Well, for starters, 10.4 is vulnerable to shellshock, and various service reflection vulnerabilities. If somebody gets in -- and there are ways in -- then they can do anything with your computer that they could do with, well, any computer.Many Thanks for the suggestion . Great ideas you have.
Now , for endangering everyone with OSX 10.4, please enlighten me . That is very interesting .
I've been attempting to explain about this for two or three years now. Basically, the value of a remotely compromised system these days isn't in the personal data that's on it -- it's in that computer's ability to mine bitcoins or send spam.
On Windows, this gets accomplished by installing a tool such as pushdo, which is essentially a framework that allows an attacker to install additional components on the machine to do tasks. Pushdo could be used to deploy bitcoin agents, or to deploy cutwail, a tool that sends spam and phishing e-mails.
A Mac or Linux computer can also do these things, and if you can get access to one of those systems, it's even easier because the mail server is already built in.
All of this generates the amount of spam and traffic on the Internet, reducing performance for everybody.
You'd be surprised. This post is about a person whose NeXT virtual machine was configured as an open mail relay, and they didn't notice it was spewing spam until it had been doing so for potentially weeks, and only because of a very low RAM situation -- something most Mac OS X machines won't have. They don't go into it, but they really only notice because the whole machine was crashing due to the massive crush loads on one process. The implication was that it took them quite a long time to notice because, well, otherwise, the machine operated at its normal speed and responsiveness.I think I would notice if my Mac was being used as a botnet or mail server.
For as often as I talk about how slow even the fastest of PowerPC macs, a good G4 (something like a single-CPU, 700MHz to 1.2GHz or so, maybe a gig of RAM) can almost certainly handle sending 3500 messages without the user at the keyboard noticing. Probably the one time you'd notice is if you did something else insanely resource-intensive, but even then, there's a good chance if you were only doing one resource-intensive thing at a time, you wouldn't notice, unless you were extremely well-attuned to the amount of time a task should take (in totally insane detail i.e. wow this frame should actually take six seconds less to render.)
If you go down to something a whole lot slower (something most of the PPC/OSX enthusiasts have moved on from, like a 400-600MHz G3 with 512MB of RAM) then you're slightly more likely to notice, but that class of machines was pretty frequently using nearly all of their resources with 10.3 and 10.4, so a crush load of dropping 3500 spam messages onto the mail queue might make you notice. maybe.
Last edited by a moderator: