Sturgeon's Revelation: 90% of everything is crud. On Tue, Sep 7, 2010 at 14:45, Michael B. Smith <[email protected]> wrote: > Things == crap. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: Andrew S. Baker [mailto:[email protected]] > Sent: Tuesday, September 07, 2010 5:45 PM > To: NT System Admin Issues > Subject: Re: Mac and Windows mix > > > > All of these comparisons are great, if 90% of the users, regardless of > platform, didn't install a bunch of things, make a set of favorite > configurations, and then run off to a variety of sites. > > > > Default config is great if is good and if they leave it that way. They > don't. > > > > It makes for a great academic discussion which is bears little similarity to > the real world. > > > > http://www.computerworld.com/s/article/9129978/Researcher_cracks_Mac_in_10_seconds_at_PWN2OWN_wins_5k > > > > OS X can be attacked successfully. So can Windows, and so can Linux.[1] > > > > The *people* using those platforms can also be attacked. I'd argue that the > system of the average person running Linux is harder to crack than that of > the average person running OSX or Windows, but as more people buy into > *product = security*, and as more users of Linux or OS X start building or > providing systems for their less technical family members using their OS of > choice, we'll see more successful attacks on those platforms as well. > > > > Because changing platforms doesn't remove ALL bad habits. > > > > And the careless will be the ones more easily hacked via social networks and > smartphones, regardless of what OS someone has installed for them on their > desktop. > > ASB (My XeeSM Profile) > Exploiting Technology for Business Advantage... > > > [1] OpenBSD can make legitimate statements about the security of its default > config, but your mainstream user would not find it as useful to them > application-wise, or would make changes that undermine its security. > > > > On Tue, Sep 7, 2010 at 5:27 PM, Matthew W. Ross <[email protected]> > wrote: > > If you eliminate the non-os applications, what's the security situation look > like on each platform? > > Until Vista, the default setup for any user was to make them an > Administrator. Mac and Linux people could not understand this behavior. > Thank goodness Microsoft fixed that. > > Windows doesn't come with a PDF reader, and Mac OS X has Preview. Apple is > somewhat good about releasing fixes for it's OS vulnerabilities, but it has > also been known to be slow on responding on some items. > > Mac OS X has Java built in, which Windows does not. Another vector for > attack. > > Browser vulnerabilities abound on both sides. I would argue that anything > that uses ActiveX is inherently less secure than something that doesn't. But > then again, I hate a standards platform (The Web) using any platform > specific implementation (such as ActiveX). > > Does Windows have any kind of Remote Administration (ala psexec.exe) turned > on by default? Mac OS X has SSH disabled by default. > > Then, between the two... which one is more secure? I don't know. > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > > From: John Aldrich > [mailto:[email protected]] > > To: NT System Admin Issues > [mailto:[email protected]] > > Sent: Tue, 07 Sep 2010 > 12:15:16 -0700 > Subject: RE: Mac and Windows mix > >> Not to start a flame war or anything, but I was under the impression that >> Mac OS/X was significantly *more* secure than a comparable Windows >> machine, >> due to the *nix security model? Asking for information here, trying to >> learn, not trying to start a Mac Vs. Windows thread (there are enough of >> those, that I don't need to start one! <G>) >> >> >> > >> John-AldrichPerception_2 > >> >> >> >> From: Holstrom, Don [mailto:[email protected]] >> Sent: Tuesday, September 07, 2010 2:57 PM >> To: NT System Admin Issues >> Subject: RE: Mac and Windows mix >> >> >> >> We have about a dozen Macs here at the Museum. I give them each dual >> monitor >> set-ups, with Parallels and Windows with Microsoft Office so they can >> Outlook to their e-mail. So far, Mac doesn't really have a good >> Rendezvous/Outlook set-up, although OWA is very good and getting better. >> As >> I stroll by, I see that each Mac user keeps Office up on one monitor, so >> that Outlook is always open. Each of the Macs can already connect to our >> PC >> servers where they keep all their files. I give Remote Desktop access to >> those who either PC or Mac from the outside. >> >> >> >> Way too many security openings for Macs, this would not be good with a >> very >> secure network. >> >> >> >> From: Jeff Steward [mailto:[email protected]] >> Sent: Tuesday, September 07, 2010 2:34 PM >> To: NT System Admin Issues >> Subject: Re: Mac and Windows mix >> >> >> >> Don't knock yourself out here Matt, I'm just curious how one manages these >> issues in a mixed environment. I have one Mac user who works part time so >> we set him up with a Remote Desktop client and he works in a Terminal >> Server >> session. >> >> >> >> Regards, >> >> >> >> Jeff Steward >> >> On Tue, Sep 7, 2010 at 2:26 PM, Matthew W. Ross <[email protected]> >> wrote: >> >> Apple Remote Desktop is more akin to the Windows Management MMC, MS Remote >> Desktop and the SysInternals Power Tools rolled into one package. Open >> Directory is more akin to Group Policy. >> >> >> >> I will see what I can find out about those regulations. >> >> >> >> --Matt Ross >> >> Ephrata School District >> >> >> On Sep 7, 2010, at 11:21 AM, "Jeff Steward" <[email protected]> wrote: >> >> HIPAA >> >> SOX >> >> MA 201 CMR 17.00 >> >> >> >> To varying degrees they all boil down to: >> >> >> >> We define a security policy that meets the regulatory requirements and >> base >> configurations to meet that policy and then report regularly on >> performance >> to standards. I see from one of your follow-up posts that Apple Remote >> Desktop is akin to Group Policy. >> >> >> >> -Jeff Steward >> >> On Tue, Sep 7, 2010 at 1:31 PM, Matthew W. Ross <[email protected]> >> wrote: >> >> Can you be more specific? What standards are you needing to be compliant >> to? >> An example regulation would help me answer your question. >> >> >> >> --Matt Ross >> >> Ephrata School District >> >> >> On Sep 7, 2010, at 10:26 AM, "Jeff Steward" <[email protected]> wrote: >> >> A school environment is not the same as a public company environment. >> Compliance to <insert your favorite standard here> and reporting on said >> compliance or non-trivial issues for public companies or private companies >> subject to other regulations. There are a wealth of tools for managing >> these issues in a Windows environment, can the same be said of the Mac >> environment? >> >> >> >> -Jeff Steward >> >> On Tue, Sep 7, 2010 at 12:53 PM, Matthew W. Ross >> <[email protected]> >> wrote: >> >> Macs are not the burden you make them sound to be. >> >> Integrating a Mac into a windows network is never going to be painless; >> the >> two systems are inherently different. If what you want is a Windows >> experience from your Mac, install Windows. >> >> Now not everybody likes MacOS X, but the same can be said for Windows. >> Insert the problem of subjective preference here. >> >> Personally, I love working on my iMac, and managing the other Macs in our >> district is very easy if you use the provided Apple tools: Mac OS X >> server, >> Open Directory, and Apple Remote Desktop. >> >> Then again, I hate how a Mac _can_ cost 2x as much as a comparable PC. I >> do >> like that software upgrades are cheaper for Mac, but I don't like how >> apple >> drops support for anything that is not the current generation or the >> previous one. If you're 2 generations back, you're out of luck. >> >> What can a Mac do that a PC Can't? Nothing. But I would argue that >> competition is one of the pillars of innovation. Without Mac OS X >> competing >> against Windows, what would Windows look like today? >> >> >> --Matt Ross >> Ephrata School District >> >> >> >> ----- Original Message ----- >> From: James Hill >> [mailto:[email protected]] >> To: NT System Admin Issues >> >> [mailto:[email protected]] >> Sent: Sun, 05 Sep 2010 >> 19:28:49 -0700 >> Subject: RE: Mac and Windows mix >> >> >> > We have pretty much eliminated all of the Mac's here. >> > >> > We didn't have 3rd party products to manage them so they always required >> so >> > much manual interaction. Any global change we made we could easily >> automate >> > with PC's thanks to group policy etc but it was always a manual change >> > for >> > the Mac's. >> > >> > They really aren't a corporate product imo. You only have to look to >> Apple >> > for a corporate grade management solution to realise that it doesn't >> exist. >> > >> > They do indeed need patching (http://support.apple.com/kb/HT1222) and >> there >> > is AV products for them. Symantec has one for example. Personally I >> think >> > the day is coming when someone will write a decent bit of malware/virus >> for >> > them and 99% plus will get caught out by it. There is a very misguided >> > opinion amongst the Apple community that they are safe. Apple's false >> > advertising only strengthens this. The facts are that Mac's are more >> > vulnerable than the PC world http://www.crn.com/security/226200083 >> > >> > More importantly, what is the need for the Mac's in the first place? >> > For >> us >> > they were only sued for Adobe CS, which runs just fine on PC's. In fact >> > these days Adobe is more behind the PC world than the Mac. For example, >> > 64bit Photoshop was first on PC, had to wait for CS5 for Mac to get it. >> >> > That's without going into the Flash debate :) >> >> > >> > >> > >> > >> > >> > From: David Lum [mailto:[email protected]] >> > Sent: Saturday, 4 September 2010 6:07 AM >> > To: NT System Admin Issues >> > Subject: Mac and Windows mix >> > >> > I would like to hear from those of you who have a mixed Windows/Mac >> > environments: How do you handle management of the diverse environment? >> > Presumably with Mac's there is no patching or AV. Can you use GPO's on >> them >> > in any fashion (wondering if there's some add-in to allow equivalency). >> > David Lum // SYSTEMS ENGINEER >> > NORTHWEST EVALUATION ASSOCIATION >> > (Desk) 971.222.1025 // (Cell) 503.267.9764 >> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
