on a security note for apple users - this might be worth keeping an eye on.. http://www.securityfocus.com/news/11375/1 ""On a good day, Apple doesn't even make it to Microsoft's level of security awareness," Beale said." "The company has generally refused to discuss the security of its Mac OS X operating system with the media and declined to comment for this article" "That popularity could be the reason that the number of vulnerabilities logged in Apple's Mac OS X surpassed the number of vulnerabilities found in Microsoft's Windows XP in 2004 and 2005, according to data from the National Vulnerability Database (NVD). Apple had to contend with 88 vulnerabilities (29 high severity ones) in the Mac OS X in 2005, up from 54 in the prior year, while Microsoft patched 61 vulnerabilities (38 deemed of high severity) in Windows XP in 2005, up from 44 the prior year, according to the NVD. The data does show that fewer of the flaws in Mac OS X were considered severe." "Ironically, Apple's lack of experience with major attacks might also cause problems for the company and its users, Kaminsky said. "The reality is that security work does comes from a trial by fire," he said. "And Apple really has not had that experience. It had not had the experience from some 20 years that Unix had and that Linux has absorbed. It has not had the experience that Microsoft had with its summer of worms." Yet, it's almost certain the experience will come, he said. http://news.com.com/2100-1002_3-5225115.html Worse than it sounds? Another critique, leveled by digital-security company @Stake, is that Apple has downplayed the threat of potential vulnerabilities in its descriptions of flaws. In one example, Apple last month patched a series of holes including a buffer overflow in the Apple file-sharing system that could allow a remote attacker to take control of the system. Apple, though, described it as a correction "to improve the handling of long passwords." "another case, a security company called eEye said Apple rated as minor a QuickTime flaw eEye had found. Apple said the flaw in the QuickTime movie player for Mac OS X could cause the player to crash, while eEye said the real problem was that it could allow malicious code to be executed" Despite its relative stability, one challenge is that the average Mac user may not even be aware that the OS contains all this Unix code that could potentially have holes. "It's kind of new for all Mac users, unless they had a good Unix background to begin with," said Michael Junkroski, who, along with his brother Patrick, runs VSM.net, a Florida-based IT consultancy that is an all-Mac shop. "I think we were all probably a little lax because we thought the OS was impenetrable." Junkroski said there are 55,000 viruses in the wild that affect Windows machines, compared with zero for Mac OS X. "In theory, a few (vulnerabilities) have been found. In practice, nothing has happened." k
