:)

I don't want to be seen as dashing water on the expectant Premiere owners here, but has anyone heard or knows from past tivo info whether or not there's any antivirus activity in the new Tivo food chain, that is,

internet to tivo to you?

prof.

;)

While it may technically be possible, I don't think I've ever heard about someone remotely exploiting a TiVo. In my eyes, it's pretty much a non-issue.

I kind of picture it like the whole Apple antivirus reasoning. There are (or in Apple's case were) so little units out there that there's not any point to develop a virus for it and honestly, what would be the point of setting up a virus for TiVos. Sounds like kind of a waste to me.

I kind of picture it like the whole Apple antivirus reasoning. There are (or in Apple's case were) so little units out there that there's not any point to develop a virus for it and honestly, what would be the point of setting up a virus for TiVos. Sounds like kind of a waste to me.

Actually that's not the rationale with Apple at all, but simply something that people like to say to explain why there are no Apple viruses.. Plenty of hackers have tried to create exploits in Mac OS X, however the OS is simply far more hardened than Windows due to its UNIX roots.

Believe me, if an actual Virus was created for the Apple machine that didn't require the user to actively input their admin password, etc, to take effect, it would be an enormous accomplishment for whichever researcher or hacker pulled it off.

The reality is that there are no viruses for the Mac, simply trojans and assorted malware that you obtain by downloading illegal copies of applications like MS Office. Even then, the latest OS X version 10.6 blocks these attempts and lets you know that you are trying to install a hacked copy of software that will in fact hijack your Mac.

Actually that's not the rationale with Apple at all, but simply something that people like to say to explain why there are no Apple viruses.. Plenty of hackers have tried to create exploits in Mac OS X, however the OS is simply far more hardened than Windows due to its UNIX roots.

Believe me, if an actual Virus was created for the Apple machine that didn't require the user to actively input their admin password, etc, to take effect, it would be an enormous accomplishment for whichever researcher or hacker pulled it off.

The reality is that there are no viruses for the Mac, simply trojans and assorted malware that you obtain by downloading illegal copies of applications like MS Office. Even then, the latest OS X version 10.6 blocks these attempts and lets you know that you are trying to install a hacked copy of software that will in fact hijack your Mac.

http://support.apple.com/kb/HT4004

http://support.apple.com/kb/HT4004

Maybe you should read the actual descriptions of those fixes. Multiple fixes are for Adobe Flash, which is a pile of garbage and is itself a giant leaky bucket for potential issues.

The worst case in other vulnerabilities is that of OS or application termination. This is not an infection of your machine.

Please feel free to find an actual virus that infects Macs, would be a hoot. PS, my Macs get updates maybe once over three or four weeks not every three or four hours like my windows boxes.

Doesn't anyone here read? LOL. 20 exploits coming out this week alone.
Miller claims to have found no less than 20 zero-day exploits within OS X. Miller will present the exploits at CanSecWest next week in Vancouver, British Columbia.
http://www.dailytech.com/Charlie+Miller+to+Unveil+20+Zeroday+OS+X+Exploits+at+CanSecW est/article17934.htm

That said.. I don't see anyone being able to do anything to Tivo via simple flash video. I also think any apps are gonna carry a {Tivo approved} type designation or come from a Tivo store.

Doesn't anyone here read? LOL. 20 exploits coming out this week alone.



That said.. I don't see anyone being able to do anything to Tivo via simple flash video. I also think any apps are gonna carry a {Tivo approved} type designation or come from a Tivo store.

We'll see how serious the 'exploits' he will be releasing are. I expect that there's some puffery involved.

Causing an app to crash with a modified audio/video/image file is pretty small on the list of vulnerabilities compared to what I've gone through on MS OS's.

If you have a router setup correctly, no one is going to find your Tivo box. So that leaves it up to you to mess things up somehow. I suppose if you subscribe to some bad rss feed that could cause a problem. I don't know all the Premiere does or will do in terms of pulling/browsing content.

Actually that's not the rationale with Apple at all, but simply something that people like to say to explain why there are no Apple viruses.. Plenty of hackers have tried to create exploits in Mac OS X, however the OS is simply far more hardened than Windows due to its UNIX roots.

Believe me, if an actual Virus was created for the Apple machine that didn't require the user to actively input their admin password, etc, to take effect, it would be an enormous accomplishment for whichever researcher or hacker pulled it off.

The reality is that there are no viruses for the Mac, simply trojans and assorted malware that you obtain by downloading illegal copies of applications like MS Office. Even then, the latest OS X version 10.6 blocks these attempts and lets you know that you are trying to install a hacked copy of software that will in fact hijack your Mac.

There is no such thing as a totally secure internet connected box, contrary to popular misconception apple has it;'s share of virus attacks, taek the time out to read the US-Ceter security database and see the numbers for security holes. Granted it is not as high as other OS's, but then again a majority of the script kiddies go after recognition - lot more there doing a script virii for 100,000 machines then 10,000 machines.

there is only one 99.99999 percent secure box, that is one that is not connected to any external connection, has no input devices other then a keyboard and a mouse, if you want to make it 100 percent, then remove the keyboard and mouse.

There is no such thing as a totally secure internet connected box, contrary to popular misconception apple has it;'s share of virus attacks, taek the time out to read the US-Ceter security database and see the numbers for security holes. Granted it is not as high as other OS's, but then again a majority of the script kiddies go after recognition - lot more there doing a script virii for 100,000 machines then 10,000 machines.

there is only one 99.99999 percent secure box, that is one that is not connected to any external connection, has no input devices other then a keyboard and a mouse, if you want to make it 100 percent, then remove the keyboard and mouse.

Yes, it's true that every OS has flaws and security problems, but OS X is far more secure than Windows. For that matter, Linux is far more secure than Windows.

Again, the difference between being the victim of an "exploit" on OS X is typically that the browser will hang or crash or the OS itself might hang or crash... not that someone gets to hijack your machine and start sending out email bombs to everyone on your contact list.

And, again, there is no self propagating virus out there for OS X. That's simply a myth. Are there some security exploits and "holes" that can cause programs to execute illegal instructions? Yes. That's still a far cry from an actual virus.

There could be 10X the OS X machines out there that you see now and far more interest in hacking them and you still wouldn't see the issues that are seen in the Windows world.

There could be 10X the OS X machines out there that you see now and far more interest in hacking them and you still wouldn't see the issues that are seen in the Windows world.Let me guess, you're a Mac owner? ;)

Yes, it's true that every OS has flaws and security problems, but OS X is far more secure than Windows. For that matter, Linux is far more secure than Windows.

Again, the difference between being the victim of an "exploit" on OS X is typically that the browser will hang or crash or the OS itself might hang or crash... not that someone gets to hijack your machine and start sending out email bombs to everyone on your contact list.

yeah, you just keep believing that fairy tale
http://news.cnet.com/Winner-mocks-OS-X-hacking-contest/2100-1002_3-6046197.html

update Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On Feb. 22, the Sweden-based Mac enthusiast set up his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Participants were given local client access to the target computer and invited to try their luck.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later, this poor little Mac was owned, and this page got defaced."

The hacker who won the challenge, who asked ZDNet Australia to identify him only as "Gwerdna," said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits--of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia

Let me guess, you're a Mac owner? ;)

Actually I have an MCSE and have Windows, Linux and OS X (Mac) boxes. The OS X boxes are the best blend of ease of use and reliability.

yeah, you just keep believing that fairy tale
http://news.cnet.com/Winner-mocks-OS-X-hacking-contest/2100-1002_3-6046197.html

Local client access = physical access to the machine?

If someone broke in your house and was sitting at your computer, root access is probably the least of your problems.

I kind of picture it like the whole Apple antivirus reasoning. There are (or in Apple's case were) so little units out there that there's not any point to develop a virus for it and honestly, what would be the point of setting up a virus for TiVos. Sounds like kind of a waste to me.

TiVo's run linux and there are quite a few of linux users out there. However, because of the extra precautions to the software partition, TiVos are almost impossible to modify without it being detected anyways.

Yes, it's true that every OS has flaws and security problems, but OS X is far more secure than Windows. For that matter, Linux is far more secure than Windows.

Again, the difference between being the victim of an "exploit" on OS X is typically that the browser will hang or crash or the OS itself might hang or crash... not that someone gets to hijack your machine and start sending out email bombs to everyone on your contact list.

And, again, there is no self propagating virus out there for OS X. That's simply a myth. Are there some security exploits and "holes" that can cause programs to execute illegal instructions? Yes. That's still a far cry from an actual virus.

There could be 10X the OS X machines out there that you see now and far more interest in hacking them and you still wouldn't see the issues that are seen in the Windows world.

keep believing that, it is those beliefs that keep myself and my company with a very nice profit margin with business from people who believe the same thing. Just finished one system recovery where the owner was assured the base OS was 100 percent secure. The ending bill will keep the cats and the family in kibbles and food for the next 5 or 6 years, have 5 more contracts for recovery and sanitation that where just signed last week

Local client access = physical access to the machine?

If someone broke in your house and was sitting at your computer, root access is probably the least of your problems.

Exactly. LOCAL CLIENT ACCESS. And yes, there's no guarantee against stupidity.

However, please demonstrate to me the OS X owner who plugs their machine directly into the Internet and immediately gets pwnd by the Script Kiddies out there. It simply doesn't happen.

I'm sure that there are plenty who manage to inflict harm on themselves, but that's not really the point I made, is it?

keep believing that, it is those beliefs that keep myself and my company with a very nice profit margin with business from people who believe the same thing. Just finished one system recovery where the owner was assured the base OS was 100 percent secure. The ending bill will keep the cats and the family in kibbles and food for the next 5 or 6 years, have 5 more contracts for recovery and sanitation that where just signed last week

This isn't about beliefs, this is about direct experience. I'm sure plenty of Mac owners manage to chew up their machines but that's not the point I was making.

The point is that they are pretty much rock solid against worms, malware, internet borne viruses and the like. If you walk up to the machine and boot it from CD with the right utilities to root the machine then obviously your machine is not PHYSICALLY SECURE. Anybody who needed to be so concerned about physical access compromising their machine would likely have their entire main hard drive partition encrypted with TrueCrypt or something similar so it's just a bit laughable that this somehow proves macs are vulnerable.

I have been in the IT industry for 15 years. I have advanced Cisco, Microsoft, Avaya and Extreme networks certifications. I've used virtually every private/commercial OS that's been produced since 1990.

I will say that for your typical user, OS X is far more reliable and secure than any flavor of MS Windows. This is my own personal opinion and others are entitled to theirs, but it's fun to see no lack of Apple bashers in ANY forum you visit these days.

I will say that for your typical user, OS X is far more reliable and secure than any flavor of MS Windows. This is my own personal opinion and others are entitled to theirs, but it's fun to see no lack of Apple bashers in ANY forum you visit these days.

Yeah, there's no lack of Apple bashers because there's no lack of egotistic, smarmy, self-centered, holier-than-thou Apple fan boys out there to bait. :D

Yeah, there's no lack of Apple bashers because there's no lack of egotistic, smarmy, self-centered, holier-than-thou Apple fan boys out there to bait. :D

I suppose people are afraid of what they don't understand. Again, have used pretty much every OS made from Windows for Workgroups to System V UNIX to Redhat Linux, Solaris, BSD, SCO UnixWare, Windows 3.1, XP, Vista, 7 and OS X.

OS X is the best consumer OS out there. Unfortunately you have to buy a pricey Mac to run it (legit) but it's worth it.

http://vectors.usc.edu/thoughtmesh/publish/uploaded/uploaded_200/leopard_os_x_ill.gif

This isn't about beliefs, this is about direct experience. I'm sure plenty of Mac owners manage to chew up their machines but that's not the point I was making.

The point is that they are pretty much rock solid against worms, malware, internet borne viruses and the like. If you walk up to the machine and boot it from CD with the right utilities to root the machine then obviously your machine is not PHYSICALLY SECURE. Anybody who needed to be so concerned about physical access compromising their machine would likely have their entire main hard drive partition encrypted with TrueCrypt or something similar so it's just a bit laughable that this somehow proves macs are vulnerable.

I have been in the IT industry for 15 years. I have advanced Cisco, Microsoft, Avaya and Extreme networks certifications. I've used virtually every private/commercial OS that's been produced since 1990.

I will say that for your typical user, OS X is far more reliable and secure than any flavor of MS Windows. This is my own personal opinion and others are entitled to theirs, but it's fun to see no lack of Apple bashers in ANY forum you visit these days.

Like I said keep believing it, someday it might be true. If you want to compare creditials - started in 39 years ago, been running a very successfull company for 17 of those 39 years. As far as security - might want to take a look at cert bulletin published these last couple of weeks.

have a good day today and a better day tomorrow, not worth continuing this conversation about security. I an not a apple basher, why should I be? My company gets a pretty good chunk of change from them as customers when their systems have issues due to security holes, like I said keeps the cats, my famility and myself in kibble and food plus a lot left over for the toys in life. Same as with Unix users, Linux, Windows, Solaris systems, not a exposed system on the market that cannot be hacked and violated.

Local client access = physical access to the machine?

If someone broke in your house and was sitting at your computer, root access is probably the least of your problems.

Exactly. LOCAL CLIENT ACCESS. And yes, there's no guarantee against stupidity.

However, please demonstrate to me the OS X owner who plugs their machine directly into the Internet and immediately gets pwnd by the Script Kiddies out there. It simply doesn't happen.

I'm sure that there are plenty who manage to inflict harm on themselves, but that's not really the point I made, is it?

You really should do more industry reading versus taking cert tests then
http://news.cnet.com/Apple-patches-serious-Mac-OS-flaws/2100-1002_3-6044945.html?tag=mncol;txt
March 1, 2006 6:15 PM PST
Apple Computer on Wednesday released a security update for Mac OS X that fixes 20 vulnerabilities, including a high-profile Web browser and Mail flaw disclosed last week.

The set of patches addresses a variety of security flaws, including several that could let an attacker gain control over a computer running the operating system software. The patch arrives after two weeks of intense scrutiny for Apple Mac OS X safety, prompted by the discovery of two worms and the disclosure of two security flaws in that period.

The Apple security update addresses those flaws, which affect the Safari Web browser and Apple Mail client. The vulnerabilities expose Mac users to risks that are more familiar to Windows owners: the installation of malicious code through a bad Web site or e-mail because of improper validation of downloads.
simply put - even in hack contests at white hat conventions - Apple OS typically falls first. I agree that out in the wild Viruses spread through Windows much faster but that is a factor of scale versus hardened OS. With security certs should come the knowledge that the only way to really harden an OS is to limit its functionality, which just will only ever go so far in a retail OS. If I was your employer, I would not be happy you did not express that right off the top of your head in relation to security issues

Oh - and back in the day I managed the secure network at a DVD maker to which the digital copy of Electronic Arts games were delivered so they could be put on the disc for retail. This means I had crown jewels of EA games not even out to market nor secured on the DVD yet. How often do you think hackers came at my network? Plus I had to fortify my internal network so the EA games were on their own secure network but accessible to our production facilities. I was CISCO certified and lived security in real life.

You really should do more industry reading versus taking cert tests then
http://news.cnet.com/Apple-patches-serious-Mac-OS-flaws/2100-1002_3-6044945.html?tag=mncol;txt
March 1, 2006 6:15 PM PST

simply put - even in hack contests at white hat conventions - Apple OS typically falls first. I agree that out in the wild Viruses spread through Windows much faster but that is a factor of scale versus hardened OS. With security certs should come the knowledge that the only way to really harden an OS is to limit its functionality, which just will only ever go so far in a retail OS. If I was your employer, I would not be happy you did not express that right off the top of your head in relation to security issues

What a laugh. Four year old article you link there? Solid! Maybe you should spend more time using modern computers instead of using your wayback machine. There is no demonstrated hacking contest in which Macs "get owned first".... but whatever, you are clearly a computer security expert who also has a vested interest in hating on Apple.

Since you seem to have a simple understanding of computer architecture and also a fondness for fluffy links, here's a fluffy link from a neutral site;

http://www.computerhope.com/issues/ch000737.htm

What a laugh. Four year old article you link there? Solid!

the point is that these types of things have been in Mac OS all along. And somehow Cnet is not neutral, but Mac haters as well? Wow, if I was your employer I would be changing your responsibilities at the company after reading this.

ETA - Holy smoke - your fluffy link states the very thing I and the others have said to you
It is possible for an Apple Macintosh to get a virus, so the short answer to the question is Yes. However, the likelihood of an Apple Macintosh user getting a virus when compared to a Microsoft Windows user is very little to none. In fact, many of the Apple Macintosh users don't even run an antivirus protection program.
If I was your employer I would be drawing up your termination notice at this point.

the point is that these types of things have been in Mac OS all along. And somehow Cnet is not neutral, but Mac haters as well? Wow, if I was your employer I would be changing your responsibilities at the company after reading this.

ETA - Holy smoke - your fluffy link states the very thing I and the others have said to you

If I was your employer I would be drawing up your termination notice at this point.

Get over yourself. You couldn't afford my benefits package let alone my salary. If your personal attacks continue you will be reported.

Get over yourself. You couldn't afford my benefits package let alone my salary. If your personal attacks continue you will be reported.

your post speaks for itself

This has devolved into one of the most childish threads I've seen in a long time. Give it a rest, guys.

J C!!

J C!!

:confused:

You really should do more industry reading versus taking cert tests then
http://news.cnet.com/Apple-patches-serious-Mac-OS-flaws/2100-1002_3-6044945.html?tag=mncol;txt
March 1, 2006 6:15 PM PST

simply put - even in hack contests at white hat conventions - Apple OS typically falls first.

I don't know why you quoted me. I only pointed out the irrelevance of an attack requiring physical access in this discussion. If you're concerned about the physical security of your home, get a dog.

I don't know why you quoted me. I only pointed out the irrelevance of an attack requiring physical access in this discussion. If you're concerned about the physical security of your home, get a dog.

He clearly doesn't understand direct physical access and its significance in a "hack off" vs. remote vulnerabilities that allow actual root access to a machine.

I don't know why you quoted me. I only pointed out the irrelevance of an attack requiring physical access in this discussion. If you're concerned about the physical security of your home, get a dog.

True my comments were not specifically for you but the general post was about the fact the hacker does not have to sit directly at the Mac to do what they want.

"local client access" merely means he made it the equivalent of being on a another machine on the network that can access the server though the attacks came from over the internet.

anyhow you all can beleive as you will. I pointed out enough examples of how a MAC OS is just as unhardened as any other retail OS out there. If the attacker is motivated he can break into anyone of them.

PS - hint for the actual topic of this thread - the TiVo is NOT running a retail OS and is significantly more hardened.

He clearly doesn't understand direct physical access and its significance in a "hack off" vs. remote vulnerabilities that allow actual root access to a machine. you clearly do not know the meaning of "Local Client Access"

lol antivirus on a Tivo...awesome!