Slashdot Mirror
Symantec: Mac OS X Becoming a Malware Target
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
..but I already use an Antivirus for my Mac. Mind you I switched over from Windows a little under 1 year ago and since I use these machines for work I really didn't want to risk, even if it's 0.0001% of getting my work machine infected by a virus. All it could take is one sneaky website I visit to infect me, record information and I honestly wouldn't really know - mind you I doubt the Antivirus updaters would know about any Mac virus within 1 week of being lanched.
And no, I use McAfee. And it's not too bad, but then again I am biased as we bundle McAfee with systems.
I have been using Mac's for 8+ years now, I even orderd my Cube on a Dreamcast, and have never had a virus or malware... so you can put me in the "believe it when i see it" catagory.
Maybe Symantec is trying to draw attention to generate more business for themselves because there certainly haven't been any viruses released yet on OS X that Symantec provides any real protection for - so I wonder, what information could they be basing their statement on? Secret contacts with the hacker community? Certainly nothing public...
The protection will come from such sexily named files as Security Update 2005-002 and Security Update 2005-003 distributed courtesy of Apple Inc.
In my experience (as support staff for the Humanities Div of a university), far and away the most common virus issue with Macs is that they can be a carrier for Word macro viruses. Beyond that, you just have to keep an eye on users turning on services without knowing what they're doing (or using decent passwords). On the one hand, it's better to be safe than sorry, and just install an anti-virus package, but frankly, the need has been so slight that mac AV packages tend to be a mess.
I admin a sound studio with 10 macs and two windows machines. Nine run X.3 and one runs 9.2.2. The two windows machines run GigaStudio and are never, and will never be connected to the internet. I run antivirus software on the macs connected to the internet, and nothing has ever come up in a scan. Ever. I have run every single single version of X since 10.2.1 and they all stayed clean.
As for patching, I patch manually, because of quirks in all the audio software we run, but OS X will patch automatically if you set it up to. you will be manually installing patches for any apps not distributed by apple, but all of Apple's stuff will update automatically.
Sig (appended to the end of comments you post, 120 chars)
There may have been 37 alleged vulnerabilities identified in MacOS X, but there have been ZERO exploits of those vulnerabilities. Apple has often released patches within 48 hours of discovery of a vulnerability.
At the current time, there are NO known exploits for MacOS X. NONE.
Anyone who has been a Mac user for any length of time and has used Symantec products can testify to the horrid filthy mutilated piece of code that is a Symantec product on the Mac.
This is NOT A TROLL.
I have seen (and experienced myself) Symantec products CAUSE more problems than they fix (if they are even successful at fixing any) on the Mac platform.
I pity the poor soul who has no experience with Symantec on the Mac and falls for this pathetic ad piece.
First off, check and make sure popup blocking is enabled. I only see MAYBE one popunder a week, if that (and add the offending site to my mental blacklist, never to be visited again.) Go to the Safari menu and make sure there's a check next to the "Block Pop-Up Windows" item.
Secondly, yes, Konfabulator can really bog down a system if you have too many widgets running. They eat up memory and CPU power, even sitting idle. I have seven I keep open with little peformance imapct, but that's on a Dual 2Ghz G5. If you haven't discovered it yet, Activity Monitor (in Applications/Utilities/) can be very useful in tracking down where your CPU cycles and memory are going. It even lists all the Konfab widgets seperately, though it doesn't tell you which one is which. So if there's a widget that's being a hog, it'll let you know!
I'd bet that it's a low memory issue, Apple has a tendency to shortchange the memory in their systems, especially consumer level stuff like the iBook & iMac. Running OS X on less that 512MB will bring things to a snail's pace frequently, so a simple memory upgrade might help greatly.
Update reguarly/automaticly, and keep an eye on an OS X site or two to stay abreast of things, and you'll be fine.
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
10 years on the Internet, 24x7 for eight of those years. No antivirus. Not a single infection....
I do install one copy every few years to verify this personal protest against virus company scare tactics
I agree this will be a good test of the out-of-the-box security of Apple. Actually, I believe that out of the box, Apples are ironclad secure. They start with no services turned on by default. There are no Microsoft-like ActiveX analogous components that allow viruses to replicate if you do something innocuous-sounding like read email or run a word-processor. About the only service that is password-free is Software Update, but that is a client, not a server. If users turn on sshd and choose a poor password, they may well be attacked. This will probably rarely happen, since most people enabling ssh will be aware of the risks of poor passwords, and not really complain if attacked. I think this is just FUD for marketing.
Currently hooked on AMP
If someone can get root on a mac you can install a root kit. But youhave to get root first. It's not good enough just to get user level or even admin user level. You have to get the admin user to enter their password to elevate to root.
The ppc played role too as I have read that until last year there was no widely know compact way to exploit a buffer overflow to execute arbitrary code. I beleive that is now solved and published so one might see these cropping up. :-(
Since the security model is better you dont have problems like active-X waiting to ruin your day, or auto execute on mous-over e-mail subject lines, or registry changes needed to install applications. Or other bonkers stuff.
But despite all the default security, nothing will stop a determined used from trojaning themselves good and hard. And if they are admin and enter their password your rooted. Nothing will withstand unrestricted physical access either. You can at least ward off limited physical access by using the firmware password but this can be overridden by a determined user.
and of course there have been security holes and always will be. SSH, quick time, and even JAVA had had security holes. Fortunately no one has manged to exploit these before apple fixed them and given apples default services-off settings and lack of root access, its going to be harder for these things to spread like wild fire.
on the other hand Macs are very homogenous so once a virus does finally break loose, if it can get in without requiring any services its going to spread quickly.
Some drink at the fountain of knowledge. Others just gargle.
http://mac.softpedia.com/get/Antivirus/ClamXav.sht ml
bo
bad_outlook
--
Is this vague enough for you?
This whole market share angle is mostly bogus. There is what, about 10 million OS X users? Why hasn't there been a worm (or trojan, anything!) attacking them? Witty has a very successful worm: it hit all 12,000 vulnerable hosts.
How can you say 10 million is too small? The population of Canada (where I live) is about 33 million. The installed OS X based is then (about) 1/3 the population of Canada. That's not far from the population of New York city (~15M).
If a worm can hit only 12,000 hosts like Witty did and be called "successful" (it was basically a 100% infection rate), then surely the OS X population is vulnerable.
John Gruber has some articles on this.
Nope, merely visiting a website with a malformed quicktime file will do it. At least with OS X and most modern Linux distributions you can connect a newly installed system the internet without a firewall and download patches. It used to be that in Windows 2000 you could set required services (servers) like DCOM and RPC to listen on localhost only but that feature was removed from XP so the only way to prevent DCOM or RPC from binding to interfaces connected to the internet is a software firewall. Completely disabling bind_interfaces_only functionality in XP was dumb even by Microsoft standards.
Neither (except if you're dumb enough to not have installed Windows XP SP2)
My point is that Windows needs special steps to be _protected_;
Actually, in SP2 it doesn't. The XP firewall is turned on by default in XP2. In SP1, all you needed to do was turn on the firewall for a connection in the Network Connections control panel.
Now as far as local security goes, I agree with you; there are some nasty local security exploits. Microsoft is to blame for much of the security issues, but also a major part of the problem is third-party developers! It would help if application developers would realize that Windows is a multi-user system and actually follow Microsoft's reference guides for how to program in this environment instead of forcing the user to be an Administrator to actually use their program. Windows has been multi-user for years, and application developers still haven't caught up. Why do I have to be an Administrator to run a game? Bad programming, that's why! Not even Norton AV gets this right (scheduled scans do not run for non-administrators and a non-administrators are told that Live Update is off even if it is actually turned on). The only program that I've see actually try to do something about this is Nero, which has a program to set up a group to enable burning by non-administrator accounts, but even this is a special download that is not part of the regular install. This needs to change; developers need to start using the Windows multi-user environment correctly.
In summary, Microsoft provided the ability to make the system more secure using non-privileged accounts and groups like every other major OS, but application developers are not taking advantage of it. I always run as a non-privileged user, and I am getting sick of applications that have no reason to need administrator privileges not running correctly.
Show me on the doll where his noodly appendage touched you.
SP2 is a lot more secure. But even now lots of people are installing from copies of SP1. Yes Windows can be made secure, but it takes that little bit of extra effort - and if the firewall is ever compromised (like malware turning it off) you are quite screwed. OS X needs no firewall to stay quite happily connected without security issues because it does not ned any services running to function.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Windows because Apple, like all the other UNIX vendors, ships their systems in a (reasonably) secure state by default.
Really?
I just installed XP Pro and ActiveX was off by default and the firewall was turned on by default. And it yelled at me for not having AV software installed. (F-prot all the way!)
https://www.accountkiller.com/removal-requested
So, can you modify files in c:\windows in that XP installation? Yes? Then the system is an open book to anything that can get even a toehold.
jim frost
jimf@frostbytes.com
Last I checked, out of the box machines come with SP2, which fixes most such vulnerabilities, and have a firewall enabled by default. In addition, the latest desktop and server versions of Windows come with very few services enabled by default. It's also been a LONG time since any Microsoft email program ran worms without user interaction. And finally, if you take security so seriously, why don't you filter viruses in messages on your mail server, patch your mail clients, install client-side virus scanners, or TRAIN your users?
IE sucks for security, but that doesn't seem to be part of your argument. Please play again later.
Not any more. It was changed in Panther I believe. The default is now bash
seSales, Point of Sale software for OS X.
Really old post. A quick bit of googling reveals:
i d=6734660 from Aug 19, 20038 308 from Jun 12, 2003a dvocacy/msg/7a80fe09794d6331 from Jan 12, 20031 155 from Nov 26, 20029 006 from Aug 4, 2002
http://books.slashdot.org/comments.pl?sid=75257&c
http://slashdot.org/comments.pl?sid=67477&cid=618
http://groups-beta.google.com/group/comp.sys.mac.
http://slashdot.org/comments.pl?sid=45793&cid=476
http://slashdot.org/comments.pl?sid=37389&cid=400
And I seem to recall seeing it floating around long before then. If anyone knows of the original, please respond. Also, if the original troll could please fix the numbering? 4 isn't supposed to repeat again after 5 and before 7, I'd greatly appreciate it.
If it's possible, then it is *very* fucking new.
It's been there since Windows NT, although the configuration was different in NT.
Show me on the doll where his noodly appendage touched you.