Slashdot Mirror
Symantec: Mac OS X Becoming a Malware Target
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
Is it really true that the only thing protecting Macs thus far has been their smaller by comparison presence on the Internet? Is there nothing to be said for the inherent security or insecurity of a particular platform? This is the kind of argument that free operating systems get against their security all the time. It'll be interesting to see whether the Mac platform can stand up to increased attacks. If it does, this might help convince people that some platforms really are more secure than others.
Try this experiment: install OS X and connect to the Internet. Leave it connected for a week. Now install Windows and connect to the Internet. Leave it connected for 30 minutes. Which one will be hacked? My point is that Windows needs special steps to be _protected_; Mac OS X requires special hacking and other circumstances to become _vulnerable_. The QuickTime ruse you refer to no doubt requires some social engineering to make work... that's just a guess on my part. Am I right?
Furthermore, the buffer overflows in quicktime do not afford an attacker root priviledges, do they? And when vulnerabilities are found, Apple, unlike Microsoft, so far anyway, has a great record of fixing them immediately. Apple has a great record on security in OS X. You are not going to see a flood of crippling, disabling OS X attacks like you see every couple of months with Windows viruses that take out our whole email system at work from time to time. Hacking an OS X box is HARD.
Currently hooked on AMP
Actually, there was an exploit, once.
It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.
I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.
The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.
~Philly
I started a company a few months ago that's building consumer software that runs on MacOS X and Windows (and Linux, etc., eventually). Our strategy is to build the core in tight C code, and then build platform-specific applications in the appropriate language, so the result is a great ObjC Mac app, a great C++ Windows app, etc. While I like Java, Ruby, etc., our goal is to make the app small and efficient, so asking people to install 30 MB runtimes is out. Interestingly, it was easy to recruit first-class Mac and Java (server) developers, and nearly impossible to recruit a really great Windows developer. It turns out that the best CS students are _all_ working in modern cross-platform environments (e.g. Java, Python, Ruby), most use Mac's, almost none are using C++, and nobody even _considers_ writing Windows applications any more. While this is kinda neat in one respect, it's a bit surreal that the vast majority of great developers won't write software that runs natively for the platform on 95% of desktops. Weird.
Enable 3D printed prosthetics!