>As far as I know, there are zero ways to attack an OS 9 Mac. Appletalk uses plain text passwords by default, that means anyone within reach of your appletalk network can sniff the packets, know your password, and gain full access to your machine.
That is just one off the top of my head. Classic OS versions are not 100% immunue from compromise, it is just in the real world, they are very limited and unlikely to be hacked from the internet. There are ways to do it, and it does mostly involve running software that is vulnerable. That is why I said, you are safer if you are running a Classic OS. OS 9 btw can send AppleTalk over TCP/IP, that means, those cleartext passwords *could* be getting out to the internet... if you are on a cable modem, your neighbor can sniff the packets, if you have DSL it is a bit harder depending on how your ISP has you set up. At least with 8 and earlier, AppleTalk didn't go over IP (from a host standpoint), so unless you had an ISP that would route AppleTalk traffic (highly unlikely), then there was no way for your passwords to leave your local network. >If you want to be "infection proof", get a Mac OS 9 >system. It cannot be compromised by hackers. Especially if file sharing >is not active, it is not possible. Never ever say something is not possible when it comes to hackers. :-) >As far as OS X goes, how can a machine get infected/infiltrated from web >browsing? The same way Windows can be infected just from browsing. JavaScript and viruses designed to attack the host OS. Currently, none exist for OS X... currently. Give it time, there will be. Plus, who is to say it will happen because you are web browsing. Just because you are only using the web, doesn't mean that is the only service that can pass on the network. Once you connect your computer to the internet, it is connected... ALL OF IT. The only thing stopping traffic from coming back in is either a firewall, or hopes and dreams that your computer will safely ignore all inbound traffic (are you sure you didn't accidentally load spyware when running that new cool automatic desktop pattern changer... sure, no one knows of spyware for OS X yet... YET. Or, depending on what software you are running, are you sure one or more applications hasn't opened a port to the internet? Maybe they didn't mean to, it was just poor programming... my first version of Baton Mail left the relay wide open to anyone... if you started Baton Mail while connected directly to the internet, anyone else could have used Baton Mail to relay their email thru your computer and YOUR email account!!! I didn't do that by design, I did it because by mistake, but I released a version before I realized the flaw and was able to patch it). I can't stress this enough, OS X is safe right now... but ONLY right now. Is there a reason to spend lots of money on security products for OS X... no. I'm very much against bothering with Anti-Virus software. The problems they cause outweigh the benifits gained. But when it comes to a firewall, when you can pick up a hardware solution for under $30 consistantly, and it won't need to be upgraded next year or likely anytime in the near future, it isn't a bad idea. It also isn't a manditory idea unless you plan to run Windows at some point (down the road it will likely become manditory for OS X as well, but right now, it is still mostly safe to run without it). Remember, OS X has already had a number of security patches to fix vulnerabilities. Each time those were released, depending on how often someone ran the Software Update, it was anywhere from a few days, to possibly months before they patched their copy of OS X. If they were sitting unprotected on the internet, they were running vulnerable software that entire time. Half of OS X's security comes from obscurity. People aren't trying to hack it, so it isn't getting hacked. If Apple does their job right, and OS X becomes as popular as we all hope, then that tide will turn, and people will start trying to hack OS X, and as soon as they do start trying, you will see machines being exploited left and right. Many of them will be because people are behind on their updates. That is actually a good bit of the Windows exploits... not that Windows has no security, but that people don't update often enough, so when an exploit is found, it stays available for a long time. OS 9 and earlier were much harder to hack because there was nothing by default on them to hack. That doesn't mean they were 100% immune, it just means no one found anything easy and commonplace enough to exploit. Had OS 9 and earlier been more popular, more would have been found. Now that they are discontinued, there is virtually no one still trying, so since they were near impossible to hack, they will likely stay near impossible to hack. >There are occasional security hole reports, but I did not know >of any which worked on end-user machines. That doesn't mean they don't exist. The fact is, the ONLY difference between OS X and OS X Server is the tools the server version comes with (ok, and a limiter on the number of people that can connect for file sharing). If there is an exploit for OS X Server, then it will work with OS X Workstation as well. (go into the terminal, type postfix... WOAH... look at that, OS X Workstation has a full version of the Postfix mail server sitting on it! Same with a number of other server applications... like Apache... and ALL of them are just as vulnerable on OS X Workstation as they are on OS X Server, or NetBSD, or Linux... unless Apple releases a patch to fix an exploit when it is found, then your machine will be vulnerable to said exploit. Fortunatly, Apple stays on top of those patches, so it has yet to become an issue with OS X) There are tons of *nix exploits out there, most of which apply to OS X because of its BSD core, and more are found daily. All it takes is to be on the wrong side of the patch curve and you have a vulnerable machine. If you are running OS X connected to the internet via any 24x7 internet access, it is a good idea to be running some kind of a firewall. OS X has one built in that can be turned on, but hardware solutions have the added benefit of seperating the machine from the firewall (security basic, the further something is from access, the harder it is to access it... if the firewall and the workstation are one in the same box, then any attempts to hack the firewall are automatically attempts to hack the workstation, you increase your chance of being compromised by running both as the same machine). And of course, a hardware solution makes it easier to connect multiple other computers to the internet over the same line (still possible with just the one OS X machine, but then you have to depend on it being up and running all the time that the additional machines want to use the internet... plus, unless you put a 2nd ethernet card in the OS X machine, then you are running a far less secure version of NAT routing. That is, all the "protected" traffic is sitting on the exact same wires as the non-protected). If you are running Windows, you are insane to NOT have a firewall between you and the internet. If you are running any Classic Mac OS, a firewall is just added insurance. I won't dispute that it is far from needed for most users of classic Mac OS versions... but for the few dollars it will cost you for a hardware firewall/route, it is really cheap insurance, and carries the extra bonuses of being able to run pretty much anything you want behind the firewall without as much concern (wouldn't it be nice to know that when your friend stops by with their OS X laptop, or your idiot inlaws with their Windows laptop, that they can just plug into your network and safely get online). So to sum up, my stance is the same. If you have a 24x7 internet connection, you better have a firewall if you run Windows, you should have one if you run OS X, and it couldn't hurt if you run OS 9 and earlier, but isn't overly neccessary. -chris <http://www.mythtech.net> ___________________________________________________________________________ To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to <[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
