was that in Vista, many applications require that they be installed with administrator privileges, and that during the install process users are given two options: 1) install with elevated privileges, or 2) don’t install the application at all.

Vista_Icon

Yesterday’s post was sloppy, however. It came to the conclusion that Microsoft made a security design error in implementing this system. The truth of the matter is that there is a serious security problem with respect to Vista, but that problem is not due to a recent decision by Microsoft.

The real problem is that thousands upon thousands of 9x and XP applications were written according to the old security model, i.e. the one in which installers were able to spray their parts all over the system with no issues because they ran as administrator. This won’t work in Vista because they’ve gone to a restricted user model, so they have only one choice — allow the applications to install with elevated rights.

Microsoft had no other choice, really. The alternative is telling people that their old programs are insecurely written and can’t be used. That wouldn’t go over well. Unfortunately, allowing the applications to go in as administrator creates a major problem for Microsoft: it trains the users to say yes when an application asks to be installed with elevated privileges.

This is what’s going to do the real damage. It’s the fact that people are going to get so used to allowing legitimate applications to install with elevated rights that when a piece of malware asks to do the same they’ll happily oblige.

Not good.

But it’s not a Vista problem, really. It’s going to hurt Vista, but the real problem is that of legacy support. It’s ironic, really. All this work to make Vista more secure and it’s going to be largely undermined by how lax they were in the past.:

I just got done reading something utterly insane about Vista. Evidently, a Polish researcher named Joanna Rutkowska has discovered that Vista, by default, wants executables to install with Administrator rights.

WTF?!?

When I say “wants”, that means that when you install executables in Vista you get prompted to either install with administrator rights or not at all. From her post:

So, when you try to run such a program, you get a UAC prompt and you have only two choices: either to agree to run this application as administrator or to disallow running it at all.

Are you kidding me? All that work that went into the limited user stuff, and the outcome ends up being that 99.9% of users will be installing utter garbage on their Vista systems with elevated privileges.

Seriously…here are how the options will look to users:

  1. Do install this thing I want to use (with some technical mumbo jumbo I don’t understand)
  2. Don’t install the thing I want to use.

What do you think they’ll pick? Yeah, me too. And in reality their choices are more like:

  1. Install this and hope it’s not malware. If it is, you’re about to get owned.
  2. Don’t install it.

The Nix Difference

I am completely dumbfounded by this. The whole point of Vista was to get its security model up to where *nix is — via limited users. In OS X or Linux, by default, you install applications with limited privileges — not as root/administrator.

Wow. Vista disappoints once again. First they remove all the cool features like WinFS, and now the only thing they had going for them (increased security) is largely bypassed in the name of convenience. Joanna Rutkowska said it best in her writeup:

If Microsoft won’t change their attitude soon, then in a couple of months the security of Vista (from the typical malware’s point of view) will be equal to the security of current XP systems (which means, not too impressive).

Uh, yeah…more of the same from Microsoft. With Leopard coming out shortly and Ubuntu just getting better and better every day, Microsoft’s days of dominance are numbered.:

– 02.15.07 So it appears I was largely wrong about this. Not about it being an issue (it is), but about my judgment of the design and the severity of the implications. After reading extensively about the issue I came across a comment here on the site that captured it really well:

So, the crux of the situation is that currently a lot of apps and their installers are written to install for the system, and to do so these apps request admin rights.

That’s really it. Microsoft is simply dealing with its insecure past, i.e. a world in which installers had full admin rights to do anything they wanted on the system. As such, most software is still written in this fashion, and since that’s the case, and Vista users are non-privileged, — old, dirty-style programs have to be installed with elevated rights if you want to use them.

In short, it’s still a security problem, but the problem comes from Microsoft’s difficult to handle legacy past, not a recent, poor security decision by Microsoft.

Anyway, I was sloppy, and I apologize for that. I should have nailed down the problem more accurately before posting.

This is a ginormous electronic billboard right in the middle of Times Square.

Yeah, that’s a Windows error there — right in the middle of the rainbow. I don’t know for sure if the box is actually running Vista, but either way — it’s a Vista advertisement with a massive Windows error on it. They make me sad.

vista_error

With the new release of Microsoft’s Vista operating system, many are considering their upgrade path. Is it time for a new PC? Should I wait for Vista? What’s this Mac stuff all about? In this article I’m going to put forth a very simple argument, which essentially boils down to this:

For anyone wanting to perform basic computer tasks such as browsing the Internet, checking mail, writing papers, and working with photos and movies, you should strongly consider what Apple’s OS X has to offer before making a move toward Vista.

When someone talks about how much they enjoy their “computer”, they’re mostly talking about how well their operating system handles these core activities. It’s also important not just be able to perform these functions, but to be able to do them in a consistent, worry-free fashion. In this article I’m going to give a few reasons why I believe OS X accomplishes this better than Vista.

** By the way, I am an MCSE and happen to respect and enjoy a number of Microsoft’s products.

Tiger Screenshot

1. Interface

While the Vista interface has definitely seen some improvements over XP, they are mostly in the realm of visual enhancements. They didn’t seem to focus on making things more intuitive — but rather more on making the same basic workflow in XP look better.

Apple’s approach to designing a desktop is very different. They take user interface quite seriously, and the focus with OS X is to create an experience that people instantly feel comfortable with. Have you noticed how passionate people are about OS X? They often can’t resist telling others about how much they love their computers, and this is in large part due to the intangible connection you develop with the OS itself.

Quite simply, OS X gets out of your way and lets you work. The difference between this and Windows is very hard to describe to someone who’s not experienced it, but trust me — you’ll love it.

2. Fewer Security Issues

Debates have raged on for years over why OS X hasn’t been attacked as successfully as Windows. The arguments basically break down into two categories: design, and marketshare. Those in the design camp feel that OS X is designed better, which provides a smaller attack surface to hackers. The marketshare group thinks it’s just because there are fewer Macs, which makes it a less desireable target.

Since I’m an information security consultant who uses both OS X and various flavors of Windows on a daily basis, I’ve dedicated a bit of thought to the matter. The answer in a nutshell is that both views are correct.

I believe OS X to be more secure overall for a number of design-oriented reasons (not the least of which is being based on FreeBSD), but an ever larger percentage of its excellent record comes from not being much of a target compared to Windows. The bottom line, however, is that it doesn’t matter what the reason is. As it stands now, if you use a Mac you’re simply not going to have to worry about being plagued by viruses and spyware like in Windows. This means you spend more time doing what you want to do and less time fixing your computer.

3. Stability

Stability is one of OS X’s absolute strengths. If you use Windows regularly, how often do you have to restart your computer? Quite often, I know. On a Mac you will hardly ever have to compared to on your Windows system, and this isn’t likely to change much with Vista (now with ~50 Million lines of code).

OS X is designed beautifully, with much of the system being protected from tampering by both malicious software and well-meaning but ill-informed users. Mac owners can go for months without needing to restart their systems. And this is with hundreds of applications being opened and closed, being put to sleep and awaken repeatedly, etc. Again, the credit here goes to the Unix core of OS X.

Conclusion

The time of the Mac and OS X is upon us. Vista took 5 years to make and ended up being little more than a collection of graphical enhancements to XP that require most to buy a whole new PC. In fact, many of Vista’s features were obvious copies of Apple’s ideas (watch the video). Even the current version of OS X is arguably more advanced than Vista, but the next version is going to be absolutely amazing. Here’s a short list of features coming soon in Leopard.

(I also think Apple is about to reveal a number of secret features now that Vista has been released)

Seriously. I made the change to OS X two years ago, and I’ve never been happier with a computer. Plus, if you go buy one as a result of this article, I’ll give you some free email help to get you on your way.:

…he was waiting for Microsoft to have their fun with Vista. Only then will they reveal what they’ve really been doing with Leopard. It’s like poker, you want to be the last one to act.

I expect a repeat of what happened with the iPod and the Zune:

Microsoft: And we present to you the Zune! Now with a wannabe iPod interface! Apple: LOL, we’re doing touch-screens, dumbass. Nice wheel, though…your idea?

So my thought is that Apple is waiting to spring another identical trap on Microsoft. Notice how quiet they’ve been about Leopard for all this time? Nothing at MacWorld — nothing since then. They’re letting Microsoft have its day because they know precisely what Vista has to offer. Steve has all the information and is basically setting them up for complete failure.

As soon as the buzz dies down from Vista, they’re doing to bust out with their equivalent of what the iPhone was to the Zune. In other words, something to make all the Microsoft fanboys who just bought Vista say, “Damn, I hate Apple…Why couldn’t Microsoft do that!?! I should have bought a Mac…”

I don’t know what Apple’s going to do with Leopard that’s going to make Vista look silly, but I have a very strong feeling it’s going to be something major in the UI arena. Hell, I just hope it involves replacing Finder.:

With Apple OS X’s surging popularity many are wondering how vulnerable Apple’s OS X operating system is relative to Windows. You essentially have two sides — one saying that it’s inherently more secure (and hence less successfully attacked), and the other side saying that it’s only because of marketshare that fewer issues have surfaced.

A Model

I think I have a model for explaining the interaction between these two theories. Essentially, OS X has issues just like FreeBSD, Linux, Windows, or any other OS does; the issues just haven’t surfaced yet because of the lack of interest in exploiting such a small user-base. Where people go wrong, however, is assuming that it’s going to get as bad as Windows has been. It won’t.

Conceptualize this as if there are two ratings — one is the potential for attack, and the second is the degree to which the potential has been actualized.

So let us say that Windows has a 100% potential with an 50% actualized. In other words it’s highly vulnerable and has been and is being exploited considerably within that potential. OS X, on the other hand, has a much lower potential — say in the 30% range — but it’s seen virtually no exposure due to the lack of interest from attackers (due to limited marketshare). I’d say it’s actualized rating is around 5%.

The Future

What this means is that over the next year or so you’re going to see a massive increase in the flaws found in OS X due to the exponential increase in its popularity. Notice that using my model and numbers this means that OS X has 25% of its vulnerability potential untapped, whereas Windows (XP, 2003 Server, Vista, Longhorn Server, etc) has a full 50%.

The key here is that we’ve seen 50 points of vulnerability and exploitation activity come from the Windows side, while we’ve only seen 5 points from OS X. But as OS X becomes increasingly popular it’s numbers are going to spike radically.

Notice that OS X’s numbers can triple and even quadruple and still remain within its vulnerability potential. To the public this will seem to indicate it’s just as vulnerable as Windows, but in reality it will simply indicate how few OS X flaws have been previously discovered.

So, all the Mac zealots who think their platform is invulnerable are in for a violent awakening. But at the same time, the loyal Windows disciples are equally wrong if they think OS X is going to end up in as bad of shape as 2000, XP, or even Vista.: