Slashdot Mirror
Symantec: Mac OS X Becoming a Malware Target
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
Why does it have to be one or the other? From what I've found in OSX is that it can have style AND function.
Is that so wrong?
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Can someone out there tell me what the reality of the situation is? Do you really need anti-virus for OS X? In the research I've done I can't seem to find any references to real (as in active in the wild) OS X viruses.
We will be transitioning about 8 production Macs to OS X later this year, and I am wondering whether I need to concerned at this point. It doesn't seem like I do.
I also understand the possibility of exploits in some of the open source code used in OS X. I assume you deal with this the same as on any other OSes and patch it when the fix comes out.
Sometimes my arms bend back.
Mac products out the door again. I guess with Apple projected to take 5% of the market share they decided maybe it would a good idea if they actually started pushing Mac products.
Is it really true that the only thing protecting Macs thus far has been their smaller by comparison presence on the Internet? Is there nothing to be said for the inherent security or insecurity of a particular platform? This is the kind of argument that free operating systems get against their security all the time. It'll be interesting to see whether the Mac platform can stand up to increased attacks. If it does, this might help convince people that some platforms really are more secure than others.
..but I already use an Antivirus for my Mac. Mind you I switched over from Windows a little under 1 year ago and since I use these machines for work I really didn't want to risk, even if it's 0.0001% of getting my work machine infected by a virus. All it could take is one sneaky website I visit to infect me, record information and I honestly wouldn't really know - mind you I doubt the Antivirus updaters would know about any Mac virus within 1 week of being lanched.
And no, I use McAfee. And it's not too bad, but then again I am biased as we bundle McAfee with systems.
That's great!
/usr/ports/malware
Once they have it for OSX it must be fairly easy to port it to FreeBSD. I guess they might have to add a new category in the ports:
gee wonder why Symantec, an antivirus and firewall maker, would say such a thing...
Some people believe 1-1=3 and for the sake of being politically correct, we should respect their differences
I have been using Mac's for 8+ years now, I even orderd my Cube on a Dreamcast, and have never had a virus or malware... so you can put me in the "believe it when i see it" catagory.
Is that so wrong?
Yes. Now, back to the bash prompt with you, heathen, and may the glistening tentacles of Aqua and Luna never intrude upon your conscience again!
(I kid, I kid. Luna doesn't glisten.)
The coolest voice ever.
"The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks."
It's a reason for sure, but the only reason? I think not!More like... nerdular nerdence!
"style over function" Yeah, like the "style" of increased security. In some sick way I hope that OSX becomes a target so we can finally know the answer to whether OS X has limited security issues due to its user base or design.
Bad or non-existant passwords, crappy anti-virus software (Virex, I'm looking in your direction!), and a long-unchallenged (calm down, I mean by experience) belief that Macs would continue to be unaffected by this sort of thing always seemed like they'd rear their ugly heads one of these days. But on the other hand, why trust the exterminator when he says it's bound to be a big bug season?
So their only "real" proof that hackers are targeting OS X is a rootkit? Wow. The Symantic FUD, aka "we need to sell more versions of NAV for the mac" has been shifted up a gear.
Symantec Anti-Virus OSX Version 1.0:
Please upgrade to signature file 032105.sgn, your current version only detects 3 viruses, however the new signature file finds and cleans 5 different viruses.
I think that if anything, this would boost sales of Apple's .Mac Service which includes a copy Virex.
Shades of Grayden
If I'm not mistaken, doesn't OS X log you in as a non-root user? And if that's the case, isn't the regular user (as in Linux and other Unixen) unlikely to do major damage to the system?
DBA? Software Engineer? My company is hiring! Click
Maybe Symantec is trying to draw attention to generate more business for themselves because there certainly haven't been any viruses released yet on OS X that Symantec provides any real protection for - so I wonder, what information could they be basing their statement on? Secret contacts with the hacker community? Certainly nothing public...
The protection will come from such sexily named files as Security Update 2005-002 and Security Update 2005-003 distributed courtesy of Apple Inc.
In its seventh bi-annual Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system.
Don't let this line fool you - it doesn't necessarily mean that OS X is inherently more secure than Windows, or Linux, or whatever. It can safely be said that the amount of resources being expended to identify and cure OS X vulnerabilities is at least somewhat smaller than those used for Windows, in rough proportion to OS X's much smaller market share. The lesser amount of pure research, plus the lesser amount of wild exposure, mean that there will be plenty security-wise in OS X that's missed. The truth won't really be known until OS X gains enough visibility to have as much as, or at least a fair chunk of, what Windows has thrown at it on a daily basis.
Obscurity isn't a permanent solution by any means, and here is the proof.
The coolest voice ever.
On MacOSX, most (all?) network services such as ftp, sshd, httpd... are turned off by default. And automatic software update (prompting the user) is on by default. That, coupled with a better security model from the ground up will ensure that the MacOS never becomes the trojan-infected mess that Windows has become.
Methinks that Symantec is propagating FUD to drum up sales...
From what experience I've had with Norton antivirus for the PC, it does more damage to performance (network latency and throughput, memory and processor usage) than most malware. I've never installed it myself, just seen it on other people's PCs. I might just have wrong/incomplete experiences, but I think that their software is bloated crap with a horribly confusing UI. If I had a Mac OS X, I would prefer to have a command-line controlled utility which I never have to see, which runs as a service, updates transparently and can be fully controlled using plaintext configuration files. NOT anything remotely like Norton for the PC. Virex might not be good, but unleashing the pestilence of Norton upon the Mac is... cruel. Isn't there something like a chkrootkit in Darwin ports or Fink?
That is correct, but you have to admit that the data a user has (work, music, etc.) is likely to be far more important than the OS. I can reinstall my OS X and apps and recompile my OSS software in a day, but if I loose my source files, I'm in a world of hurt.
a small program that
1) fool web browser to download without user notice
2) chmod itself ---x--x--x
3) excute itself!!!
I don't think that is possible at *nix systems
"Steve Jobs invented the world" -- Bill W. GATES
It will upset the frothing Linux zealots who keep insisting you cant have both - thats their excuse for liking a GUI (doesnt matter which - Gnome / KDE - take your pick) that is less intuitive to use than even Win95
The only real issue I have with OS X and viruses is with MCSFT Word macro viruses. Its worth having something that can sort those bad boys out because they can be spread to other users. I have one user who is constantly propagating macro-viruses, but I think I found the solution.
I'm moving him to Apple's Pages software.
Seems to handle doc files just fine, and no macro issues.
The WORST you could do is trash your user environment. NOT the OS.
Who cares about the OS? The OS can be reinstalled in about an hour. I have 40GB stored in my user environment. It gets backed up every day, but a virus, worm, or trojan that wiped out the user environment could cost me a days work without too much trouble. That's a much larger concern to me.
There may have been 37 alleged vulnerabilities identified in MacOS X, but there have been ZERO exploits of those vulnerabilities. Apple has often released patches within 48 hours of discovery of a vulnerability.
At the current time, there are NO known exploits for MacOS X. NONE.
Anyone who has been a Mac user for any length of time and has used Symantec products can testify to the horrid filthy mutilated piece of code that is a Symantec product on the Mac.
This is NOT A TROLL.
I have seen (and experienced myself) Symantec products CAUSE more problems than they fix (if they are even successful at fixing any) on the Mac platform.
I pity the poor soul who has no experience with Symantec on the Mac and falls for this pathetic ad piece.
First off, check and make sure popup blocking is enabled. I only see MAYBE one popunder a week, if that (and add the offending site to my mental blacklist, never to be visited again.) Go to the Safari menu and make sure there's a check next to the "Block Pop-Up Windows" item.
Secondly, yes, Konfabulator can really bog down a system if you have too many widgets running. They eat up memory and CPU power, even sitting idle. I have seven I keep open with little peformance imapct, but that's on a Dual 2Ghz G5. If you haven't discovered it yet, Activity Monitor (in Applications/Utilities/) can be very useful in tracking down where your CPU cycles and memory are going. It even lists all the Konfab widgets seperately, though it doesn't tell you which one is which. So if there's a widget that's being a hog, it'll let you know!
I'd bet that it's a low memory issue, Apple has a tendency to shortchange the memory in their systems, especially consumer level stuff like the iBook & iMac. Running OS X on less that 512MB will bring things to a snail's pace frequently, so a simple memory upgrade might help greatly.
Quite simply, Microsoft's operating systems and applications are unique within the industry -- no, not just the industry, but almost unique in post-1989 history itself -- in the careless way they treat data as code. Nobody else would have deployed ActiveX, or deliberately made executing a mail attachment as easy as clicking on it.
I can believe MacOS (or any other platform) has its share of bugs that can be exploited, but you just can't find anything as dangerous-by-design as Windows. Windows will always (even as its marketshare fades) be a comparatively unsafe platform, relative to what is normal. It's not just about code quality, it's about amazingly dumb ideas, combined with business practices that resulted in a situation where users' happiness is not a significant market force.
And of course, there's the obvious counter-example: where are all the BIND and Apache worms? Talk about "sheer number of devices"!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
10 years on the Internet, 24x7 for eight of those years. No antivirus. Not a single infection....
I do install one copy every few years to verify this personal protest against virus company scare tactics
Apple fans are the perfect audience. Most are technically non-savvy arty types who are easier to FUD.
Engineering is the art of compromise.
Um...yeah. Can you say "Oops"? Now they've responded with some vague fears, but that's just to stir up some sales, as everyone has already guessed.
Next anti-virus companies will start writing their own viruses in order to drive up sales. Sheesh.
Electric Monkey Pants
I said the same thing about my ex before she gave me herpes. =(
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
If someone can get root on a mac you can install a root kit. But youhave to get root first. It's not good enough just to get user level or even admin user level. You have to get the admin user to enter their password to elevate to root.
The ppc played role too as I have read that until last year there was no widely know compact way to exploit a buffer overflow to execute arbitrary code. I beleive that is now solved and published so one might see these cropping up. :-(
Since the security model is better you dont have problems like active-X waiting to ruin your day, or auto execute on mous-over e-mail subject lines, or registry changes needed to install applications. Or other bonkers stuff.
But despite all the default security, nothing will stop a determined used from trojaning themselves good and hard. And if they are admin and enter their password your rooted. Nothing will withstand unrestricted physical access either. You can at least ward off limited physical access by using the firmware password but this can be overridden by a determined user.
and of course there have been security holes and always will be. SSH, quick time, and even JAVA had had security holes. Fortunately no one has manged to exploit these before apple fixed them and given apples default services-off settings and lack of root access, its going to be harder for these things to spread like wild fire.
on the other hand Macs are very homogenous so once a virus does finally break loose, if it can get in without requiring any services its going to spread quickly.
Some drink at the fountain of knowledge. Others just gargle.
Despite many high profile web sites and servers using OS9 for many years, not one database entry in the large BugTraq database documents a remote explloit for Mac OS in the history of the internet.
.mil
:
Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.
The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.
http://uptime.netcraft.com/up/graph/?host=www.ar my
http://www.google.com/search?q=army+webstar+"os- 9"
Check it out yourself. This entire post is full of factual citations and 100% facts.
No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.
Why?
Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.
In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.
That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers
This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing, nor are there lame single 'x' executable bits! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with dat
What did he do?
He hooked up an Airport wireless station to the network so he could use his "invulnerable Mac" from anywhere in his roomy office. But didn't encrypt anything. So he opened up the whole office network to a wireless node that anyone could log into.
In a shipyard.
Near a military base.
Surrounded by vacant lots in a bad part of town.
So... when we got to the office, every Windows machine was compromised, the DSL router had been reconfigured to DNS in Taiwan (because it had the default password), servers had all their root passwords changed, and there was steady traffic from who knows what back and forth. It was a mess. We ended up having to do a full DnR on all the servers and workstations (luckily, it was a small office, so it was only 6 machines).
Yes, his iBook was FINE. His "invulnerable Mac" was just GREAT! I doubt there was a single compromised thing on his creamy white laptop.
And he kept saying, "My Mac can't be hacked into, you Windows folks don't know a damn thing about how great the Mac is."
"Good thing I use Linux, then," I said, trying to capture and trace packets from my Knoppix-STD Live CD. "Care to tell me how to explain to your boss why you exposed the corporate network to an unsecured wireless connection?"
"But... you don't understand, it's a Mac! It doesn't do those things..."
When I finally sat him down and explained what the Airport does, he turned real pale. And quit a week later. He assumed because it was "an invulnerable Mac," that meant he didn't have to understand security.
Man, what a mess that was.
The popular ClamAV for Mac OS X. http://www.clamxav.com/. Free!
and now, Norton and all the rest are looking to Apple and Linux to be insecure.
While Apple, Linux, BSD, etc. have their security issues, it does not really start to compare with MS. In addition, it is safe to say that an anit-virus is NOT the solution to a Non-MS problem. All of the *nix have various issues, but in the end, the single biggest one is getting an auto updater running for security issues. IOW, the largest threat to MS (Unknowledgable, lazy, or incompatent admins) is also the largest threat to all other systems.
I prefer the "u" in honour as it seems to be missing these days.
http://mac.softpedia.com/get/Antivirus/ClamXav.sht ml
bo
bad_outlook
--
Is this vague enough for you?
This whole market share angle is mostly bogus. There is what, about 10 million OS X users? Why hasn't there been a worm (or trojan, anything!) attacking them? Witty has a very successful worm: it hit all 12,000 vulnerable hosts.
How can you say 10 million is too small? The population of Canada (where I live) is about 33 million. The installed OS X based is then (about) 1/3 the population of Canada. That's not far from the population of New York city (~15M).
If a worm can hit only 12,000 hosts like Witty did and be called "successful" (it was basically a 100% infection rate), then surely the OS X population is vulnerable.
John Gruber has some articles on this.
I try sticking to the bash prompt, but I keep seeing Safari through the translucent Terminal window and coming back to check Slashdot.
Maybe I'm doing it wrong.
Yes, obsucrity is absolutly he only reason it hasn't been targeted. Remember malware comes in the front door, not the back one. It either piggybacks on an app you want, or simply is an app you want. Well you can't secure against that, OSes don't know by magic which apps are good and which are bad. If you have permissions to install apps, you can install ones that fuck the system up.
That's different than exploits, which rely on finding bugs in code. If the code has less bugs and/or less services where one could try to find them, it is more secure.
However, there's basically nothing you can do about malware other than make scanners for it and try to educate users. Without some kind of trusted computing, signed application deal, there's no way you can make an OS that only allows users to install safe apps, since there's no way to know what is and isn't safe.
Hell some people don't even care about spyware, they want their dumb little free screensaver or whatever and don't care if it spys on them. You can tell them it's bad and they'll just ignore you.
The only exploit they point to is a rootkit... which is something you install *after* you've exploited the box... there are no active threats that any antivirus software will work aaginst.
This is like their attempt to talk up a manually-installed program that deleted all your files on the Palm as an exploit, to push their useless PalmOS antivirus. And then their Pocket PC antivirus actually caused people data loss from false alarms.
Until there's an active threat in the wild, AND it's been analysed and an identifying signature discovered, antivirus software's only result is to make your computer less stable and less reliable because of its deep hooks in the OS.
This is not to say that the OS is magically perfectly secure, but anything any AV company tells you about ANY platform but Windows, at the moment, should be taken with a sackful of salt.
...finds and cleans 5 different viruses which exploit vulnerabilities that were all patched in the latest point release of OS X 10.2 and 10.3.
This just in: Noting that Apple's market share is starting to grow again, Symmantec sees an opportunity to pry some dollars out of Mac users by hyping a bunch of laboratory experiments.
Wow. Isn't that a surprise?
This article mentions *one* exploit from last year, and 37 alleged proof-of-concepts, none of which are detailed.
I understand as well as anyone that the Mac is not bulletproof, but this really smells a lot more like a press release than news... Methinks Symmantec must have a new product waiting in the wings.
// This is not a sig.
and it kinda sucks. Every now and again (and not when it is scanning) it just takes over all the CPUs attention. So you kill it and then it comes back. So you kill it and then it comes back. So you disable it and this story comes out.
Looks like this is my fault. Sorry.
This
The malware problem on Windows is not primarily the result of the system's popularity, no matter how many times Microsoft claims that is so. Early attacks on the Internet did not target the most popular system; rather, the most attacks have always targetted the easiest systems to crack. That started out with SunOS and, by the mid-90s, was Linux. (If you think Windows has much better penetration that Linux today, just think how much more lopsided the numbers were in 1995-2000 when Linux was the most popular target.) These days Windows systems are easiest by far because at this point they are the only systems which ship without basic filesystem protections (now that it finally has a halfway decent firewall, a mere five years after everyone else).
If Windows had basic filesystem protection enabled by default on all critical filesystem areas, mandated nonprivileged user accounts, and an installer that required a password, suddenly Windows wouldn't get infected every time you sneezed in its general direction.
Maybe the future will prove me wrong but I will be very surprised to find OS X malware become a serious problem no matter how popular the OS gets. I don't suspect that its users are any smarter, but the barriers are a lot higher.
jim frost
jimf@frostbytes.com
This is such a deep insightful article! Do I understand it correctly? Here's what I think it says:
A virus proctection and half-ass security company says that as the marketshare of one of the platforms it supports increases so should sales for the products it creates for that platform.
Did I get that correct?
-- force and mind are opposites; morality ends where a gun begins ayn rand
"the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net." The only thing? What, the only thing besides the more secure default settings out of the box and authorization for every installation?
Yeah, yeah, there aren't any Mac viruses NOW... but don't even think we aren't writing some as we speak!!
Actually, there was an exploit, once.
It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.
I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.
The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.
~Philly
Yes, a major reason it's safer is because OS X isn't targeted often due to the low market presence. But it's also a matter of effort versus payoff. By default, MacOS X has a much smaller attack surface than Windows, and even compared to most "stock" Linux distros. Virtually all server services are turned off by default on the Mac. Root is disabled. So to find a vulnerability and attack it takes a lot of effort, and then if you do so there are fewer Macs to take advantage of. So why not target Windows - it's easier!
I do know of people who've had their MacOS X systems compromised - but only among MacOS X Server users who've turned on services without knowing the implications, and then running them without the benefit of a firewall (because "everyone knows Macs are secure". Through bad setup and misconfiguration it's pretty easy to turn a server into "just another Unix box" that's just as vulnerable as any unpatched Linux server.
But that's not the default, and that's not how the client works. Hence at this time, Symantec is just blowing smoke and wondering why they don't sell any copies of NAV and Systemworks for Mac anymore.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
SP2 is a lot more secure. But even now lots of people are installing from copies of SP1. Yes Windows can be made secure, but it takes that little bit of extra effort - and if the firewall is ever compromised (like malware turning it off) you are quite screwed. OS X needs no firewall to stay quite happily connected without security issues because it does not ned any services running to function.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Viruses do not target data for destruction any longer. Data is only seen as a vector for further infection, or possibly information valuable to the attacker. But viruses simply don't destroy things anymore because using your computer as a zombie is far more valuable to them.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
spyware outbreak to show up so that...
1. Windows users can say "told ya' so"
2. Mac users will be, albeit breifly, completely silenced
3. People can start submitting new "Apple Death Knell" articles.
I mean I gave up on their Norton Products with OS X because all they did was screw up my computer. Then my .Mac account gave me Virex for free, but all it did was screw up my computer, so I decided to try clamAV and for a front end their is the excellent ClamXav which lets you schedule Virus scans and updates. And best of all it is shareware based on open sourced virus protection software.
I picked up about 12 PC viruses that I had, and could have sent to a PC user, though they don't affect me at all.
It's a fact that Mac users recieve a disproportionate amount of hate from the nerd community for their supposed lack of computer savy.
I could be wrong but isn't it the mentality of hackers, malware writers, and delinguents in general to prey on the gullible and unsuspecting?
Especially the ones with those annoying white earbuds dangling from their ears brandishing their pretentious little white iBooks everywhere they go?
If I was a virus writer, I'd be malwaring all over thier obnoxious asses! Unless, of course, the OS was rock-solid in which case I'd probably move on, maybe write a MS address book exploit or something.
The malware has a slick looking, brushed gray metal GUI... and is clean, sipmle, effective, efficient, and beautiful.
The Peanut Gallery, Ubergeek, Biblically Sober
NCAAbbs.com: Thousands of fans, Hundreds of teams, Just one place
Now I'll be sure to keep NAV on all the Macs in my business, since Symantec has deliberately insulted Macs (only safe because of dumb luck) and Mac-users (only buy for style, not legitimate reasons). Symantec sure knows how to attract customers, I'll give them that.
I don't disagree with you in general, but could you please clarify what you mean about this more specifically? I realise that separating data and code is a big security thing, but I'm not particularly a security enthusiast beyond what I need to know.
As far as I'm aware, any system that supports scripting languages, Linux included (consider the number of scripts in your typical /usr/bin directory that'll be executed as root one day) is treating code as data and data as code. Things that are definitely executables can easily be kept protected in memory by an operating system, but not everything's obviously an executable.
Is the main difference here just that most scripting interpreters don't offer default access to volatile things like pointers, that might let a script get direct memory access?
Really old post. A quick bit of googling reveals:
i d=6734660 from Aug 19, 20038 308 from Jun 12, 2003a dvocacy/msg/7a80fe09794d6331 from Jan 12, 20031 155 from Nov 26, 20029 006 from Aug 4, 2002
http://books.slashdot.org/comments.pl?sid=75257&c
http://slashdot.org/comments.pl?sid=67477&cid=618
http://groups-beta.google.com/group/comp.sys.mac.
http://slashdot.org/comments.pl?sid=45793&cid=476
http://slashdot.org/comments.pl?sid=37389&cid=400
And I seem to recall seeing it floating around long before then. If anyone knows of the original, please respond. Also, if the original troll could please fix the numbering? 4 isn't supposed to repeat again after 5 and before 7, I'd greatly appreciate it.
Let me just tweak com.lovecraft.fhtagn.cthulhu.plist real quick.
Village idiot in some extremely smart villages.
Symantec has everything to gain by trying to drum up sales of Norton Antivirus for Macintosh -- Apple's got a distribution deal with McAfee for Virex (prior to which it was impossible to get a single-seat license for Virex), so they're potentially losing sales for every .Mac subscription that's purchased.
.Mac will pick up your product, since they can't get Virex separately. And at what Symantec is charging for their Mac version...
Convince people that the big bad monster is coming, and maybe they'll buy your product on top of it. Or maybe the users who have no interest in
It's reminiscent of the hullabaloo surrounding the "trojan" advisory Intego issued for OS X a couple years ago, arguably only to punch up sales of their VirusBarrier product.
I started a company a few months ago that's building consumer software that runs on MacOS X and Windows (and Linux, etc., eventually). Our strategy is to build the core in tight C code, and then build platform-specific applications in the appropriate language, so the result is a great ObjC Mac app, a great C++ Windows app, etc. While I like Java, Ruby, etc., our goal is to make the app small and efficient, so asking people to install 30 MB runtimes is out. Interestingly, it was easy to recruit first-class Mac and Java (server) developers, and nearly impossible to recruit a really great Windows developer. It turns out that the best CS students are _all_ working in modern cross-platform environments (e.g. Java, Python, Ruby), most use Mac's, almost none are using C++, and nobody even _considers_ writing Windows applications any more. While this is kinda neat in one respect, it's a bit surreal that the vast majority of great developers won't write software that runs natively for the platform on 95% of desktops. Weird.
Enable 3D printed prosthetics!
if you were going to control someone's box, and you wanted to make sure that they have valuable information to steal. Would you target the PC user who bought the cheap PC, or the Mac User who paid more for his/her Mac? Chances are the Mac User has a much higher income, being in a creative content or some other weathier profession. The Mac User would typically own more credit cards with larger credit limits, and have more money in their bank accounts. Sure, anyone could write a Windows virus, even 13 year-old kids do it. The Switchback virus showed that OSX is vulnerable, and also that OSX virus writers have little to no competition.
Also chances are the PC User already has a virus scanner, and knows enough about his/her PC to protect it. The Mac User, on the other hand, thinks he/she is safe from viruses and does not even have a virus scanner installed. Usually the typical OSX user uses default OSX settings, thinking that they are good enough. The OSX user is also more likely to click on attachments than the Windows user in email, thinking that no file infection exploits exist for OSX. The OSX user is also more likely to use the default email and web programs that come with OSX, and the Windows user is switching to Opera, Firefox, Thunderbird, Eudora, after the ton of exploits that exist for IE and Outlook and Outlook Express.
Best tactic of a cracker/hacker is to hit someone who does not expect to be hit.
Infect the typical PC, and you are more likely to discover someone's porn collection. Infect the typical OSX and you are more likely to find Intellectual Property and other goodies. Therefore, should you go for the swampland (PC) or the gold mine (MAC)?
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Mac OS X will never be in as bad a position for malware as, say, Windows, because it is inherently harder to install unintended files on a system where multi-user is done right (as it is in Mac OS X). Not only does administrative privilege protect many things, but various network ports are closed by default, etc.
However, the Installer paradigm is still present on Mac OS X, for some software. Users should seriously question software that requires an installer with administrative privilege, as this is exactly the time a questionable file can be added to your system (and for that matter, gives software a free ticket to do certain other things).
I've sent a suggestion to Apple asking that it be more transparent what installers actually change in the system. I hope they take this seriously.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
Symantec has warned that as dspisak's Slashdot mind share increases his PC will start to come under increased attack from trolls
Security vendor Symantec is warning that dspisak's Slashdot posts are increasingly becoming a target for hackers and malware authors.
In its seventh bi-annual Slashdot Internet Security Threat Report, Symantec said over the past year, security researchers had discovered at least 37 serious typos and duplicate story submissions in dspisak's Slashdot useage. According to Symantec, as dspisak increases his mind share -- with new low content posts such as the Comment mini -- his fanbase is likely to come under increasing attack.
"Contrary to popular belief, the Slashdot discussion forums have not always been a safe haven from poor spelling and grammar," Symantec said. "Out of the public eye for some time, it is now clear that dspisak is increasingly becoming a target for the malicious activity that is more commonly associated with Jon Katz and various Slashdot editors like timothy," the report said.
"dspisak has become a target for new attacks... The appearance of a -1 Troll rating for a post called "Boo-Fuching-Hoo" in October 2004, serves to illustrate the growth in vulnerability research in dspisak's comments... The various dspisak comment vulnerabilities allow attackers to carry out information disclosure, punctuation bypass, troll execution, comment escalation, and IQ attacks. Symantec believes that as the popularity of dspisak's new paradigm continues to grow, so too will the number of attacks directed at it," the report said.
Symantec's concerns were echoed by James Turner, security analyst at Frost & Sullivan Australia, who said many of the people who read dspisak comments were not concerned about factual correctness, which left them wide open to attack.
"The duplicate story submissions, funny in-joke humor and mini Comments are cool creations," Turner said. "The by-product is that people are agreeing with these comments for style over actual usefulness. They say it looks pretty and then read it but don't fact-check it. As dspisak increases his mind share, he will be a legitimate target for the Secret Service".
Trend Micro senior systems engineer Adam Biviano said all complex comments had grammatical flaws and the more popular the person, the more likely he would be attacked.
"All sophisticated comments -- dspisak, bperens, goatse or anything else -- especially Natalie Portmans hot grits will have vulnerabilities," Biviano said. "The only reason goatse has had mass exploits written for it is the sheer number of connected people reading it that are present on most networks. As soon as you start seeing mass deployment of any comment mind share you are going to see exploits".
According to Biviano, while there have not been any mass outbreaks of viruses targeting dspisak, the potential does exist.
"You don't see dspisak trolls in mass outbreaks but you do see them in the labs as proof of concepts. There aren't any outbreaks because there are simply are not enough [dspisaks] out there. For a troll to be successful it needs a combination of a worthy jab and a large target audience," said Biviano, who nominated the mobile phone market as an example of malware writers targeting the comment, not goatse's mind share.
"Look at where mobile comments are going and they are not targeting goatse -- they are targeting the market leader, which is cmdrtaco," he said. The Symantec report found in the second half of last year, an increasing proportion of malware was designed to expose spelling errors. The report also found that phishing attacks increased by 366 percent while the number of goatse-based worms and viruses increased by 64 percent, when compared to the first half of 2004.
1. Write a Cocoa app that makes a progress bar that fills to 100% and says "No viruses found!" ... (spread FUD)
2.
3. Profit!
Until one of these anti-virus software vendors can prove that their software is less harmful to Macs than the alleged/pending viruses, I'll continue to leave Virex 7.2 installed just to make the admin's happy, but sure as hell won't upgrade (again) to version 7.5.x, which causes innumerable and far-reaching problems. It has always been the case and continues to be the case, that on Macs, virus protection software is far more harmful than the alleged viruses they allegedly protect against.
--- What?
Look, I'll make this short: I'm a non-grunt Symantec employee. NAV is crap, and I can't figure out what NAV on OSX is actually looking for. It's just scare-ware. We're dealers to people with a predisposition for addiction, and your discounted copy of NAV is a dime-bag.
Imagine that Windows is a house with the roof shingles installed upside down creating pockets for rain, and UN*X including OSX has a properly-installed roof. NAV is a subscription service for a new bucket of Henry's roof patch every week. (SP2 is a nice tarp in this analogy, but it's still just a mask for terrible security arcitecture.) On windows, the "roof patching" quickly becomes the main activity of the system. On OSX, not so much. The threats/vulns just arent there (yet), and the underlying architecture is basically sound. NAV-OSX just wastes cycles IMHO. Shit, a tripwire-for-dummies install would be a lot more useful.
Personal note: I'm provided a fully-Symanticised WinXP system to use for corporate email etc. And when I'm out of the office, I have to use Symantec's own amaturish VPN to connect to Notes ( of all godforsaken things...) sorry guys, four passwords to get into the main information repository of the company is four iterations of a single factor... This really shows how little Symantec collectively understands information security (as opposed to system security).
Yeah, I use a mac for personal stuff, and run my production (non-day-job) systems on Linux. Working for Symantec has taught me that the solution to endless repairs on a broken system is to get another system.