Thanks David!! I now understand. You said : "So it’s really surprising to me to hear people on a Linux group assert that they “do not undersand how an Apple is less vulnerable when not being upgraded”. In all fairness that was me and I am a PHP developer. I have used and played with Linux since around 98. I am by no means as informed as you. Most of my focus has been LAMP usage. Most recent Ubuntu, Apache, MySQL (MariaDB), and PHP. Thank you for this great explanation!! - Keith On 2025-05-11 16:22, David Schwartz via PLUG-discuss wrote: >> On May 11, 2025, at 7:55 AM, Keith Smith via PLUG-discuss >> wrote: >> >> Still do not understand how an Apple is less vulnerable when not being >> upgraded. I know most attacks are om M$ and the Web.... > > I have two thoughts on this: > > 1) MacOS is built on Unix, which has been around more than a decade > longer than DOS and two decades longer than Windows. And since Windows > was built on top of DOS and still has a lot of DOS code at its core, it > has the same vulnerabilities that DOS had. > > Unix, on the other hand, was named as a play on words derived from > “Unix is not MULTICS” where MULTICS was the most advanced and secure OS > ever devised at the time. It was funded by DARPA and built by Honeywell > to be a highly-secure platform for use by the military that > incorporated security features in both the hardware and the software. > > Unix was built by some guys who wanted to show that you could create a > secure OS without the need for specific hardware features. > > That is to say, security is built into the DNA of Unix and all of its > derivatives. > > I don’t think anybody gave even the slightest thought to security > during the development and evolution of DOS or Windows. > > 2) Windows is a “known danger zone” simply because it’s found on 90% of > comptuers world-wide, which makes it a sitting duck for anybody looking > to hack into some hardware. If you go to any random IP, you have a 90% > chance of it being a Windows machine. > > Even worse, by default, most Windows machines were configured out of > the box with most security stuff DISABLED. Non-techie users (probably > about 95% of all users) would never turn on these settings, or use > complex passwords, or often even change their passwords. Which makes it > even easier to break-in to them. That’s why so many machines can be > broken into simply by running a script that tests a bunch of known > exploits. > > Right out of the box, Unix systems come with security ENABLED. There > are layers, and most users don’t know what they are or how to change > them anyway, including those trying to break-in. > > When I learned Unix in the mid-80’s, there were files like /etc/passwd > and /etc/sudoers that contained user login details in clear-text that > was easily accessible. Today there are several levels of indirection > needed to access these details, and their contents are partially if not > completely encrypted. (I don’t even know where they’re stored today!) > > Back then, I was able to use uucp to connect from one Unix box to > another and update the login details on the other box without changing > any settings at all. That’s impossible today, and has been for maybe 25 > years now. > > A version of MacOS from 2010 was far more secure than Windows 10, and > still is even without upgrades. Windows has always been like a leaky > boat that constantly needs patching. Unix was already pretty damn solid > pre-Y2k when everybody was scrambling around trying to fix software > they thought would cause the end of the world on 1/1/2000, much of > which was built on DOS and early versions of Windows. > > I simply don’t worry about my 10-yo Mac Mini or it’s 8-yo OS because > Unix was already damn near bullet-proof in 2000, and I’m not sure how > much MORE bulletproof it was fifteen years later in 2015. Windows XP, > 7, 8, and 10 were ALL leaky as hell AT THEIR CORE and required constant > patches and upgrades. > > To be honest, Apple used Unix on the Lisa, but it wasn't on the > original Macintosh. Later they released something called OS9 that I > think was Unix, but I’m not sure. When Jobs was fired, he started a > company named Next Computer and they adopted BSD Unix as their core OS. > It was beefed-up and improved. When Jobs returned to Apple, he required > that Apple also purchase Next and all of their IP. That included their > OS that was renamed OSX (as in OS10) and replaced OS9. It eventually > was installed in all of their hardware and remains today. > > So it’s really surprising to me to hear people on a Linux group assert > that they “do not undersand how an Apple is less vulnerable when not > being upgraded” — in all of it’s variations and accusations, as if it’s > even in the same league as anything MS has EVER released when it comes > to security vulnerabilities. > > Unix has **ALWAYS** BEEN LESS VULNERABLE than both DOS AND WINDOWS!!! > With or without upgrades and patches. > > Because security was built into its DNA, right from the start — the > designers wanted to build something that was as secure as MULTICS > without the hardware. > > Does anybody really think it’s meaningful to compare that with an OS > that still has DOS at its core? > > -David Schwartz > > PS: most people don’t know this, but Windows NT was supposed to be > Microsoft’s answer to Unix that ran on Intel’s 286 chip in “protected > mode”. The 286 architecture itself was designed by a bunch of guys who > literally worked on MULTICS at Honeywell for a decade. The protected > mode kernal was designed to work hand-in-glove with the 286 chip. It > was supposed to be a “mini-MULTICS” machine, but it never came to be. > > The problem was the chip designers made a little tweak to the design > AFTER the OS team had signed-off and it was never run by the OS team > before it was implemented. So when the first 286 chips started being > produced, the OS team got their hands on them and discovered the change > because … it BROKE THEIR SECURITY DESIGN! Which is why there was NEVER > a single OS released that ran in “protected mode” on the 286. That > really screwed both Microsoft as well as IBM who was working on OS/2 > that was also supposed to run in “protected mode”. Intel’s response > was, “We’ll fix that in the 386, but for now you can’t run in > 'protected mode’". > > The reason the chip guys made that change was because the > context-switch time to go in and out of “protected mode” was so slow > that they figured it wouldn’t be used if they couldn’t speed it up. So > they tweaked it. But their tweak broke the security. And when the 386 > came out, benchmarks showed protected mode was indeed too slow to be > practical. As a result, it was never used by any OS vendors except some > experimental designs that never caught on. I think it was undocumented > in the 486 and removed in later versions of the chip. > > > > > > --------------------------------------------------- > PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss