Somewhat off topic - keeping older Macs running

Bill Cole macportsusers-20171215 at billmail.scconsult.com
Mon Apr 25 14:16:03 UTC 2022 

On 2022-04-25 at 03:06:25 UTC-0400 (Mon, 25 Apr 2022 15:06:25 +0800)
James <jam at tigger.ws>
is rumored to have said:

>> On 25 Apr 2022, at 1:44 pm, Dave Horsfall <dave at horsfall.org> wrote:
>>
>> On Mon, 25 Apr 2022, James wrote:
>>
>>> I too have old macs that cant be updated. I just keep a time machine
>>> backup and if ever I get hacked a quick restore will fix. For 10 
>>> years
>>> I've had no issues !!
>>
>> Your "old macs" are not protected by a firewall?  One day...
>>
>> As for backups, consider malware that will not trigger until well and
>> truly embedded into your backups; not much use then, are they?
>
> Dave methinks there is lots of hysteria in the arena

Yes, but there is also a lot of nasty reality.

> I have no firewall on my modem and no firewall on any of my machines. 
> Yet the world is full of stories about exploits! Most of those are 
> windows exploits!

Most but by no means all. A lot of modern attacks are multi-platform as 
they start as scripts on web pages that run in any browser, or as abuse 
of embeded execution mechanisms such as VBA in MS apps and embedded 
JavaScript in PDFs.

> Lets consider firewalls:
>
> By RFC no router on the internet may route a private IP. So *every* 
> router between you and bad guys is broken!

So, this glosses over a couple of things...

1. Enabling NAT in your router (which may also be a modem) is a *form* 
of a firewall. Without NAT, 'private' (RFC1918) IPs do in fact not route 
anywhere

2.

> A firewall allows ESTABLISHED,RELATED traffic back, so if you've got a 
> bad machine then bad guys can get to that machine and from there to 
> your macs.
> If you have a compromised machine then it is a target.
>
> A decade ago one of the anti-virus companies offered $10 000 and a 
> Sony Viao to first person to hack their honeypots. The windows 
> honeypot was hacked in under an hour, the mac in a week (a flaw in 
> safari) and the linux 'pot has never been hacked. They ascribed this 
> to being unkewl to hack linux. Nonsense you'd be a hero for exposing a 
> flaw (as has happened a couple of times.)
>
> If you enjoy playing then by all means, if not then enjoy an icecream, 
> except if you have windows machines on your network forget the 
> icecream.
>
> I guess IPV6 will change the landscape somewhat.
> The subtle comment about ring 0: linux and mac work in a way that is 
> very limited, what disk?, whereas widows you are not allowed, here is 
> $100, well ok.
>
> Query: heresay not allowed, who has ever had a mac hacked?
> James


-- 
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

More information about the macports-users mailing list