Slashdot Mirror
Symantec: Mac OS X Becoming a Malware Target
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
Why does it have to be one or the other? From what I've found in OSX is that it can have style AND function.
Is that so wrong?
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Can someone out there tell me what the reality of the situation is? Do you really need anti-virus for OS X? In the research I've done I can't seem to find any references to real (as in active in the wild) OS X viruses.
We will be transitioning about 8 production Macs to OS X later this year, and I am wondering whether I need to concerned at this point. It doesn't seem like I do.
I also understand the possibility of exploits in some of the open source code used in OS X. I assume you deal with this the same as on any other OSes and patch it when the fix comes out.
Sometimes my arms bend back.
Mac products out the door again. I guess with Apple projected to take 5% of the market share they decided maybe it would a good idea if they actually started pushing Mac products.
Is it really true that the only thing protecting Macs thus far has been their smaller by comparison presence on the Internet? Is there nothing to be said for the inherent security or insecurity of a particular platform? This is the kind of argument that free operating systems get against their security all the time. It'll be interesting to see whether the Mac platform can stand up to increased attacks. If it does, this might help convince people that some platforms really are more secure than others.
That's great!
/usr/ports/malware
Once they have it for OSX it must be fairly easy to port it to FreeBSD. I guess they might have to add a new category in the ports:
I have been using Mac's for 8+ years now, I even orderd my Cube on a Dreamcast, and have never had a virus or malware... so you can put me in the "believe it when i see it" catagory.
Is that so wrong?
Yes. Now, back to the bash prompt with you, heathen, and may the glistening tentacles of Aqua and Luna never intrude upon your conscience again!
(I kid, I kid. Luna doesn't glisten.)
The coolest voice ever.
"The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks."
It's a reason for sure, but the only reason? I think not!More like... nerdular nerdence!
Symantec Anti-Virus OSX Version 1.0:
Please upgrade to signature file 032105.sgn, your current version only detects 3 viruses, however the new signature file finds and cleans 5 different viruses.
On MacOSX, most (all?) network services such as ftp, sshd, httpd... are turned off by default. And automatic software update (prompting the user) is on by default. That, coupled with a better security model from the ground up will ensure that the MacOS never becomes the trojan-infected mess that Windows has become.
Methinks that Symantec is propagating FUD to drum up sales...
a small program that
1) fool web browser to download without user notice
2) chmod itself ---x--x--x
3) excute itself!!!
I don't think that is possible at *nix systems
"Steve Jobs invented the world" -- Bill W. GATES
The only real issue I have with OS X and viruses is with MCSFT Word macro viruses. Its worth having something that can sort those bad boys out because they can be spread to other users. I have one user who is constantly propagating macro-viruses, but I think I found the solution.
I'm moving him to Apple's Pages software.
Seems to handle doc files just fine, and no macro issues.
The WORST you could do is trash your user environment. NOT the OS.
Who cares about the OS? The OS can be reinstalled in about an hour. I have 40GB stored in my user environment. It gets backed up every day, but a virus, worm, or trojan that wiped out the user environment could cost me a days work without too much trouble. That's a much larger concern to me.
There may have been 37 alleged vulnerabilities identified in MacOS X, but there have been ZERO exploits of those vulnerabilities. Apple has often released patches within 48 hours of discovery of a vulnerability.
At the current time, there are NO known exploits for MacOS X. NONE.
Anyone who has been a Mac user for any length of time and has used Symantec products can testify to the horrid filthy mutilated piece of code that is a Symantec product on the Mac.
This is NOT A TROLL.
I have seen (and experienced myself) Symantec products CAUSE more problems than they fix (if they are even successful at fixing any) on the Mac platform.
I pity the poor soul who has no experience with Symantec on the Mac and falls for this pathetic ad piece.
It can safely be said that the amount of resources being expended to identify and cure OS X vulnerabilities is at least somewhat smaller than those used for Windows, in rough proportion to OS X's much smaller market share.
MORE effort is being spent to fix OS X than Windows - in proportion to market share.
OS X gets fixes from Apple.....
And FreeBSD.
And OpenSSH
And Samba
And Kerberos.
And Mach Developers.
And KHTML/KDE Developers.
And GCC Developers (stack protection,etc)
Plus a bunch more that I'm missing
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Quite simply, Microsoft's operating systems and applications are unique within the industry -- no, not just the industry, but almost unique in post-1989 history itself -- in the careless way they treat data as code. Nobody else would have deployed ActiveX, or deliberately made executing a mail attachment as easy as clicking on it.
I can believe MacOS (or any other platform) has its share of bugs that can be exploited, but you just can't find anything as dangerous-by-design as Windows. Windows will always (even as its marketshare fades) be a comparatively unsafe platform, relative to what is normal. It's not just about code quality, it's about amazingly dumb ideas, combined with business practices that resulted in a situation where users' happiness is not a significant market force.
And of course, there's the obvious counter-example: where are all the BIND and Apache worms? Talk about "sheer number of devices"!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
10 years on the Internet, 24x7 for eight of those years. No antivirus. Not a single infection....
I do install one copy every few years to verify this personal protest against virus company scare tactics
I said the same thing about my ex before she gave me herpes. =(
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
If someone can get root on a mac you can install a root kit. But youhave to get root first. It's not good enough just to get user level or even admin user level. You have to get the admin user to enter their password to elevate to root.
The ppc played role too as I have read that until last year there was no widely know compact way to exploit a buffer overflow to execute arbitrary code. I beleive that is now solved and published so one might see these cropping up. :-(
Since the security model is better you dont have problems like active-X waiting to ruin your day, or auto execute on mous-over e-mail subject lines, or registry changes needed to install applications. Or other bonkers stuff.
But despite all the default security, nothing will stop a determined used from trojaning themselves good and hard. And if they are admin and enter their password your rooted. Nothing will withstand unrestricted physical access either. You can at least ward off limited physical access by using the firmware password but this can be overridden by a determined user.
and of course there have been security holes and always will be. SSH, quick time, and even JAVA had had security holes. Fortunately no one has manged to exploit these before apple fixed them and given apples default services-off settings and lack of root access, its going to be harder for these things to spread like wild fire.
on the other hand Macs are very homogenous so once a virus does finally break loose, if it can get in without requiring any services its going to spread quickly.
Some drink at the fountain of knowledge. Others just gargle.
I try sticking to the bash prompt, but I keep seeing Safari through the translucent Terminal window and coming back to check Slashdot.
Maybe I'm doing it wrong.
The only exploit they point to is a rootkit... which is something you install *after* you've exploited the box... there are no active threats that any antivirus software will work aaginst.
This is like their attempt to talk up a manually-installed program that deleted all your files on the Palm as an exploit, to push their useless PalmOS antivirus. And then their Pocket PC antivirus actually caused people data loss from false alarms.
Until there's an active threat in the wild, AND it's been analysed and an identifying signature discovered, antivirus software's only result is to make your computer less stable and less reliable because of its deep hooks in the OS.
This is not to say that the OS is magically perfectly secure, but anything any AV company tells you about ANY platform but Windows, at the moment, should be taken with a sackful of salt.
and it kinda sucks. Every now and again (and not when it is scanning) it just takes over all the CPUs attention. So you kill it and then it comes back. So you kill it and then it comes back. So you disable it and this story comes out.
Looks like this is my fault. Sorry.
This
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
The malware problem on Windows is not primarily the result of the system's popularity, no matter how many times Microsoft claims that is so. Early attacks on the Internet did not target the most popular system; rather, the most attacks have always targetted the easiest systems to crack. That started out with SunOS and, by the mid-90s, was Linux. (If you think Windows has much better penetration that Linux today, just think how much more lopsided the numbers were in 1995-2000 when Linux was the most popular target.) These days Windows systems are easiest by far because at this point they are the only systems which ship without basic filesystem protections (now that it finally has a halfway decent firewall, a mere five years after everyone else).
If Windows had basic filesystem protection enabled by default on all critical filesystem areas, mandated nonprivileged user accounts, and an installer that required a password, suddenly Windows wouldn't get infected every time you sneezed in its general direction.
Maybe the future will prove me wrong but I will be very surprised to find OS X malware become a serious problem no matter how popular the OS gets. I don't suspect that its users are any smarter, but the barriers are a lot higher.
jim frost
jimf@frostbytes.com
This is such a deep insightful article! Do I understand it correctly? Here's what I think it says:
A virus proctection and half-ass security company says that as the marketshare of one of the platforms it supports increases so should sales for the products it creates for that platform.
Did I get that correct?
-- force and mind are opposites; morality ends where a gun begins ayn rand
Actually, there was an exploit, once.
It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.
I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.
The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.
~Philly
Yes, a major reason it's safer is because OS X isn't targeted often due to the low market presence. But it's also a matter of effort versus payoff. By default, MacOS X has a much smaller attack surface than Windows, and even compared to most "stock" Linux distros. Virtually all server services are turned off by default on the Mac. Root is disabled. So to find a vulnerability and attack it takes a lot of effort, and then if you do so there are fewer Macs to take advantage of. So why not target Windows - it's easier!
I do know of people who've had their MacOS X systems compromised - but only among MacOS X Server users who've turned on services without knowing the implications, and then running them without the benefit of a firewall (because "everyone knows Macs are secure". Through bad setup and misconfiguration it's pretty easy to turn a server into "just another Unix box" that's just as vulnerable as any unpatched Linux server.
But that's not the default, and that's not how the client works. Hence at this time, Symantec is just blowing smoke and wondering why they don't sell any copies of NAV and Systemworks for Mac anymore.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
You're just joking right? I can't decide whether to respond, mod you down as a troll, or mod you up for being funny.
Seriously, you think the average Apple user is less savvy than a PC user? Most of the graphics artists I know are SIGNIFICANTLY more knowledgable than most PC users...
Blake
Sure, but most Apple users aren't graphic artists. Apple has home user market penetration too you know. Most mac users are probably people who bought their iMac because they liked how it came in different colors, like my friend. She's not an idiot, but she's definitely not a savvy computer user. She just likes how her Mac looks and doesn't do much but websurf and word process.
Apple fans are the perfect audience. Most are technically non-savvy arty types who are easier to FUD.
.exe containing a keylogger trojan. If this would have been a Windows box she would have unknowingly attempted to install a trojan. (All of our Windows boxes have AV software centrally managed)
I believe general stereotypes are bad but do have an example that fits this.
I work for the local school district as a computer tech. Recently, the art department bought a Powerbook for every art teacher. I got a call last week from an art teacher and said she was having problems installing a program. I told the user I would help her install it.
I get to the computer and ask her where the software is. She said she got it in an email from a friend. The subject was "Spring screensavers for you."
Of course the attachment was a zipped
I guess my point here is what if that trojan was coded for a Mac? A multiuser system is pointless if the user knows the admin/root password. (Our users do not have admin access.) In my experience, entering a password is more of an annoyance than a security measure for many users.
Ok, now I'm going off to another story but it is worth reading. A person of importance in the district recently got a new computer with XP Pro. She had previously had a Windows 98 PC and was in a habit to cancel past the Microsoft login. I don't blame her. There is not security there. Her new computer is shared between two people so I made an account for each of them like I do on every new computer. This person did not like the idea of having to type her password in just to get into her computer.
On Friday at 3:45 (work ends at 4:00) I got a call from the user demanding that the password be taken off the computer. She just wanted to turn on her computer and be at the desktop.
I did as she asked but also took the liberty to change her important documents to hidden. I was hoping I would get a call today. I did.
After getting a desperate voicemail for the user, I slowly made my way to her office. There she asked me what had happened to her documents. I played stupid and asked what documents. She said all of her important files were in the My Documents folder on Friday and there are not there anymore. I then came up with some bs about how I would need to recover them because someone must have been using the computer over the weekend and must have deleted them by accident. (Strangely enough there were children in that room over the weekend. Perfect scapegoats.)
I waited for about ten minutes and when she left the room I removed the hidden property from the documents. I then said I could enable the password so no one could get into her computer. She was more than willing.
Was my action unethical? Perhaps. Was it funny? I think so. I'm just happy I got my point across with no damage done.
I never said that the "i" didn't bother me either, but it's slightly less annoying(at least to me) because you get an idea of what the application does from its name.
Looking at names such as Krusader doesn't help me to know what the application does. The same goes for kdissert, kdar, Krita, Kate, KLibido, knoda, Konstruct, KlamAV, etc... basically what I'm getting at is that the prepended K seems to make developers try to come up with Kreative names for their applications rather than informative ones.
About the only applications that I am familiar with that have descriptive names are KMyFirewall and KText. I'm sure that there are plenty of others with descriptive names, but the vast majority of Kapplications seem to be named simply for the K.
Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
Really old post. A quick bit of googling reveals:
i d=6734660 from Aug 19, 20038 308 from Jun 12, 2003a dvocacy/msg/7a80fe09794d6331 from Jan 12, 20031 155 from Nov 26, 20029 006 from Aug 4, 2002
http://books.slashdot.org/comments.pl?sid=75257&c
http://slashdot.org/comments.pl?sid=67477&cid=618
http://groups-beta.google.com/group/comp.sys.mac.
http://slashdot.org/comments.pl?sid=45793&cid=476
http://slashdot.org/comments.pl?sid=37389&cid=400
And I seem to recall seeing it floating around long before then. If anyone knows of the original, please respond. Also, if the original troll could please fix the numbering? 4 isn't supposed to repeat again after 5 and before 7, I'd greatly appreciate it.
Let me just tweak com.lovecraft.fhtagn.cthulhu.plist real quick.
Village idiot in some extremely smart villages.
Most mac users are probably people who bought their iMac because they liked how it came in different colors, like my friend. And most home PC users bought their computers because they liked the bargain basement prices. I don't know what kind of Windows platform utopia some of the posters in this thread are living in, but have you ever listened to some of the people buying PCs at CompUSA or Best Buy? I don't think fans of either platform can necessarily crow about the superior computer savvy of their users.
For relaxing times...make it Suntory time.
I started a company a few months ago that's building consumer software that runs on MacOS X and Windows (and Linux, etc., eventually). Our strategy is to build the core in tight C code, and then build platform-specific applications in the appropriate language, so the result is a great ObjC Mac app, a great C++ Windows app, etc. While I like Java, Ruby, etc., our goal is to make the app small and efficient, so asking people to install 30 MB runtimes is out. Interestingly, it was easy to recruit first-class Mac and Java (server) developers, and nearly impossible to recruit a really great Windows developer. It turns out that the best CS students are _all_ working in modern cross-platform environments (e.g. Java, Python, Ruby), most use Mac's, almost none are using C++, and nobody even _considers_ writing Windows applications any more. While this is kinda neat in one respect, it's a bit surreal that the vast majority of great developers won't write software that runs natively for the platform on 95% of desktops. Weird.
Enable 3D printed prosthetics!