Slashdot Mirror
Symantec: Mac OS X Becoming a Malware Target
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
Why does it have to be one or the other? From what I've found in OSX is that it can have style AND function.
Is that so wrong?
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Can someone out there tell me what the reality of the situation is? Do you really need anti-virus for OS X? In the research I've done I can't seem to find any references to real (as in active in the wild) OS X viruses.
We will be transitioning about 8 production Macs to OS X later this year, and I am wondering whether I need to concerned at this point. It doesn't seem like I do.
I also understand the possibility of exploits in some of the open source code used in OS X. I assume you deal with this the same as on any other OSes and patch it when the fix comes out.
Sometimes my arms bend back.
Mac products out the door again. I guess with Apple projected to take 5% of the market share they decided maybe it would a good idea if they actually started pushing Mac products.
"The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks."
It's a reason for sure, but the only reason? I think not!More like... nerdular nerdence!
Bad or non-existant passwords, crappy anti-virus software (Virex, I'm looking in your direction!), and a long-unchallenged (calm down, I mean by experience) belief that Macs would continue to be unaffected by this sort of thing always seemed like they'd rear their ugly heads one of these days. But on the other hand, why trust the exterminator when he says it's bound to be a big bug season?
So their only "real" proof that hackers are targeting OS X is a rootkit? Wow. The Symantic FUD, aka "we need to sell more versions of NAV for the mac" has been shifted up a gear.
In its seventh bi-annual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system.
Don't let this line fool you - it doesn't necessarily mean that OS X is inherently more secure than Windows, or Linux, or whatever. It can safely be said that the amount of resources being expended to identify and cure OS X vulnerabilities is at least somewhat smaller than those used for Windows, in rough proportion to OS X's much smaller market share. The lesser amount of pure research, plus the lesser amount of wild exposure, mean that there will be plenty security-wise in OS X that's missed. The truth won't really be known until OS X gains enough visibility to have as much as, or at least a fair chunk of, what Windows has thrown at it on a daily basis.
Obscurity isn't a permanent solution by any means, and here is the proof.
The coolest voice ever.
On MacOSX, most (all?) network services such as ftp, sshd, httpd... are turned off by default. And automatic software update (prompting the user) is on by default. That, coupled with a better security model from the ground up will ensure that the MacOS never becomes the trojan-infected mess that Windows has become.
Methinks that Symantec is propagating FUD to drum up sales...
a small program that
1) fool web browser to download without user notice
2) chmod itself ---x--x--x
3) excute itself!!!
I don't think that is possible at *nix systems
"Steve Jobs invented the world" -- Bill W. GATES
It will upset the frothing Linux zealots who keep insisting you cant have both - thats their excuse for liking a GUI (doesnt matter which - Gnome / KDE - take your pick) that is less intuitive to use than even Win95
The only real issue I have with OS X and viruses is with MCSFT Word macro viruses. Its worth having something that can sort those bad boys out because they can be spread to other users. I have one user who is constantly propagating macro-viruses, but I think I found the solution.
I'm moving him to Apple's Pages software.
Seems to handle doc files just fine, and no macro issues.
The WORST you could do is trash your user environment. NOT the OS.
Who cares about the OS? The OS can be reinstalled in about an hour. I have 40GB stored in my user environment. It gets backed up every day, but a virus, worm, or trojan that wiped out the user environment could cost me a days work without too much trouble. That's a much larger concern to me.
Quite simply, Microsoft's operating systems and applications are unique within the industry -- no, not just the industry, but almost unique in post-1989 history itself -- in the careless way they treat data as code. Nobody else would have deployed ActiveX, or deliberately made executing a mail attachment as easy as clicking on it.
I can believe MacOS (or any other platform) has its share of bugs that can be exploited, but you just can't find anything as dangerous-by-design as Windows. Windows will always (even as its marketshare fades) be a comparatively unsafe platform, relative to what is normal. It's not just about code quality, it's about amazingly dumb ideas, combined with business practices that resulted in a situation where users' happiness is not a significant market force.
And of course, there's the obvious counter-example: where are all the BIND and Apache worms? Talk about "sheer number of devices"!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Apple fans are the perfect audience. Most are technically non-savvy arty types who are easier to FUD.
Engineering is the art of compromise.
Yes, obsucrity is absolutly he only reason it hasn't been targeted. Remember malware comes in the front door, not the back one. It either piggybacks on an app you want, or simply is an app you want. Well you can't secure against that, OSes don't know by magic which apps are good and which are bad. If you have permissions to install apps, you can install ones that fuck the system up.
That's different than exploits, which rely on finding bugs in code. If the code has less bugs and/or less services where one could try to find them, it is more secure.
However, there's basically nothing you can do about malware other than make scanners for it and try to educate users. Without some kind of trusted computing, signed application deal, there's no way you can make an OS that only allows users to install safe apps, since there's no way to know what is and isn't safe.
Hell some people don't even care about spyware, they want their dumb little free screensaver or whatever and don't care if it spys on them. You can tell them it's bad and they'll just ignore you.
OS X gets fixes from whatever Apple decides to allow into it.
I don't get it? did anything bad happen to the Mac? what you're saying is that using non-Mac products can get you owned?
yes setting up a wireless network was maybe a bit stupid given such poor company security, but with that kind of bad IT administration something was bound to happen sooner or later.
also, look at how many Windows users don't think they need to understand security (the Windows box said is was more secure than ever!).
the moral here is that YOUR COMPANY SYSTEMS SHOULD BE DESIGNED TO BE SECURE in the first place so even the most retarded employee can't fuck everything up.
I hope you took the hint and moved everyone to Mac/linux. no? "fool me once, shame on you..."
The only exploit they point to is a rootkit... which is something you install *after* you've exploited the box... there are no active threats that any antivirus software will work aaginst.
This is like their attempt to talk up a manually-installed program that deleted all your files on the Palm as an exploit, to push their useless PalmOS antivirus. And then their Pocket PC antivirus actually caused people data loss from false alarms.
Until there's an active threat in the wild, AND it's been analysed and an identifying signature discovered, antivirus software's only result is to make your computer less stable and less reliable because of its deep hooks in the OS.
This is not to say that the OS is magically perfectly secure, but anything any AV company tells you about ANY platform but Windows, at the moment, should be taken with a sackful of salt.
No, the problem is that user was a raging moron. I've seen similar things happen with Linux users. Stupidity exists on all platforms.
Boobies never hurt anyone. - Sherry Glaser.
This just in: Noting that Apple's market share is starting to grow again, Symmantec sees an opportunity to pry some dollars out of Mac users by hyping a bunch of laboratory experiments.
Wow. Isn't that a surprise?
This article mentions *one* exploit from last year, and 37 alleged proof-of-concepts, none of which are detailed.
I understand as well as anyone that the Mac is not bulletproof, but this really smells a lot more like a press release than news... Methinks Symmantec must have a new product waiting in the wings.
// This is not a sig.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
Please, please please be sure to donate to the creators of this software (not only clamxav, but also clamav on which it is based). These folks work their butts off making our lives better (I cannot even imagine how many hours this software has saved when installed on a mail server (it hooks straight into amavis)), and I can't think of any free software more deserving of my money.
If you want to see more great, usable free software, donate! You can't imagine the impact you'll have.
The malware problem on Windows is not primarily the result of the system's popularity, no matter how many times Microsoft claims that is so. Early attacks on the Internet did not target the most popular system; rather, the most attacks have always targetted the easiest systems to crack. That started out with SunOS and, by the mid-90s, was Linux. (If you think Windows has much better penetration that Linux today, just think how much more lopsided the numbers were in 1995-2000 when Linux was the most popular target.) These days Windows systems are easiest by far because at this point they are the only systems which ship without basic filesystem protections (now that it finally has a halfway decent firewall, a mere five years after everyone else).
If Windows had basic filesystem protection enabled by default on all critical filesystem areas, mandated nonprivileged user accounts, and an installer that required a password, suddenly Windows wouldn't get infected every time you sneezed in its general direction.
Maybe the future will prove me wrong but I will be very surprised to find OS X malware become a serious problem no matter how popular the OS gets. I don't suspect that its users are any smarter, but the barriers are a lot higher.
jim frost
jimf@frostbytes.com
Yeah, yeah, there aren't any Mac viruses NOW... but don't even think we aren't writing some as we speak!!
Anyone who has used any Symantec product for any length of time can testify to that, on ANY platform. Symantec antivirus is crap. I have a license for it and I actually switched to AVG free because it was less of a bitch. For one thing, the autoupdater actually works.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Yes, a major reason it's safer is because OS X isn't targeted often due to the low market presence. But it's also a matter of effort versus payoff. By default, MacOS X has a much smaller attack surface than Windows, and even compared to most "stock" Linux distros. Virtually all server services are turned off by default on the Mac. Root is disabled. So to find a vulnerability and attack it takes a lot of effort, and then if you do so there are fewer Macs to take advantage of. So why not target Windows - it's easier!
I do know of people who've had their MacOS X systems compromised - but only among MacOS X Server users who've turned on services without knowing the implications, and then running them without the benefit of a firewall (because "everyone knows Macs are secure". Through bad setup and misconfiguration it's pretty easy to turn a server into "just another Unix box" that's just as vulnerable as any unpatched Linux server.
But that's not the default, and that's not how the client works. Hence at this time, Symantec is just blowing smoke and wondering why they don't sell any copies of NAV and Systemworks for Mac anymore.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
Correct me if I am mistaken, but the network was accessed through an unsecure wireless access point. Not his Mac Laptop? If that is correct, then this incident has nothing to do with OSX vulnerabilities. This is the fault of an unsecured wireless access point. Since there was no security in the first place, there was no breach in "security". Besides the fact that wireless accesspoints are not secure using WEP or WPA encryption schemes (IIRC my facts correctly). It wouldn't of mattered if it was a Lynksis, Netgear or Belken wireless access point instead of an Airport model. If no security measures were implemented the incident would of still happened. So, the post, however humorous, in a cynical sort of way, is F.U.D. However, there is no question that the person responsible for this incident was at fault due to misguided beliefs, namely: "all mac products being invincible".
If you're operating in a trusted environment with good system security, then protection isn't much of a concern.
True for people. True for computers.
I don't disagree with you in general, but could you please clarify what you mean about this more specifically? I realise that separating data and code is a big security thing, but I'm not particularly a security enthusiast beyond what I need to know.
As far as I'm aware, any system that supports scripting languages, Linux included (consider the number of scripts in your typical /usr/bin directory that'll be executed as root one day) is treating code as data and data as code. Things that are definitely executables can easily be kept protected in memory by an operating system, but not everything's obviously an executable.
Is the main difference here just that most scripting interpreters don't offer default access to volatile things like pointers, that might let a script get direct memory access?
Symantec has everything to gain by trying to drum up sales of Norton Antivirus for Macintosh -- Apple's got a distribution deal with McAfee for Virex (prior to which it was impossible to get a single-seat license for Virex), so they're potentially losing sales for every .Mac subscription that's purchased.
.Mac will pick up your product, since they can't get Virex separately. And at what Symantec is charging for their Mac version...
Convince people that the big bad monster is coming, and maybe they'll buy your product on top of it. Or maybe the users who have no interest in
It's reminiscent of the hullabaloo surrounding the "trojan" advisory Intego issued for OS X a couple years ago, arguably only to punch up sales of their VirusBarrier product.
Mac OS X will never be in as bad a position for malware as, say, Windows, because it is inherently harder to install unintended files on a system where multi-user is done right (as it is in Mac OS X). Not only does administrative privilege protect many things, but various network ports are closed by default, etc.
However, the Installer paradigm is still present on Mac OS X, for some software. Users should seriously question software that requires an installer with administrative privilege, as this is exactly the time a questionable file can be added to your system (and for that matter, gives software a free ticket to do certain other things).
I've sent a suggestion to Apple asking that it be more transparent what installers actually change in the system. I hope they take this seriously.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
The Mac and Airport he was using didn't cause the problem, it was how he had his Airport set up that caused the problem. He assumed, based solely on the fact these were Mac products, that he couldn't be to blame.