Symantec: Mac OS X Becoming a Malware Target

tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.

there has NEVER been ANY exploits for MacOS EVER !

There has NEVER been ANY exploits for MacOS EVER !

I am talking about Mac OS not "os x",

Apple regulary leaves vulnerabilities in its Java from sun for MONTHS after a Windows fix is released, though windows was exploitable in browsers for over 4 months (yes months) before sun patched it in November. Apple patched theirs a couple weeks ago in feb 2005. (Yup, sad but true, but the exploit was trickier on mac OSX).

Despite many high profile web sites and servers using OS9 for many years, not one database entry in the large BugTraq database documents a remote explloit for Mac OS in the history of the internet.

Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.

The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.

http://uptime.netcraft.com/up/graph/?host=www.ar my .mil

http://www.google.com/search?q=army+webstar+"os- 9"

Check it out yourself. This entire post is full of factual citations and 100% facts.

No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.

Why?

Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.

In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.

That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers

This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.

Why is is hack proof? These reasons :

1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.

4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely.