Slashdot Mirror
Mac users 'too smug' Over Security?
wild_berry writes "Bill Thompson, one of the BBC's technology commentators and presenter of Go Digital on the BBC World Service, expresses his concerns that Mac users assume their safety in the face of trojans, worms, keyloggers and other malware. As a Mac user he is most concerned about the lack of herd immunity that is needed to stop a few infections becoming an epidemic, fully explained in his column week for the BBC technology site. Is he right, and what actual products exist for OS X that would protect against infections?"
That link doesn't even mention OS X, and is dated 2000.
Peter
Regardless of what OS you use, you are never 100% secure. Much like safe sex, stick to stuff you know is safe and 99% of time, you should be fine. If you do decide to venture into the internet darker corners, then "protect" yourself as much you can, and of course never assume that "it will never happen to me"
Monstar L
My stock response: "The truth is, viruses just aren't a huge threat on the Mac right now. However, my religion precludes me from advising you to not buy anti-virus software."
It's not like you don't have options though. You can get anti-virus software from:
Symantec
Sophos
Intego
McAfee (Virex, included with a
And, of course, there's always Clam AV, along with the ClamXav front end for OS X.
...but architectural considerations need to be considered, too. There's no legacy baggage code from 1990 (a la WMF) to be worked around. Sure, we're smug, but that's because we live in today and not some theoretical tomorrow.
That being said, my Macs have Little Snitch installed. For those not lucky enough to be using a Mac, it's like Zone Alarm.
I don't know who the guy is, but the article is completely useless. There are absolutely no hard facts in there. Please point us to ONE SINGLE virus, keylogger, adware, or any type of malware at all before making ridiculous claims like the old and completely bogus "it's just because of low market share". It's just not true. I haven't come across anything dodgy so far and I've _actively_ looked for it. Nothing except some shell-script with a highly hypothetical threat. Also, keep in mind that OS X users tend to get a large percentage of their software from centralized sources like apple.com and VersionTracker, which wouldn't post or quickly pull any infected software. IF there was any kind of outbreak, it would be all over the Mac-web within an hour at the maximum.
IIRC, Word macro viruses on a Mac tend not to be nearly as damaging as their Windows counterparts (less ties into the system and other Office apps, etc). However, the big problem is that Word for Mac acts as a vector of transmission. Word docs that contain macro viruses that don't affect the Mac in any way can wreak havoc as soon as they're opened on a Windows machine (assuming someone clicks the 'run macros' button on opening the file).
This guy's the limit!
The OP was just relating a story about a smug Mac user and how they scared them into *thinking* they'd been hacked.
Mac much?
Sheesh. Make a phrase that rhymes and people will just beat it to death. It's not security by obscurity, it's security by architecture. Is it invulnerable? Of course not. But it's more than just the market share that provides the security.
That's beside the point of the article. The article wasn't blasting security on the Mac, it was pointing out that Mac's are susceptible to problems to. Doesn't the vulnerability of software running on a Mac constitute a security problem on the Mac? If I can get in does it matter if it's through the OS directly or through an application?
The article was suggesting that Mac users need to be every bit as cautious as the "rest of us" on our Windows boxes. It was railing against the same type of thinking that causes parents to decide not to get their children vaccinated against things like measles because you never hear of measles cases anymore. Of course not! It's because we've been vaccinated! So Mac users: go get your booster shots.
----- Connection reset by beer
The differences between Windows and Mac wrt security extend far deeper than that.
Windows ships with ports open for non-essential services, has effectively no firewall, and encourages users to act with permissions that allow them to access every file on the system.
Mac OS X ships with no ports open at all, has a usable firewall, and encourages users to act with only as many permissions as are necessary to get the job done.
That's not to say Mac viruses will never happen, because they will, but the architecture of security into the system make it a far far far safer place.
Disclaimer: I'm a UNIX user who uses a Mac because I want a good shell and I hate lockups. I also use Windows when dragged kicking and screaming into it, but I shut off all non-essential services, and ActiveX, and buy a cheapo NAT firewall device before I connect it to anything. And I use Firefox unless I HAVE to use IE. Viruses cost WAY WAY too much in the workplace not to be safe by default.
According to Wil Shipley, there has been maybe one real virus for Mac OS X, maybe. Even then, it didn't spread much and no one's sure if it really existed in the wild and it may have just been a trojan.
Even an adminstrator can't modify system settings without a password though. I run as adminstrator and I am asked all the time for a password for installions via the installer.
Regular apps they are drag and drop. but I can't type
rm -rf /
and have it destroy my computer. it will ask for a password first. My user files might be gone, a few applications that have my username with them but that's it.
i thought once I was found, but it was only a dream.
1995 called. They want their FUD email back.
You have two hands and one brain, so always code twice as much as you think!
You need to read non-Apple security material more. When MacOS X came out a whole list of setuid apps used by the "pretty shell" to tell the OS to do simple things like load a CD or eject it had security wholes all over the place. http://www.derkeiler.com/Mailing-Lists/securityfoc us/bugtraq/2001-10/0117.html is a prime example. I admit Apple learned from its mistakes pretty fast, but the initial release of MacOS X was one big local security hole. You are correct - networkwise it was more or less OK, but once someone managed to connect it was ripe for picking.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Do any of them autoexecute with root by clicking on an email?
KFG
Because most weren't critical vulnerabilities and there are no exploits. Show me an exploit for a Mac OS X vulnerability. Now, show me one in the wild. Can't? The only thing you have to do to wipe the smug look of a Mac users face is to release an exploit in to the wild.
a g=zdfd.newsfeed
3 75,39155837,00.htm
I actually don't have to do anything that hasn't already been done...
Here is my 2 minute search for a response to your questions specifically.
Proof of concept exploit:
http://news.zdnet.com/2100-3513_22-5189335.html?t
Exploit, infections from not known:
http://news.zdnet.co.uk/internet/security/0,39020
In Wild exploit, known infections:
http://www.macintouch.com/opener.html
I don't have time to do more research to help your denial, but I would suggest you actually do a bit of research yourself and see that OSX is no more perfect than any other OS. PERIOD.
Dead on? No: dead horse. As in "beating a dead..."
.Mac because it caused more problems than the risk of viruses did. Symantec tried to resort to FUD tactics to up sales of their virus software and subscriptions a while back because most Mac owners just didn't see the need for it anymore. It's widely know that most Mac owners don't use it. So either the virus writers dont' know the facts, or are trying to write them and just don't have the skills. Likely it's a bit of both.
Three percent? No. Despite what the MS and Linux fanbois want to clam, the current Mac market share is almost 7% and growing, and that's SALES, NOT installed base. Installed base is obviously higher, around 15%-20% according to estimates. And no, these are not stats from Apple, who never talks about such things.
So the main reason there aren't any Mac viruses and very few Unix/Linux viruses (in comparison to Windows) is not availability of units to infect, there are millions and millions. It's because virus writers are 99.9% of the time dumb little jerks or crooks with who have little or no real computer skills, writing it on a cheap PC clone in their bedroom, or are already somewhat slimy felons or maladjusted individuals.
Hell, most of the PC viruses are just variations on a few major themes, too, again because of the lack of skills of the virus writers. There are around 100,000 Windows viruses and NO MacOS X viruses simply because it's much, much more difficult to write a virus or worm of any sort on Mac OS X or other Unixes and very very easy to do on Windows. The folks who can write Mac or Unix software can usually make a lot more money and get a lot more kudos writing useful software than wasting time screwing around writing viruses.
And then there's the fact that most of the Unix and Linux boxes are servers, not user machines, so you can't even taken advantage of the "Click me" method of spreading. Also, Mac OS X warns you if you try to open an executable attachment.
Can Mac users get a virus or worm? Sure, anything is possible. It simply isn't likely. And even if there is one, it'd usually have to get past system authentication to do anything but wipe out a user's home folder, if it was written like the typical Windows style virus. The ones that get through most of the security holes are MUCH harder to craft (even on Windows).
So after 5 years of OS X and zero viruses, Mac users are just not losing any sleep over it. Should we? Maybe, but it's been our experience that most anti-virus products cause more problems than the viruses do!
I understand the motivation of these article authors. It's three part:
1. Bringing it up is always sure to generate a lot of hits and visibility, since they generally don't present all the facts, or current facts, or have done any research or present any historical perspective. They're not wrong, but so far history has shown they are just crying "wolf" too many times. Until there IS a virus, wasting our time.
2. They may be shills for the anti-virus vendors, who aren't making much money on Macs since their annual subscriptions not having any updates for FIVE YEARS or more are looking to be a bad value.
3. They are anti-Mac and just trying to spread FUD.
4. The last (and least) reason is that there IS a minor concern. Not that any of these articles ever presents the full facts or details.
I'll start to worry about viruses on the Mac as soon as there is one. To some that may seem to be too late, and perhaps I'll regret it....but why destablize my machine now with crapware from Symantec and others? Hell, as I recall even Apple stopped providing anti-virus tools with
And chances are, even if there WAS a virus, it would get past the anti-virus stuff anyway, so why worry until there is something to worry about? Instead we're bombarded by this FUD several times a year for the last five or six years...and still no malware on the Mac. Among the best anti-virus methods aro
Apple has quite a few things going for it in regards to security, which is why we've seen no wild viruses yet:
1) Real user accounts with limited system permissions. Makes it harder for viruses to really worm into the system.
2) No services open by default so there's really no good vector for automatic intrusion - whatever service you pick is going to have a low payback.
But really a very important, and often overlooked feature is (3) - a system updater that people do not disable, because it's not very intrusive.
That is what gives Macs a tremendous immunity advantage as a group, because if any attack vectors are found (either through Safari or services or what have you) Apple can have 90% of the Macs on the planet patched within a week (being really conservative there and assuming that 10% of macs either would have update disabled or otherwise are unable to update for some time for some reason). So even a serious spyware problem that entered through Safari (my bet for the first sucessful attack we would see) would be patched before many people would get hit.
In theory Windows Update could do the same for Windows - but in reality a lot of people disable it as it keeps breaking things or is just plain in the way.
So the reason that Macs have no viruses yet is not because the marketshare is too small (point me to any spammer that would just toss aside a few million zomies if they could use 'em), but because like the borg shield any vulnerabilities are constantly shifting and thus not explotable for long enough to make the attempt worthwhile.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
And the original article was pointing out that having a bloody well-designed operating system in no way means you're immune to hacking. It was railing against OSX as a panacea, not an OS. As such, the GP's post was in fact dead on.
For the love of God, please learn to spell "ridiculous"!!!
There is an anti-spyware product for the Mac OS world called "MacScan". I interviewed the President and COO of SecureMac, the developers, on the last edition of Radio MacGuys
http://www.macguys.com/
wherever I go, there I am.
It works here even with Windows XP.
Sweet! What firewall are you using that protects against the much-discussed WMF attacks? Malicious, encrypted instant messaging packets? Because I'd have an easy time convincing my boss to take a look at such a thing, if it actually existed.
Firwalls address one attack vector. If you believe that's the only one that counts, you're deluding yourself.
Dewey, what part of this looks like authorities should be involved?
But "opener" requires a previously comprimized system. A "rootkit" without a viable delivery mechinism isn't really a "virus" or "worm" or even a "trojan". Acording to McAfee: "This threat does not make use of an exploit, so to have the script run successfully on a system and make changes, the user account from which the script is run must have sufficient rights. If no superuser/root/admin access is available many of the subroutines will fail and generate errors." I don't know why McAfee classifies it as a virus/worm since it doesn't seem to have any propagation abilities.
Exploit, unknown level of infections: http://news.zdnet.co.uk/internet/security/0,390203 75,39155837,00.htm
True, the exploit mentioned is a tricky thing (potentially allowing code that was downloaded to be run as trusted), however I don't know if any was ever found in the wild - and even then it would still require an administrator's password to do system damage. The "hole" was supposedly patched by Apple's Security Update 2004-06-07 according to Unsanity who had released a little application to guard against the exploit.
If those are the only two you've found, you haven't really shown any "In Wild, known Infections" in my opinion.
ENABLE: sudo fsaclctl -p / -e
DISABLE: sudo fsaclctl -p / -d
You do get a GUI to do this in the Server version, and I'm not sure that Apple mentions (prominently, at least) that the client version of the OS includes ACLs. A general discussion of ACLs in Tiger is here.
My brother has an older iMac with five user accounts on it, so if one user gets a virus then only 20% of the user data is at immediate risk
The permission system on OS X is quite loose. By default, users can write directly to the Applications directory. That means that malware could easily trojan common programs like iTunes and so on.
So, if a virus somehow got onto the average Mac, I don't see the user account system being any more than trivial protection.
Whenever I hear the word 'Innovation', I reach for my pistol.
Ummm, NT was designed by David Cutler; a DEC VMS architect.
NT is based on VMS, not UNIX. This has several implications in the basic architecture of the OS including a desire to keep things limited to a few very large virtual memory spaces.
The network stack was probably based on some BSD code but NT itself is a very recognisable child of VMS.
So it's clearly possible to craft attacks for MacOS-X. But Mac market share is so tiny that few bother. Back before the PowerPC transition, when Apple had more market share, there were more Mac viruses. "Back in the late 1980s, viruses used to be a much bigger problem on Macs than on PCs. We here at F-Secure used to have an antivirus product for Mac but discontinued it after the macro viruses died out".
There have been some gaping holes in MacOS-X browsers that allowed execution of remote code. But nobody bothered to exploit them. Or so it is thought. There's always the possibility of quiet exploits that extract some useful information from the target, ship it somewhere, then clean up and exit.
Hell, on OS-X, you could even have it download and compile the virus SOURCE behind the user's back.
OSX only comes with compilers if you specifically install them from the dev tools disc. Most people won't have done this.
egypt urnash minimal art.
What does hardware platform have to do with virus susceptibility? Oh, right...nothing. Now I remember.
Why yes, I AM a rocket scientist!
They can be just as ignorent as windows users, why who could have thought the "Word 2004 public beta" with a "Microsoft icon" that "looked genuine and trustworthy" would wipe out your home directory?