Slashdot Mirror
Symantec: Mac OS X Becoming a Malware Target
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
Why does it have to be one or the other? From what I've found in OSX is that it can have style AND function.
Is that so wrong?
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
or at least it will make a change from the massive amounts of mailings on bugtraq about the latest exploit in Win/nix
Wake me up when using XFactor starts being a problem.
Really?
Even so... what's the matter? Style's still pretty good, even if the box is full of viruses...
Can someone out there tell me what the reality of the situation is? Do you really need anti-virus for OS X? In the research I've done I can't seem to find any references to real (as in active in the wild) OS X viruses.
We will be transitioning about 8 production Macs to OS X later this year, and I am wondering whether I need to concerned at this point. It doesn't seem like I do.
I also understand the possibility of exploits in some of the open source code used in OS X. I assume you deal with this the same as on any other OSes and patch it when the fix comes out.
Sometimes my arms bend back.
you mean windows viruses.
but Symantec have to boost their flagging stock price somehow
Mac products out the door again. I guess with Apple projected to take 5% of the market share they decided maybe it would a good idea if they actually started pushing Mac products.
Is it really true that the only thing protecting Macs thus far has been their smaller by comparison presence on the Internet? Is there nothing to be said for the inherent security or insecurity of a particular platform? This is the kind of argument that free operating systems get against their security all the time. It'll be interesting to see whether the Mac platform can stand up to increased attacks. If it does, this might help convince people that some platforms really are more secure than others.
only on IE for Mac. That makes up all of 1%
..but I already use an Antivirus for my Mac. Mind you I switched over from Windows a little under 1 year ago and since I use these machines for work I really didn't want to risk, even if it's 0.0001% of getting my work machine infected by a virus. All it could take is one sneaky website I visit to infect me, record information and I honestly wouldn't really know - mind you I doubt the Antivirus updaters would know about any Mac virus within 1 week of being lanched.
And no, I use McAfee. And it's not too bad, but then again I am biased as we bundle McAfee with systems.
That's great!
/usr/ports/malware
Once they have it for OSX it must be fairly easy to port it to FreeBSD. I guess they might have to add a new category in the ports:
Of course, figuring out how to fix it is no fun, because macs "just work" and suggesting otherwise makes one a troll.
I suspect the problems stem from installing Konfabulator and a bunch of widgets (one of which would cause the coputer to hang whenever it was started), but I haven't had the time or motivation to figure it out. I don't shit about administering Mac OS X - I only bought it because I was sick of playing sysadmin for every windows box in my extended family.
i forget
This is to be expected ... almost inevitable ...the best we can hope is that security holes will be patched in a prompt manner ... as users will continue to practice flawed security ..(firewall off etc.)
What else can a mac user do?
gee wonder why Symantec, an antivirus and firewall maker, would say such a thing...
Some people believe 1-1=3 and for the sake of being politically correct, we should respect their differences
I have been using Mac's for 8+ years now, I even orderd my Cube on a Dreamcast, and have never had a virus or malware... so you can put me in the "believe it when i see it" catagory.
Is that so wrong?
Yes. Now, back to the bash prompt with you, heathen, and may the glistening tentacles of Aqua and Luna never intrude upon your conscience again!
(I kid, I kid. Luna doesn't glisten.)
The coolest voice ever.
please move along.
I didn't see anything in the article that = news. OS X has always been vulnerable, since no OS is safe. Accept that one that is never turned on and used.
"The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks."
It's a reason for sure, but the only reason? I think not!More like... nerdular nerdence!
"style over function" Yeah, like the "style" of increased security. In some sick way I hope that OSX becomes a target so we can finally know the answer to whether OS X has limited security issues due to its user base or design.
Bad or non-existant passwords, crappy anti-virus software (Virex, I'm looking in your direction!), and a long-unchallenged (calm down, I mean by experience) belief that Macs would continue to be unaffected by this sort of thing always seemed like they'd rear their ugly heads one of these days. But on the other hand, why trust the exterminator when he says it's bound to be a big bug season?
So their only "real" proof that hackers are targeting OS X is a rootkit? Wow. The Symantic FUD, aka "we need to sell more versions of NAV for the mac" has been shifted up a gear.
See also Symantec: Mozilla-based browsers increasingly targeted by hackers.
As a user of Firefox on OS X, I'm terrified.
--
the strongest word is still the word "free"
Symantec Anti-Virus OSX Version 1.0:
Please upgrade to signature file 032105.sgn, your current version only detects 3 viruses, however the new signature file finds and cleans 5 different viruses.
I think that if anything, this would boost sales of Apple's .Mac Service which includes a copy Virex.
Shades of Grayden
If I'm not mistaken, doesn't OS X log you in as a non-root user? And if that's the case, isn't the regular user (as in Linux and other Unixen) unlikely to do major damage to the system?
DBA? Software Engineer? My company is hiring! Click
Maybe Symantec is trying to draw attention to generate more business for themselves because there certainly haven't been any viruses released yet on OS X that Symantec provides any real protection for - so I wonder, what information could they be basing their statement on? Secret contacts with the hacker community? Certainly nothing public...
The protection will come from such sexily named files as Security Update 2005-002 and Security Update 2005-003 distributed courtesy of Apple Inc.
..he goes on to warn that the only thing that's protected Apple users from Symantec so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a viable market for Symantecs' shareholders...
Backup your stuff and forget the N bomb. Running Norton just slows everything down.
Both, actually-different processor architectures for the greater part do prevent a virus written for an operating system using one type from working on the same designation of model operating system built for a different architecture.
But of course a company which sells software to people who want to protect their computers from viruses/spyware is going to say there's a problem. It is in their interest. And they aren't a disinterested party. (Shame on them.)
My anecdotal experience (being a tech at a major U.S. University) is that Macs never have virus/spyware problems and properly patched Windows machines (meaning commercial anti-virus/spyware software installed) do occasionally have problems. Intelligent users can almost always overcome the problems on Windows. But on Macs the problems simply do not come up.
I have seen nothing to indicate this will change for Macs. Unless Microsoft starts funding some black ops.
Random Google for "Koalas Kill People" returned this:
e lo sitodiablo.html
http://www.koalabearsarebears.freewebspace.com/
Vampire Koalas, Tribble Peeps, and the Four Cupcakes of the Apocalypse.
I think my fever must be getting worse...
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
In its seventh bi-annual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system.
Don't let this line fool you - it doesn't necessarily mean that OS X is inherently more secure than Windows, or Linux, or whatever. It can safely be said that the amount of resources being expended to identify and cure OS X vulnerabilities is at least somewhat smaller than those used for Windows, in rough proportion to OS X's much smaller market share. The lesser amount of pure research, plus the lesser amount of wild exposure, mean that there will be plenty security-wise in OS X that's missed. The truth won't really be known until OS X gains enough visibility to have as much as, or at least a fair chunk of, what Windows has thrown at it on a daily basis.
Obscurity isn't a permanent solution by any means, and here is the proof.
The coolest voice ever.
Talk about a load of bullshit. the way Mac works, users have to explicitly allow malware to install itself. talk about spreading FUD to try to sell more license of their own software.
Windows and PC are the same for some people
On MacOSX, most (all?) network services such as ftp, sshd, httpd... are turned off by default. And automatic software update (prompting the user) is on by default. That, coupled with a better security model from the ground up will ensure that the MacOS never becomes the trojan-infected mess that Windows has become.
Methinks that Symantec is propagating FUD to drum up sales...
Whenever anybody talks about OS X vulnerabilities its always "If OS X gains market share" or "viruses on OS X are likely.."
I can accept the THEORY that OS X will become a target as more people use it. BUT let's look at REAL numbers. I know of NO major (or even minor) outbreak of a virus or malware on OS X. Might..could...likeley....well there HAS NOT BEEN ONE.
Also. There will be more than one post that talkes about the fact that OS X users do not run the as the equivelant of a user with administrator roots on windows (which 90+ % of all windows users are guilty of).
The WORST you could do is trash your user environment. NOT the OS.
...turning it on is fine. Attempting to use it is what gets people in trouble, especially while connected to an untrustworthy network.
From what experience I've had with Norton antivirus for the PC, it does more damage to performance (network latency and throughput, memory and processor usage) than most malware. I've never installed it myself, just seen it on other people's PCs. I might just have wrong/incomplete experiences, but I think that their software is bloated crap with a horribly confusing UI. If I had a Mac OS X, I would prefer to have a command-line controlled utility which I never have to see, which runs as a service, updates transparently and can be fully controlled using plaintext configuration files. NOT anything remotely like Norton for the PC. Virex might not be good, but unleashing the pestilence of Norton upon the Mac is... cruel. Isn't there something like a chkrootkit in Darwin ports or Fink?
That is correct, but you have to admit that the data a user has (work, music, etc.) is likely to be far more important than the OS. I can reinstall my OS X and apps and recompile my OSS software in a day, but if I loose my source files, I'm in a world of hurt.
In other words, Mac users are the cause of OS X insecurity. Sounds about right.
XML is like violence. If it doesn't solve the problem, use more.
a small program that
1) fool web browser to download without user notice
2) chmod itself ---x--x--x
3) excute itself!!!
I don't think that is possible at *nix systems
"Steve Jobs invented the world" -- Bill W. GATES
That analyst obviously hasn't spent much time working with OS X. It certainly has style and function in my opinion.
It will upset the frothing Linux zealots who keep insisting you cant have both - thats their excuse for liking a GUI (doesnt matter which - Gnome / KDE - take your pick) that is less intuitive to use than even Win95
The only real issue I have with OS X and viruses is with MCSFT Word macro viruses. Its worth having something that can sort those bad boys out because they can be spread to other users. I have one user who is constantly propagating macro-viruses, but I think I found the solution.
I'm moving him to Apple's Pages software.
Seems to handle doc files just fine, and no macro issues.
If MS had focused on security and not features, XP's kernal wouldn't be accessible by spyware, but we all know that's not the case. And to give MS a little bit of credit, it has to deal with thousands of more configuations when creating an update. Apple does not, hence they fix their holes right away, that and the OS was designed with security in mind. Some PC networks are now turning to OSX XServes as a preventive measure against attacks on the net and it's working.
Keep your head planted firmly in the sand.
There is nothing to worry about. OSX is perfectly safe.
There may have been 37 alleged vulnerabilities identified in MacOS X, but there have been ZERO exploits of those vulnerabilities. Apple has often released patches within 48 hours of discovery of a vulnerability.
At the current time, there are NO known exploits for MacOS X. NONE.
But MacOS X is not secure because it's obscure; it's secure because it was designed that way.
But it is obscure. It runs on a platform that has, for now, about 3% of the market. It's obscure in the sense that virus/spyware/malware authors don't usually think about targeting it - or, if they do, they consider it only briefly and then toss the idea out the window. Ignorance and indifference are the main reasons why OS X hasn't had to face the onslaught that Windows has (and this onslaught doesn't necessarily have to mean successful attempts). The benefits of exactly how OS X was built will remain unknown until such time as it takes over a decent chunk of the market to warrant the attention of attackers - assuming that ever happens, of course.
Anyone who has been a Mac user for any length of time and has used Symantec products can testify to the horrid filthy mutilated piece of code that is a Symantec product on the Mac.
This is NOT A TROLL.
I have seen (and experienced myself) Symantec products CAUSE more problems than they fix (if they are even successful at fixing any) on the Mac platform.
I pity the poor soul who has no experience with Symantec on the Mac and falls for this pathetic ad piece.
'nuff said.
I believe if we look at the record of vulnerabilities in the Fairplay/Itunes DRM solution by Apple we can conclude that they could not really withstand the concerted attention of hackers.
If these hackers had malicious intentions Apple would be in a lot of trouble now. If they become an attractive target they will fall.
Surur
Information is the location of things. Computation is moving things around.
The answer is, of course, NO. At this point having virus protection for a Mac OS X box is worthless. In fact, worse than worthless because the virus software itself can, and will, cause problems, need updates, etc.
At some point this will change, and then you'll need to get something. If we're lucky, the few malware releases the Mac will get each year will be targeted by freeware or shareware products to fix them. There's no way to tell until it begins to happen...
Gee, where have I heard that argument before. Oh yeah, I was modded down for it a couple days ago for suggesting that Linux has less hacks and seems more stable only because it has far less desktop volume.
for a W2k box and it's crap. The fact that I never _really_ know if it's stopping the things it says it's stopping aside, it sometimes takes the machine fifteen minutes to shutdown. If I disable Norton the machine shuts down in a few seconds.
Necessary? Maybe. Top shelf software? I don't think so.
Quite simply, Microsoft's operating systems and applications are unique within the industry -- no, not just the industry, but almost unique in post-1989 history itself -- in the careless way they treat data as code. Nobody else would have deployed ActiveX, or deliberately made executing a mail attachment as easy as clicking on it.
I can believe MacOS (or any other platform) has its share of bugs that can be exploited, but you just can't find anything as dangerous-by-design as Windows. Windows will always (even as its marketshare fades) be a comparatively unsafe platform, relative to what is normal. It's not just about code quality, it's about amazingly dumb ideas, combined with business practices that resulted in a situation where users' happiness is not a significant market force.
And of course, there's the obvious counter-example: where are all the BIND and Apache worms? Talk about "sheer number of devices"!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
10 years on the Internet, 24x7 for eight of those years. No antivirus. Not a single infection....
I do install one copy every few years to verify this personal protest against virus company scare tactics
Apple fans are the perfect audience. Most are technically non-savvy arty types who are easier to FUD.
Engineering is the art of compromise.
One nice thing about OS X is that many applications are distributed as "bundle" directories that you can just drag and drop anywhere and run from anywhere. Such applications by default don't have permissions to hose your entire system, but they still have God-like privileges within your home directory, which is where most of us keep all our important stuff.
However, instead of going with the elegant "bundle" arrangement", many applications for OS X ship with installers that request an admin password so that they can install zillions of files on your disk that can do anything they want. As long as this is allowed to continue, spyware is definitely eventually going to be a problem.
The ultimate solution is to be able to explicitely control for every installed application exactly what files and network ports (if any) the application is allowed to use. By default, the OS should deny any newly installed app network access so that it can't connect to an ad server or personal information theft server.
Nooooo, we have bought this "there are no mac viruses" myth for soo long, don't tell us it isn't true!
Next you will tell us we have to be careful of what executables we download and execute, and that we have to invoke other forms of security, like using hardware firewalls and not staying logged in as root all the time!
Lockheed Martin cautions that foreign nations may be hostile. Film at 11.
Um...yeah. Can you say "Oops"? Now they've responded with some vague fears, but that's just to stir up some sales, as everyone has already guessed.
Next anti-virus companies will start writing their own viruses in order to drive up sales. Sheesh.
Electric Monkey Pants
Blah blah blah..
They're targeting consumers who have little motivation to understand much more than "point-and-click". That being the case, I don't think the article is necessarily an instance of FUD-spreading.
So far there a 0 viruses for OSX. Symantec's Mac revenues are probably pretty much the same.
I'm not saying that its impossible for someone to create a Mac virus; but with 3% of the market, how is it going to spread?
All OS will have vulnerabilities and it would be foolish to think that OSX is totally secure. Still, how well would a virus be able to reproduce if it only has 3% to do so on. Even if the (previous) article is right in hailing a 5% year for Apple; even then it would be hard for a virus to spread when 95% of all potential boxes are completely incompatible. Add to that that not all users will fall for it and you have a very unspectacular virus.
Cool art gallery, if you're into that sort of thing.
info buying thier products, why is that news?
My new blog
If someone can get root on a mac you can install a root kit. But youhave to get root first. It's not good enough just to get user level or even admin user level. You have to get the admin user to enter their password to elevate to root.
The ppc played role too as I have read that until last year there was no widely know compact way to exploit a buffer overflow to execute arbitrary code. I beleive that is now solved and published so one might see these cropping up. :-(
Since the security model is better you dont have problems like active-X waiting to ruin your day, or auto execute on mous-over e-mail subject lines, or registry changes needed to install applications. Or other bonkers stuff.
But despite all the default security, nothing will stop a determined used from trojaning themselves good and hard. And if they are admin and enter their password your rooted. Nothing will withstand unrestricted physical access either. You can at least ward off limited physical access by using the firmware password but this can be overridden by a determined user.
and of course there have been security holes and always will be. SSH, quick time, and even JAVA had had security holes. Fortunately no one has manged to exploit these before apple fixed them and given apples default services-off settings and lack of root access, its going to be harder for these things to spread like wild fire.
on the other hand Macs are very homogenous so once a virus does finally break loose, if it can get in without requiring any services its going to spread quickly.
Some drink at the fountain of knowledge. Others just gargle.
Despite many high profile web sites and servers using OS9 for many years, not one database entry in the large BugTraq database documents a remote explloit for Mac OS in the history of the internet.
.mil
:
Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.
The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.
http://uptime.netcraft.com/up/graph/?host=www.ar my
http://www.google.com/search?q=army+webstar+"os- 9"
Check it out yourself. This entire post is full of factual citations and 100% facts.
No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.
Why?
Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.
In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.
That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers
This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing, nor are there lame single 'x' executable bits! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with dat
What did he do?
He hooked up an Airport wireless station to the network so he could use his "invulnerable Mac" from anywhere in his roomy office. But didn't encrypt anything. So he opened up the whole office network to a wireless node that anyone could log into.
In a shipyard.
Near a military base.
Surrounded by vacant lots in a bad part of town.
So... when we got to the office, every Windows machine was compromised, the DSL router had been reconfigured to DNS in Taiwan (because it had the default password), servers had all their root passwords changed, and there was steady traffic from who knows what back and forth. It was a mess. We ended up having to do a full DnR on all the servers and workstations (luckily, it was a small office, so it was only 6 machines).
Yes, his iBook was FINE. His "invulnerable Mac" was just GREAT! I doubt there was a single compromised thing on his creamy white laptop.
And he kept saying, "My Mac can't be hacked into, you Windows folks don't know a damn thing about how great the Mac is."
"Good thing I use Linux, then," I said, trying to capture and trace packets from my Knoppix-STD Live CD. "Care to tell me how to explain to your boss why you exposed the corporate network to an unsecured wireless connection?"
"But... you don't understand, it's a Mac! It doesn't do those things..."
When I finally sat him down and explained what the Airport does, he turned real pale. And quit a week later. He assumed because it was "an invulnerable Mac," that meant he didn't have to understand security.
Man, what a mess that was.
What are these Koala Bears you speak of.
Surely we are talking about the humble Koala are we not.
Have you ever had a Koala fall on you? It could be lethal.
The popular ClamAV for Mac OS X. http://www.clamxav.com/. Free!
just wait until after puberty and you start using computers for more than games...
At least don't blow money on it as well.
and now, Norton and all the rest are looking to Apple and Linux to be insecure.
While Apple, Linux, BSD, etc. have their security issues, it does not really start to compare with MS. In addition, it is safe to say that an anit-virus is NOT the solution to a Non-MS problem. All of the *nix have various issues, but in the end, the single biggest one is getting an auto updater running for security issues. IOW, the largest threat to MS (Unknowledgable, lazy, or incompatent admins) is also the largest threat to all other systems.
I prefer the "u" in honour as it seems to be missing these days.
this story is getting flooded with fanboys trying to dismiss an article which has a genuine point
/is/ just a scare tactic by a company to get otherwise ignorant customers to buy there products. there's just no need for an antivurs on a Mac currently.
a genuine point yes but just because Macs will become targets of malware doesn't mean any will survive to any amount of prolification (sp). Some of us may be overreacting but the intelligent ones are trying to say not that people arne't going to try to create mac viruses.. just that they will never succeed on the level of Windows.
our beef with this type of article isn't what they're saying. True we will become target for evil people out there. Maybe we'll even get viruses, but the artilce makes it seem like MyDoom type attacks are just around the corner. As if in 2 years mac will suddenly be plagued with catastrophic viruses. It's just not going to happen. This
A lot of you 'heathen folk' just assume we're still hiding behind "security thru obscurity" as the reason we don't have the virus trouble of our windows counter parts. It's still true but that's not our primary counter weapon anymore.--
The Wolfkin
Until there's actually a problem, I think using the word "redeemed" isn't appropriate...
Is Virex that bad right now? How good does anti-virus software need to be when viruses don't actually exist? :)
http://mac.softpedia.com/get/Antivirus/ClamXav.sht ml
bo
bad_outlook
--
Is this vague enough for you?
Comment removed based on user account deletion
This whole market share angle is mostly bogus. There is what, about 10 million OS X users? Why hasn't there been a worm (or trojan, anything!) attacking them? Witty has a very successful worm: it hit all 12,000 vulnerable hosts.
How can you say 10 million is too small? The population of Canada (where I live) is about 33 million. The installed OS X based is then (about) 1/3 the population of Canada. That's not far from the population of New York city (~15M).
If a worm can hit only 12,000 hosts like Witty did and be called "successful" (it was basically a 100% infection rate), then surely the OS X population is vulnerable.
John Gruber has some articles on this.
I try sticking to the bash prompt, but I keep seeing Safari through the translucent Terminal window and coming back to check Slashdot.
Maybe I'm doing it wrong.
You're right -- koalas don't kill people. People will koalas kill people.
Yes it is. Mac OS9 has not ever been rooted or defeaced remotely ONCE and is used on countless secure servers. For years the US Army used it on www.army.mil until recently evaluating osx instead.
:
The reason? The us army was embarrassed by being routinely defaced using unix and Windows NT.
Security through obscurity is secure if not one DEFECT exists !!!
Obscure code that is bug free and coded in such a way to avoid exploits is indeed secure. BugTraq concurs! Check out any data on Mac OS9 in BugTraq for the last 8 years. Nada! (except some third party addon ecommerce thing from 1995 i think. ???)
Why is Mac OS9 hack proof?
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.
4> Stack return address positioned in safer location than some intel OSes. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac compilers usually place return address in front or out of context of where the buffer would overrun. Much safer.
7> There are less macs, though there are huge cash prizes for cracking into a MacOS based WebStar server (typically over $10,000 US). Less macs means less hacker interest, but there are MILLIONS of macs sold, and some of the most skilled programmers are well versed in systems level mac engineering and know of the cash prizes, so its a moot point, but perhaps macs a
Yes, obsucrity is absolutly he only reason it hasn't been targeted. Remember malware comes in the front door, not the back one. It either piggybacks on an app you want, or simply is an app you want. Well you can't secure against that, OSes don't know by magic which apps are good and which are bad. If you have permissions to install apps, you can install ones that fuck the system up.
That's different than exploits, which rely on finding bugs in code. If the code has less bugs and/or less services where one could try to find them, it is more secure.
However, there's basically nothing you can do about malware other than make scanners for it and try to educate users. Without some kind of trusted computing, signed application deal, there's no way you can make an OS that only allows users to install safe apps, since there's no way to know what is and isn't safe.
Hell some people don't even care about spyware, they want their dumb little free screensaver or whatever and don't care if it spys on them. You can tell them it's bad and they'll just ignore you.
OS X gets fixes from whatever Apple decides to allow into it.
And most Mac users make it seem as if only "PeeCee Luzers" are capable of blindly clicking every attachment they find and installing malware/viruses.
Anyone remember the dreaded "RM -F" "Trojan Horse" someone got off of P2P that was pretending to be the "official" "public beta test" of Mac version of Microsoft Office?
I do.
Don't forget, iloveyou.vbs didn't do major damage to Microsoft systems.
Virus writers are gunning for the user more and more. Take the SirCam virus for example: it attached files in your My Documents folder to a bunch of emails and sent them to people in your address book. Didn't hurt your computer... just your reputation when your neighbors found kiddie porn in their email.
The only exploit they point to is a rootkit... which is something you install *after* you've exploited the box... there are no active threats that any antivirus software will work aaginst.
This is like their attempt to talk up a manually-installed program that deleted all your files on the Palm as an exploit, to push their useless PalmOS antivirus. And then their Pocket PC antivirus actually caused people data loss from false alarms.
Until there's an active threat in the wild, AND it's been analysed and an identifying signature discovered, antivirus software's only result is to make your computer less stable and less reliable because of its deep hooks in the OS.
This is not to say that the OS is magically perfectly secure, but anything any AV company tells you about ANY platform but Windows, at the moment, should be taken with a sackful of salt.
Reading Slashdot:
"5% by the end of the year?! Oh Shit!"
"Er.. Ehm... ZDNet! Get over here!"
...finds and cleans 5 different viruses which exploit vulnerabilities that were all patched in the latest point release of OS X 10.2 and 10.3.
Mac OS9 has not ever been rooted or defeaced remotely ONCE and is used on countless secure servers. For years the US Army used it on www.army.mil until recently evaluating osx instead.
:
The reason? The us army was embarrassed by being routinely defaced using unix and Windows NT.
http://uptime.netcraft.com/up/graph?site=www.arm y. mil
Why is Mac OS9 hack proof?
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.
4> Stack return address positioned in safer location than some intel OSes. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac compilers usually place return address in front or out of context of where the buffer would overrun. Much safer.
7> There are less macs, though there are huge cash prizes for cracking into a MacOS based WebStar server (typically over $10,000 US). Less macs means less hacker interest, but there are MILLIONS of macs sold, and some of the most skilled programmers are well versed in systems level mac engineering and know of the cash prizes, so its a moot point, but perhaps macs are never kracked because there appear to be less of them. (many macs pretend they are unix and give false headers to requests to keep up the illusion, ftp http, finger, etc). But some huge high performance sites use load-balancing webstar. Regardless, no mac
OS X gets fixes from Apple..... etc.
(1) You ignore all the non-Microsoft groups that spend their time researching Windows vulnerabilities.
(2) OS X is ultimately under the judgment of Apple, who decides what does and does not go into the operating system. You mention lots of open-source fixes - what evidence do you have that every single fix that's been rolled out by every single one of the groups that you listed was in fact implemented in every iteration of OS X that Apple has released over the years? Heck, even most of them? Of course anything open-source has more people working on it, but it still falls to Apple to review and institute anything that comes its way, and we have no guarantee that they are in fact doing this.
The coolest voice ever.
There has NEVER been ANY exploits for MacOS EVER !
.mil
:
I am talking about Mac OS not "os x",
Apple regulary leaves vulnerabilities in its Java from sun for MONTHS after a Windows fix is released, though windows was exploitable in browsers for over 4 months (yes months) before sun patched it in November. Apple patched theirs a couple weeks ago in feb 2005. (Yup, sad but true, but the exploit was trickier on mac OSX).
Despite many high profile web sites and servers using OS9 for many years, not one database entry in the large BugTraq database documents a remote explloit for Mac OS in the history of the internet.
Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.
The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.
http://uptime.netcraft.com/up/graph/?host=www.ar my
http://www.google.com/search?q=army+webstar+"os- 9"
Check it out yourself. This entire post is full of factual citations and 100% facts.
No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.
Why?
Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.
In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.
That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers
This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely.
People are saying that they have never gotten a virus on the Mac in the past 8+ years. Times have changed. Up until around the time of Windows XP, you didn't see many viruses infect Windows machines, even if they didn't have anti-virus. Viri infections have been increasing at an exponential rate compared to the past. Many more people have been taking interest in virus-writing, and it probably is only a matter of time until Macs are no longer immune to viruses (the same will probably happen to Linux if it continues to take off, even though it is a hackers best friend).
In undeveloped countries, the consumer controls the market. In capitalist America, the market controls you.
You'd think any self-respecting malware author would just love to take some self-righteous, smug Mac users down a notch.
This is why I suspect that the lack of virii for OSX is not all about the market share.
I've never turned on my firewall or had antivirus software. Never had a problem at all. Never.
Of course, someone here is probably going to find my IP and hack me now...oh well. It was fun while it lasted.
I wish I could read "security threat reports" from some company other than one that sells security software.
'target for new attacks' must be the opposite of 'beleaguered'. According to the press, Apple is either one or the other.
This just in: Noting that Apple's market share is starting to grow again, Symmantec sees an opportunity to pry some dollars out of Mac users by hyping a bunch of laboratory experiments.
Wow. Isn't that a surprise?
This article mentions *one* exploit from last year, and 37 alleged proof-of-concepts, none of which are detailed.
I understand as well as anyone that the Mac is not bulletproof, but this really smells a lot more like a press release than news... Methinks Symmantec must have a new product waiting in the wings.
// This is not a sig.
You are WRONG!
.mil
:
MacOS hasn't been rooted once since 1995.
Despite many high profile web sites and servers using OS9 for many years, not one database entry in the large BugTraq database documents a remote explloit for Mac OS in the history of the internet.
Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.
The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.
http://uptime.netcraft.com/up/graph/?host=www.ar my
http://www.google.com/search?q=army+webstar+"os- 9"
Check it out yourself. This entire post is full of factual citations and 100% facts.
No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.
Why?
Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.
In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.
That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers
This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing, nor are there lame single 'x' executable bits! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these
when I already have Virex running on my Mac, which already comes with my .Mac account.
.wmv movie that requires a certificate from ads.popupcentral.com you deserve it.
Additionally I'd like to know how they can come up with this data based upon Mac's increasing popularity.
I don't see how my Mac can become just as infected with spyware and trojans as a my Windows machine.
most spyware found on a windows machine comes from vulnerabilities found in the OS that causes malware code to be executed and installed on your machine without you ever knowing.
This means that malware authors have to now buy a Mac and find vulnerabilities similar to those in Windows to execute there code remotley.
I know there is already trojans and other malware written for a mac out there, but most of them are out dated, Apple has fixed many of those vulnerabilities, they have hardly ever surfaced, and most of them require the user to unwillingly install it.
The other reason many people get malware is because of all the shareware programs they run, if you're stupid enough to download off of limewire Mac OS X.dmg and it's only 3mb big, you deserve to get your home directory wiped clean.
Or try to watch a
Active-X is also a major cause of malware.
I maybe wrong on all of these, but I honestly don't see how my Mac could get the same amount of Malware as my PC.
and it kinda sucks. Every now and again (and not when it is scanning) it just takes over all the CPUs attention. So you kill it and then it comes back. So you kill it and then it comes back. So you disable it and this story comes out.
Looks like this is my fault. Sorry.
This
"Now that people are buying Apple products for 'style over function,' according to one analyst,"
:-)
pfft... granted _some_ macs look good (remember the original ibooks? bleck)...
but when I buy or suggest a mac, it is because I am hoping that I get the most trouble free and productive personal computer possible...
of course the first thing I personally do is install debian
it will become more and more a hackers playground. Once more kiddies become Mac OS X and Unix users it will only get worse.
Yes. That's all it is. What's really funny is you can't even trust their products. They just recently had a security exploit in their own software.
And yes, it will do harm to install a virus checker on OS X. It can slow down file accesses, make your Mac feel like molasses, or cause general kernel panics (they install a kext with Norton Antivirus)
The malware problem on Windows is not primarily the result of the system's popularity, no matter how many times Microsoft claims that is so. Early attacks on the Internet did not target the most popular system; rather, the most attacks have always targetted the easiest systems to crack. That started out with SunOS and, by the mid-90s, was Linux. (If you think Windows has much better penetration that Linux today, just think how much more lopsided the numbers were in 1995-2000 when Linux was the most popular target.) These days Windows systems are easiest by far because at this point they are the only systems which ship without basic filesystem protections (now that it finally has a halfway decent firewall, a mere five years after everyone else).
If Windows had basic filesystem protection enabled by default on all critical filesystem areas, mandated nonprivileged user accounts, and an installer that required a password, suddenly Windows wouldn't get infected every time you sneezed in its general direction.
Maybe the future will prove me wrong but I will be very surprised to find OS X malware become a serious problem no matter how popular the OS gets. I don't suspect that its users are any smarter, but the barriers are a lot higher.
jim frost
jimf@frostbytes.com
Get back to work, Bill... :-)
http://img183.exs.cx/my.php?loc=img183&image=angry koala8qn.jpg
That koala could hurt alot of people
This is such a deep insightful article! Do I understand it correctly? Here's what I think it says:
A virus proctection and half-ass security company says that as the marketshare of one of the platforms it supports increases so should sales for the products it creates for that platform.
Did I get that correct?
-- force and mind are opposites; morality ends where a gun begins ayn rand
You rightfully have a point. Script kiddies often try to attack his own machine before he can wreck havoc on others'. As Macs gain popularity, these 14-year olds want to do the same, but money is a bigger problem.
Kid: "mom, I want a Mac."
Mom: "honey, we just spent $900 on that Athlon!"
Kid: "but, mom, I want a Mac now."
Mom: "no!! And your teacher just called. Apparently you flunked your English exam. Now shut up before I decide to cancel your DSL line."
Only perhaps the richest script kiddies end up writing Mac viruses. But then, if they're so rich, why don't they just spend the money on greater enjoyment of life, like taking girls out for a date in a fine restaurant?
I once had a signature.
"the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net." The only thing? What, the only thing besides the more secure default settings out of the box and authorization for every installation?
Just doing a quick search through BugTraq, there were many exploits for Webstar under Mac OS X. But here's one from an early release--so don't say there are none, just some that weren't as thoroughly documented (because, frankly, who cares).
According to Chicken Little the sky is falling.
BugTraq lists 1754 entries for Mac OS 9, persumbably some repeats and some multiple exploits/entry. You were saying?
Yeah, yeah, there aren't any Mac viruses NOW... but don't even think we aren't writing some as we speak!!
Your post is just the same old same old.
Actually, there was an exploit, once.
It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.
I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.
The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.
~Philly
I would have thought that the poster was just a troll pretending to spread myths like "there are no Mac OS x10OSX viruses," but seeing as how they are posting this FUD every where in this story I might thing this is a rabid fanboy has who bought into it.
I use to be a mac user, and I know better then to believe that there were/are no OS9 and lower exploits or viruses.
I think you're right but I don't understand what their products do except remove Windows viruses from Word files and such. Are there any specific Mac security issues addressed by Symantec products (and not addressed by Apple OS X Security Updates)? Anything. Virus, worm, etc. Even just one? Does Symantec have a website to tell you what their virus checker is actually checking for? I remember using Disinfectant under MacOS 6-8 and there was always a list of viruses in every version updated whenever new ones hit the wild. I would not be surprised to learn that Symantec still checks for nVIR A, B, WDEF, and other old-MacOS-specific viruses that are no longer relevant to OSX. I just have a hard time figuring out what this product actually does while the progress bar is running to convince the user it is cleaning up dangerous viruses.
There's also the matter of Windows boxes, until very recently, running with internet-exposed services by default. RPC services, no less.
... MS is more careless with keeping track of 'tainted' inputs, trusted data, and the distinction between data and executable code than pretty much anybody else. I guess they're paying for it.
How many UNIX admins do you know of that don't flinch in horror at the thought or leaving an RPC service - think portmap - exposed to the Internet?
Of course, lately MS has been improving this situation at a great rate. Linux distros have been doing so more slowly, and commercial UNIXes remain a joke (telnet and NFS on by default and exposed to the internet, etc).
That said, I tend to agree
...Symantec announced a new line of rocks that keep tigers away.
Yes, a major reason it's safer is because OS X isn't targeted often due to the low market presence. But it's also a matter of effort versus payoff. By default, MacOS X has a much smaller attack surface than Windows, and even compared to most "stock" Linux distros. Virtually all server services are turned off by default on the Mac. Root is disabled. So to find a vulnerability and attack it takes a lot of effort, and then if you do so there are fewer Macs to take advantage of. So why not target Windows - it's easier!
I do know of people who've had their MacOS X systems compromised - but only among MacOS X Server users who've turned on services without knowing the implications, and then running them without the benefit of a firewall (because "everyone knows Macs are secure". Through bad setup and misconfiguration it's pretty easy to turn a server into "just another Unix box" that's just as vulnerable as any unpatched Linux server.
But that's not the default, and that's not how the client works. Hence at this time, Symantec is just blowing smoke and wondering why they don't sell any copies of NAV and Systemworks for Mac anymore.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
SP2 is a lot more secure. But even now lots of people are installing from copies of SP1. Yes Windows can be made secure, but it takes that little bit of extra effort - and if the firewall is ever compromised (like malware turning it off) you are quite screwed. OS X needs no firewall to stay quite happily connected without security issues because it does not ned any services running to function.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Hmmm, when I take a look, there are 1754 listings in BugTrag under Mac OS 9. There's also one for an early version of Webstar (4.x). Numerous expolits are listed under Mac OS X.
Destroying user data is so 1980's!!
Nowadays a virus has every interest in keeping your data intact because it wants only to use you as a zombie (meaning it wants your computer up and running as much as possible), capture data from you like passwords and so on (which means you have to be able to reach important data), and hijack your browsing session to present ads to you constantly - which means you have to be working/browsing instead of running backup recovery.
Oh, if ONLY viruses were out to destroy your computer. Then you could just backup data regularily to prevent most harm. No, now viruses try to get as deep into the system as possible to make removal harder. And THAT is where running as a non-root user pays off, because a virus can only gte about as deep as my startup items folder to keep itself going after a reboot.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
... more FUD created by Microsoft to keep people from switching to a Mac.
This is from Symantec? Aren't those the folks who write and distribute the viruses in the first place?
If you owned the largest auto repair shop in town, wouldn't it boost your income to go secretly and deface autos so the owner of that auto will come to you to have their car fixed?
1. M$ builds a sloppy OS
2. M$ finds an anti-virus company
3. The anti-virus company and M$ secretly create a partnership
4. M$ provides an insecure OS and the anti-virus company secretly provides the viruses while publicly fighting those viruses
5. M$ provides publicity for the anti-virus company and the anti-virus company provides a way to make the OS more "secure"
6. Both companies profit
Ah... there's nothing like a partnership.
That's not really a fair comparison. The same thing could be said for any *nix. Given a piece of malware, your system will be compromised. Instead of turning a firewall off, they could turn services on. You've gotten be living in a hole or just really badly misinformed to think that there aren't still root exploits.
Viruses do not target data for destruction any longer. Data is only seen as a vector for further infection, or possibly information valuable to the attacker. But viruses simply don't destroy things anymore because using your computer as a zombie is far more valuable to them.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Remember the old times when MS and Symantec et al. were spitting FUD and bullshit on the Mac so they could standardize on the OS that needed constant upgrading and that was so bad you knew there was business to be done there... the Mac market share are going up again, here they are, implying lies and BS again as ever.
We wanna look like the good guys so we'll tell you that Symantec has started releasing virii, ooops I meant someone is wrtting malware for the Mac, and that only the small number of you protected you, and we'll imply you switched because of style not functionnality, even if its the other way around.
Of course the day everyone is on the Mac Symantec is out of job, so they are the number one ally of MS in this new Mac Basher Crew comeback special...
and you know what, morons around the world will cite that quote like its godamn gods word to mankind...
There are at least two anti-virus options: Norton (Symantec) Anti-Virus and .mac's Virex (McAfee). Except with .mac there's a bunch of other services (iDisk, HomePage, Email, Learning Center) bundled as well.
MacOSX has one merit over Windows... it has an intuitive interface, yet it doesnt treat the users as a complete idiots.
Windows is always trying to avoid any effort of the user to think for herself... seriously, look at the default search interface on XP, then look at MacOSX!
Windows sell the illusion that anyone can use a computer without any effort. It is always trying to avoid the user from understanding what is really going on... Dont belive me? Why does it keep the root directory and "Program Files" hidden by default, while on MacOSX the equivalent are there to see?
While intuitive, MacOSX actualy demands some insight from the user. Windows, on the other hand takes all the responsability from the user, and treat them as 3yrs old children... Dont you ever suspected of that Windows "teletubie" look?
Which users will be easier to fool? Witch system will demand more "protection"? And are you realy protecting the system from virii and such, or are we trying to protect the system from the user?
PS: By the way, Symantec products suck... Amavis + ClamAV + SpamAssassin beats their products any day, with one hand tied to their backs!
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
spyware outbreak to show up so that...
1. Windows users can say "told ya' so"
2. Mac users will be, albeit breifly, completely silenced
3. People can start submitting new "Apple Death Knell" articles.
Sometimes Safari caches can get pretty full if you are doing a lot of browsing.
Although your issue is probably Confabulator, try clearing out autofill kind of information in Safari by going to preferences->AutoFill and editing each item. If you have a huge number of "other form" items it can slow thigns down, if you post a lot.
Also there is an image cache for those small site icons that may be overflowing. Do a look at Google on "Safari Speedup".
I will say that I prefer one app getting slower to the whole system bogging down over time.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I mean I gave up on their Norton Products with OS X because all they did was screw up my computer. Then my .Mac account gave me Virex for free, but all it did was screw up my computer, so I decided to try clamAV and for a front end their is the excellent ClamXav which lets you schedule Virus scans and updates. And best of all it is shareware based on open sourced virus protection software.
I picked up about 12 PC viruses that I had, and could have sent to a PC user, though they don't affect me at all.
Buy anti-virus? why not just get it free through .Mac!
I've looked at a lot of the posts about Mac OS, wondering if I should one day get a new Mac when my ship comes in. I doubt that the current machines are getting infected, I hope not, especially with viruses that somehow could get ahold of passwords, etc. like they do on unprotected Windows machines.
Now, I use my remaster of Knoppix Linux, and I wonder how the LiveCD thing fits into the increasing virus threat, with disturbing talk about Mac viruses appearing on Slashdot today. I have always assumed that the LiveCD Knoppix can be run without much worry about viruses, etc. I have one box with a GB of RAM, and I can load the entire CD into that, and do ok, as long as I don't overdo it, such as using k3b, for instance. Are we Knoppix users still home free?
You're telling me that Symantec is saying that there are MacOS malware exploits? Doesn't Symantec make a program that they sell to protect you from MacOS malware exploits? I wonder if that gives them a vested interest in blowing the "threat" out of proportion?
You know, like Virex anti virus for OS X. I'm still a little curious about what viruses it protects against.
Why yes, I AM a rocket scientist!
It's a fact that Mac users recieve a disproportionate amount of hate from the nerd community for their supposed lack of computer savy.
I could be wrong but isn't it the mentality of hackers, malware writers, and delinguents in general to prey on the gullible and unsuspecting?
Especially the ones with those annoying white earbuds dangling from their ears brandishing their pretentious little white iBooks everywhere they go?
If I was a virus writer, I'd be malwaring all over thier obnoxious asses! Unless, of course, the OS was rock-solid in which case I'd probably move on, maybe write a MS address book exploit or something.
They're just trying to boost their sales.
I'm sure ZDnet got a lot of pageviews in their comments section from this one. They are going yellow to stir up the fanboy wars.
The malware has a slick looking, brushed gray metal GUI... and is clean, sipmle, effective, efficient, and beautiful.
The Peanut Gallery, Ubergeek, Biblically Sober
NCAAbbs.com: Thousands of fans, Hundreds of teams, Just one place
The auto industry reports that as certain models become more popular, thieves will start to target those models.
If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
Well, one thing that OS X has going for it is that it does not run as admin or root by default. It is pretty hard for the average user to ignorantly run as root ... unlike another, very popular, operating system we all know and love.
hahahahahahahaahahahahahahahahahahahahahahahahaaha ha.
You released your April Fools joke a little early.
I am happy knowing that if I enter the super-user account password while randomly surfing the net, it's my own fault.
I am happy knowing that if I get forwarded email based VBscript trojans/viruses/worms, nothing will happen because I have OS X, not Active X OS.
I am happy knowing that 99.99% of malware/spyware coders will not bother with Macs because 5% of the computers in the world still add up to a piss in Bill's pond.
I am comfortable in the assumption that once malware/spyware coders buy a Mac, and start coding on OS X, they will give up on their goals of world deterioration, and join the rest of us who have come to understand that computer utopia does actually exist.
The reason girls and Windows users don't understand UNIX is because all the documentation is in Man files.
Oh, wait, no they don't. They ignore it and go right past it. If you download something in IE it warns you downloads might not be safe before the transfer even starts. Then, when you run the program for the first time it AGAIN warns you it might be unsafe. Doesn't stop users from doing it all the time.
You can't defend against user stupidity if the users have admin, if users want to do something stupid, they will. For example there was a Windows virus going around that put itself in an encrypted zip file to bypass virus scanners, and then provided the key in the e-mail. So users had to get the mail, save the attachment (which warns you it might not be safe), open the zip, find and put in the password, then run the program. This they did and then got infected.
It's a nice little fantasy that a dialogue box will make users think twice, but the reality is it doesn't. Problem is, they get accoustomed to seeing it and dismissing it, so they do. It's an expected thing and they treat it as noise, never considering its implications. Nothing you can do to fix that, I'm afraid, other than take away their administrative privlidges and you can't do that on personal machines without trusted computing.
""The iPod, PowerBooks and mini Macs are cool products," Turner said. "The by-product is that people are buying these products for form over function. They say it looks pretty and then buy it but don't secure it. As Apple increases its market share, it will be a legitimate target"."
Maybe I'm just reading this wrong, but am I the only one concerned with this statement? Are they trying to imply that ipods are going to get rooted? I just can't take any article seriously when it implies that an ipod will be directly attacked. Sure your pc might get a virus that attacks an ipod if its attached, but thats a different scenario then a virus that spreads between ipods (thank god they don't have bluetooth).
Phil
The worst malware to hit Final Cut Pro users on the Mac is Norton antivirus itself.
Check any usergroup. If someone is having strange problems on his mac, the first answer he gets is: Do you have Norton? If yes, throw it away!
I believe Final Cut is not the only application that Norton breaks on the Mac.
We could yap all day about how one operating system is supposedly more secure than another, but anybody that actually has an idea on what good security is knows it's all theocratic horseshit. It's not the OS, it's the user. You can have the most secure OS on the planet, but if you're a clueless mindfuck for a user, then you'll get 0wn3d, period. All OS's have that fatal flaw and all the mindless bible thumping in the world will NOT change that fact. Ever!
Now I'll be sure to keep NAV on all the Macs in my business, since Symantec has deliberately insulted Macs (only safe because of dumb luck) and Mac-users (only buy for style, not legitimate reasons). Symantec sure knows how to attract customers, I'll give them that.
I gotta admit, I don't have a whole lot of Mac using friends and acquaintances (only 20 or so), but the Mac users I do know are much more technically competent on average than the PC users I know. All of my friends who program are either Mac users or Linux users, with not a one choosing Windows as their primary OS. (I think it's also worth noting that the people I know who are comfortable with functional programming are all Mac users - not saying that's any sort of litmus test, but I do consider people who are willing to wrap their minds around a functional language rather than recoiling at the sight of so much recursion and parentheses to be more deserving of the term 'hacker' than people who stick with C++, Java, whatever.)
All that aside, I think being a Mac user actually forces one to be a bit more technically savvy. It's very hard to get around nowadays without being familiar with Windows, so Mac users all but have to be able to use at least two very different OSes. It's hard to do that without gaining at least a little extra insight into how computers work.
Oh, and none of the Mac users I know use them for art, except for me, and I use my Linux box for it more often.
That reads to me like Symantec are planning on distributing malware for OS X now.
Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
WTF is with this disclaimer? It seems like it's just thinly-veiled mac-apologism.
"Symantec may well be right be this, but I'll be damned if I'm going to believe it because Macs are perfect after all." What a bunch of crap.
I don't disagree with you in general, but could you please clarify what you mean about this more specifically? I realise that separating data and code is a big security thing, but I'm not particularly a security enthusiast beyond what I need to know.
As far as I'm aware, any system that supports scripting languages, Linux included (consider the number of scripts in your typical /usr/bin directory that'll be executed as root one day) is treating code as data and data as code. Things that are definitely executables can easily be kept protected in memory by an operating system, but not everything's obviously an executable.
Is the main difference here just that most scripting interpreters don't offer default access to volatile things like pointers, that might let a script get direct memory access?
Naturally, anything or anyone that has something negative to say about Macs is, of course, lying through their teeth and would probably steal your children if you weren't looking. This is because macs are perfect as anyone reasonable knows. They are too perfect to think about or worry about, so just go buy one and shut up. If you disagree with me, then you're wrong and evil and I hate you so there.
The same thing could be said for any *nix. Given a piece of malware, your system will be compromised. Instead of turning a firewall off, they could turn services on.
If you think about it those are two totally different things.
If a Windows exploit can turn the firewall off, there are almost an uncountable number of thing swaiting to get you on ports you CANNOT disable. And that is exactly why there are uncountable numbers of things waiting for those ports to open, because there is already a base of computer they know they can get and the ones that open the firewall are just gravy.
But on a UNIX box, even if you manage to get a service turned on you'll not have as many things waiting to take advanatge of that opening, because the vast majority of the user population does not have it enabled, so there is little point is spending a lot of effort looking into vulnerabilities in the first place.
Imagine if you will a world with an equal number of Windows and OS X boxes in the hands of the public. There would still be an order of magnitude more exploits for Windows, because you can get so much so easily.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
HouseKat:~ jlixfeld$ ps xauww | grep -i quicktime /Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player -psn_0_25690113
jlixfeld 29311 5.0 2.5 178792 26540 ?? S 12:05AM 0:05.25
Can someone please give me a link? I don't want to be left out.
I believe the poster was going for (Score:5, Funny), not (Score:4, Interesting). OS 9 was indeed a difficult OS to exploit, but I seem to recall it not being particularly stable. I was a mac fanatic at the time.
"I'm not religious, but at the same time I don't get why science always has to have something to prove."
Really old post. A quick bit of googling reveals:
i d=6734660 from Aug 19, 20038 308 from Jun 12, 2003a dvocacy/msg/7a80fe09794d6331 from Jan 12, 20031 155 from Nov 26, 20029 006 from Aug 4, 2002
http://books.slashdot.org/comments.pl?sid=75257&c
http://slashdot.org/comments.pl?sid=67477&cid=618
http://groups-beta.google.com/group/comp.sys.mac.
http://slashdot.org/comments.pl?sid=45793&cid=476
http://slashdot.org/comments.pl?sid=37389&cid=400
And I seem to recall seeing it floating around long before then. If anyone knows of the original, please respond. Also, if the original troll could please fix the numbering? 4 isn't supposed to repeat again after 5 and before 7, I'd greatly appreciate it.
Caveat: I'm not a Windows guy so I may be overlooking a serious problem. However, it looks simple:
Maybe I'm missing something but that seems to be what you're asking for (requires XP/2003 I think).
All's true that is mistrusted
the apples to apples comparison would be the current shipping version of each operating system. for Apple thats 10.3+ and for XP its Service Pack 2. Neither vendor can do anything about being unprotected in the past. I certainly don't grouse about patched vulnerabilities in Linux.
My co-worker told me that they've got better support for OSX lately - and they shouldn't be vulnerable to the exploits.
You could also use AbiWord for word docs, I suppose
The problem with SP2 though is that it's an unprotected nugget wrapped in a thin layer of protection.
You should never have to rely on the precense of a particular package running to insure security on a system - that simply is not security, since the firewall itself may have issues that come to light later. Basically you are only as protected as the firewall is bug free!!
It is a huge step forward and I'll not deny that. But aren't some systems still shipping with SP1 and expecting the user to update when it arrives? That's why I think the comparison is still valid.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Let me just tweak com.lovecraft.fhtagn.cthulhu.plist real quick.
Village idiot in some extremely smart villages.
Suck it, moonbat.
Symantec has everything to gain by trying to drum up sales of Norton Antivirus for Macintosh -- Apple's got a distribution deal with McAfee for Virex (prior to which it was impossible to get a single-seat license for Virex), so they're potentially losing sales for every .Mac subscription that's purchased.
.Mac will pick up your product, since they can't get Virex separately. And at what Symantec is charging for their Mac version...
Convince people that the big bad monster is coming, and maybe they'll buy your product on top of it. Or maybe the users who have no interest in
It's reminiscent of the hullabaloo surrounding the "trojan" advisory Intego issued for OS X a couple years ago, arguably only to punch up sales of their VirusBarrier product.
At risk of being redundant, this really has nothing to do with Macs. He could have been using an "invulnerable Linux box" or something equally silly. Your anecdote is really a case of someone not understanding the issues surrounding wireless security, because the exact same thing would have happened with any OS and any access point. Using an unencrypted wireless network is like installing Ethernet ports on the outside of your facility and expecting passers by to not bother using them. Just plain silly and totally unrelated to which desktop OS you run.
Hmm, I wouldn't say everything about MacOS was rosy, though...
1> MacOS did not have memory protection.
2> MacOS was not natively a multi-tasking OS.
3> MacOS let third-party "extensions" do many things to the OS.
I think that if classic MacOS had had a larger market-share during any time after the explosion of the web, some interesting exploits would've surfaced, probably in the form of extension-bearing malware (for example Bonzi buddy)
When you look at the state of the world, how can you not become a radical, liberal anarchist?
Yah, that's as easy as it gets: Symantec finally moved it's ass and got his favourite 3d world country virus writers start working on MacOS X versions of the babies they have been producing for Windows only until recently !
Such a multi-million dollars market as the anti-virus one _NEEDS_ a guarantee of a steady flow of new virus on all platform. This is easy. The anti-virus major companies are paying for them.
I started a company a few months ago that's building consumer software that runs on MacOS X and Windows (and Linux, etc., eventually). Our strategy is to build the core in tight C code, and then build platform-specific applications in the appropriate language, so the result is a great ObjC Mac app, a great C++ Windows app, etc. While I like Java, Ruby, etc., our goal is to make the app small and efficient, so asking people to install 30 MB runtimes is out. Interestingly, it was easy to recruit first-class Mac and Java (server) developers, and nearly impossible to recruit a really great Windows developer. It turns out that the best CS students are _all_ working in modern cross-platform environments (e.g. Java, Python, Ruby), most use Mac's, almost none are using C++, and nobody even _considers_ writing Windows applications any more. While this is kinda neat in one respect, it's a bit surreal that the vast majority of great developers won't write software that runs natively for the platform on 95% of desktops. Weird.
Enable 3D printed prosthetics!
if you were going to control someone's box, and you wanted to make sure that they have valuable information to steal. Would you target the PC user who bought the cheap PC, or the Mac User who paid more for his/her Mac? Chances are the Mac User has a much higher income, being in a creative content or some other weathier profession. The Mac User would typically own more credit cards with larger credit limits, and have more money in their bank accounts. Sure, anyone could write a Windows virus, even 13 year-old kids do it. The Switchback virus showed that OSX is vulnerable, and also that OSX virus writers have little to no competition.
Also chances are the PC User already has a virus scanner, and knows enough about his/her PC to protect it. The Mac User, on the other hand, thinks he/she is safe from viruses and does not even have a virus scanner installed. Usually the typical OSX user uses default OSX settings, thinking that they are good enough. The OSX user is also more likely to click on attachments than the Windows user in email, thinking that no file infection exploits exist for OSX. The OSX user is also more likely to use the default email and web programs that come with OSX, and the Windows user is switching to Opera, Firefox, Thunderbird, Eudora, after the ton of exploits that exist for IE and Outlook and Outlook Express.
Best tactic of a cracker/hacker is to hit someone who does not expect to be hit.
Infect the typical PC, and you are more likely to discover someone's porn collection. Infect the typical OSX and you are more likely to find Intellectual Property and other goodies. Therefore, should you go for the swampland (PC) or the gold mine (MAC)?
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Mac OS X will never be in as bad a position for malware as, say, Windows, because it is inherently harder to install unintended files on a system where multi-user is done right (as it is in Mac OS X). Not only does administrative privilege protect many things, but various network ports are closed by default, etc.
However, the Installer paradigm is still present on Mac OS X, for some software. Users should seriously question software that requires an installer with administrative privilege, as this is exactly the time a questionable file can be added to your system (and for that matter, gives software a free ticket to do certain other things).
I've sent a suggestion to Apple asking that it be more transparent what installers actually change in the system. I hope they take this seriously.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
And every time I point out that both Linux and OSX's supposed 'security advantage' over Windows is nothing more than security through obsurity, I get modded down. This seems to be one of those hurtful truths that nobody wants to hear- your OS is not superior. And when people sadly define themselves by their choice in operating systems, what can that possibly say about them?
In the pre-OS X days, my entire Mac troubleshooting kit was basically a copy of the latest version of Norton Utilities for the Mac, and a random paperback from my bookshelf at home-- to read between support calls and while NUM worked its magic.
That is still the best way to troubleshoot and disinfect a mac. Although I am fond of DiskWarrior as my data recovery utility.
The very first thing i thought when i read the artical was "hm so symantec are trying to push sales"
OS X like every OS has some issues , and any good admin knows where to keep vigilant and up to date with security issues
if you need AV for mac http://www.clamxav.com/ will help its a front end for clamAV and alot cheaper and less bloated than symantecs software
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Symantec has warned that as dspisak's Slashdot mind share increases his PC will start to come under increased attack from trolls
Security vendor Symantec is warning that dspisak's Slashdot posts are increasingly becoming a target for hackers and malware authors.
In its seventh bi-annual Slashdot Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious typos and duplicate story submissions in dspisak's Slashdot useage. According to Symantec, as dspisak increases his mind share -- with new low content posts such as the Comment mini -- his fanbase is likely to come under increasing attack.
"Contrary to popular belief, the Slashdot discussion forums have not always been a safe haven from poor spelling and grammar," Symantec said. "Out of the public eye for some time, it is now clear that dspisak is increasingly becoming a target for the malicious activity that is more commonly associated with Jon Katz and various Slashdot editors like timothy," the report said.
"dspisak has become a target for new attacks... The appearance of a -1 Troll rating for a post called "Boo-Fuching-Hoo" in October 2004, serves to illustrate the growth in vulnerability research in dspisak's comments... The various dspisak comment vulnerabilities allow attackers to carry out information disclosure, punctuation bypass, troll execution, comment escalation, and IQ attacks. Symantec believes that as the popularity of dspisak's new paradigm continues to grow, so too will the number of attacks directed at it," the report said.
Symantec's concerns were echoed by James Turner, security analyst at Frost & Sullivan Australia, who said many of the people who read dspisak comments were not concerned about factual correctness, which left them wide open to attack.
"The duplicate story submissions, funny in-joke humor and mini Comments are cool creations," Turner said. "The by-product is that people are agreeing with these comments for style over actual usefulness. They say it looks pretty and then read it but don't fact-check it. As dspisak increases his mind share, he will be a legitimate target for the Secret Service".
Trend Micro senior systems engineer Adam Biviano said all complex comments had grammatical flaws and the more popular the person, the more likely he would be attacked.
"All sophisticated comments -- dspisak, bperens, goatse or anything else -- especially Natalie Portmans hot grits will have vulnerabilities," Biviano said. "The only reason goatse has had mass exploits written for it is the sheer number of connected people reading it that are present on most networks. As soon as you start seeing mass deployment of any comment mind share you are going to see exploits".
According to Biviano, while there have not been any mass outbreaks of viruses targeting dspisak, the potential does exist.
"You don't see dspisak trolls in mass outbreaks but you do see them in the labs as proof of concepts. There aren't any outbreaks because there are simply are not enough [dspisaks] out there. For a troll to be successful it needs a combination of a worthy jab and a large target audience," said Biviano, who nominated the mobile phone market as an example of malware writers targeting the comment, not goatse's mind share.
"Look at where mobile comments are going and they are not targeting goatse -- they are targeting the market leader, which is cmdrtaco," he said. The Symantec report found in the second half of last year, an increasing proportion of malware was designed to expose spelling errors. The report also found that phishing attacks increased by 366 percent while the number of goatse-based worms and viruses increased by 64 percent, when compared to the first half of 2004.
Only MS has a monopoly on bad security press! How dare you! All others are secure!
I mean if other OS's get popular they cant possibly be as insecure as the satanic MS!
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
Anti-virus has it's uses scanning email and web content if you interact with MS users. Even though you are immune to almost everything, you can still relay a wide variety of exploits. It's probably worth a few bucks to reduce the risk of creating a bad impression.
For actual security your money is best spent on training. "Bonzi goes Phishing" for the noobs and
a course which focuses on intrusion detection for the systems staff.
1. Write a Cocoa app that makes a progress bar that fills to 100% and says "No viruses found!" ... (spread FUD)
2.
3. Profit!
1> No command shell.
This isn't an advantage, shells can do lots of stuff a lot quicker & more efficient than GUIs can, even the most experienced GUI's. Also, Windows doesn't really have a shell to speak of.
2> No Root user. All mac developers know their code is always running at root.
Yes, that makes me feel just so safe. Instead of explicitly shielding off all power, you give EVERYBODY FULL POWER. Does not add to security.
And is also true for Windows, the first part at least. You can't do that much as admin, since there's something higher (SYSTEM, note this is how it's supposed to be written).
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes.
How is this an advantage? You have a hell of a hard time creating C software with pascal strings, they are not easily manipulable, have the overhead of keeping the length up to date, are limited in length and most of all, I can still abuse them!
Try 0x7F 0xFF 0xFF 0xFF . I'm going to bet that your MacOS program will try to read 2GB of memory. Which it doesn't have, hence buffer overflow.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension).
Windows boxes running Webstar would too, but somebody didn't port it. Plus, unix doesn't execute anything not marked "executable". That says a hell of a lot more to me than a file type (although I'm a proponent of file types).
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing!
IE, you are totally incompatible. You can not copy an executable file to windows and back and still use it. That sounds really bad & stupid and it is very much not a security improving thing per se, but just plain incompatible for the point of being incompatible (or as they call it, "different").
4> Stack return address positioned in safer location than some intel OSes.
Such as at a random location? There is no location safe if you know where it is. Playing hide and seek is NOT going to help security. Search for "security through obscurity" and figure it out.
NB: you should probably go to 6 after 5, but that might just be a manifestation of thinking different.
7> There are less macs, though there are huge cash prizes for cracking into a MacOS based WebStar server (typically over $10,000 US).
Nobody cared enough about having a macos box to their disposal for anything, mainly because it's incompatible as hell. Why do you think that internet-connected supercomputers don't get hacked as often? Is it because Crays run operating systems that are better? Don't really think so.
8> MacOS source not available traditionally, except within apple, similar to Microsoft source only available to its summer interns and engineers, source is rare to MacOS. This makes it hard to look for programming mistakes...
Most hackers look for programming mistakes in binary code, since most companies (such as Microsoft) release only binaries. Also, hacks are determined about specific byte conditions in most programs, which means that even recompiling it using a slightly different compiler will make the exploit not work. So, Unix is a lot more safe (unix which you compile yourself, not redhat-style unix) than macos.
Have any more points? Preferably any that are harder to revoke than just a 3-second thought?
Like Symantec anti virus products :P Could not resist, sorry.
but most services can do this. you can choose who to run them as. if you've got problems with this, try SRVANY.EXE off the reskit, which lets you run any app as a service as the user of your choice on boot. a service wouldn't be much use if it had to run when a user was logged in, would it?
"Regardless, no mac has ever been rooted in history of the internet, except with a strange 3rd party tool in 1995."
Hahahaha. Nice. Stupendously inaccurate, but nice.
Give me just 1 OSX virus, i mean virus like it replicates and spreads itself, as powerful and widespread as the Sasser virus, and I will believe that Mac OSX is vulnerable. As I write this post there are 531 comments on the original post, it's not an underground topic. If someone wrote the first true modern present day OSX virus, it would be on every major news site from /. to cnn.com. The virus writer would be a hero to every mac-hating-PC-using troll on every fourm everywhere. Don't give me that "low market share" crap. If it is possible then prove it! All of us computer users that live in the real world know that Norton and McAfee and all the other anti-virus companies create viruses to sell software. If 1 million mac users buy anti-virus software for $40, it equals $40 million dollars. I don't care about market share,if I am an anti-virus company, I'll take any part of $40 million I can get!
I hate that way of putting arguments - if something will become more popular it will for sure have much more vulnerabilites. There is alot of people saying that for linux or mac, explaining that way security problems found in commonly used M$ products. The case of Apache - shows that it is plainly wrong - it the most popular product on the market and one of the most secure - so the difference is in good engineering.
In my 20 years of using and later supporing the mac, I have found far more crashes, bugs and system disasters caused by Symantec products than any other problems.
The autostart 9805 worm and homer on OS X combined don't even touch the amount of problems Norton causes. Hell, the Homer Simpson virus installed fewer kernel extensions, and it was easier to remove.
Practice safe computing: turn on the firewall, only install software you trust (and keep it up to date), use network client apps that don't suck, don't open any email attatchments you weren't expecting. Do these things and you will have very few problems. And the ones you do get will be tiny compared to what Norton will do to your mac.
A friend of mine just complained to me about his iMac... because he can't open .exe mail attachments, so he wants to buy a PC...
--- Back to the trees, back to the trees !
. . .it's droll, not a troll.
Dude, it's a freaking joke. See my response to your previous accusations of trollery.
It's not offtopic, dumbass. It's orthogonal.
Because it is a state of deep unconsciousness. The meaning of life, the universe, and everything is not primarily the result of the earth, to kill with sword, with hunger, with death... And by the it dept either i imagine this is kind of ridiculous. Oh, sure, malware on os x is possible and perhaps even really growing in numbers. But the problem is not spending money alone. It is spending the sweat of its laborers, the genius of its laborers, the genius of its scientists, the hopes of its. Linux philosophy is "laugh in the mirror with my eyes closed. I like to do things on the internet did not target the most popular target. Because you are the one asking all the other unix vendors, ships their systems in a (reasonably) secure state by default.
Because i'm on the internet did not target the most stupid person i've met all day. The earth is the basic living substance of all the other unix vendors, ships their systems in a (reasonably) secure state by default.
The malware problem on windows is not as smart as you. Apes are a lot higher.
LiveCDs are reasonably safe from being corrupted by viruses. The system that is. But it also means you can't install any new software.
You can achive the exact same effect on any linux system by simply keeping your system and your home directory on seperate partitions (always a good idea anyway) and mount the system partition as read-only.
If someone wanted to make a virus for OS X they could it wont be like those windows "Virus" but more like the traditional viruses of old. Where a program is infected it goes to your other executable programs and infects them to. And when you share a file it will spread. Oh you will say OS X doesn't have root access by default which is true the user will have to enter their password for the virus to spread to the OS level. But first a virus can do a lot of damage to the user's home directory and that is where they keep the bulk of the files they want to spread. Plus the default user is the Admin user who has enough access to infect the application level of many application. Then if the virus does attach itself to a program installer and it asks for your password a person will enter the password without thinking twice because so many apps ask for it when installing. It is still way better then Windows but it is still vulnerable.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I would have modded you up, but I didn't want to compromise your security. Seriously funny, man.
It's not offtopic, dumbass. It's orthogonal.
If I were to buy Norton Antivirus for Macintosh, can I expect it to, perhaps, look for that rootkit process and put up an alert box? Mmm...that's my $99.95 worth of sercurity!
No Symantec is really riding their cart down the FUD tunnel, as they've done the last ten years with Mac AV products.
From TFA: Out of curiosity, how does this differ to the Dell business model of "price over function" security-wise?
There's no 'on' position on the Slacker switch!
Man, that would have been funny if you hadn't totally blown it.
It's not offtopic, dumbass. It's orthogonal.
It's klowns like you who kan't seem to get it! k is two more than i! I't's much kooler and far more kromulent! I'll bet the knobs on your amp only go up to ten. You kentipede!
And here Apple just released a security update, and this only one month since the last.
(tig)
Ignorance and prejudice and fear
Walk hand in hand
The only exception to this is if you deliberately enabled the root account and are logged in as root.
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
The point is not that Apple is the ultimate entity for deciding what goes into OS X. That point is redundant. Linus is the ultimate authority for what gets in the linux kernel, he could decide, "You know what I don't want to patch the kernel sources to fixed this uber-r00tkit hack", but he has a vested interest. If Linux looks insecure then businesses won't use it. The same goes for Apple. They want in the business market more than anyone at the moment.
The point of this is that Apple, as a company, is not the only people audting the code of OS' various systems. For example, Who audits the IIS code, the MS IIS team. Who audits the code for the web server used in OS X, Lets see the Apache foundation, Apple, Various linux distro maintainers, Security professionals, whitehats, etc, etc. etc.... Who is the source of all IIS paches, MS. Apache patches could come from any of the above sources. I'm sure at some point in the not too distant future more patches will come directly from Apple and show up in the changelogs of various open source software packages. Especially now that apple isn't cranking out a new OS revision every year.
In the end it comes down to the closed vs. open source security argument. IMHO open source will ultimately be more secure.
Until one of these anti-virus software vendors can prove that their software is less harmful to Macs than the alleged/pending viruses, I'll continue to leave Virex 7.2 installed just to make the admin's happy, but sure as hell won't upgrade (again) to version 7.5.x, which causes innumerable and far-reaching problems. It has always been the case and continues to be the case, that on Macs, virus protection software is far more harmful than the alleged viruses they allegedly protect against.
--- What?
Netcraft confirms that memes are dying!
...OSX finally getting the recognition it deserves!
;)
(Is it possible to pre-moderate your posts a Flamebait as you post them??
well what do you know. Symantec wants the apple pie as well... First they warn then they will jump up and down about the dangers... silly tactics.
But I guess the trendy Mac heads will fall for it.
Thank goodness for level headed professionals like you. The problem with zealots is that they are in love with their OS. What's wrong with that? Love is blind.
Just like all those innately secure programs behind the firewall!!
Brilliant.
Ironically, you got the last part right.
It's a question of population size. As I said, Windows has certain processes that HAVE to be running. So any attack you can write against them has high value because it will be able to get all the people without firewalls (which may never even have been breached otherwise!!).
Now consider the services of a UNIX system which are all off by default. What do you write a virus against? There's no good choice since there are not many of any one service to attack.
That is the difference. One of passive security vs. active security. And if you can't understand that, then god help you - because Microsoft certainly wont.
And where are the people gunning for the Mac now? All YOU have to go by is a report - from a company that sell virus software! Looks like my nose is working just fine thanks and you can't see trhe brew for the waist deep pile of beans that surrounds you.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So suck it again all you Liberal Losers!
Look, I'll make this short: I'm a non-grunt Symantec employee. NAV is crap, and I can't figure out what NAV on OSX is actually looking for. It's just scare-ware. We're dealers to people with a predisposition for addiction, and your discounted copy of NAV is a dime-bag.
Imagine that Windows is a house with the roof shingles installed upside down creating pockets for rain, and UN*X including OSX has a properly-installed roof. NAV is a subscription service for a new bucket of Henry's roof patch every week. (SP2 is a nice tarp in this analogy, but it's still just a mask for terrible security arcitecture.) On windows, the "roof patching" quickly becomes the main activity of the system. On OSX, not so much. The threats/vulns just arent there (yet), and the underlying architecture is basically sound. NAV-OSX just wastes cycles IMHO. Shit, a tripwire-for-dummies install would be a lot more useful.
Personal note: I'm provided a fully-Symanticised WinXP system to use for corporate email etc. And when I'm out of the office, I have to use Symantec's own amaturish VPN to connect to Notes ( of all godforsaken things...) sorry guys, four passwords to get into the main information repository of the company is four iterations of a single factor... This really shows how little Symantec collectively understands information security (as opposed to system security).
Yeah, I use a mac for personal stuff, and run my production (non-day-job) systems on Linux. Working for Symantec has taught me that the solution to endless repairs on a broken system is to get another system.
You're going to want to verify that claim about services.
I think we ought to have a poll for most overrated software package:
* Norton Antivirus
* Norton Utilities
* Daikatana
* Duke Nukem Forever
* Word 1.0 (froze regularly on my Mac)
* Windows 95, a.k.a. DOS Wrapper
Oh crap, you're right. I didn't notice until you pointed it out... :)
Fact: since 2000 my mom's iMac G3/400 with no antivirus software has been connected directly to a cable modem. She surfs where she wants, opens every email attachment that gets sent to her, clicks on pop-ups, downloads software, the whole bit.
Her computer is clean, and the only OS installation I have ever done on it are OS X upgrades. I've never reformatted it or even defragged it for that matter. Maybe one of these days something will compromise her machine. But I think 5 years of virus-free computing using a wide open machine is just cause to not bother with CPU-hogging, annoying antivirus software.
Am I a bit complacent? Maybe. I'll revisit that if and when she gets hit (or if I get hit with something on my own machine, which is behind a NAT router).
I do, photoshop, audio conversion and editing, website creation, and programming.
All of these functions have more programs available for PCs than macs.. I don't mind you guys modding me down as a troll because I wasn't trolling and what I said was true.. not my fault if you guys can't face reality.
(My mother and a few of my friends own macs so I know first hand their frustrations, but yet they are still mac loyalists which I don't understand).
To clarify - Services with open ports. By default OS X has no open ports. Indeed it does have services running...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
more programs? so what? you only need one good one. how about better programs? ah, you lose...
the website you link to is a gaming community. I think my original point is upheld.
They're not dodging the issue, they're just asking why it had to be brought up in such an asshat way.
Be at peace, my son.
"more programs? so what? you only need one good one. how about better programs? ah, you lose..."
How short sided of you, in reality, more programs = more decisions and more personal preference.
I would rather go to a store and be able to choose from 5 products than go to a store and see one product for each function.
You think that the only program you get to use is "the good one"? How Naive...
Actually my link is to a clan website that is for my friends and I, it also lists game servers that I run on Linux.. gamesi might add that were not even available for Macs until recently (if at all).
Yeah...with a Symantec product. Damn near as bad as HP printer software.
So now they're trying to scare mac users into buying their garbage? "Is your computer running too fast? Try our new and improved NAV for the mac."
I used Webstar under Os9. Really slowed my 600 MHz iMac down to a crawl and I kept having to shut it down when I wanted to run Podracer. It was very very easy to configure though, allthough I'm now sort of used to apache's httpd.conf, I sometimes long for a simple management interface like webstar had... It ran a great e-mail server too....
The Bigger The Headache The Bigger the Pill
The one true antivirus software will cause all your Windows-using co-workers to vanish in puffs of smoke.
:-). Now *THAT'S* luxury.
Much as the defogger on my Lexus clears the fog OUTSIDE the car and makes the roadway visible
corporations are more likely to use antivirus software and firewalls. At least the ones with things worth stealing will, beause they would have the money to pay consultants to secure their network for them.
Broadband systems bundle antivirus and firewall software to subscribers. The number of hardware routers are increasing, so chances are you will get into a braodband subnet only to find there is a hardware router between you and the victim, and they run antivirus and a software firewall behind their NATed PC.
A way around all this is to use the advertising ad with a browser exploit to install malware that hijacks a well known application and infect it, to bypass the software firewall and hope it does not run a checksum on software that is authorized to connect through it.
K5 is full of clowns like you, I was here before K5, and I found K5 to be full of groupthinkers and trolls. I refuse to go back there.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
They don't need services to invade your computer. They come in through email and websites you visit. So, unless you can't use email or webbrowsers on the mac, you have a problem.
Shifting target away from services? Excellent, for the case ofr UNIX systems is very good in regards to email or borwser attacks as well.
First of all, UNIX systems do not have the kind of virus delivering power that other email programs on Windows you MIGHT have some familiarity with deliver. No scripting support you see.
Yes problems could potentially come in via the browser just like IE. But because you are not running as a root user, there's only so far such programs can get before they are stopped. They can't really infect the core system in the same way as Windows and so even if any do get in through that vector they are easier to eradicate.
However browser attacks require the user to do something to activate them, whereas the scanning attacks can just sit there. and wait, and wait, and wait and wait. Also browser attacks are more tracable since they are hosted, whereas scanning attacks can come from any zombie you already have. So for the foreseeable future scanning style attacks will remain the largest virus problem. I do think Phishing will be the worst user problem altogether though, but it's kind of out of the domain of the computer really, though it can help.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Yes, if you find one - the difference is that on Windows any code you can get on the box can pretty much do anything it likes as admin since that's what most users are.
With OS X, you have to figure out a root vulnerability, get it on the box (again the hard part with no open ports by default) and then hope that exploit has not been patched. Hard enough to make it generally impractical - and that goes for Linux distros shipped wth open services disabled as well.
As much as you try to dance around the issue, it always boils down to active security vs. passive security, and defense in depth. Windows has a firewall, not really a comprehensive answer to security. OS X or Linux can be breached but to do so is progressivly harder depeneding on what level you are trying to breach. Windows is like an old twinky, somewhat crisp on the outside but with a soft gooey center that offers no resistance and is bad for most people. But they still eat them, so there you go.
Why you defend the twinky and the creamy evil within - hard to say. My bet is paid shill.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
... they wouldn't charge twice as much for it as they do for the Windows version.
How you like them Apples?
Civilization, the death of dreams.
the real reason that macs are becoming a target of malware is because of the terrible press that apple has been getting . lawsuits against students and bloggers alike, like it or not, 1 infinite loop has seemingly become a street in redmond, wa .
Either you didn't read a word I said or you are pretending I'm pretending. Did I ever say UNIX systems were invulnerable? Nope. Check back. Look hard, because it's not there. I am saying no external scanning exploit in going to work with no services with open ports running - that's a simple indisputable fact.
I am saying it's findamentially harder to invade a UNIX system, not that they are immune. I am saying that many UNIX security features are passive and require no automation to enforce. I am saying many things that you appear not to be reading, so what is the point? At least other people reading this may have been educated, which is as always my hope in responding to long chains of misguided FUD.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'm not really an OSX user, but I do have quite a bit of experience Linux and I know that they have the same base: UNIX. I know that in Linux all of the data pertaining to one user is stored in the /home/user directory. If the same hold true for Mac OSX, then couldn't you just eliminate all the spyware by cleaning out the /home/user/bin directory of all unwanted programs and then delete their associated files in the /home/user directory? Or is their a way for this malware to do a root level install and make it's home in the /usr/bin or similar directory? And how would they gain rool level access in the first place?! Sounds like user apathy to secure their boxes.
I'm sorry if I came off a little trollish. I just wanted to point out one of the main features of UNIX that should prevent any intervention in the form of malware ever being permanetly installed on the computer.
I was talking about a mixture, obviosuly having a greater understanding of the whole problem than yourself - I might point out that I also completed addressed the topic of malware and pointed out why even THAT was not much of a problem. But of course I guess you missed that as well. Grow up and admit when you are wrong instead of playing the "I can't see that" game.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Unix malware has been around for decades, but not to the degree Windows malware has arrived. Even the morris worm was nothing like what we have now. That is what I have said all along of course and your puny prehenstile brain cannot seem to grasp.
Your amazing ability to dig your head in the sand in the face of what is going on around you is staggering. Come out of your cave sometime and join the rest of us here in the present.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Sure, that's true - there's more windows malware out there than anything else. That doesn't change the fact that Unix malware has been around for ever and still exists. And OS/X is still going to be vulnerable. Try to swallow that reality. It might do you some good. But then again, it might not.
Excuse me - report back to me the REALITY of how many OS X malware/virus attacks there are RIGHT NOW. Since the answer is zero, I think it's safe to say that is superior to ten thousand (or whatever the runnign Windows count is).
Sure OS X will have viruses, which I have already said. But you must have been napping McFly during the earlier part where I explained exactly why they can't go as deep or as far as windows viruses. And someone talking about REALITY might just want to check into the current situation before he goes and puts his foot in his (no female would be so obstinatley idiodic as you are) mouth as you continue to be.
Keep going, and you can change your handle to the "energizer Bunny of Stupidity".
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The reality of existance of OS X viruses is prooved simply by Google. There are none now by the way.
If there is a virus, that someone has writeen but not yet released, then it does not count. Remember please that the topic at hand is the OS X install base, not just a single computer anywher eon the internet.
In fact your point ironically argues rather more strongly for just how good OS X really is in terms of security. Let's say there are Five viruses. Great. Why have they not spread? Why, it must be all the reasons I pointed out. So basically you are saying OS X is better at security than even I had imagined! Thanks, I will use that point in future argumetns with confused people such as yourself.
A bash shell that runs rm -rf is not a virus. That is a trojan. Your ignorance (or is it carelessness? Well, no matter) is astounding.
And how are you oging to haev Malware replace the kernel when it's not running as root? As Darth Vader once said, "I have you now!". It prooves beyond a shadow of a doubt that you simply are no longer thinking when you type and are just going through the motions.
Sure you could, possibly, find a hole in a service somewhere. But again that is a lot harder than on Windows where you are basically admin. But then I've been through all that before so why should you understand it now? You are just like a little tyke who keeps asking "why is the sky blue"? The difference is that you don't grow up and reach understanding.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Wow you're a moron. You're supposed to be proving the NON-existance of malware for OS/X. Not the existence of them.
Nonsense, I was merely pointing out how if there is no such Malware, my argment holds - and I win. And if there is some Malware, because it's not detectible - why I win even more.
I guess you didn't get the message - you loose no matter what. Or perhaps you did, and choose to ignore it - but since you have tread the path of utter ignorance thusfar, I see no reason to believe you've achieved enlightenment.
The really funny thing about your other point is that I said it was a trojan, which is in fact a sub-category of Malware - but as usually you fight to keep the argument on shifting grounds so you will not be swallowed by the sands of my sheer genius.
Do you ever get wrikly skin wallowing in your own ignroance that long?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Since you ignored about the only point I made I fail to see why reading the ill-informed and by now repetitive drek you are producing does anyone any good.
After all, I said if there is some malwhere, and we don't see real instances reported, then in fact OS X must be even more secuure than I had surmised. You've argued yourself into a very unpleasnant corner (for yoursaelf) and I'm afraid no amount of bickering over semantics will free you from it.
Even your bash script is a hypothectical example since you've not actually emailed it to an OS X user. All the way around you have been one of the more pitiful pro-MS camp people I have ever run across, though I'll give you one point for obstinance even though by now your permanent record is stained by your posts.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Smart thinking man, it's not been reported so it must mean no-one ca see it!! Oddly enough I have a stack of gold a mile high that no-one else can see either! But that and 50 cents will buy me a vup of coffee.
I also like the truth - and a heavy dose of reality which you seem to have lost your way from.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I am prooving "lack of annoyance", which is easier because there it is.
SHame on you, as a Linux/SOlaris admin you should know better than to continue this whole argument. I guess that's the difference between administering systems and building them. Fundamentially I simply understand what is going on at a deeper level, I suppose.
You just cannot fathom what I'm trying to say, that there can be malware but FOR ALL PRATCICAL PURPOSES, there is none. Which is easy to proove as no-one has reported any, which in fact is ther very definition of what I am saying.
Another spectacular loss for you I'm afraid! When your co-workers ask to go out for lunch do you spend three hours arguing that you shouldn't go to Subway because you MIGHT not be able to get a toasted bun?
"There is more worth loving than we have strength to love." - Brian Jay Stanley