Anyway, I think we have kicked this dead horse enough. It all comes down to personal choice, and everyone is entitled to their own. Each OS has its positive and negative points. Personally I’m happy with Vista.

I think half the problem for Vista has been that a lot of Windows users do not welcome change like Mac users do. Especially after XP being around for so long. I actually had a guy I was talking to say he hated Vista and for him Windows 98 was perfect. He wished that Microsoft had just stopped there. How do you satisfy that guy? Windows 98 really wasn’t the epoch of OS design, I’m sure of that.

There really are a lot of good features in Vista. The new explorer is really good. It will automatically adjust your security (file sharing, firewall, etc) settings based on if you are on a private or public network (wifi or lan). The new start menu is so useful. I think it has the best implementation of search I’ve seen (better than Google Desktop, Spotlight, Beagle, etc). Vista Media Center is by far the best DVR interface I have used. You never hear about that stuff though, you just hear that some old program won’t run on it.

Check this link this guy says that Linux with Wine or DOSBox runs games better than Vista because it could run Soldat, Darwinia, Blackthorn, and Civilization 4. I haven’t even heard of the first 3 games, and from looking online people run Civ4 on Vista. It might have taken some tweaks (when doesn’t PC gaming? That’s why I have a console instead), but I’m sure it was less that setting up Wine on Linux.

But what I said was that I was NOT behind a NAT router. I plugged a MacBook Pro right into my incoming internet connection – no hardware firewall whatsoever, and reconfigured the ethernet settings to use the direct connection. And the Leopard firewall preference setting was to “Allow all incoming connections”, and ShieldsUp stated all ports are closed. So you are wrong, at least about the Leopard “firewall”. And you obviously haven’t tried it, or you’d see that I’m correct.

I think the confusion is that the firewall in Apple’s preferences seems to be what Apple is calling an “Application Firewall” – the open source firewall ipfw is still present at a lower level, and can be accessed via the terminal, from what I’ve read. I think Apple has major terminology problems here, but the fact remains that if the preferences are set to have the APPLICATION firewall in the preferences “Allow all incoming connections”, all ports are still closed. That explains the basic security out of the box of a Leopard install. Perhaps the correct terminology would be to say that in Leopard, the packet inspection firewall ipfw is still always running (on) in the background, even though the Apple’s UI seems to indicate the firewall is off. I’m not defending them – I think this was a major UI blunder. And it’s caused all sorts of bad press.

BTW, when I am behind my hardware firewall, Shields UP shows all the ports as “stealth” unless I configure them otherwise on my router.

“The firewall is really only that significant in public network (usually wifi) scenarios for most people. I can see people’s Mac’s on my school subnet (but they can’t see me). ”

True. Which is why a default install of Leopard has all ports closed, so you don’t have to worry while on a public network.

“It is well documented at a number of sites that OS X defaulted to “allow all incoming connections” until very very recently.”

They still do, but all the ports are closed, as I said.

“About Leopard, I would call it more of a feature pack than a service pack. ”

Sure, you can call it what you want. The many additional features is why it was a paid upgrade. Apple’s service packs are free. Apple is just a bit more responsive than Microsoft in this area. But there were many changes to the underpinnings of Leopard, from a developer’s standpoint. Probably more than any other OS X release. Many made to support the new features Apple added, but also to allow more innovation from third party developers.

“Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn’t at all like the difference between XP and Vista, good or bad.”

I would agree with you – there were many more differences between XP and Vista than between XP SP1 and SP2.

“And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don’t really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn’t mean anything. It is just their version policy.”

And Apple’s version numbering policy is that all of the Mac OS X releases have a version number starting with “10″, with the first number after that signifying paid releases with major features AND many underlying changes, and the second number after the “10″ being free “service pack” releases. But yet many don’t understand that going from 10.4.x to 10.5 is a MAJOR release and don’t understand why they have to pay for it. It’s all marketing – Apple wants to milk the roman numeral “X” for as long as possible.

About Leopard, I would call it more of a feature pack than a service pack. Arguably the underpinnings of a lot of significant parts of Windows XP were dramatically changed between SP1 and SP2. That is why a fair number of programs had to be fixed to work with SP2. Not a lot of features changed though. Sure the dock changed some, they added built-in backup, etc, but the core of the OS is mostly the same. It isn’t at all like the difference between XP and Vista, good or bad.

And the internal numbering differences (from the roughlydrafted.com link) between Microsoft and Apple don’t really mean much for me. Just because Windows 2000 was NT5 and Vista is NT6, but Apple has gone from Darwin 4 to 9 in the same period doesn’t mean anything. It is just their version policy. Just look at the difference in numbering between Debian and Fedora Core. In the last 12 years Debian has gone from version 1.1 to 4.0. Fedora went through 8 versions (cores) in 4 years. Yet fundamentally they are both using the same base components.

I wrote:

I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:

http://www.microsoft.com/windowsxp/sp2/features.mspx
vs.
http://www.apple.com/macosx/features/

Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.

For further information, see:

http://www.roughlydrafted.com/2007/10/31/ten-myths-of-leopard-2-its-only-a-service-pack/

Gibson web site:

http://www.grc.com

I don’t think even Microsoft, the best company in the world at marketing mediocrity, believes that. See:

vs.

Granted, I wouldn’t consider all the 300 things Apple touts as “features”, but Leopard is substantially more different from Tiger than SP2 is different from SP1.

For further information, see:

?

“I just think it is crazy that in 2007 Apple would try to sell an OS with the firewall off by default. “

But that doesn’t mean all the ports are open. They’re not. Actually, even all Mac OS versions prior to Leopard installed with the firewall preference setting off I believe, and always came with all ports closed out of the box. So all Mac OS X versions have had the firewall off by default since what, 2000? Where are all the security breaches cause by the firewall being open? Oh yeah, the security by obscurity thing that we can’t prove yet.

Traditionally you only needed to “turn on” the firewall in Mac OS X if you needed to open some ports. Most users would not need to do this. But they can if they want.

If I run Shields UP from the Gibson Research Corp. web site (), with the Leopard (10.5.1) firewall off, and outside my hardware router, I see that all ports are closed. Not all marked as “stealth”, but all closed. Of course you can configure the Leopard firewall to “Enable Stealth Mode, if you like.

“You can see why though (http://www.heise-security.co.uk/news/98492), because it broke applications. Even now you have to allow Skype to accept inbound connections every single time you use it. It was easier for the user to not have a firewall on. Probably the same reason Microsoft didn’t enable it by default on pre-SP Windows XP.”

Microsoft didn’t enable it AND they left a bunch of ports open, which was why all you had to do was connect a Windows box to the internet and watch it get violated in 20 minutes or so.

I think the reason the firewall is left off by default in OS X is because all the ports are closed by default, and you only need to turn the firewall on if you need to open ports, not because it breaks software when turned on. Not that Skype has been the most reliable software on the Mac anyway, but I’m sure that problem will get sorted out eventually.

Greg: The statement that the sky is failing was usually (at least when I read them) tied to Mac’s becoming popular, and that hasn’t happened either.

JZ: Just because Windows defaulted to super user, it doesn’t mean the underlying base is insecure. In fact, I think that Windows 2000 was a very good base for a multi-user GUI OS. The defaults may have been set insecure, but it could be locked down quite well.