On Mar 2, 2006, at 12:29 AM, Don wrote: > I have been following this thread and must admit I don't understand > most of it. As a total non-geek who uses the computer mainly for > web surfing, emailing, iTunes/ITMS, MS Office and occasionally > Filemaker, can someone tell me how I could be hurt by the OS X > security leaks? Basically the thrust is this: Whenever a browser tries to do something "automatically" for you "for convenience" you risk losing some security. - This is true for Windows, where Microsoft designed it to be essentially possible for a website to do whatever it wanted to through Internet Explorer - This is true, to a far lesser extent, with Mac OS X, if you use Safari, and if you leave the 'Open Safe Files Automatically After Download' option checked The recent exploit basically pretended to be "safe" but really weren't, so Safari could be fooled into opening them. You can safeguard yourself to a great extent by turning off that option in Safari, or by using Opera or Firefox instead. Chris, on the other hand, claims secret knowledge of another exploit that he doesn't want to share too many details about. He says this is because he doesn't want it too widely known. Some people see this as evidence of Mac OS X's insecurity. Others remain skeptical because he refuses to be open with his evidence, apparently only selectively sharing it with others he hand- selects. Chris has very little interest in other people's opinions of him, which some people admire and some people don't, and makes some people like him and some people not. Thus we are left to decide for ourselves whether we want to take the word of one individual as to whether or not there are "serious" problems with Mac OS X. He has decided to keep this information in his own control, and therefore rob the community of the ability to judge for themselves. He calls this safeguarding the community. Others see it as a way to get attention. Someone suggested a piece of software which could solve the problem. Chris' response was "Do you really want to be running a bunch of programs to protect yourself against malware?" One could infer that since he did not say that the software would not solve the problem, it will solve it, but he has a personal moral objection to anti-malware software and therefore prefers that your system be insecure and that Apple be pressured to fix it. Hard to know how we can pressure to fix an exploit we don't know about because the people who do have it won't say anything about it. Then again it really might not be that serious. Again, there's no way for us to know, because he is keeping this information he claims to have to himself, despite the fact that if there was more public knowledge and awareness of the issue, more people could put pressure on Apple to fix it. He could very well be right. He could very well be full of it. There's really no way to know unless you are one of the chosen few he deems worthy to receive his insight and information. I have no doubt that there are remaining security holes. What I have no way to judge is how severe they are and what (if anything) I can do (regardless of how Chris feels about the solution). Personally I thought that lists like this were a place where people came together to help one another, not to say "Well I know something you don't know which puts you at risk but I'm not going to tell you what it is." But if that's the way he wants to play, then that's what he'll do. Meanwhile I'll do the things that I believe safeguard me, including running regular backups.