Slashdot Mirror
Macs May No Longer Be Immune to Viruses
Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"
They never were immune. It's just that most virus writers don't give a crap about Macs.
Why does Slashdot continue to post Apple-related non-stories? Every time Steve Jobs farts or some idiot proclaims the coming Mac-Virus-Mayhem (tm), Slashdot takes the bait.
This MSNBC(!) story contains no facts whatsoever. No piece of significant OS X malware has been discovered so far, and I believe it's highly likely that there won't be any in the immediate future. WTF does the Intel switch have to do with that?
The nastiest viruses are written in assembly language, and there are a heck of a lot more coders familiar with the x86 line.
What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.
I don't think you've thought this through.
1) Consider how long it took for the hacking community to make OS X to run in a virtual machine on an Intel Box.
2) Now consider how long it took for the hacking community to make windows run on a macbook.
Which one of these tasks was harder (I would say the first, as Apple was actively hindering this activity, but 'not precluding' the second).
In spite of this (and inspite of the second task having a $13000 prize), the first hack was done in a much (much) faster time. Why do you think this is? The answer of course is barrier to entry. The $2000 barrier to entry you used to have to pay to use OS X (and test exploits against it) no longer exists, if you don't think that makes a difference to hackers (many of whom are in far less afluent countries then you), then quite frankly, you're insane.
There are shills on slashdot. Apparently, I'm one of them.
Anyone knows you don't get something for nothing.
Viruses for all different operating systems exist.
There are holes and exploits for practically everything known to man.
Now, if I walk into the dodgiest parts of town (with my turtle neck sweater on) and ask the shady guy at the street corner for a forbidden secret preview of the next big thing do you really think I will survive with the same number (and size) orifices as I started with?
Once you leave the beaten track, you cannot be sure what lurks in the shadows.
liqbase
Nor even markedly more resistant. They have just been less targeted.
Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.
No-one can deny that with growing popularity of OS X that it becomes an increasingly attractive target. Malware writing works on similar economics to regular software: this implies that malware will exist but be a niche deployment. So it is a concern, but not the end of the world, or of Apple, as the world likes to regularly predict.
/less/ vulnerable than the mainstream desktop OS. The thesis that using an intel processor increases security risks is not true - OSen don't allow direct hardware access as such, and how many script kiddies write x86 microcode?. Running Windows on a IntelMac may potentially increase security probems, and reduce the Macintosh (not OS X) brand reputation for security. It depends on how the 'wall' between x86 file access and OSX file access is implemented.
The article was mixed in accuracy. Many Mac users believe themselves to be invulnerable - the truth is they are currently
Nothing in IT or anywhere else is 100%. Currently OS X is more secure in many areas than its competitors. To maintain or improve on this, constant vigilence and innovation are required by Apple, ISVs and most importantly users.
I wonder what percentage of some anti-virus software company's profits are a direct result of this article.
I'm in denial about invisible pink unicorns too. Put up or shut-up.
Direct away from face when opening.
I'm calling bullshit on that. True, Macs haven't been tested with a huge market share like Windows has, but you seem to be using that as proof that Macs have as bad-a security model as Windows. My favourite analogy to this is asking which one is more bulletproof, an apple or a kevlar vest. You'd shoot the apple into smitherines then say "Obviously the kevlar vest would crumble similarly if I shot it therefore neither are bulletproof".
You're right that they have never been "immune" to viruses. I don't expect you to say something stupid like that *nothing* is immune to viruses unless you can successfully hack my hello world program, but macs definitely aren't. That doesn't mean they're as bad as Windows though, so if you say something like "Nor even markedly more resistant" how about you back up that comment...
How does everybody figure this? As a results-oriented person, I have to say Apple's track record is better than Microsoft's at the moment.
I'd take an Apple spokeswoman's word over Tom Ferris's word. He's fairly good at finding crash bugs, but he frequently reports zero dereferences as "buffer overflows", etc. See his record in bugzilla.mozilla.org, for example, starting with bug 303433. I have no idea why the media keeps calling him a security expert.
... until somebody starts a flamewar by saying that Macs are not immune to viruses after all and they've only managed to stay relativelly safe because there are so few of them, to which a horde of Mac religious fanatics angrily reply that Windows is much worse at which point the flames start flying back and forth all the while drowning the only 2 posts that make sense, one saying that the only mainstream OS purposelly made with security in mind was OpenBSD and the other that says that stupid users running with admin rights that open executable attachments in mails from unknown sources are, independently of the OS, the biguest cause of virus infections.
.... nevermind, already started.
3, 2,
I totally agree, now to te rest of you: Since the trojan writer / spammer alliance, writing viruses has become a business worth millions of dollars. If you still think that a virus writer won't buy a couple of powerbooks, if he thinks he can make a profit, you're dead wrong.
For the perfect anti-Unix, write an OS that thinks it knows what you're doing better than you do and let it be wrong.
It isn't easier to do buffer overflows on x86 processors than it is on others, except for the fact that until recently it was difficult to disable execution on the stack. However most systems haven't done that until recently anyhow, because there has been software that needs to allow execution on the stack (so called "trampolines" are sometimes useful).
Your comparison of Apple with Microsoft 3 years ago lacks any kind of substance; please provide examples if you wish to be taken seriously. Apple has been doing security updates for OS X since it was released, and they never had Microsoft's earlier issues with enabling all sorts of dangerous remote services by default. The closest to such a problem was the problem where a spoofed local DHCP server could be used at boot-time to gain access, but that still required access to the LAN the computer was on.
I would trust neither system to prevent local privilege escalation (i.e. trojans can and will be a problem for some time to come).
I'd say Apple and Microsoft are currently close to the same level of security in terms of potential for exploitation, but MSWin is still targeted considerably more.
This is nonsense. x86 is in no way more sensitive to buffer overflow bugs than other popular architectures. It is probably possible to implement hardware acceleration of guard pages and some form of privilige separation, making such protection mechanisms slightly faster, but I know of no hardware that does so, so this is in no way x86-specific. Also, on a 64-bit platform, you have more address space, meaning that if you randomize the memory space layout on each invocation, an attacker will have a pretty hard time figuring out what to do with an overflow error, but again this is not x86-specific. I think you're thinking about the C computer language, which is designed with fixed-sized memory buffers in mind, making it much more work to avoid buffer overflows in C than in e.g. Java or C#.
Try out fish, the friendly interactive shell.
I suppose you haven't actually checked the Apple Store the last few years. The barrier of entry has been around $500-600 the last few years. Unless haxors absolutely need l33t 15" Powerbooks instead of a mac mini.
Good point - you're quite right. But, while virus writing has become a multi-million dollar industry recently, many of the people writing exploits are not the ones directly making money off them.
To these people, lowering the barrier to entry from $500 to $0 will make a tremendous difference.
And on that point, wouldn't some haxors love to also be one of the few to make a sucessful virus/trojan/etc OS X or Linux (where's the barrier of entry here?) instead of one of the few thousand for Windows? I thought prestige was some sort of motivation. Pff.
Its good that you mention linux - A few years ago, linux users were complacent the way mac users are now. A few worms, a few defacements, a few embarressed, burnt users & now the linux community is more proactive about threats. That has yet to happen in OS X land.
And yes, prestige as you say is going to be a big motivator to uncover OS X holes.
There are shills on slashdot. Apparently, I'm one of them.
Of course, beyond the code-level measures that Rosyna mentions, there is also the fact that the Mac, as shipped, is vending NOTHING. Rather hard to get the runaway propagation typical of a windows virus outbreak, when each user has to explicitly open each port.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Nonsense. Microsoft is the target of viruses and spyware because of Microsoft's moronic design decisions and security policies AND because of marketshare.
Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.
The fact that it's so trivial to exploit Microsoft software is purely because of the moronic design decisions and security policies, not because of marketshare. But the fact that Microsoft is so frequently the target of virus writers is a function of marketshare as well.
> What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.
No, the article points out what I thought was obvious.
To write a worm/virus you actually need to know how to assemble on the target architecture for at least two reasons:
1 - The first thing you do before attempting to exploit a crash is to debug it, now how do you debug on an architecture which you don't know? Trying to debug low level code (remember it's precompiled binaries we're talking about here, not scripts) without knowing how to assemble on the target architecture is like running the marathon without a leg.
2 - If you find a way to inject code you'll need, well... code to inject..., and this code has to be written in the lowest possible level so that you can interrupt to system calls without depending on operating system libraries and avoid specific opcode patterns that would have a meaning to the high level application and prevent your injected code from running as expected.
Taking in account that every geek in the universe knows x86 assembly, if you think for a while you'll realize that the architecture switch makes OSX much easier to debug for the majority of people, and inherently much easier to exploit.
Thieves steal honda accords more than any other car. Not because Accords are better, but because they are more common.
You don't see a lot of mac viruses because virus writers are looking for a large population to spread their malware, and macs are few and far between.
Windows can't write to an HFS partition, so no matter what is installed under Windows I don't believe it can touch the OSX part of that hard drive.
Fascinating.So
Machines can only be infected by:
Worms
Viruses
Trojans
Worms spread via open ports. If Macs have no open ports by default, then the worm threat should be near zero for Macs.
But you say that it is just because there aren't a lot of Macs out there. So
Fascinating.
Still, I WOULD like to see Apple try to do more to keep OSX secure. The system should only allow its system directories to be modified in single user mode -- I'm pretty sure BSD has a flag for that. I'd also like to see downloaded applications run as some other user that isn't allowed administrative access to the system at all, password or no. They'd probably have to make some changes so that the user could be restricted from changing its user ID to minimize the damage of people providing their passwords blindly when the dialog comes up. Allow the user to take explicit action if they want the application to be able to run as the regular user.
It still wouldn't be a perfect defense, but nothing can help you if the user's going to bend over backwards to give an application access to the system. Operating system companies really should err on the side of paranoia whenever possible.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Macs May No Longer Be Immune to Viruses
Nobody with a functioning brain thought that Macs were ever immune to viruses.
If the installed base size is the critical factor for exploit success, then why are there more successful exploits for Microsoft IIS than there are for Apache?
Take care,
brad
So. Not Accords. But get the picture? Nine year old Civics? The most common cars stolen are those which are owned by people living in the neighborhoods where thieves operate.
What really matters is no the most common car stolen but the car with the highest rate of theft. And for that, the top ten are: 1999 Acura Integra, 2002 BMW M Roadster, 1998 Acura Integra, 1991 GMC V2500, 2002 Audi S4, 1996 Acura Integra, 1995 Acura Integra, 2004 Mercury Marauder, 1997 Acura Integra, 1992 Mercedes-Benz 600. Someone likes those Integras.
Thing is, theft rate doesn't help your dorky argument. Because not only are there few Macs being broken into or zombied or attacked by virii, but Apple's *rate* is nearly zero as well.
people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.) ignorance is the problem. education is the solution.
I agree with you, but I think most of the ignorance is in the other direction. Talking to the average Windows user, most assume Mac users do have to deal with the same level of spyware, worms, and other malware that they do. When told, "No I've never been infected with any of them and in fact no mac worm has ever spread to OS X machines on the internet," many simply don't believe it. Those that do, sometimes inaccurately claim when speaking to others that mac can't get viruses, when in fact they just don't get viruses (or haven't yet).
Apple has been very careful on this issue, to never claim their machines are immune to viruses. I think the fact that most users don't know Macs are more secure than Windows machines and are unlikely to have malware problems greatly overshadows the problem of Mac's security being overstated by some individuals.
Well, in terms of cache, the CPU (just like x86) uses separate instruction and data caches, at least at some level, making it a Harvard machine in that sense, but they have to support cache flushing operations to support self-modifying code. So there's really no security advantage gained through this bit of Harvardness. And it's certainly not unique to the PPC.
-twb
PowerPC is not Harvard architecture. It has seperate L1 instruction and data cache, but that's it. Harvard implies that the instruction memory is in a distinct address space from the data address space, and that no instructions exist to allow one to write to the program memory.