Slashdot Mirror
Mac Users Blast Symantec ... Again
An anonymous reader writes "Once again Symantec has spouted FUD about Mac OS X ... perhaps in an attempt to make more money as Microsoft pushes its own security products? A commentary on the issue entitled "Symantec 'scare tactics' don't rattle Mac users" says Symantec's latest Internet Security Threat Report continues to voice concern for the security and stability of the Mac operating system, Mac OS X in particular. However, there isn't proper evidence to back this claim. Also from the story, readers are asked: Do Mac users think they are immune to security problems or is Symantec and others fishing for a new revenue stream? Do you think Apple should start following Microsoft's model by rating vulnerabilities and patches?"
That is not to say that there _will_ be as many threats, but let's not kid ourselves here. There will be viruses written for and holes exploited on MacOS X. It's just a matter of time and then the whole house of cards will come crashing down. If Symantec's products didn't suck so bad on the Mac, I'd go ahead an pick it up -- just in case...
--mike
Do you think Apple should start following Microsoft's model by rating vulnerabilities and patches?"
Apple would be retarded if it followed any of MSFT's security policy.
perpetually dwelling in the -1 pits
Comment removed based on user account deletion
- Users all switch to platforms without security problems.
- Microsoft makes Windows Vista secure.
- Microsoft includes AV and a decent firewall with Vista.
This is a counter to the possibility of option one.On the Mac, as with most other platforms, there are periodically vulnerabilities that allow arbitrary code to be run. These are generally patched quickly, making them a poor vector for attack (except amongst the uptime-is-a-measure-of-masculinity crowd, who refuse to reboot for security patches). The only convincing things they have are things like opener. Opener itself is nothing more than a bash script - it runs, and if you run it as root then it will disable the firewall, etc. and run a server people can connect to. Of course, you then need some kind of social engineering attack to persuade people to download it, run it, and enter an admin password. This is, of course, possible - just find some stupid people. The problem is that a virus scanner won't do anything to protect you against this kind of thing.
I am TheRaven on Soylent News
With their crystal ball are managing to see some ghosts in the machine , I don't believe in ghosts .Show me hard evidence or flutter off
OS X's stability is absolutely , in all the time i have been running the system I have had one crash (The Crash was my fault ) , The finder has restarted itself a few times which i believe has lost me a sum total of 60 seconds working time .
The only times I have had programs that were unstable was when i was using Beta versions of things.
Security has also not been a problem , It automatically runs the system update regularly if you don't do it yourself . The worst that could happen is someone passes you a dodgy installer which runs some sort of server but that's not OS X's fault .
OS X is up there with the best *NIXs in these regards .
Symantec I believe has been using classic mac OSs (someone should tell them that 10 is a bigger number than 8) , They were buggy and full of holes .
OS X is not perfect by any means and has had its fair share of patches , But I could say with confidence that it could go toe to toe with linux in these areas .
The only things certain in war are Propaganda and Death. You can never be sure which is which though
That doesn't mean the Mac is more secure it just means that there are less windows for worms and virii to crawl through. Oh wait, I guess that does make it more secure.
I've hit Karma 50 and gotten a Score:5, Troll... I win!
I'll be getting some x86 Powermacs this coming summer.
My only security concern comes from not knowing how many threats out there are based on CPU vulnerabilities that don't affect PPCs but do affect x86 based CPUs.
Will it soon be as easy to port over viruses, trojans and worms to OS X as it will be to port games and other apps?
Otherwise I have no worries... Apple stays on top of security issues and doesn't have the back log of known vulns that windows has. In addition, many of the vulns that could affect OS X would also affect Linux/BSD so OS X gets the benefits of those communities watching for problems/patching problems as well.
A fool throws a stone into a well and a thousand sages can not remove it.
... so they need to convince us there's a market.
Just like drug companies that release a cure for a disease you'd never heard of, just after 'credible' reports appear in the media showing that most of the poopulation suffer from it.
It's a scare tactic, pure and simple.
However, there is a small sting in the tail - Mac users have little to nothing to worry about today. Tomorrow may be another story entirely.
Just because a virus hasn't been written doesn't necessarily mean it's impossible to write one. There's a creeping feeling in the Mac world that we can't be touched by malware just because we're using Macs. That's a dangerous attitude in the long run.
Mac users need only take advantage of the built-in security, plus enable a few options.
The Firewall should be on by default, but clicking the 'Advanced' button reveals an option for stealth mode. That's always a good idea. In fact, while you're there, turn firewall logging on and come back to read the log in a week or two. That'll highlight any attempts at breaking in.
Keep the administrative account around, but use a non-admin one for day to day tasks. There's no reason not to, and it forces a password check before any files outside the user's directory are altered.
Turn off the option to open 'safe' files after downloading in Safari.
There's a guide from the US NSA out there somewhere that's heavy going, but shows what good security looks like. Read a site like http://www.securemac.com/ once in a while to pick up a few tips.
Mac users needn't be as worried as Windows users should be, but a few ounces of prevention still go a long way.
Of course mac users wont be used to viruses and other "infections" we've never really experienced any so it feels like we're invincible. The thing is that we just dont realize that someday, there will be some jackass (or team of jackasses >.< ) that decides "hey, i think i'm gonna make every newspaper and online news headline all over the us", and he's going to write a damn good mac virus. and you know what, we will go nuts because we've never seen it before.
There are no threats because most apps on OS X are respectable (and open source)
computerdude33's stuff: My blog of wonder.
OS X is by far my OS of choice. Sure I use Windows and Linux for different things, but when it comes to ordinary stuff as well as some cross-platform development I love my Powerbook. It's more stable and secure than my windows box and more pleasant to use than my Linux box.
That being said, one day it will hit the fan. Someone will write a really bad virus or find a big exploit and keep it on the down-low until they release it on a large scale. It will hit us, it will hit us hard.
It will be like a family living in a gated community where there's no crime. Feeling safe they never bother will any security system or guard dog. Then one day they all wake up to find their 1st floor completely raided of all valuables. The initial shock to Mac users will be the same (all-be-it less devastating than seeing your tv and stereo gone) . After being safe for so long and not having to worry about it will hit us really hard.
I don't bother running Virex, nor do most people I know. But I know one of these days I'm gonna pay for it.
I once bought a used Mac with pre-installed Symantec Software...
It was the worst crap I have ever encountered in my life, including Windows 2.x! The stupidity and uglyness of it is so enormous that the United Nations should ban it because it could easily pass as a crime against humanity. You would'nt believe it until you saw it... messing up a whole filesystem, bringing system performance to a grinding halt, fucking up the *nix part of OSX so badly that it is absolutely unusable. Oh, and of course you need a third party patch to uninstall it, and even with that patch it's a pain to go through and it still leaves some parts of OSX broken.
What kind of person must one be to program such a huge pile of shit? Compared to the braindead molluscs at Symantec, Microsoft looks like a Mensa con. There is only one Malware for the Mac and its name is Symantec. Works like a classical trojan: You install it because the programmer makes you believe it does something useful. But once you've done so, it begins to weak havoc all over the place and there is no way you can get rid of it except for major system surgery. Oh man, only thinking about that my HD was once infested with that dreck makes me puke!
The real danger for the Mac world is that these imbecile wankers are successful with their bloody scare tactics and get some ignorant management to believe their dirty, fucking lies. If then that management forces their employees to install Symantec "antivirus" dirt all over their Mac network, they might get stability and usability down to a point where they could just as well run Win95 on overclocked Pentium I Boxes with 16 MB of RAM.
It's true that OS X is more secure than XP normally, but there's one thing that worries me - stupid developers who make users type in their admin password for no good reason.
There are so many application installers out there that make the user type in the admin password that users are in the habit of providing it whenever the dialog box appears.
This opens the door for a socially engineered virus/trojan horse - one that politely asks the user for permission to infect the system.
Really. Why do developers insist on providing windows-style installers when all you have to do is drag the app to the right folder and let go?
Clear, Dark Skies
Symantec is trying to sell a product that doesn't really apply in the Linux/OS X environments.
I'm not saying Viri and Worms don't or couldn't exist on a *nix platform. What I am saying is that security patches are released within the same timeframes as virus updates, so why not just set your box to auto-update those patches and skip the Anti-virus software route all together?
On other vendor's platforms, there are both a greater frequency of attacks and longer delays between patches (probably due to the shear number) so Anti-virus software serves a market there.
So it isn't hubris that the Linux and OS X are imune, it is that the OSS community and Apple work quickly to patch any vulnerability ASAP.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Do Mac users think they are immune to security problems
Many may, but in general... no more than Windows users, many of whom think that because they have antivirus software they don't need to worry about security.
Really, this is a straw man. It's like someone in California chiding someone in Darwin for not being prepared for an earthquake or mudslides.
Is the following assertion fair and accurate:
"It is easier to secure OSX against malicious intrusion at least partly because administrators have more extensive control over the OS and the applications that run on it."
Microsoft just doesn't seem to like making security easy to do, without buying something. Heck, I can't turn off popups in IE unless I get a third-party add-on. Safari - no problem. Not trolling, but I am curious - I only use M$ at work and I *hate* it, but I am also not a sysadmin, so I can't look 'behind the scenes' and see what is possible in Windows, vs. what my employer has choosen to implement/switch on/switch off.
Because you can't just drag some Applications over. Those installers put files in directories a normal user can't touch.
After all, I am strangely colored.
Symantec, does indeed need to create fear of threats where there aren't any. They sell an anti-virus for Palm OS even though most Palms don't connect to anything. They cite an actual TWO threats discovered in the wild in 2000.
Symantec's business smodel is to get US$29 or so per year from EVERY computer on the planet. They can't let any platforms go "un-taxed."
Because Windows is so pervasive, and because it has some obvious flaws, particularly in the security area, we have a whole "symbiotic" culture that has evolved around MS. That culture includes firms like Symantec and NAI/McAfee, as well as application vendors like Intuit. All of these have a strong vested interest in keeping the near-monopoly status quo, even if something else might ultimately be more in their customers' interest.
You can then have clueless journalists (as well as, of course, the vendors' coin-operated "think tanks" and "research firms") talk about "industry consensus" and similar nonsense.
Are there any applications that need that access by necessity? I can't think of one off the top of my head.
The only thing I can think of off the top of my head would be something that needed to install a kext, which is pretty rare ... Preference panes, frameworks, Input managers, and the like can all be installed user-specifically in ~/Library without needing admin.
A Minesweeper clone that doesn't suck
Acrobat.
/Applications. On its initial launch, it asks for a password because it puts other stuff elsewhere in the system, the files necessary for the "Adobe PDF" printer to be created, for one.
It actually is installed via a drag and drop into
Microsoft Office does it that way, too, drag and drop install followed by supplemental stuff (fonts, etc) installing itself on initial launch.
~Philly
Name one regular app that *has* to have admin access to install correctly. For that matter, name a regular app that *has* to have an installer instead of just using drag-and-drop.
.pkg file?
For example:
* why does a screen blanker like Freefall come as a
* why does a game like diablo II use a special installer app?
And those are just two examples laying around in my archives directory.
Clear, Dark Skies
I don't know if you've noticed, but OS X has the *built in* ability to print to a PDF. There is no need for Acrobat to duplicate that ability, nor to silently install Safari plug-ins.
Clear, Dark Skies
So, really, they have a rating system, but it's not dumbed-down. If you know enough ( or *think* you know enough ) to read through all of this and decide "hey, none of that really matters for me, I don't need this update", then you at least have a detailed idea of what you're passing on. Otherwise, you should probably apply all of these updates and patches anyway... maybe waiting a few days to see if anyone reports serious issues with it if you're extra paranoid about stability.
Since we all have different operating environments and practices, a strict rating scheme is a little meaningless. If you don't use Mail, a "Severe" rated patch that only patches Mail might not matter to you... really, you need to look at the description if you care about such stuff.
And what's this talk of OS X stability issues? Pu-leeeze. Maybe if you're running 10.1. Anything past 10.2.3... any instability is likely to be hardware ( likely memory) in cause.
%uptime
10:20 up 133 days
If it weren't for updates this thing would never get shut down...
No OS is immune from exploits.
Symantec shouldn't just be pointing out how many exploits have come to their attention, they should be providing evidence to support their position. Things like, how many exploits became full blown threats to the security of OS X. None.
They should be providing details about how their NAV(Norton Anti-Virus) software has changed over the past several iterations to deal with this pervasive threat. It hasn't.
Currently Symantec is using the same software, without any significant changes, since the release of OS X, that's no significant changes or enhancements, zero, zilch, nada, for over three years, but they're still happy to sell you a new version for $70+ and come out and make wild claims about how you too are unsafe. When what the consumers are really unsafe from is bad business practices and corporations that are willing to try and scare you out of your hard earned cash.
Why is this happening? Money, greed, avarice and lying.
"Do you think Apple should start following Microsoft's model by rating vulnerabilities and patches?"
Yes, because when I think "secure software," I immediately think of Microsoft.
US Citizen living abroad? Register to vote!
Symantec's products, in my experience, create a lot of instability in Mac OS X and are very difficult to thoroughly remove. They also create a lot of unnecessary conflicts that can disable services you were using if you don't know how to go into all the kernel extension and other system folders to eliminate the software. I know OS X isn't the most secure OS in the world, but I would prefer to go without third party security than use Symantec's products, until and unless they learn how to make their products more effective and less disruptive.
(%i1) factor(777353);
(%o1) 777353
That's probably the wrong question. Being such a large company, you have to assume they rate vulnerabilities and patches -- it's almost impossible to produce high-quality software like OS X without rating patches.
The question is whether or not to release the information to the public. I can't imagine that doing so would be practically useful. If you already know what the vulnerability is, without rating it, you have a better leg up on understanding its severity, and you likely have sources of alternative workarounds until the official patch.
-Rob
Biblical fiscal responsibility
Something a few other people have mentioned, I believe, that is quite important to the idea of Mac's and virii is the number of Mac's in use. See with Windows there simply are sheer numbers of machines to replicate and distribute any bug and in more then 9 out of 10 cases, the next machine it finds is running Windows and the worst of M$'s problems extend throughout multiple operating systems.
The problem for a virus with a Mac is the lack of replicating fodder. There just simply are not enough machines to find in order to properly replicate the virus. It would have to be somehow cross platform in order to guarantee its own survival. There is also the 'ego' side of virus writing, which if it truly exists, means that anyone writing a widespread virus is doing it to show off. It is their idea of a thrill to watch millions of computers crippled and tons of news coverage. The problem is a Mac virus would be little more then a blip on the radar.
Yes, Symantec is probably seeking some revenue; however, I really doubt they need to fear anything M$ puts out with Vista. I mean we are talking about a company that thus far has been unable to create a very successful Firewall and cannot secure their web browser. Besides, it is M$...how long before someone finds the viscious hole in any virus scanner they write...then your virus program can delete all sorts of fun stuff, all in the name of virus protection...
"Some days you just can't get rid of a bomb."
Pretty much every Windows PC i've got to repair was filled with Ad/Spyware that caused the problems
Those Apps are installed by the user. (well some of them are installed by exploiting IE flaws, but most of them are bundled with apps that a user installed)
Nothing stopps Spyware Authors to write Mac Versions to mess up Mac OS X.
I'm not saying Viri...
For the 10,000th time, the plural of virus is viruses.
I hadn't heard of SDL before you mentioned it, so I did the google thing.
/System; I have any number of apps installed in my ~/Applications folder that contain frameworks within their .app folders.
But even so, frameworks don't have to be installed in
Clear, Dark Skies
The PDF printer device. Read the thread before you ask a snippy question, next time.
Someone tell me what I'm doing right! I'm only taking fairly basic precautions though my router does have a firewall.
Those installers put files in directories a normal user can't touch.
Why do they need to be put in those directories then? OS X is pretty standard. Why can't the devs just work around that and keep all the files in the drag and drop executable. I'm not looking at it as just a security issue, but if I wanted to uninstall a OS X app, I just expect to trash it and then delete the prefs and I've removed all traces of it. When an installer puts files willy nilly all over the system it's rather hard to clean up after it since there is not Add/Remove programs on a Mac.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Most of the time it is due to Lazy Developers. Developing more complex applications tends to get more difficult to make while keeping it self contained. It is similar how beginner developers feel the urge to use Goto and Global Variables. Sure there are some cases where you may need to use an Admin access to install a program. But for 99% of the apps out there it can be done by just dropping the file.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Clearly something does stop Spyware authors, otherwise Mac users would be complaining about spyware.
I dunno. If MS Office can use a drag-and-drop install, why can't most apps? .pkg is a good format, but only when you need it. All in all, I think it's overused...
However, why on earth would one think that Symantec is the solution to the problem? If there is a known problem, Apple will patch it. If it is an unknown problem, Symantec cannot fix it.
I was a loyal Symantec user and used their product religiously on my PCs and Macs, knowing that sooner or later something ugly would rip through the Mac community. When I renewed a license on the Mac side the license they gave me didn't work. I emailed customer service twice and still received no response. When I read the fine print, the license must be applied within a month of being issued or it does not work. I did that, and followed all of their installation directions, but no luck. The lack of response from their customer support was the last straw, none of my systems run Symantec products now. Their troubles may run deeper than a lack of scary OS X security stories to drive their sales.
Free Adam Smith! (Or best offer.)
My G5 was also somewhat unstable. Very few games could be run for more than an hour without a crash at random times. I ran all kinds of utilities and diagnostics, but everything checked out.
Then on a whim I removed one of my 512 MB third party SDRAMs. I've not had a single crash since.
I think apple needs an overhaul !
It amazes me how we just accept the existance of antivirus/firewall programs. It's like opening a bank account and they say "Oh by the way, our systems are insecure and money goes missing from time to time. You may want to buy a vault ." I hope for a world where these companies are ancient history.
I don't make predictions, and I never will.
Yep. They should've pulled Systemworks on version 2.0, which was simply a repackaged version 1.0 with a couple of extra third party programs to "round it out". Version 1.0 and version 2.0 were identical except that they added Dantz Retrospect Express Backup and Aladdin Spring Cleaning and called it version 2.0. I've boycotted their products ever since. They actually had a version 3 at one point, it's still on their site [symantec.com]. And they even have the nerve to sell it with NUM, which they discontinued for the Mac, what, last year...
Hum, I didn't know that, then again I've never had Systemworks for Macs though I have gotten it for my PCs. I got Systemwork 2000 then upgraded it to 2001. After that I decided I won't get another Symantec product again, which is a shame because I liked Norton Utilities when I had it on my Mac SE. So if'en (if and when) I get a Powerbook I want to get Techtool Pro 4 because when I get it I plan on getting Apple Care as well and in one of Apple's stores someone told me Apple Care comes with a subset of Techtools and an upgrade isn't much more.
FalconShould there be a Law?
There's a big difference in the sources where people get their virus news. On the Windows side, you see it in trade journals, on news sites, even on TV when there's a big virus making Windows machines crap out left and right. Yet...you only hear about Mac viruses from companies (Symantec?) who are trying to make a buck. Maybe when I read about Mac viruses in InfoWorld or some other news source I'll be mildly concerned.
"He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
I meant /Library; although I've seen plenty of dain-bramaged code that drops stuff in /System/Library, too. Developers seem to think that since it's already got all that stuff in it, they should just put their stuff there, too.
Clear, Dark Skies
That artificial one-year-from-installation expiration of Norton AntiVirus for the Mac is horseshit.
/Users/Shared. One year to the day after that file is created, your copy of NAV will cease working (you'll start getting nag messages about renewing your subscription a few weeks before that). Well, here's how you "renew":
/Users/Shared/snorosx
At install time, a hidden file called 'snorosx' is placed in
sudo rm
Voila! You just returned your copy of NAV to working order. If you're really motivated, you could set up a cron job to kill that file regularly.
I know this works for NAV 9, can anyone see if this still holds true for version 10? I suspect it does, those lazy, greedy fucks at Symantec probably just diddled with NAV 9 until it worked in Tiger and called the result NAV 10.
http://geeknet.nl/phpws/index.php?module=announce& ANN_user_op=view&ANN_id=85
A: Reality. Confront a mac user on how that the fact is that Microsoft and Apple are both money grubbing, greed-infested coporations. Steve Jobs is an egotist. Tiger is just as unstable as windows (that's not saying its predecessors were). The world doesn't 50 frikkin ipod's. Why does it take an hour for me to get my cd back from the drive. For the last time, there is nothing stylish about white plastic (although it is better than beige, ahhh bad memories)! But malicious code and spyware doesn't, yet.
Linux Friendly since, like awhile.
Someone mentioned Acrobat. Ok, I can understand Acrobat installs a virtual printer, but why do the rest of Adobe's apps need an installer? In my mind, if you aren't altering the way the system works, if you're just installing an application, you shouldn't need administrative rights or an installer.
I wonder if it isn't connected to people failing to understand that installation can be as simple as drag-and-drop. I've even seen applications with installers that just drop a folder in the Applications directory, and that .app file can be dragged to other computers, no problem. In other words, it is a completely functional and self-contained .app, but the developer still insists on distributing in a package with an installer. Why? Is it really some prejudice that you aren't really installing something properly unless some program does it for you?
Modern AV software has finally achieved acceptably low false-positive rates for heuristic scanning. Based on the sequence of instructions in a binary file, a heuristic scan without recourse to a virus definition file can guess with a high level of probability as to whehther or not a given binary is a virus. Whether the Virex engine has this or not, I don't know.
``how can a virus count in one software and not the other''
Read any comparisson of AV products in just about any mainstream IT rag. For these tests, they'll load up a hard disk with known viruses and see how many each product can detect. It is quite rare for all AV products to detect all viruses.
Part of this is due to there not being any standards for virus definitions. Part of this is due to polymorphic viruses (viruses that self-modify their code and, consequently, change their own binary signature). Part of this is due to the virus writing community writing many versions of some viruses. Part of this is due to some AV products using heuristic scanning which doesn't depend on definition files.
Well, AV software could and should be configured to identify stuff like Opener/Renepo. It's easy enough to add a signature for any type of malware to the virus signature files, and indeed the AV software makers do, at least for some stuff. Then if the AV software is configured to scan all files downloaded, emailed and/or unstuffed, a less sophisticated user is likely going to get an adequate warning before running something like Opener, thinking it is a new version of Leisure Suit Larry or a DVD ripper or something like that.
It's not just stupid people - it's most of the people using computers, who just aren't knowledgable enough to cope with some of the situations we might take in our stride.
And in one respect at least Symantec is right. Lots of us have been going on about how safe Macs are, no viruses for Macs, yada yada yada, and may have lulled some of the John Q. Public home-users into a potentially / certainly-in-the-future false sense of security.
That said, you couldn't pay me to install any of the current Symantec products on a Mac. Esp. not with ClamXav available for free, and Intego's VirusBarrier, which has had very sexy, French people staffing its MacWorld Expo booths in years past - reason enough alone to send them oodles of money.
And as for Symantec's "three nightmares" - here's a current headline from ZDnet:
Microsoft to launch anti-virus, anti-spyware products
I found a serious one when I was doing some testing prior to the implementation of Mac OS X 10.3. As far as I know, this issue still exists despite my reporting it to BOTH Symantec and Apple... (I believe Symantec did something about it in their latest version, though I haven't had a chance to test it yet... but I know OS X would still allow the problem in 10.4.)
The scenario goes like this: Create a cron task to update Norton AV for Mac from the command line. Log off the system. Unplug the network cable. Wait for the cron task to fire. Norton tosses up an error box indicating that it couldn't update itself. This error message appears OVER the login screen, along with an Apple menu that shows you logged in as the administrator user who setup that cron to update Norton. Even without logging in you have limited access to OS X as AN ADMINISTRATOR!
(I discovered this little "hiccup" when I'd configured Norton to auto-update and found that our network had experienced a problem overnight when the update was scheduled to take place. Imagine my surprise to come in and find a machine with an administrator's Apple menu accessible and no one logged into it!)
Personally, I think applications shouldn't be able to display GUI elements if the user initiating those applications isn't logged in at the moment, and certainly not if NO ONE is logged in.
For slightly more information on how to update Norton AV 8.0 and 9.0 from the command line and via cron, see: http://mikesalsbury.com/mambo/content/view/115/