Macs May No Longer Be Immune to Viruses

Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"

Heh.

[c0l0]

One might wonder why this (non-)story is featured on the front page of MSNBC... ;-)

Re:Heh.

[NickCatal]

or why they never mention if it is a universal binary or not...

Re:Heh.

[Rosyna]

It's just sad really. This Tom guy can't read crash reports. He reports the same TIFF crash as two different crashes, and then says there is a parsing error in CFAllocatorAllocate(), which does parse anything, it just allocates memory. In CF, most functions will call abort() and force an application crash if given bad parameters. Such as a 0 size for memory.

Most, if not all, of these just amount to DoS attacks and it's not actually possible to get them to run arbitrary executable code. But now days any kind of reproducible crash is incorrectly regarded as a massively massive security issue. It's people like Tom Ferris that make real computer security jobs into a joke.

Re:Heh.

[William+Robinson]

LMAO, yeah.. last time I checked, the bug was in this code of MS Management cycle..:P

while (generating_crappy_systems())
{

char* company = pick_yet_another_company();
int percentrisk = assess_risk_from(company);
int percentgrowthrate = assess_growth_of(company);
if (percentrisk > 10 || percentgrowthrate > 10) launch_FUD_against(company);
continue; // with generating_crappy_systems();
}

Re:Heh.

[BrynM]

One might wonder why this (non-)story is featured on the front page of MSNBC... ;-)

MSNBC is a member of the Associated Press. They're probably hoping that the FUD will spread via other news agencies picking up the story from AP feeds. Since it's Monday morning, I'm sure at least one groggy editor has picked it up. From the looks of a Google News Search, MSNBC actually picked the story up from April 24 (The San Jose Mercury News and the Daily Breeze).

Re:Heh.

[BrynM]

Unfortunately you (and the rest of the jerking knees in this thread) missed the point. That little AP logo on the story (you looked at the story, right?) means the story was sourced from AP. It's not an MSNBC story, it was written by AP, and simply published by MSNBC.

Actually, you didn't read my post. Go back and read the last sentence again... The part where I point out exactly what you are saying and provide a link to see where it was picked up from. Read the complete post before you get inflamatory please.

Re:Heh.

[Gentlewhisper]

Is MacOS better than Windows Vista?

Re:Heh.

[h4rm0ny]

Yeah but don't worry - did MSNBC just report that Macs were gaining market share? Whoops. ;)

Re:Heh.

[vortmax]

Cause CNN ran it and by God, we cannot be out storied by another cable news company. If CNN ran it, it has to be true. CNN would never lie.

Besides, if you print something at least three times in three different sources, then it becomes fact.

Re:Heh.

[Lars+T.]

One might also wonder why the description of this "new" virus sounds just like the 2+ months old Oompa-Loompa.

Re:Heh.

[Swift2001]

Lemme see now. Number of actual viruses, 0. Spyware, 0.

That's pretty secure, you know? Not perfect, I'm sure assiduous researchers can find vulnerabilities. After all, their livelihoods depend on it.

Hmm. Best introduce the trope, "Mac no longer bulletproof," as if anybody but the most moronic said that it was. Set up straw man, smack it down. But where are the actual infestations?

Quick, kid, buy my virus sweeper: you don't need it now, but you will, even if I have to find a vulnerability and release it to some blackhats before I warn Apple.

Re:Heh.

[Tinidril]

Many security vulnerabilities are first discovered as crashes. If you can find a way to crash a process then you have made it do something its not supposed to do. Once you get into that area of undefined behavior the chances are good that the attack can be "tweaked" to execute arbitrary code. That is why crashes should be treated as security issues until it is proven otherwise, and often the simplest way to prove otherwise is to fix the bug.

Re:Heh.

[wealthychef]

Once you get into that area of undefined behavior the chances are good that the attack can be "tweaked" to execute arbitrary code.

I disagree; the chances are not good at that point. The chances are very small. Only a small percentage of crashing bugs can be exploited into a security vulnerability. I know, I've written my share of such bugs. :-)

Immune?

[Red+Samurai]

They never were immune. It's just that most virus writers don't give a crap about Macs.

Re:Immune?

[Scudsucker]

It's just that most virus writers don't give a crap about Macs.

And the fact that Macs never had Outlook, the PC version of Internet Explorer, Active X, ports and services open all over the place, or piss poor priveledge seperation. That is why Macs don't have viruses (Linux as well, for that matter), not because of market share.

Re:Immune?

[stefaanh]

Otherwise said:
Burglars break in houses with the most vulnerable alarm system, not because of the popularity of the alarm system.

Re:Immune?

[Gobelet]

But that is the modern propagation of viruses. How did people infect computers before that? By infecting medias. Dammit, you don't need a security flaw to embed viral code in a software that you have to install with root.

Re:Immune?

[kohaku]

or more accurately, burglars break into houses without alarm systems :)

Re:Immune?

[TheSloth2001ca]

"And the fact that Macs never had Outlook, the PC version of Internet Explorer, Active X, ports and services open all over the place, or piss poor priveledge seperation. That is why Macs don't have viruses (Linux as well, for that matter), not because of market share."

I wouls assume that macs don;t have viruses for both reasons

Re:Immune?

[squiggleslash]

Burglars aren't virus writers. They burgle specific homes they choose in advance.

If you were to build a robot that simply burgles as many homes as possible, using each home as a launching pad to burgle other homes, then... ok, this analogy doesn't work to begin with, and I can't see a way of stretching it to actually work. Bad analogy. This is about virusses, not about burgling homes.

If you write a virus, you most certainly DO aim it at the most popular platform amongst those it has to contact to spread, especially if all the other platforms combined don't even reach 10% of the market, unless there are serious mitigating circumstances. Computer virusses work more or less the same way as the biological equivalent. If it affects only a small percentage of the population, such that most people exposed to it will never be infected, and never spread the virus, then it has little chance of actually working.

A Macintosh-only virus will find that, on average, 90% of the computers it tries to reach after infecting the host Mac will not be compatible. They will not spread the virus at all. I don't know of anyone in my address book who actually owns a Mac, and the chances of there being many within my IP block are low. So should one infect my Macs, those will likely be the only Macs they infect, the virus going dead after that. It might work in small communities of Mac users, but any isolation they have will kill the virusses chances of moving outside of that community.

The reason the Mac hasn't encounted virusses so far has to do with that and not any bollocks about it having a "superior security model" or Apple taking some kind of pro-active attitude towards bug fixes. The truth is that all versions of Mac OS X periodically get Security Updates. The truth is that Apple's attitude towards security was so poor until recently that you could install an application on a user's PC and associate it with any file types you wanted simply by redirecting their Safari-rendered webpage to a .zip or .sit file containing the app. The truth is that Apple's "security model" consists of periodically asking you for a username and password with no validation provided to YOU that proves the application asking is actually what it claims to be in the first place. The truth is that it remains the case on both platforms that anyone can run any application they download without an admin username and password, and at minimum, that application has access to the user's files and are able, by default, to access the Internet, and if it's able to get the admin username and password, through trickery or however, the app has complete control over the user's PC. The truth is that a program can easily pretend it's just another JPEG in a .zip file, just by chosing the right icon. And the truth is that Darwin's lack of fine grained security means it has a limit to how secure it'll ever be.

The vast majority of successful "virusses" for Windows rely on social engineering to launch an application to begin with. They're not based upon real holes. They're based upon the same principles that work with every OS. They don't work for Mac OS X not because they can't work in principle given Apple's security model, but because 90% of the people receiving the trojan would never pass it on, and some might even respond to the infected victim who "sent" it with "Dude, I got all those pictures, but what's that "PCN0006.JPG.app" directory in the zip file?"

Re:Immune?

[__aanmcx8698]

Actually, Macs do (and did) have both Outlook and IE. However, I think support was pulled on both of these not too long ago, if I'm not mistaken.

Re:Immune?

[GeeWhiz]

What does Mac have to do with computers? I thought they were all truck drivers.

Re:Immune?

[Cougem]

Yeh, crap analogy.
 
How about we liken viruses to the 'organisms' from which they get their name? Viruses can only spread with a certain amount of susceptable hosts. Measles for example dies out in a closed population of less than 100,000. Also, as herd immunity rises (antiviruses), it gets even harder.
 
Computer viruses are the same. I mean yes, of course, the more susceptable the host the easier it is, but by definition a virus, computer or not, must be able to spread, and for this to occur you need to find a hell of a lot of hosts that are accessable. Whether these come from your email address book or over the network, it's a hell of a lot easier to be successful when you're targeting the windows boxes.

Re:Immune?

[norman619]

Poor analogy. Mac's poor market share is the main reason they haven't been targeted by the virus writers. You are just fooling yourself if you think it has anything to do witht he architecture of the OS. It's simple logic. You don't go after the minority systems you go after the majority. But Apple is changing and joining the rest of the world and as such they will prob come under fire. The irritating and misguided boasting of the Mac fanboys may be taken as a challenge by the kids that write the viruses. Oh well move along nothing interesting to see.....

Re:Immune?

[jrjarrett]

The truth is that Apple's "security model" consists of periodically asking you for a username and password with no validation provided to YOU that proves the application asking is actually what it claims to be in the first place

True.

However, what this model stops is average Joe User surfing to some page and unbeknownst to them, having something get installed that oh, I don't know, tracks their every web site, or changes the home page or something.

So if I intentionally go and download an app, and am asked for my password as a validation to let that install happen, that is at least a double-check that is what I intended. What's IN that app, well, that could still be a program that does a system("cd /;rm -rf *").

But if I just hit a website and see that dialog pop up, I'm not going to let it go thru.

Users do need to take SOME responsibility for the use of their computer.

Re:Immune?

[PPGMD]

Except we are talking about Joe Average user, Joe Average user is very likely to just enter their password whenever it's asked as long as it looks half way realistic, how do you think so many get tricked by the phishing sites?

I would say that at this point the amount of Joe Average users of Apples is quite low, but heaven forbid Apple gets a 50% cut in market share they are going to have many of the e-mail virus problems that Windows has, because people are stupid.

Re:Immune?

[Megane]

The problem with Windows (in)security with masive worm problems (especially the norotorious RPC bug) has been that it was the equivalent of a burglar sneaking in through the 2' x 2' pet door built into every house, even the majority whose owners don't have pets.

Re:Immune?

[stefaanh]

I don't agree.

Virus writers, malware and adware writers are not that different from burglars.

Nobody claims Mac OS X or Linux to be super secure. Especially not Apple or any engineer for that matter. Hence the number of security updates. But the process is very transparent for everybody, user, engineer, hacker or cracker.

Of course social engineering works regardles of platform.
I agree that the number of infections has to do with the popularity of the platform.

But the speed and the ease of infection has to do with the platform.
I still think that most crackers are lazy, and take the road of the least resistance, just as burglars do. (To answer another post here: The Honda Accords with a poor alarm system will get stolen first.)

Overall, it is easier to compromise a Windows platform than a Unix platform.
And after all many of these problems, although application specific (eg. Outlook), exist because of architectural (read: OS) flaws.

Most kind of attacks or hijacks indicate that Windows gives instant cracker satisfaction and "reward".

The one example you mention, is still only a social engineering hazard, where the user is responsible for what he allows to run on his system. At least on a Mac for instance, out of the box, no app has access to the system without an explicit confirmation of an administrator - which I think is the least Apple could do to protect the user from her/himself.

It still can get a lot better.

Let's hope that computers get safer - and users more aware of the dangers that lie in trusting this technology.

Re:Immune?

[PhoenixK7]

Aside from the other responses already given to this comment (especially the burglar alarm comment), what about this:

Think about the recognition one might get for actually being the first person to spread a major worm on the Mac? Wouldn't that garner more recognition than being one out of the thousands that are spreading on Windows based machines all the time? The market share argument adds up on a few levels, but not that many. There are other reasons why the Mac isn't subject to as many viruses.

Re:Immune?

[danpsmith]

Yeah but they are also more likely to try to figure out how to crack the security system that is most popular.

What a piss poor analogy.

Honda Accords, for instance, were among the most stolen cars for a while. Not because they were inherently insecure, but because they were available and known.

Re:Immune?

I still think that most crackers are lazy, and take the road of the least resistance, just as burglars do. (To answer another post here: The Honda Accords with a poor alarm system will get stolen first.)

Not entirely, you have to consider the market for stolen cars and stolen car parts for anyone other than your joyriding car thief (the thieves that steal cars for the money). Car thieves typically take what they can sell or chop up to sell, easily (as in there is a market for them). In this regards, they are like computer viruses. The brands/makes of cars that are most popularly stolen are also the ones that have large market share, thus the widely available market for spare parts and the sale of used models of that car. So, when faced with wanting to get some money and you are a car thief in the USA, are you going to steal the (alarm or not) Accord, which is widely popular in the USA, or are you going to steal the Pinto or the Gremlin, which you may drive every day for two hours for a month and not see a single one on the road? If you chopped it up for parts, which parts or "resale" would have the largest market, and therefore the most money into your pocket with the least effort?

Virus writers are the same. In order for a virus to spread, you have to have a "critical mass" of machines or the virus will simply stop spreading. For example, you'd have to have at least a single "link" between two machines that are of the same type of OS so the virus could spread. If the ratio were 1:more-than-one, for every machine infected, there would be a high chance of finding another uninfected machine to infect. If the ratio were 1:1, for every machine infected, there would be one more infected by that machine, if it weren't already infected, so even this is a very low rate of spread. If the ratio were 1:less-than-one, then the virus will most likely not have many options even if it did happen to infect a machine that could contact another machine and the new contact wasn't already infected.

In Mac-centric communities, this ratio may be fairly high (a Mac user may have a number of Mac user friends) even though the total number would be small. So, you could write a virus that would, in the best case a few years ago, infect at most two million machines.

Just like a biological virus and viral biological warfare. There may be reason to design a very targeted virus to infect only one targeted segment of the population (precision viral assassination) but if you want to take out a large number of individuals and cause the most devastation, you're going to design something that will spread rapidly among a very broad target host and that won't happen if you design the virus to target some weakness that only 1% of the target population exhibits.

Re:Immune?

[99BottlesOfBeerInMyF]

You make several good points, and it is clear a lot of people who are not in the security field overestimate the security of an OS X system. It is somewhere on par with the average Linux workstation, which is to say people out there can hack it if they are targeting you specifically. Worms might, but probably won't be an issue for an average user. Notifications and restrictions on users are middle of the road for security versus ease of use. I think, however, you are slightly incorrect on several points and are basing your opinion on several incorrect facts.

If you write a virus, you most certainly DO aim it at the most popular platform amongst those it has to contact to spread, especially if all the other platforms combined don't even reach 10% of the market, unless there are serious mitigating circumstances.

This is true in some cases, but not all. A good number of worm authors are for-profit these days they want to make money. Windows is the biggest market segment and the easiest target. It is not, however, necessarily the most profitable. Half the Windows machines out there are sitting in a business office and have no data easily exploitable for profit. Another 25% or so are home machines owned by people in the third world who have pirated the copy and don't even have credit cards.

Mac users, on the other hand, are people who shelled out big bucks for a high-end machine. Some Windows users are too, but by no means a large percentage of them. What percentage of Macs do you suppose have valuable, credit card and personal info for someone with a high credit rating?

Macs are not so rare that dumping one on Comcast's network would not net you a pile of machines. Further a cross-platform virus that hit both macs and Windows machines would solve the propagation issues. No, the reason worms don't hit Macs is not propagation or lack of a target. Nor is it lack of motivation. While many worm authors are working for profit, a large number are also just showing off and being malicious for its own sake. A lot of them would love to take "those mac users" down a peg.

The reasons we don't have mac worms spreading are:

• Unfamiliarity - many worm authors use tools and a knowledge base that is very Windows specific. Many just don't know how to write a Mac worm.
• Difficulty - There is no IE or Outlook and the default, common internet apps avoid many of the security snafus MS has made with them. Ports are closed and services not running by default. Like it or not, the average Mac is harder to attack that the average Windows machine.
• Community Expertise - you can have a worm propagate on Windows machines for weeks before it hits a honeypot or smart security guy's machine and becomes recognized. There is a higher percentage of security people and clueful professionals on Macs, so worms are/will be detected more quickly. The one attempt I know of to spread one used a Mac forum as the insertion point and was detected by users there and dissected immediately.
• Zero day to a month - The time between the discovery of a vulnerability that actually presents a real risk of worm propagation and the rollout of the fix is shorter, due to Apple's faster response time. This is party due to the complexity of the architecture and partly due to policy.
• Up-to-date security - If you're running Windows 95, 98, ME, or 2000 there are unpatched security holes on your machine. If you're running Windows XP, you may or may not be up to date depending upon your security update policy and what application you need and whether or not they work with specific security patches. If you are running any version of OS X you still get security fixes as they are rolled out. If you are running OS 9, well, there just isn't much pout there and isn't likely to ever be for a plethora of reasons.

And the truth is that Darwin's lack of fine grained security means it has a limit to how secure it'll ever be.

It is true that OS X has not implemented jails or Man

Re:Immune?

[DarkVader]

What people don't seem to understand about the Mac virus issue is that there are two real motives to write a virus - Profit and Props.

The people writing a virus for profit are certainly going to target windoze, because it's a more popular platform, and they can get more zombies that way.

The people writing for props ARE targeting the Mac - because you get a HUGE props win for actually successfully hitting a platform that has NO viruses in the wild today. So far, they've failed. From the looks of it, they're likely to continue to fail, because the Mac OS is inherently more resistant to the sort of attacks they've attempted.

Now, no computer is perfectly secure - but windoze is less secure than Mac OS, period.

Re:Immune?

[metamatic]

If you were to build a robot that simply burgles as many homes as possible, using each home as a launching pad to burgle other homes, then...

Then I would make the robot target houses with no alarm system, or open Windows...er, windows.

Just like if I were building a network-aware virus or worm, I'd make it target systems with poor security, which means Windows systems. Duh.

Re:Immune?

[Gilmoure]

Actually, Mac users have learned that it's ok to click on just about anything. Worst thing to happen is that you have non-event or get a page full of giberish. Once something nasty is on the loose, it'll go through Mac users like Sarah Zero's Barracuda through sidewalk bistros.

Re:Immune?

[From+A+Far+Away+Land]

I immunized my Apple by putting it through one of those radiation machines that they use on produce apples. I can't even turn the darn thing on now, so it's not getting a virus I'm pretty sure.

Re:Immune?

[Mistshadow2k4]

There is a great deal of truth to this, but don't underestimate the phishers; when I was with Earthlink, I got several phishing emails that looked absolutely genuine, but I was simply too paranoid to fall for them. If I hadn't been so paranoid and checked with an Earthlink representative in chat there would have been no reason to assume that it wasn't for real. In other words, be paranoid and let others know that they should be too.

Re:Immune?

[Porkchops]

Can we put an end to this *logic* once and for all? This is an argument I have seen every time I read a thread about OS X and viruses.

1. Windows has a large market share.
2. Windows is targeted by virus writers.
3. Therefore, if X has a large market share, then X will be targeted by virus writers.
4. Therefore, if OS X had a large market share it would be targeted more by virus writers.

Please explain how you get from (1) and (2) to (3)? Furthermore, how does this say anything about something with a small market share?

Re:Immune?

[Anonymous+Brave+Guy]

Nobody claims Mac OS X or Linux to be super secure.

[Glances at article title]

Riiiiiight. No-one would ever dream of suggesting that Macs were previously "immune to viruses". :-)

Re:Immune?

[mdwh2]

Burglars break in houses with the most vulnerable alarm system, not because of the popularity of the alarm system.

Your argument if flawed - just because burglars would go for the most vulnerable system doesn't mean that the converse is true. If there was one system in 90+% of houses, and one system in barely a few % of houses, and both were of comparable security, then everyone would learn to break the more popular system. You can't conclude that the more popular system must also be more secure!

Even if the less popular system was a bit more insecure, I'd still be be able to burgle more houses by learning to break the more popular system. This only changes if the less popular system is significantly more insecure.

You are starting off with the assumption that one system is significantly more insecure, and that's what people are disputing.

Re:Immune?

[Isaac-Lew]

Honda Accords are/were inherently secure (as a previous poster stated, & from personal experience they can be stolen with a flathead screwdriver).

Re:Immune?

[toadlife]

A few things that you seem to not get:

1) Malware does not require root permissions to install itself and do the things it needs to do (spam, DoS, etc).
2) Apple has plenty of their own apps with vulnerabilities. They don't need Outlook or IE.
3) The privilege separation in Windows works fine. The problem lies in the fact that it's not taken advantage of by most.
4) The most common method of worm propagation is email, not open ports. Apple users use email, right?

Apple users are not inherently more savvy that users of any other OS. If 80% of desktops ran OSX, there would plenty of suckers out there that would fall for email worms, or visit a website exploiting the latest Safari (or Firefox) vulnerability.

Re:Immune?

[Catbeller]

So. Where are the viruses, then? It's been at least five years.

There aren't any. That fact alone would be a challenge to a malicious hacker. The first successful writer of Mac viruses would earn enormous respect.

And it hasn't happened. Either the virus writers are idiots, or it can't be done.

This story is FUD based on the evidence. The article is spreading -- the article is the true virus. Microsoft and its little family of corps are at it again.

Re:Immune?

[scot4875]

... Another 25% or so are home machines owned by people in the third world who have pirated the copy and don't even have credit cards.

Mac users, on the other hand, are people who shelled out big bucks for a high-end machine.

This is where I quit reading.

A 'commercial' worm author doesn't give a shit about what you have on your PC, how much money the PC's owners have. Generally, all it cares about is that your PC is connected to the internet and that it can use the connection to send spam. That's it. They aren't trying to steal your secret family recipes or wedding photos.

Nice try on the whole "Mac users spend big bucks, so they're more valuable targets!" argument though. I wonder if you made any other irrelevant, probably incorrect generalizations in your post.

--Jeremy

Re:Immune?

[99BottlesOfBeerInMyF]

A 'commercial' worm author doesn't give a shit about what you have on your PC, how much money the PC's owners have. Generally, all it cares about is that your PC is connected to the internet and that it can use the connection to send spam. That's it. They aren't trying to steal your secret family recipes or wedding photos.

I'm afraid you're woefully out of date. Worms can and do harvest CC numbers and other personal info and that trend is increasing. You can buy "identities" right now on underground Web sites where the higher the credit rating the higher the cost. A lot of those identities come from compromised databases, but more and more are garnered from worms reporting via the control channel. Further, the relative wealth of PC owner often correlates significantly with the bandwidth available to that computer.

Nice try on the whole "Mac users spend big bucks, so they're more valuable targets!" argument though. I wonder if you made any other irrelevant, probably incorrect generalizations in your post.

I don't know, why don't you actually read the post rather than complaining about the supposed inaccuracy of what you haven't bothered to read?

Re:Immune?

[PhatBhuda]

So Apple's marketshare was never very large pre-osx and there were a few viruses available for the Apple Macintosh platform. The marketshare still isn't very large, but not a great deal smaller. Still, post mac osx, no real virus threats.

According to this posting at macobserver:
http://www.macobserver.com/editorial/2003/08/29.1. shtml
He found 26 viruses that targetted Mac OS Classic, 553 Microsoft Macro viruses, and 0 Mac OS X viruses. This was in October of 2003.

So if you give Mac OS X a single virus to make the math work, there are 96% more viruses for Macintosh pre Mac OS X. There was not a 96% drop in market share for Apple from Classic to Mac OS X periods of time.

Re:Immune?

[toadlife]

"So. Where are the viruses, then? It's been at least five years."

They are all targeting the platform with users.

The only medium by which market share has no effect in regards to the propagation of worms are vulnerable daemons on open ports (Google the the blackICE worm for proof of that), and MacOSX doesn't have 'em. The other two main mediums - Email and web, need a sufficient pool of potential recipients in order to be viable.

Do yourself a favor and actually think about the logistics involved with spreading an email or web virus. If you send out an email to 100,000 email addresses, how many of them will be read by Windows users, and how many will be read by Mac users? Of those, what percentage will actually fall for it? The number too quicly reaches zero on the Mac side of things.

Now think about Web Vulnerabilities. Lets say you put a spyware installer that uses a Safari vulnerability on your web site. How many Mac users will actually visit that site? Of those how many will be using the vulnerable version or Safari, or be using Safari at all?

To the issue of user awareness. Lets say, just for the sake of argument, that Mac users are more savvy than Windows users and wouldn't fall for social engineering tricks as often. If OSX took a huge chunk of Market share away from Windows, do you honestly think all of those users who made the switch would suddenly become more security savvy? It makes sense to me that they would bring their ignorance over.

Re:Immune?

[PygmySurfer]

And the fact that Macs never had Outlook, the PC version of Internet Explorer, Active X, ports and services open all over the place, or piss poor priveledge seperation.

Nice selective reading there. Outlook did exist, but it likely wasn't the mess of Outlook for Windows.

Re:Immune?

[mscamara]

That something we tend to forgt. Viruses are simply software. They instruct hardware to do some thing. You don't need any vulnerability to run them. Write a script that says select all in such folder and apply the delete command to it. Don't ask for confirmation before deleting any file...now you get the user to do that and voila.... About corelation between popularity and exploits, we only need look at Apache vs iis 6. Appache is more popular and has more exploits than iis6. Also look at how many new exploits there are for win 95? I am sure there far less than what we have for xp. Does that mean that 95 is more secure?

Re:Immune?

[mscamara]

nffs acl is far superior and granular to the one in unix and linux. Now are the windows users as knowledgealbe to use the power they have compare to linux users? I don't think so. And a linux user will be just as secure if she was using a windows computer. Still Microsoft is still at fault for not implementing features they already have in their operating system. None the recent memory worms would have spread, patched or not, simply if the rudimentary inbound firewall in windows 2000 was set on "on" by default. As simple as that. That would have stoped nimbda, code red and most of the rest. The other thing is seting every user as an admin by default. Although true that that's convenient and that lots of sofware require that you be an admin to properly run, ms should force users to be limited users by default. that would force isv to apply more care when coding. NT is build on security from the beginning. Most of windows faults are not so much technical, at least compared to others os's on the market, as it is due to bad policies...

Re:Immune?

[jrjarrett]

And paranoia is platform-agnostic. :-)

Re:Immune?

[Sithgunner]

All virus writers aren't there to get in and steal things. If you read some virus write interviews, they do it to let people know their skill and let it spread more.

Now, why would those guys write a virus even if they infect all of one OS, it's just like few % of another OS?
No backup of saying Mac OS X has been immune, time will tell when Mac OS X gain more share and virus writer think about going on it. Which I doubt Apple guys are that good that their OS shipped without serious security hole to poke at since day one.

Re:Immune?

[gumbi+west]

Okay, can you explain to me then why there were so many viruses for the old macintosh OSs then? There were a ton, and norton was a must.

Re:Immune?

[Scudsucker]

Actually, Macs do (and did) have both Outlook and IE.

I don't think they've ever had Outlook...there is Entourage, however. It provides compatiblity with some Outlook features and Exchange servers, but isn't updated much. The important distinction between Outlook and Exchange is that Outlook would auto exec some attatchments; some viruses would spread if only only priviewed the message. That wasn't the case with Entourage.

As for IE, I did specify the PC version. I could have stated it more elegantly, however, if I had instead said "and Macs have never had a browser tied into the operating system".

Re:Immune?

[Scudsucker]

PC version of Internet Explorer

Yes, I did specify which IE I was talking about, didn't I. It would have been clearer (and more elegant) if I had instead said "and Macs have never had a browser tied into the operating system".

Re:Immune?

[Scudsucker]

Bzzt, thanks for playing. As others have pointed out, people write viruses for two reasons: making money and recognition. The credit card information you can steal from Macs would be more valuable, and have fewer false positives, than PC's. This is because Macs cost more than bargin basement PC's, so the credit information you steal will be more valuable for indetity theft because your targets will have more money than people who own PC's with their old toaster oven converted into a power supply. There are also many millions of PC's in government and business that wont have personal credit information, and you'll just waste your time shifting through that data.

As far as recognition goes, what you rather be known for? The guy who writes the 100,000th show stopping Windows virus, or the one who writes the first showstopping Mac virus, ever?

Re:Immune?

[tm2b]

Nobody claims Mac OS X or Linux to be super secure. Especially not Apple or any engineer for that matter.

Erm.

Apple sure likes to imply it, where viruses are concerned.

Re:Immune?

[PygmySurfer]

Microsoft did release Outlook 2001 for MacOS 9, but either renamed it Entourage or replaced it with Entourage for OS X (maybe part of the reason for the new name was to leave some of the Outlook stigma behind).

Switch to Intel

[pryonic]

I can see how the increased market share would make them more of a target, but I can't really imagine how the change in CPU would. The vast majority of x86 viruses target Windows using very specific windows API functions or by patching Windows components. If a writer is targetting a x86 Mac, how does the CPU matter, it would just be compiled for that processor.

Maybe we'll be seeing x86 and PPC virus fat binaries?

Re:Switch to Intel

The nastiest viruses are written in assembly language, and there are a heck of a lot more coders familiar with the x86 line.

Re:Switch to Intel

[Whiney+Mac+Fanboy]

I can see how the increased market share would make them more of a target,

The ability to run Mac OS X in virtual machine lowers the barriers to entry to test exploit code from $2000 to (effectively if you allready own a PC) $0.

The intel transition makes it cheaper & easier for crackers, phishers, etc to develop for OS X. (As well as making assembly easier to port).

Its about making it easier to port exploits rather then having fat binary viruses.

Re:Switch to Intel

[bigalsenior]

If a writer is targetting a x86 Mac, how does the CPU matter

the x86 acrhitecture has one major security weekness that will never go away.on an ax86 machine it is easy to perform a buffer overflow.this was fixed in windows with eXecute disable in windows and is avalable on all x86-64 machines.it is also i belive in linux aswell but as far as i know osx does not have this feature and is still vulnerable to buffer overflows.

security at apple is like microsoft 3 years ago in the sense that they are still burying there haed in the sand.in the last 3 years microsoft has coome a long way in security eventhough there still not at the high standard that some people desire its alot better than 3 years ago

Re:Switch to Intel

[rolfwind]

security at apple is like microsoft 3 years ago in the sense that they are still burying there haed in the sand.in the last 3 years microsoft has coome a long way in security eventhough there still not at the high standard that some people desire its alot better than 3 years ago

How does everybody figure this? As a results-oriented person, I have to say Apple's track record is better than Microsoft's at the moment.

Re:Switch to Intel

It isn't easier to do buffer overflows on x86 processors than it is on others, except for the fact that until recently it was difficult to disable execution on the stack. However most systems haven't done that until recently anyhow, because there has been software that needs to allow execution on the stack (so called "trampolines" are sometimes useful).

Your comparison of Apple with Microsoft 3 years ago lacks any kind of substance; please provide examples if you wish to be taken seriously. Apple has been doing security updates for OS X since it was released, and they never had Microsoft's earlier issues with enabling all sorts of dangerous remote services by default. The closest to such a problem was the problem where a spoofed local DHCP server could be used at boot-time to gain access, but that still required access to the LAN the computer was on.

I would trust neither system to prevent local privilege escalation (i.e. trojans can and will be a problem for some time to come).

I'd say Apple and Microsoft are currently close to the same level of security in terms of potential for exploitation, but MSWin is still targeted considerably more.

Re:Switch to Intel

[Rosyna]

I can see how the increased market share would make them more of a target, but I can't really imagine how the change in CPU would

The Harvard architecture that the PowerPC uses is inherently more secure than x86. A remote exploit on running code has a very low chance of working on the PPC, but nearly a 100% chance on the x86 (which is why all these IE exploits work all the time). When they fail to execute code, the PPC application just crashes. I'd think if someone went to a place that causes their browser to crash 10 times in a row, they'd stop trying to go there.

Then again, Apple has taken massive steps on the x86 side to prevent these kinds of attacks. Such as enforcing the NX/XD bit and enforcing a non-executable stack. The former goes a long way, it was even able to prevent the WMF exploit from working on Windows, if it was available in hardware. Luckily, all ICBMs ship with the hardware support.

Re:Switch to Intel

[/ASCII]

This is nonsense. x86 is in no way more sensitive to buffer overflow bugs than other popular architectures. It is probably possible to implement hardware acceleration of guard pages and some form of privilige separation, making such protection mechanisms slightly faster, but I know of no hardware that does so, so this is in no way x86-specific. Also, on a 64-bit platform, you have more address space, meaning that if you randomize the memory space layout on each invocation, an attacker will have a pretty hard time figuring out what to do with an overflow error, but again this is not x86-specific. I think you're thinking about the C computer language, which is designed with fixed-sized memory buffers in mind, making it much more work to avoid buffer overflows in C than in e.g. Java or C#.

Re:Switch to Intel

[jcr]

Of course, beyond the code-level measures that Rosyna mentions, there is also the fact that the Mac, as shipped, is vending NOTHING. Rather hard to get the runaway propagation typical of a windows virus outbreak, when each user has to explicitly open each port.

-jcr

Re:Switch to Intel

[suv4x4]

I can see how the increased market share would make them more of a target, but I can't really imagine how the change in CPU would.

Let me tell you how: most hackers and virus writers just don't buy Macs. Many of them have machines enough to run games and their favorite Linux distribution and many of them don't have the money to pay for shiny overpriced (in their view) boxes with eye candy OS...

What happens now, however? OSX runs on Intel, it was leaked on the Internet, the naturally curious hakcers install it and hack around. And start writing Mac viruses right from their PC boxes.

It's a pretty trivial fact, one would say "yea sure as if they couldn't buy a Mac before", yea maybe they could but they didn't, fact of life. Now they just don't have to.

Re:Switch to Intel

[Ahruman]

$2000? What decade are you living in?

Re:Switch to Intel

[Pompatus]

The vast majority of x86 viruses target Windows using very specific windows API functions or by patching Windows components.

That's true of the viruses today. But it might not be far off where a virus attacks a particular chipset. I remember when I first heard of DRM in bios in the future being able to access the internet, I thought of the possibility of a virus attacking the bios. Guess we'll need norton antivirus 2007 for Phoenix.

Re:Switch to Intel

[m50d]

Well-written viruses (which, yes, the vast majority aren't) are usually done in hand-coded assembler. For many buffer overflows, that's all you have space for. Sure, you need to know the API as well, but I think that's easier to learn than another assembly language.

Re:Switch to Intel

[Asic+Eng]

Doesn't the trend in virus-writing go in the opposite direction? I have the impression viruses used to be really difficult to write, having just a small amount of space to store their code. Now it's a huge binary, or some visual basic script.

Re:Switch to Intel

[TheRaven64]

The last security update I applied to my Mac had more than one arbitrary code execution vulnerability in Safari. I don't think this places them very far ahead of Microsoft.

Re:Switch to Intel

[Pompatus]

Doesn't the trend in virus-writing go in the opposite direction? I have the impression viruses used to be really difficult to write, having just a small amount of space to store their code. Now it's a huge binary, or some visual basic script.

The trend in viruses is to exploit the latest weakness. It might be difficult to do (programming assembly sucks), but I think it's theoretically possible

Re:Switch to Intel

[rolfwind]

But is Safari integrated to OS-X as Internet Explorer is/was to Windows?

Re:Switch to Intel

[drsmithy]

But is Safari integrated to OS-X as Internet Explorer is/was to Windows?

Yes.

Re:Switch to Intel

[squiggleslash]

My impression has always been that most succesful runaway "virusses" for Windows have relied upon client applications (web browsers, email clients) rather than self-hosted servers. In that respect, the Mac isn't any worse than anyone else.

It's certainly true that few Macs get configured as servers. Those that do tend to be as insecure as everyone else. (This might not sound like it matters, but it's interesting to note that the only virusses that have hit my office's network have either gotten in from Internet-facing dedicated server machines, or have come in via email. I'm not going to propose that's everyone's experience, I know one of our customers is still stuffering from that LSSDAL.DLL (or whatever it's called) thing where all the XP and 2000 machines that haven't been patched for it get shut down after 60 seconds warning. Bloody annoying because they've refused to patch the laptop we've been given for secure access to their network to test our application.)

The really successful virusses rely upon users running them rather than them trying to get in through the back-door, which in this age of NAT and Firewalls is increasingly difficult. Getting a user to run your application on a Mac isn't much harder, if at all, than it is on anything else. And Safari and Mail.app do, periodically, require security updates, proving they've had their share of back doors too.

I've posted this elsewhere, but I'll say it again: however bad it might sound, I really hope there's a successful Mac virus at some point. There needs to be a wake-up call to get the Mac users who continually deny the possibility of such a thing to start taking the threat seriously before Mac virusses become endemic. Until Macs reach a large enough share of the Internet though, it's going to be hard to do without all kinds of cross-platform hoops to ensure the virus doesn't die because early infected victims only pass it on to Windows users and others who are already infected.

Re:Switch to Intel

[Peganthyrus]

Yes - but in a different way. Safari renders HTML using a system component called WebKit. A growing number of tools use WebKit to provide rich text display - for instance, Adium, Fire, and Colloquy (two IM clients and an IRC one) use it for their very pretty message displays. Mail uses it for showing HTML email. Most apps use a WebKit-based help viewer.

So, like an IE hole hitting you no matter if you use IE or not, a WebKit hole can be opened from a lot of places. On the other hand, patches generally get rolled out pretty quickly, and there's nothing quite as system-exposing as ActiveX to worry about!!

Re:Switch to Intel

[MyNameIsEarl]

Windows can't write to an HFS partition, so no matter what is installed under Windows I don't believe it can touch the OSX part of that hard drive.

Re:Switch to Intel

[icydog]

I'd think if someone went to a place that causes their browser to crash 10 times in a row, they'd stop trying to go there.

Yet somehow, MySpace still has visitors...

Re:Switch to Intel

[Dis*abstraction]

...enforcing the NX/XD bit and enforcing a non-executable stack...

Does that mean bugs like this aren't exploitable in OS X? (Warning, that link crashes Safari, Finder, Mail, Preview, and everything else that uses ImageIO to decode JPEGs). What about bugs like this? (Warning, crashes Safari, Shiira, OmniWeb, and anything else that depends on JavaScriptCore.) It sounds like separation of data and executable would prevent maliciously crafted data from taking advantage of bugs like these, right?

Re:Switch to Intel

[TheRaven64]

Internet Explorer is not integrated into Windows. Internet Explorer is a small app which makes heavy use of MSHTML. MSHTML is not integrated into the Windows kernel, but it is shipped with every recent version of Windows and some parts of the shell (e.g. the Add/Remove Programs dialog) use it, as do several other apps such as Outlook.

Safari is not integrated into OS X. Safari is a small app which makes heavy use of WebKit. WebKit is not integrated into the OS X kernel, but it is shipped with every recent version of OS X and some parts of the shell (e.g. the Spotlight results dialog) use it, as do several other apps such as Mail.app.

I hope that answers your question.

Re:Switch to Intel

[sqlrob]

No. Recent celerons (at the very least) have it as well.

Re:Switch to Intel

[IAmTheDave]

Windows is the only OS with viruses in the wild because it's a poorly designed, bug ridden piece of shit.

Well, this gets my vote for "Most Uninformed Statement of the Year".

Every OS is buggy. Every OS is vunerable. Windows has a dominating market share, so Windows is targeted. UNIX systems, Linux systems, OSX systems, Windows systems - all have been hacked, cracked, broken, virused up, exploited, and brought to its knees.

I'm a happy OSX home user and Windows programmer (work). I don't like Windows as much as OSX, but I've never seen such uninformed, sheep-like MS hating. It's really a shame.

Re:Switch to Intel

[Ex+Machina]

mod parent up; grandparent is a troll or idiot -- no [major] computing architectures today are Harvard architecture. GAH, why do moderators mod up people simply on the basis of speaking authoritatively?

Re:Switch to Intel

[deathjestr]

The Harvard architecture that the PowerPC uses is inherently more secure than x86. A remote exploit on running code has a very low chance of working on the PPC, but nearly a 100% chance on the x86 (which is why all these IE exploits work all the time).

The PPC architecture isn't very different, from a security standpoint, than the x86. Both store return addresses on the stack where they can be overwritten to redirect execution to wherever the attacker desires. PPC stores the most recent return address in a register, but all the addresses before the most recent go on the stack as in the x86. This doesn't change things much for an attacker.

How is anything more or less likely either way? Guessing the stack address to jump to creates the same problems with either architecture, and both x86 and PPC allow the construction of 'nop' sleds which do not contain null bytes* to make guessing the address easier. I can't think of any other place where probability plays much of a role.

*The PPC nop instruction as written by a compiler contains null bytes, but the three bytes that are null are actually ignored by the processor. This means that the nop instruction can be written without null bytes in it, in a way that the processor will accept.

Then again, Apple has taken massive steps on the x86 side to prevent these kinds of attacks. Such as enforcing the NX/XD bit and enforcing a non-executable stack.

The W^X bit changes the playing field, but does not solve the problem. The problem is that execution can be redirected by rewriting return addresses (which are still data, not executable). Sometimes, code is written on the stack and the return address is overwritten to jump to the code on the stack. W^X prevents this particular method, but there are other ways to do it. Performing returns into libc is one well-known way. I know of another which I think is easier.

Re:Switch to Intel

[deathjestr]

A few technical errors (sorry):

--PPC has no specific nop instruction. I was getting it confused with the syscall instruction. "nop sleds" may still be written for PPC with sequences of instructions such as 'or $t4, $t4, $t4', so the point that nop sleds with no nulls in them can be constructed easily still holds.

--Point about the processor ignoring the nulls in instructions is true for syscall. Probably a simplification to cut costs. Once again, I got it confused with 'nop' for some reason.

...this doesn't change any of my major points, though.

Re:Switch to Intel

[Trelane]

Every OS is buggy. Every OS is vunerable. Windows has a dominating market share, so Windows is targeted. UNIX systems, Linux systems, OSX systems, Windows systems - all have been hacked, cracked, broken, virused up, exploited, and brought to its knees.

For it's last-line defense, Linux has a one two punch in store.

Re:Switch to Intel

[j-turkey]

The ability to run Mac OS X in virtual machine lowers the barriers to entry to test exploit code from $2000 to (effectively if you allready own a PC) $0.

Not to be disagreeable, but the cost may have already been $0, since Darwin has been both X86 and free for a long time.

Re:Switch to Intel

[drinkypoo]

My impression has always been that most succesful runaway "virusses" for Windows have relied upon client applications (web browsers, email clients) rather than self-hosted servers. In that respect, the Mac isn't any worse than anyone else.

Just try this experiement: Take a non-service-packed or even SP1 Windows XP system with no updates, and put it on the 'net without a firewall. I can just about guarantee you'll be owned within fifteen minutes.

Of course, SP2 would have the same problem, but the firewall is on by default - but if you have the firewall open on the LAN side, then another machine can easily get owned and then transmit the infection to you.

Re:Switch to Intel

[nickos]

From the same Wikipedia page you linked to:

"The term Harvard architecture originally referred to computer architectures that used physically separate storage and signal pathways for their instructions and data (in contrast to the von Neumann architecture)."

"Modern high performance CPU chip designs incorporate aspects of both Harvard and von Neumann architecture."

(my emphasis added)

Googling for "Harvard architecture" PowerPC also seems to suggest that PowerPC chips may use some aspect of the Harvard architecture...

Re:Switch to Intel

[Slithe]

They could implement an HFS+ driver, but the payoff would not be worth the effort.

Re:Switch to Intel

[dgatwood]

So does Core Solo/Duo (used in the x86 Macs).

Re:Switch to Intel

[prockcore]

Rather hard to get the runaway propagation typical of a windows virus outbreak, when each user has to explicitly open each port.

Except that the typical windows virus outbreak is caused by people running software they shouldn't be. Stuff that was emailed or IMed to them.

Nothing in OSX prevents this from happening.

Re:Switch to Intel

[Keen+Anthony]

That's a good point. I believe that (thankfully) the lowered barriers that virtual machines create hasn't significantly impacted virus development.

Sheepshaver and PearPC have been available for about a couple of years now. Performance issues and inconveniences aside, virus devs can easily *try* to write viruses for Mac OS X, and yet nothing's really come of it.

Maybe virtual machines are facilitating more virus devs using Linux to create viruses on VMWare'd Windows installations. :)

Re:Switch to Intel

[Keen+Anthony]

Right, and with the ability to download a fresh nightly build of WebKit at any time while waiting for official Safari updates, I am that much safer with respect to bugs and vulnerabilities than I would be were I using Internet Explorer.

I use NightShift to automatically download WebKit builds.

Re:Switch to Intel

[lostchicken]

Well, in terms of cache, the CPU (just like x86) uses separate instruction and data caches, at least at some level, making it a Harvard machine in that sense, but they have to support cache flushing operations to support self-modifying code. So there's really no security advantage gained through this bit of Harvardness. And it's certainly not unique to the PPC.

Re:Switch to Intel

[Dog-Cow]

What the fuck are you talking about? Are you just a typical fucked up slashdot ignoramus, or do you actually work at it?

If code is running, it's running. The end. What the hell does it matter what the architecture is?

If you all you meant is that 90%+ of computers on the 'net are Intel compatibles, why not just say so? It's not as if 34875384 other comments haven't already pointed that out indirectly.

Re:Switch to Intel

[khallow]

Every OS is buggy. Every OS is vunerable.

What's the point of saying things like this? Windows and OS X have bugs and are vulnerable in some sense. The real consideration when talking about bugs and security should be to what degree? Ie, which OS is going to suck up more of your time during routine operation just due to poor design and unreliable code? It's not OS X. These things are a matter of degree.

Re:Switch to Intel

[toddestan]

Windows can't write to an HFS partition, so no matter what is installed under Windows I don't believe it can touch the OSX part of that hard drive.

Windows has FDISK, which can easily destroy a HFS partition. You might be relatively secure from code running on Windows from writing to the filesystem on the HFS partition, but that doesn't mean your data is completely safe.

Re:Switch to Intel

[Illserve]

"No matter what"?

They could include an HFS driver. It's not at all beyond the pale. If you're a security conscious professional, you can't assume a virus writer wouldn't do this.

Re:Switch to Intel

[RedBear]

The ability to run Mac OS X in virtual machine lowers the barriers to entry to test exploit code from $2000 to (effectively if you allready own a PC) $0.

Besides the fact that it still isn't very easy to run OS X in the virtual machine, there is the Mac mini which has been around for at least a year now, which lowers the hardware cost to around $600. Furthermore, I would think that if you have the means to build yourself a setup with enough CPU, RAM and disk space to store multiple copies of huge drive images and run them in VMWare or Virtual PC, spending another grand on real Apple hardware would probably be no big deal.

And as for the other part of your theory, if it's so damn easy to "port" security threats from Windows to other Intel-based operating systems, I wonder why all the Linux distros and all the BSDs aren't rife with security holes by now, simply because they share a common CPU with Windows? After all, those operating systems have been running on the Intel platforms for more than 15 years right alongside Windows. Horrors!

It's the software, not the hardware, people. Moving to Intel and increasing market share doesn't change the fact that OS X uses good security practices by default, like a typical Linux or BSD workstation. Anyone who says that [OS X|Linux|*BSD] is totally immune to all security threats doesn't understand computer security. The rest of us realize that they just do security a little better than Windows. It's the little things that count, like making the user enter the administrator password to run an application that affects the system, even if that user is already an administrator. Mac OS X has been available for six years now and there is not a single working virus out there. There are many reasons for this, and the CPU really isn't a big one.

Re:Switch to Intel

[ljaguar]

Troll?!?! This got modded to Troll?!? My apologies to Megane (129182).

Re:Switch to Intel

[Whiney+Mac+Fanboy]

And as for the other part of your theory, if it's so damn easy to "port" security threats from Windows to other Intel-based operating systems,

Its all about intel assembly hacking. The linux community got hit by a helluva lot of worms about 5 years ago - they've become less complacent since & the mac community will have to do the same.

Re:Switch to Intel

[Slashcrap]

The Harvard architecture that the PowerPC uses is inherently more secure than x86.

This sentence illustrates why Mac owners should not be allowed to comment on technical matters.

Note that not a single Mac owner in this thread has called him on this.

Some free clues for you :

A Harvard Architecture is one where there is a separate bus and memory for code and data.

PowerPC does not have a separate bus & memory for code & data.

x86 does not have a separate bus & memory for code & data.

In terms of Harvard versus von Neumann, x86 & PowerPC are on the same side.

Writing shellcode for PowerPC is not significantly different to writing shellcode for x86.

You forgot to mention that x86 is bad because it has a segmented memory architecture. It is compulsory for PowerPC fans to do this. It is most definitely not compulsory for you to have the first fucking clue what it means.

A remote exploit on running code has a very low chance of working on the PPC, but nearly a 100% chance on the x86 (which is why all these IE exploits work all the time). When they fail to execute code, the PPC application just crashes.

You really are a fucking imbecile. Congratulations on getting +5 Insightful for a post which consists almost entirely of bullshit and misunderstood technical terms. Still, it makes Macs sound good so I doubt you or anyone else will care.

Article is a troll

[bobintetley]

What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.

Re:Article is a troll

[Whiney+Mac+Fanboy]

What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.

I don't think you've thought this through.

1) Consider how long it took for the hacking community to make OS X to run in a virtual machine on an Intel Box.

2) Now consider how long it took for the hacking community to make windows run on a macbook.

Which one of these tasks was harder (I would say the first, as Apple was actively hindering this activity, but 'not precluding' the second).

In spite of this (and inspite of the second task having a $13000 prize), the first hack was done in a much (much) faster time. Why do you think this is? The answer of course is barrier to entry. The $2000 barrier to entry you used to have to pay to use OS X (and test exploits against it) no longer exists, if you don't think that makes a difference to hackers (many of whom are in far less afluent countries then you), then quite frankly, you're insane.

Re:Article is a troll

[rolfwind]

The $2000 barrier to entry you used to have to pay to use OS X (and test exploits against it) no longer exists, if you don't think that makes a difference to hackers (many of whom are in far less afluent countries then you), then quite frankly, you're insane.

I suppose you haven't actually checked the Apple Store the last few years. The barrier of entry has been around $500-600 the last few years. Unless haxors absolutely need l33t 15" Powerbooks instead of a mac mini.

And on that point, wouldn't some haxors love to also be one of the few to make a sucessful virus/trojan/etc OS X or Linux (where's the barrier of entry here?) instead of one of the few thousand for Windows? I thought prestige was some sort of motivation. Pff.

Re:Article is a troll

[kryten_nl]

I totally agree, now to te rest of you: Since the trojan writer / spammer alliance, writing viruses has become a business worth millions of dollars. If you still think that a virus writer won't buy a couple of powerbooks, if he thinks he can make a profit, you're dead wrong.

Re:Article is a troll

[Whiney+Mac+Fanboy]

I suppose you haven't actually checked the Apple Store the last few years. The barrier of entry has been around $500-600 the last few years. Unless haxors absolutely need l33t 15" Powerbooks instead of a mac mini.

Good point - you're quite right. But, while virus writing has become a multi-million dollar industry recently, many of the people writing exploits are not the ones directly making money off them.

To these people, lowering the barrier to entry from $500 to $0 will make a tremendous difference.

And on that point, wouldn't some haxors love to also be one of the few to make a sucessful virus/trojan/etc OS X or Linux (where's the barrier of entry here?) instead of one of the few thousand for Windows? I thought prestige was some sort of motivation. Pff.

Its good that you mention linux - A few years ago, linux users were complacent the way mac users are now. A few worms, a few defacements, a few embarressed, burnt users & now the linux community is more proactive about threats. That has yet to happen in OS X land.

And yes, prestige as you say is going to be a big motivator to uncover OS X holes.

Re:Article is a troll

[AC-x]

Well I wouldn't say it was a complete troll.

After all, if you've been writing windows exploits for x number of years in x86 assembly, which will be easier:

a) Writing OSX exploits in x86 assembly
b) Writing OSX exploits in PPC assembly

Of course I'd still be surprised if OSX had anywhere near as many security flaws as Windows, but it only takes one...

Re:Article is a troll

[suv4x4]

What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.

It helps of 99% of the hackers out there run on a compatible chipset though.

Re:Article is a troll

"... users were complacent [theregister.co.uk] the way mac users are now..."

Mac users are not complacent. Never have been.

Choosing to use a Mac is a conscious decision. One of the main reasons people use Macs is because the trojan/virus threat is significantly lower.

All Mac users know the threat exists. We are aware and alert. However, there are currently 0 (zero) virusses in the wild for Mac OS X. Reports such as TFA are generally FUD spread by people that want to sell you their solution to the problem that isn't there yet. What surprises and annoys me is that sites such as this and TheRegister propagate this without doing some research to find out if there is an actual threat or not.

If Macs become more popular, the threat will increase, and maybe someday there will actually be some virusses out there. At that time, we'll buy the appropriate protection product. Until such time, having a virus scanner on your Mac that has no virusses to scan is a bit silly, except as a service to Windows users.

Re:Article is a troll

[n8_f]

I don't think you've thought this through.

1) Consider how long it took for the hacking community to make OS X to run in a virtual machine on an Intel Box.

2) Now consider how long it took for the hacking community to make windows run on a macbook.

Which one of these tasks was harder (I would say the first, as Apple was actively hindering this activity, but 'not precluding' the second).

People in glass houses....

Which one of these tasks is harder:

1) For the hacking community to make OS X to run in a virtual machine on an Intel Box.

2) For the hacking community to send a Mac Book Pro to the moon.

I would say the first, as Apple was actively hindering this activity, but 'not precluding' the second.

Unfortunately, as you can see, your logic only works if Apple's actively hindering an activity is the only difference between two activities. As it is not, you have set up a false equivalency and your logic is flawed. Bringing us full circle to:

I don't think you've thought this through.

Re:Article is a troll

[Karl+Cocknozzle]

Of course I'd still be surprised if OSX had anywhere near as many security flaws as Windows, but it only takes one...

I'm thinking it would take two flaws...

1) The flaw you want to exploit.
2) A flaw in the OS to allow exploit #1's installation without throwing up the "Enter your administrator password" dialog so the user isn't tipped off something bad is happening.

This is a big barrier--not impossible, but a big one to get past. The Apple "limited-Administrator" model is vastly preferable to the "Everybody is totally-Administrator with no checks ever" model in Windows. Don't underestimate the efficacy of a simple mechanism like verifying an admin password to do "admin" things. Who's going to put in their Admin password to visit CNN.com? If it pops up at an unexpected time, the user becomes suspicious, and the machine is less likely to be exploited.

Re:Article is a troll

[Deorus]

> What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.

No, the article points out what I thought was obvious.

To write a worm/virus you actually need to know how to assemble on the target architecture for at least two reasons:
  1 - The first thing you do before attempting to exploit a crash is to debug it, now how do you debug on an architecture which you don't know? Trying to debug low level code (remember it's precompiled binaries we're talking about here, not scripts) without knowing how to assemble on the target architecture is like running the marathon without a leg.
  2 - If you find a way to inject code you'll need, well... code to inject..., and this code has to be written in the lowest possible level so that you can interrupt to system calls without depending on operating system libraries and avoid specific opcode patterns that would have a meaning to the high level application and prevent your injected code from running as expected.

Taking in account that every geek in the universe knows x86 assembly, if you think for a while you'll realize that the architecture switch makes OSX much easier to debug for the majority of people, and inherently much easier to exploit.

Re:Article is a troll

[xouumalperxe]

Actually, summary is a troll, article says "Bigger visibility makes Macs more interesting for virus makers, and the intel change definitely made Apple more visible"

Re:Article is a troll

[xouumalperxe]

Actually, I beg your pardon as the article does state in the later part of the second page that "The Mac's vulnerability could also increase as Apple transitions to a product line that uses microprocessors made by Intel Corp., security experts said.", which taken out of context (popularity increase, etc) could be thought of as meaning that the actual processor was to blame.

Re:Article is a troll

[drsmithy]

A flaw in the OS to allow exploit #1's installation without throwing up the "Enter your administrator password" dialog so the user isn't tipped off something bad is happening.

Ignoring that there's a *lot* that can be done without needing this, I think you vastly, vastly overestimate the number of users who will be "tipped off" by having to enter their admin password.

The Apple "limited-Administrator" model is vastly preferable to the "Everybody is totally-Administrator with no checks ever" model in Windows.

This is not the Windows security model.

Who's going to put in their Admin password to visit CNN.com?

Most of them. Why wouldn't they, if they needed to so they could visit cnn.com ? What bad thing would cnn.com possibly do to them ?

If it pops up at an unexpected time, the user becomes suspicious, and the machine is less likely to be exploited.

Most users have no concept of what is and isn't "an unexpected time". Users that realise this sort of thing, don't really need that level of protection in the first place.

Re:Article is a troll

[kryten_nl]

Good point - you're quite right. But, while virus writing has become a multi-million dollar industry recently, many of the people writing exploits are not the ones directly making money off them.

Those who write exploits, which gives them a sufficiently large botnet, are not in it for the money. Is that what you're saying? Because, that doesn't seem logical to me.

Re:Article is a troll

[void+bear(void)]

"To these people, lowering the barrier to entry from $500 to $0 will make a tremendous difference." hmm, just like all those expensive linux distros that have been littered with viruses ever since they cost $0 to install.

Re:Article is a troll

[jimktrains]

Quite a few of my friends use macs, and they are not coputer geeks. They are like joe smoe windows user, basicly.

Let me tell you, they get freaked out and call me ANY TIME the "enter your admin password" box comes up. Even if I'm AT their computer they don't like me doing it (well, have them enter their password for me) and I get a bizillion questions.

And no, I never told them to be aware of this...

I think many non computer literate users don't like something that is not ordinary or looks like they need to enter a password for something that they didn't themselves do.

Re:Article is a troll

[Whiney+Mac+Fanboy]

Those who write exploits, which gives them a sufficiently large botnet, are not in it for the money. Is that what you're saying? Because, that doesn't seem logical to me.

No - that's not what I'm saying, what I'm saying is the people who write exploits are often different to the people who criminall use the exploits.

Does that seem logical to you?

Re:Article is a troll

[Whiney+Mac+Fanboy]

hmm, just like all those expensive linux distros that have been littered with viruses ever since they cost $0 to install.

I know it's a little too much to expect you to read the article, but perhaps you should have read the comment you replied to - particularly the paragraph:

A few years ago, linux users were complacent the way mac users are now. A few worms, a few defacements, a few embarressed, burnt users & now the linux community is more proactive about threats. That has yet to happen in OS X land.

Re:Article is a troll

[Whiney+Mac+Fanboy]

What exactly is OSX, a fancy GUI based on the free distro darwin - which is a bastardised form of BSD. So, your point is, linux community is now more proactive, so that includes OSX then ?!?!?!?

Errrrrr, BSD is not part of the linux community.

OS X is based on Mach kernel, with some userland taken from freebsd.

You have no idea what you're talking about.

Re:Article is a troll

[drinkypoo]

I suppose you haven't actually checked the Apple Store the last few years. The barrier of entry has been around $500-600 the last few years. Unless haxors absolutely need l33t 15" Powerbooks instead of a mac mini.

They're haxors, they don't want some pathetic excuse for a computer, they'll steal your identity and order up a G5 instead.

Re:Article is a troll

[arminw]

(....Who's going to put in their Admin password to visit CNN.com? If it pops up at an unexpected time, the user becomes suspicious, and the machine is less likely to be exploited.....)

I have a reputation of being somewhat of a computer nerd in our community and always recommend a Mac when asked about what computer to get. I also then promise to help the purchaser set up their Mac to be even more resistant to malware than they are already out of the box. I always set up a normal user account, other the default admin account. I tell them strenuously, to NEVER, ever give their admin password in connection to *any* activities originating from the Internet. If all Mac OSX users practice this simple precaution, it will go a long way to prevent any crap that might wish to execute on their systems. I also turn on the firewall or encourage them to buy a good hardware firewall/router/NAT. I tell them never to give out any passwords or other private data in response to any unasked for prompts for those.

With Windows users this doesn't work, because almost every user I have ever dealt with, has at least one program that will not run or misbehaves in other ways, unless they are running under an admin account. Windows can be made much more secure by carefully examining exactly WHY some of these programs want to run under admin status. Often, by changing permissions on certain specific directories will allow the offending program to run without the user needing blanket administrator status. However, I am not in a position to do that for each Windows user.

Re:Article is a troll

[starman97]

I suggest you do some reading about the PPC architecture.
Specifically, the BAT registers and even more specifically, the DSI, ISI exceptions and SR bits as documented the the PPC Programming Environment Manual (PEM)

Apple's been using these bits since day 1 on PPC Macs.

They prevent the system from executing instructions in blocks of memory marked Data, e.g. the stack. And provide protection between OS (supervisor) and application (user) mode execution and data access. Code executing with user priv bits set cannot access supervisor mode data, nor can it fetch instructions from supervisor instruction memory areas without causing a hardware exception (interrupt)

Re:Article is a troll

[khallow]

but it only takes one...

I think this is a fallacy. Security isn't like virginity, ie, you have it till someone gets in, then you've lost it. There are a lot of features of OS X (and related operating systems) that not only make it difficult to break into a system but also make it difficult to cause harm once bad code or an intruder gets in. My take is that the better design of OS X reduces the frequency, damage, and cost of successful hacks.

I otherwise agree with your post.

Re:Article is a troll

[drsmithy]

Let me tell you, they get freaked out and call me ANY TIME the "enter your admin password" box comes up. Even if I'm AT their computer they don't like me doing it (well, have them enter their password for me) and I get a bizillion questions.

I'm glad this happens. My mother does the same thing, but that's because she's terrified of breaking her iMac. However, it's certainly not indicative of the typical user in my experience.

This is probably because of the differences in what we call a "typical user", however. I would expect that sort of behaviour from people using a computer for the first time (or a while thereafter), but not from people who had been using a computer constantly for 12+ months. It is these people who make up the bulk of the userbase and who are the most "dangerous". These are the people who forward millions of emails warning about the latest virus, then promptly go and get themselves infected with it anyway.

I think many non computer literate users don't like something that is not ordinary or looks like they need to enter a password for something that they didn't themselves do.

It doesn't take a great deal of time using OS X for that password prompt to become quite ordinary. What's particularly annoying is that it often pops up needlessly (eg: installing an application as an admin user that only drops files into /Applications and ~).

Re:Article is a troll

[toddestan]

Mac users are not complacent. Never have been.

Choosing to use a Mac is a conscious decision. One of the main reasons people use Macs is because the trojan/virus threat is significantly lower.

Bullshit. There is no shortage of clueless Mac users out there. As a matter of fact, I have seen countless examples here on slashdot where people have advocated getting a Mac as the easy solution to the spyware/virus problem, as opposed to the more difficult solution of actually educating the users. The only reason this works is due to the lack of malware for the Mac, so when said clueless users do stuff they shouldn't like open email attachments or try to download free screen savers, it fails. If and when Mac malware starts showing up, there are going to be no shortage of owned Mac users, believe me.

Re:Article is a troll

[toddestan]

This is a big barrier--not impossible, but a big one to get past. The Apple "limited-Administrator" model is vastly preferable to the "Everybody is totally-Administrator with no checks ever" model in Windows. Don't underestimate the efficacy of a simple mechanism like verifying an admin password to do "admin" things. Who's going to put in their Admin password to visit CNN.com? If it pops up at an unexpected time, the user becomes suspicious, and the machine is less likely to be exploited.

Of course, people will get used to having to put in a password to install something, or to change some setting. When a free screensaver wants the admin password so it can install itself and set itself to be the default screensaver (amonst other things), a pop up would not be unexpected, so why would the user get suspecious? Sure, the limit-administrator does throw up a barrier, but done right it won't be hard to get past it.

Leap of Faith

[ozmanjusri]

I'm not even a Mac user and I still call FUD on this one. TFA was so slim on detail it was impossible to work out what had actually happened, and after searching for real info it turns out the virus, Leap.A, needs a root password to do any damage. Better article here: http://edition.cnn.com/2006/TECH/04/30/apple.secur ity.ap/index.html

Re:Leap of Faith

[NitsujTPU]

Just wait.

Something will rip through OSX. It may not harm much, but the news to a lot of users is that it could happen at all.

The real shocker will be when most Linux users get some nasty virus. It won't have to damage much.

Simply put, viruses happen. That's life. Don't protect yourself, it's like sex without a condom. It's not that its usually unsafe, it's just that the one time it gets you, you end up with some terrible disease (and, if any future girlfriends read this, I'd just like to note that this hasn't happened to me).

At any rate. Saying that you're immune to viruses because you run OSX or Linux is fanboyism. You're immune because the OS is obscure, not because it's super-impossible for a virus to attack it. Linux may be better on this front (one can't really say it has a better track record, because it has a smaller user base. If you want to hear about damage done in *ix, ask someone about sendmail or NFS exploits, or httpd, or telnet, or xdmcp.)

I used to fix problems with files on my old company's fileserver (with permissions that I didn't have) through NFS via Linux.

Re:Leap of Faith

[ozmanjusri]

Just wait.
Something will rip through OSX.

Something may well do so one day. This wasn't it though. This article was nothing more than hype about a three month old worm that failed to infect more than a few machines and doing little damage once it did. The worm used as an example had nothing to do with the architecture change purported to be trhe reason for the exploit. The whole thing was a puff-piece of self promotion by Tom Ferris, nothing more.

If you want to hear about damage done in *ix, ask someone about sendmail or NFS exploits, or httpd, or telnet, or xdmcp.)

I'm old enough to remember them. I'll start to be concerned about my Linux installs when there's an actual exploit that's happened less than a decade ago.

Re:Leap of Faith

[Jasin+Natael]

Still needs a root password to do any damage

Not entirely true. I'd say that fiddling with bits in my home directory is pretty damaging, and that's the kind of virus we're talking about here. Thankfully, OSX has rsync. Backing up that home directory often will do you a hell of a lot more good than some virus or malware scanner.

rsync -arCu --progress --exclude=*.dmg ~ /Volumes/MountedDrive

Not that I'm drinking the Kool-Aid, mind you. TFA was useless, and didn't persuade me of any risk. I just prefer an elegant solution that solves several problems (dropping the MacBook Pro, fire, children, spilled drinks, etc.) instead of simply purporting to solve a nonexistent one.

Jasin Natael

Re:Leap of Faith

[ozmanjusri]

I'd say that fiddling with bits in my home directory is pretty damaging, and that's the kind of virus we're talking about here.

It would be, but that's NOT the kind of virus this was. It only modified executables which had been installed by drag-and-drop. At worst, you might have to re-install the infected apps.

Details: http://www.macworld.com/news/2006/02/17/leapafollo w/index.php

Re:Leap of Faith

[ztirffritz]

This is essentially a Proof Of Concept. My concern is that because there still is not a single real virus for OS X, there is not any real antivirus software for OS X. Even if you wanted to buy some you couldn't. Don't get me wrong, there is AV software for OS X, but it detects primarily Windows viruses and does little to protect OS X because there's next to nothing to protect against. These companies may have 2 people working shifts looking for OS X viruses. I suspect that there are hordes of people looking for Windows viruses. If they actually managed to find an OS X virus they wouldn't know what to do. They'd have to wait until there "specialist" got back from vacation in a week to produce a signature file. Even if you have AV software for your Mac you're gonna get burned by the first virus because response time will be so slow. I'm not delusional, there will be a virus for OS X eventually. When it hits it will be a big deal because magazines, newspapers, and TV stations will all be leveled. The general population probably will barely notice, but the people who present the news will be hammered by it and they'll make it out to be the biggest news of the day.

Re:Leap of Faith

[Bastian]

Now, the thing I'm stuck on wondering is this:

If CPU architecture is such a huge deal and is now making OS X massively vulnerable to viruses, why hasn't there been a massive virus for Linux/x86 yet?

I'm not saying that there never will be one, and I certainly take precautions on my computer, but I can't help but wonder if a lot of the "OMFG OS X GONNA GET PWNED" fervor is Windows folks unconsciously trying to console themselves about the mind-boggling amount of problems all Windows users have with viruses, spyware, and rootkits, combined with anti-Apple folks rubbing their hands and waiting to see the platform they love to ridicule get torn a new one.

Oh yeah, and Symantec and McAfee trying to sell me shit.

I'm just not seeing it being so likely. Every Windows virus I've dealt with had somethign to do with a massive design flaw in Windows's security model; either some service (like maybe the web browser) running with way too many privileges, or passwords being stored, readable to all, in a well-known place on the hard drive and nothing else to protect them but XOR "encryption" with a standard key, or everybody and their grandmother running with administrator privileges all the time by default. . . yeah, there are going to be MacOS viruses, but I don't see any reason to believe that the kind of wildstorm virus that infects everything from your company's servers to your VCR is an imminent danger.

Re:Leap of Faith

[Jasin+Natael]

Not to pick nits, but the reason it can affect applications installed via drag-and-drop, is that they are owned by your user account. In general terms, without you authenticating, viruses should be able to perform operations on any files you have access to. If the script's payload included an Applescript that started walking your home directory and deleting files ten at a time, it wouldn't have required any additional prowess. Anything your user account owns (which is typically all the really important files in the system -- documents, email, music and whatnot) is potentially vulnerable to anything that is run in user space. I agree with the article you linked to; This looks like a proof-of-concept, designed to be annoying but not devastating.

Jasin Natael

Again, a total non-story

[mstroeck]

Why does Slashdot continue to post Apple-related non-stories? Every time Steve Jobs farts or some idiot proclaims the coming Mac-Virus-Mayhem (tm), Slashdot takes the bait.

This MSNBC(!) story contains no facts whatsoever. No piece of significant OS X malware has been discovered so far, and I believe it's highly likely that there won't be any in the immediate future. WTF does the Intel switch have to do with that?

Re:Again, a total non-story

[Keen+Anthony]

It's an Associated Press story, actually; but I've really grown skeptical of the relationship between AP and cable news. The story might as well have been written by someone at MSNBC.

I hate to be the one to bring it up here, but consider the attention MSNBC gives MySpace.com.

It's certainly not the only social networking website, and there's nothing special about it. It's really just a behavioral aggregator for every social activity that already occurs throughout the Internet and in every mall in America; and yet MSNBC pumps up every MySpace story with complete glee and schadenfreude.

It didn't start happening until News Corp.'s purchase of the site was public, although MySpace was still popular enough to merit stories. MSNBC doesn't talk about CampusHook or BangMe.net, a site that would really get the Nielsen ratings up. Fox's coverage of MySpace stories is much lighter, much more careful. I once watched Fox pundit Bill O'Reilly with an uncharacteristic quiet calm discuss MySpace with a talking head who was would lead you to believe that prior to MySpace, kids never did things like take risque pics of themselves to show off to boys and girls they hardly know.

Re:Again, a total non-story

[spir0]

While I agree that it's a non-story and written by some technical incompetent who probably saw a javascript dump or a system crash log, I do like seeing them on slashdot. It gives me something humourous to read, and it's nice to know what the Mac-naysayers are up to this week. Maybe it shouldn't hit front page, but it's interesting to read nonetheless. And there's no way I'm ever going to go out of my way to visit MSNBC for everyday unbiased news, so I never would have seen it.

The ones taking the bait are the ones getting upset and posting inflamatory comments.

X86 myth - tool chain aspects

[marcovje]

The funny part is what x86 would have to do with it? The x86 ABI of Mac OS X (which is SYSV like) preclude the usage of ordinary Windows tools, and getting a OSX/x86 targeting toolchain based on GCC is (slightly) harder than getting a PPC one has been.

Sensasionalist piece. Hanging is too good for them :-)

Forbidden Fruit

[LiquidCoooled]

Anyone knows you don't get something for nothing.

Viruses for all different operating systems exist.
There are holes and exploits for practically everything known to man.

Now, if I walk into the dodgiest parts of town (with my turtle neck sweater on) and ask the shady guy at the street corner for a forbidden secret preview of the next big thing do you really think I will survive with the same number (and size) orifices as I started with?

Once you leave the beaten track, you cannot be sure what lurks in the shadows.

Re:Macs have never been "immune" to viruses

[Scudsucker]

Nor even markedly more resistant. They have just been less targeted.

Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.

How about the virus name?

[lostngone]

CNN is carrying this article and so is msnbc, however no one mentioned the viruses name. I swear this is old, it sounds like the OSX/Leap-A incident that occurred back in early February. It wasn't even a virus is was a trojan horse. Apple will patch for this like they did the others and life will go one. At least Apple patchs for these unlike Microsoft that just recommends installing its "beta" program to "fix" the problem or some other 3rd-party software that may or may not cost even more money.

Re:How about the virus name?

[ZachPruckowski]

Mod Parent up.

This incident happened in Feburary, when the guy got tricked into downloading something by thinking it was "Leopard" screenshots, and wound up with the trojan. All the trojan did was ask for a password to run some script in Terminal. Then a couple of other people downloaded it to work on it and rip it apart. This was on Apple Insider forums I think.

Basically, it's a 10-week-old non-story that's confused in its technical details

Steve Jobs farted?

[Rhinobird]

Steve Jobs farted? I'll get the gas capture bags! We can sell it as a perfume for Mac addicts!

Re:Steve Jobs farted?

[Farmer+Tim]

We can sell it as a perfume for Mac addicts!

No point: Steve's farts don't stink.

Manage user expectations

[Ajehals]

If your new powerbook is running BootCamp and your currently using XP then you need to lower your expectations, its a Mac, its running a flawed OS, so unless your careful you are going to end up with a virus, just like the other X Million windows users, regardless of hardware.

If your running OS X then I'd say your risk is just that bit lower, its a less flawed OS. My last check showed 4 viruses aimed at OS X; (Symantec) OSX.Leap.A; OSX.Inqtana.A; OSX.Inqtana.B; MacOS.MW2004.Trojan; Which is a few orders of magnitude less than for Windows XP (Nevermind all the other versions).

Sure the OS X on intel has shown a few flaws and sure some of them will be exploited but its a world away from the threat to a Windows Machine. I dont think that there is an OS out there in common usage that isnt succeptable to infection, its all about how prevelent the threat is.

Take your chances and see where it leaves you.

Re:Manage user expectations

[Ajehals]

What I failed to add to the post above is that its not the architecture thats the issue, even if it is more common, the transition between architectures probably left a few holes as it wasn't a trivial move, but running OS X on intel shouldn't make it as insecure or as vulnerable as a Windows Machine, just as running GNU/Linux, BSD or Solaris (or any *nix) on intel doesnt make it "as" vulnerable as a Windows machine.

Sheesh, sorry

Re:Manage user expectations

[sottitron]

I'd like to see a powerbook run BootCamp!

mixed article

[gmccloskey]

No-one can deny that with growing popularity of OS X that it becomes an increasingly attractive target. Malware writing works on similar economics to regular software: this implies that malware will exist but be a niche deployment. So it is a concern, but not the end of the world, or of Apple, as the world likes to regularly predict.

The article was mixed in accuracy. Many Mac users believe themselves to be invulnerable - the truth is they are currently /less/ vulnerable than the mainstream desktop OS. The thesis that using an intel processor increases security risks is not true - OSen don't allow direct hardware access as such, and how many script kiddies write x86 microcode?. Running Windows on a IntelMac may potentially increase security probems, and reduce the Macintosh (not OS X) brand reputation for security. It depends on how the 'wall' between x86 file access and OSX file access is implemented.

Nothing in IT or anywhere else is 100%. Currently OS X is more secure in many areas than its competitors. To maintain or improve on this, constant vigilence and innovation are required by Apple, ISVs and most importantly users.

Re:mixed article

[metallic]

When you play with a loaded gun and the trigger (inevitably) gets pulled you can blame all kinds of things but at the end of the day it comes down the idiot with the gun and the irresponsible manufacturer (originally, guns didn't "come" with safety catches - refinements).

That's a bad analogy. My Glock has three different safeties, none of which are an external lever that will block the trigger from traveling. Yet, the only way my Glock will fire is if the trigger is pulled. Combine that with a 5.5 pound trigger pull and the onus is completely on the handgun owner.

Re:mixed article

[Keen+Anthony]

No-one can deny that with growing popularity of OS X that it becomes an increasingly attractive target.

I can try! :) I think the biggest motivation in writing a virus is to send a $2 million "screw you" to Shelbyville - I mean, virus writers want to watch the ensuing chaos that follows after a couple of Fortune 500s get screwed, causing a bubbly cable news anchor to scream the sky is falling. Virus writers likely aren't content alone with prophetic warnings based on cream curdling and Aldebaran moving in the sky.

I'd say, virus writers really want to target infrastructure - that means Windows, UNIX, and Linux. I do think that if Macs were far more prevalent in the corporate work place, then that would really make targetting Macs worthwhile.

Sadly, I agree with you that running Windows on a Mac would likely cause people to equate Windows vulnerabilities with Macintosh and Apple cause they don't realize that a Mac ceases to be a Mac once it's running another OS regardless of the Apple logo. My mother for instance, relates all Windows problems as being PC problems.

Re:mixed article

[ljaguar]

microcode, eh? I don't think you know what the word means. But when you find an OS that let you run x86 microcode, let me know. I wanna hear about it.

cha-ching

[St.+Arbirix]

I wonder what percentage of some anti-virus software company's profits are a direct result of this article.

I'm in denial about invisible pink unicorns too. Put up or shut-up.

Re:cha-ching

[squiggleslash]

Yeah, what are they thinking, encouraging Mac users to be vigilant about the risk that one day their machines may be at risk from a virus, especially if OS X becomes a more popular platform?

We must hunt these people down for spreading their calls of vigilance, implying that somehow the Mac is not perfect.

Re:But...but..but..

[killjoe]

Don't worry there isn't a virus. The article says there will be one because apple switched to intel. That makes sense right?

BTW. RE your sig. I think it's amusing to quote from religious texts. My favorite is where the bible says to kill adulterers, homosexuals, people who have sex with their daughter in laws (and their daughter in law), all three people in a manage a trois if the manage trois involves a daughter and a mother, and of course all parties in any kind of beastality.

That last one kind of makes me mad though. I mean if you want to off some homosexuals fine but why punish the poor animal just because some pervert molested it?

Re:Gosh, it does sounds like MS.

The advisory is from 9 days ago. It is from a company that would like to sell you stuff related to its advisories. No known instance of the alleged flaws exist publicaly. The descriptions of the flaws do not support the conclusion of either a DOS attack being possible or compromising of one's system. As such, I invite you to use this flaw to do anything to my Mac.

Or, even present me with a URL where I can observe the alleged flaws in the wild.

Your handle, Whiney Mac Fanboy (963289), should be a tip-off that you are not posting about this matter in good faith.

Re:Macs have never been "immune" to viruses

[strider44]

I'm calling bullshit on that. True, Macs haven't been tested with a huge market share like Windows has, but you seem to be using that as proof that Macs have as bad-a security model as Windows. My favourite analogy to this is asking which one is more bulletproof, an apple or a kevlar vest. You'd shoot the apple into smitherines then say "Obviously the kevlar vest would crumble similarly if I shot it therefore neither are bulletproof".

You're right that they have never been "immune" to viruses. I don't expect you to say something stupid like that *nothing* is immune to viruses unless you can successfully hack my hello world program, but macs definitely aren't. That doesn't mean they're as bad as Windows though, so if you say something like "Nor even markedly more resistant" how about you back up that comment...

Which will come first?

[ikekrull]

The Year of the Linux Desktop

or

The Year of The OS X Viruses

Inquiring minds want to know.

Re:Which will come first?

[suv4x4]

The Year of the Linux Desktop
or
The Year of The OS X Viruses

For me and millions of other Windows users who're on the edge of their patience, it's:

The Year Vista Didn't Come Out *Again*

Re:Which will come first?

[Wizard+Drongo]

They'll both be beaten to the punch by: The Year that Duke Nukem Forever Shipped!!!

Re:But...but..but..

[ettlz]

...all three people in a manage a trois if the manage trois involves a daughter and a mother...

So that's Republicans digg foursomes.

Re:But...but..but..

[kneeslasher]

This is completely off-topic so will doubtless be modded as such. You will actually find that the lines: "And magnify Mohammed and his followers as thou didst magnify Abraham and his followers..." "And bless Mohammed and his followers as thou didst bless Abraham and his followers..." are recited (at least) thirteen times _per day_ in the compulsory Muslim five daily prayers. Now what use would these lines be if you didn't know whom Abraham or his followers were? The key is context, in order to find out what those lines are teaching, you have to go and do a little bit of historical homework on Abraham and why he was such a good pal of God's, to the extent that people living thousands of years after Abraham are still being taught to behave like him and his congregation. Similarly, for the verses mentioned above, context is needed otherwise the lines can easily appear to be contradictory. The verse about not taking Jews and Christians as friends is very often misused by Muslims and non-Muslims alike. But the actual historical reference (remember, that histroy homework again is needed), actually refers to when the northern Arabian tribes were becoming politically unified through their common adherence to Islam. Just as the Vatican or Israel would hardly trust its affairs to, eg, Iran or Saudi Arabia, and not necessarily because of antagonism but merely due to sensible political considerations, the same was true at the time for the fledgling Arab-Muslim state. Political Islam, or indeed Christianity or Judaism, is somewhat divorced from how you should treat your neighbour: it is how one nation should treat another. The verse about taking Christians as friends is the non-political way in which Man should deal with his brethren in the world, holding up the pious Christians of the time as an example to be followed. One can therefore easily ascertain how consistency is not lacking between the two verses, merely that people do not do their homework.

MSNBCFUD

[mgabrys_sf]

Even an Associated Press article, it makes you wonder what gains Microsoft would possibly have for putting it on the front door of MSNBC.

I mean with Vista being such a slam-dunk, why would they need to engage in FUD?

Granted - Apple has warnings of running windows on their boot-camp page and what fun awaits the end user so the reported denial is obviously massive from Cuppertino and that would create a massive pile of denial from the Apple-user community no doubt.

God bless the press for keeping everyone informed of the latest threat to Mac OSX users, and to the homeland security department for keeping those colors coming. I guess I'll have to keep vigilant - albiet productive - while my neighbors reinstall windows every couple of months from all the malware slowdowns. Also special thanks for the heads-up Semantech, you're doing a great job keeping the windows world safe for NT users. Your service is no-doubt going to be needed on the Mac and boy will we be thankful.

Just about the time hell freezes over.

Re:Gosh, it does sounds like MS.

I'd take an Apple spokeswoman's word over Tom Ferris's word. He's fairly good at finding crash bugs, but he frequently reports zero dereferences as "buffer overflows", etc. See his record in bugzilla.mozilla.org, for example, starting with bug 303433. I have no idea why the media keeps calling him a security expert.

Re:Macs have never been "immune" to viruses

[rolfwind]

Perhaps they have marketshare because of those moronic design decisions - the tail wagging the dog so to speak, sacrificing safety for superficial ease of use (of course, I abadoned MS when I saw how many anti-malware/spyware/etcetera programs I had to run to keep my "ease of use").

In other news, Chicken Little still is

[rolfwind]

warning us the sky is falling.

I know as well as anybody the Mac OS was never immune from viruses, that's impossible.

But how many times do I have to read articles where the alarmists are warning us that the big one is finally coming and we're all going to die horrible deaths.

Yeah, I expect a virus or three may come one day. But Windows and it's users has survived thousands without the apocolypse on a world-wide. Hell, many of my friends run windows without anti-virus and mostly don't have infections (can't say the same for malware).

So why should it be different for Mac? Why will a single virus there bring about such alarmists? Apple's record on security is better than MS.

Just remember, any OS is vulnerable, if not to viruses, then to Murphy's law, shit happens. So make regular backups, sit back, and relax.

Countdown ...

[Aceticon]

... until somebody starts a flamewar by saying that Macs are not immune to viruses after all and they've only managed to stay relativelly safe because there are so few of them, to which a horde of Mac religious fanatics angrily reply that Windows is much worse at which point the flames start flying back and forth all the while drowning the only 2 posts that make sense, one saying that the only mainstream OS purposelly made with security in mind was OpenBSD and the other that says that stupid users running with admin rights that open executable attachments in mails from unknown sources are, independently of the OS, the biguest cause of virus infections.

3, 2, .... nevermind, already started.

Re:Countdown ...

[cowscows]

Hey, fuck you man. Periods are way superior to commas. I don't want to get into a punctuation flamewar... but you and your damn run-on sentences started it! Periods are the one true way to separate thoughts in writing. But the truth had to be said. And now a bunch of you religious fanatics are going to jump all over me. You'll argue non-stop about how commas are fancier and newer and and how periods are hard to draw and if you're in a hurry they just end up looking like commas anyways. But you all can go to hell! Right to hell!

Sorry, that was dumb. :(

Re:Macs have never been "immune" to viruses

[moosesocks]

I call bullshit.

By your logic, because Apple now has a much higer visibility, it is a more likely target for viruses.

This is true, and I'm not going to argue with it. However, your reasoning behind it is faulty. Just because it is now being targeted more, does not mean that we are going to see huge numbers of viruses cropping up for OS X.

Heck, the "virus" described in the article isn't a virus at all. It's a trojan, and a shitty one at that. The guy downloaded an executable from an unknown source, and willingly ran it. "strange commands ran as if the machine was under the control of someone -- or something -- else."

Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.

What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password. It is impossible to run OS X as root. If a program's trying to screw with your settings and files, you're going to know about it! Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).

By your logic, because approximately 70% of the internet's web servers run Apache, we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, and because administrators are generally not stupid enough to run unmarked executables.

OS X and unix are inherently more secure by design than Windows is. This is a known fact that has been proven by time. I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case. 95% of Windows viruses, trojans, and spyware would not be possible on OS X or unix simply due to the design of the OS.

Likewise, the article points out seven new vulnerabilities that were discovered two months ago that have yet to be patched, and draws the conclusion that "They didn't know how to deal with security", but later admits that the vulnerabilities wouldn't actually allow someone to execute malicious code on your machine, and that they're being rolled up into the next OS X security update. (Coincidentally, I've got to praise apple for their cumulative and bundled security updates. It makes it TONS easier for end users and administrators to install the updates, avoids confusion, and makes it significantly more likely for these people to install the updates to begin with, compared to the many crypticly-titled windows security fixes and the ActiveX horror that is Windows Update)

In short, the entire article is a piece of crap. Sure, OS X isn't perfectly safe, and it's a given that any system is vulnurable to a stupid user. However, it's damn better than anything else out there. Shame on slashdot for posting such a poorly-researched piece like this.

PS. Do not blame MSNBC for the content of the article. The article came through via the Associated Press, and appears on Cnn.com in addition to a plethora of other sites.

New viruses? Maybe

[theheff]

Perhaps a new line of malware will come along as the new macs grow in popularity, but it will be much different than the PC line of viruses. Mac OS X just doesn't have room and the customization to leave the gap for viruses. What I mean is that the software is written completely different. Safari is debatebly a very decent browser, but it's not customizable like IE is in Windows. There is no activeX, registry, plugins, etc. It runs alone, which greatly affects the difficulty of writing malicious software to take advantage of it. This is really how the majority of software in OS X is. I think the only true way that OS X could be at risk is stand-alone executables that could be downloaded and ran on their own, which of course is dependant entirely on the end-users.

Re:New viruses? Maybe

[TheNumberless]

Safari is debatebly a very decent browser, but it's not customizable like IE is in Windows.

It's not?

There is no activeX,

No, since that's a Microsoft-specific technology. But there's Java, which can accomplish the same things without being so insecure.

registry,

Nope, but there's an equivalent in the form of plist files in various places. I don't see what the system method for storing configuration information has to do with exploitability, though...

plugins, etc.,

Oh yes there are. Of course, an insecure plugin can introduce a vulnerability on any OS, but that's somewhat moot because on OS X (and on Windows, as far as I know) it's not possible to install a browser plugin without the user's permission.

This is really how the majority of software in OS X is.

No, it isn't. Look at AppleScript, and how most OS X applications support it. Look at the system-wide frameworks like CoreData, Bonjour, and many others that can be brought into apps with little effort.

OS X avoids a lot of the design mistakes Windows has made in the past, but that doesn't mean it's not exploitable. This is a point you fail to address in your post full of maddening ignorance.

Experts eh?

[Keen+Anthony]

Apple's iconic status, growing market share and adoption of same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.

Sadly those "experts" could not be reached for explanation because they were out buying antivirus software for Linux and FreeBSD - cause, you know, they're both iconic, have a growing market share, and run on the same microprocessors as Windows.

"They didn't know how to deal with security, and I think Apple is in the same situation now," said Ferris, himself a Mac user.

Sure, being a minority OS does mean fewer virus writers targeting the Mac, but Mac OS X has been cool for a few years now, and I'm still waiting for those dangerous viruses. I'd say Apple knows a little something about dealing with security - certainly enough not to pawn off the responsibility to the antivirus aftermarket.

The Mac's vulnerability could also increase as Apple transitions to a product line that uses microprocessors made by Intel Corp., security experts said. With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past, when they ran on the PowerPC chips made by IBM Corp. and Motorola Corp. spinoff Freescale Semiconductor Inc.

Who are these security experts, and do they work weddings and bar-mitzvahs too? Since when did familiarity with a microprocessor lead to intimacy with an operating system. There's so much I still don't know about BeOS and I've written assembly on PowerPC and x86. The vulnerabilities described in the article may be found here. For the most part, it looks like flaws in the way Safari and Preview handle GIFs, TIFFs, BMPs, and bad ZIPs can cause an application crash, and *possibly* allow code execution (even via certain malformed HTML tags). I've had corrupt graphics files and zip archives crash Preview and Safari in the past, but never any virus-like behavior. Still, it's a good thing to note, but the reporting could have been much better.

Typos...

[suv4x4]

Macs No Longer Thought To Be Immune to Viruses

Shenannigans!

[SoupIsGood+Food]

An anecdotal tale of an unconfirmed in-the-wild exploit on a site run by a corporate rival? MAN THE LIFEBOATS! Mac OS X is no longer secure! No better than Windows with Microsoft's few... ahh... few thousand virii and exploits in the wild, no sir! Panic! Mass mayhem! Purchasing of Dells!

Pfft.

The Tech Punditocracy has been banging the drum on Mac OS X's insecurity pretty heavy these past few months. I'm beginning to believe it's just a scam to sell AV software to gullible IT managers, and to protect windows VARs from a growing corporate push to switch to a more secure platform than Windows.

I have yet to be bit by any sort of malware in all my years of using a Mac. The same cannot be said of my Windows experience... virii, spyware, worms... it's a vast and growing problem. On the Mac, it's a tiny and controlled problem. The difference is mainly in software architecture and in corporate attitudes to fixing software issues. Apple comes out ahead on both counts. It ain't no OpenBSD, sure, but it beats running two AV scanners and three spyware detectors just to check your email.

Re:Gosh, it does sounds like MS.

[Whiney+Mac+Fanboy]

As such, I invite you to use this flaw to do anything to my Mac.

Errr, you'll actually have to provide me with an IP address to do that.

Furthermore, your handle, (Anonymous coward), should be a tip-off that you are not posting about this matter in good faith.

Re:Obviously written by an idiot

[Achromatic1978]

"MSNBC.com is a Microsoft - NBC joint venture"... this says a lot

What does it say? How does it explain the fact that MSNBC also runs stories on Microsoft-based exploits? Hmm... this says a lot.

Daines, a 29-year-old British chemical engineer who once considered Macs invulnerable to such attacks,"... this makes him a qualified source how?

Probably something to do with the fact that 99% of users of systems, be they Mac or Win, are about as knowledgeable about viruses as he is, for better or worse?

Who the fuck is Tom Ferris again?

Who the fuck is bulldogzerofive?

This is a no brainer

[sl4shd0rk]

If they are running XP on them now, but this is irrelevant of the hardware platform. The x86 issue has nothing to do with vulnerabilities other than portability or binary compatibility of the virus/worm itself. The biggest problem with virus/worms/phishing is plain old fashioned ignorance, and that is the most portable vulnerability that can be found on every hardware/software platform.

Can you say "FUD"?

[phillymjs]

This article was on CNN last night as well, under the headline "Viruses catch up to the Mac."

Uh, yeah. Sure. Two guys get hit by something, the articles are not even clear about exactly what, and it's, "Oh noes! The sky is falling!"

Yeah, viruses are really catching up to the Mac. One down (maybe), a few tens of thousands more to go to catch up to the quantity available for Windows. Look at all the crap you need to do properly secure an XP box. Even if this alleged Mac virus is the real thing, you can stay safe simply by not going to dodgy sites, and thinking for a moment about why that thing you downloaded from said dodgy site is asking for your admin password.

The antivirus vendors must have realized that we just laugh at their press releases touting the dire threats to the Mac, so now they're funneling their fearmongering drivel through the Associated Press in a laughable attempt to turn it into Real News. Nice try, guys.

~Philly

Does the Author own Symantec stock?

[Danathar]

In the interests of full transparency the news article should state if the author, news organization, or parent of the news organization (if it has one) owns ANY stock in Symantec who makes (as far as I know) the only Mac Anti-virus product.

Re:Does the Author own Symantec stock?

[Danathar]

OK..so there are TWO antivirus products for the mac :) Impressive!

Re:Macs have never been "immune" to viruses

[nathanh]

Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.

Nonsense. Microsoft is the target of viruses and spyware because of Microsoft's moronic design decisions and security policies AND because of marketshare.

Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.

The fact that it's so trivial to exploit Microsoft software is purely because of the moronic design decisions and security policies, not because of marketshare. But the fact that Microsoft is so frequently the target of virus writers is a function of marketshare as well.

Re:But...but..but..

"manage a trois"

Uhh... That's when three people try to run a company...

If you use such terms, at least get the spelling right.

Re:Macs have never been "immune" to viruses

[JulesLt]

Incorrect. OS 9 and prior certainly had viruses, despite a market share comparable to OS X based machines. Not as many as Windows, but enough to cause problems for Mac users. Hell, I remember virus problems on Macs when the only way of distributing a virus was by floppy disk and the operating system was held in a ROM.

OS X is substantially more resistant to virus attack than all prior Mac operating systems, and most default Windows installations.

That doesn't mean it's 'immune'. Equally an increase in popularity will almost certainly raise the threat level - but that doesn't change the fact that the underlying system provides better protection by default. Failing to be 'immune' does not mean 'equally vulnerable'.

The default installation implements much of what corporate Windows admins have to implement to secure a Windows system / will be implemented by default in Vista.

Obviously there are other Unix systems that are still more secure - some security has been sacrificed for ease of use. It would be much more secure if new startup services and firewall changes had to be manually configured - but users won't stand for it. (Hence why we got in this mess in the first place).

If there is a virus out there...

...why won't they tell me what it is?

That whole article is based on one key event. Mac users did SOMETHING, and got a virus that did SOMETHING. What did they do? And did it involve giving an admin password?

If they have a story, why aren't they telling it?

The argument about market share is just stupid. In order to write a virus you have to be something of a programmer. In order to write a Mac virus you have to be a Mac programmer. And who becomes a Mac programmer unless they like the Mac platform?

There are plenty of people working on Windows who hate and despise it. They work on it because there's lots of work out there. There aren't a similar number of people working on Mac who hate Mac OS.

Anti-virus company campaign propaganda

[bananaendian]

What? So Macs were immune against viruses?

Seriously, it's way too easy to have a go at this MSNBC BS. What is more worthy to note is the frequency and desperation with which these articles keep appearing, claiming sleeping beauty mac-users are in imminent danger if they continue to refuse to take part in the virus paranoia of the Windows world.

I have been using W2K with no anti-virus software for years with no side effects. Sadly and with amusement do I follow the antics of my fellow XP users with their shiny anti-virus crapware popping up redundant warnings and notifications and slowing the machine to a crawl. And to top the irony they have to turn off anti-virus whenever they install anything or run certain software. And when you go to your workplace or school the machines there have been made almost entirely useless by over zealous protection software.

Having a go at Macs for security is either stupidity or plain propaganda. Security doesn't come from anti-virus programs. It comes from the underlying architecture of the OS and the third-party software having to comply with the security principles of the underlying architecture. Anti-virus software only protects the computer against clueless users and thus it can be claimed that any computer/OS architecture requires some.

And as for the age old user base threshold argument I'm still waiting. OSX has been for some time the most common UNIX based OS. It is remarkable how little vulnerabilities have been found considering the amount of software and services running on OSX by default. Thus, comparatively, statements involving OSX and poor security continue to be plain ludicrous.

As for me I'll merrily continue running my apparently 'immune' W2K box (behind two tailor made firewalls) and wave my greetings and encouragement to my fellow mac users.

Re:Anti-virus company campaign propaganda

[2starr]

The thing that I'm surprised no one mentioned is that this same basic story is also on CNN and Fox News.

Interesting that it's on all of them at the same time.

Macs can get viruses?

[Mathiasdm]

I'll believe that when I see water running uphill!

Re:Macs can get viruses?

[g-doo]

I believe!

http://en.wikipedia.org/wiki/Image:Escher_Waterfal l.jpg

Re:Gosh, it does sounds like MS.

[muhgcee]

However, what sounds most MS-like was this: ...

She disagreed that the vulnerabilities make it possible for a criminal to run code on a targeted machine.

Have you ever read the short description of a MS security patch? They quite frequently contain language similar to "A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it."

To the one who modded me troll

[lord_rob+the+only+on]

I was sarcastic. I am a proud Debian user, you know. I was just doing the same analogy as the authors of the article do.

What we really need

[Wescotte]

is a good open source cross platform virus/worm!

well duh!

[john_uy]

no system is 100% virus free. there may be systems that have probability that is very low.

people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.)

ignorance is the problem. education is the solution. it may be easier to avoid getting worms and viruses in linux than windows but educating a user might be able to avoid the same with windows as well.

Re:well duh!

[99BottlesOfBeerInMyF]

people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.) ignorance is the problem. education is the solution.

I agree with you, but I think most of the ignorance is in the other direction. Talking to the average Windows user, most assume Mac users do have to deal with the same level of spyware, worms, and other malware that they do. When told, "No I've never been infected with any of them and in fact no mac worm has ever spread to OS X machines on the internet," many simply don't believe it. Those that do, sometimes inaccurately claim when speaking to others that mac can't get viruses, when in fact they just don't get viruses (or haven't yet).

Apple has been very careful on this issue, to never claim their machines are immune to viruses. I think the fact that most users don't know Macs are more secure than Windows machines and are unlikely to have malware problems greatly overshadows the problem of Mac's security being overstated by some individuals.

Re:well duh!

[madcow_bg]

Yup, you're right. An educated user who doesn't go to web sites and, preferrably, keeps his computer locked in a bunker without electricity *might* be able to keep windows secure.

Damn you x86!!

[jtalerico]

I knew once apple switched to x86 this would happen. I bet IBM is saying, "Biggest mistake of your life" -Some movie....

Re:Macs have never been "immune" to viruses

[lasindi]

My favourite analogy to this is asking which one is more bulletproof, an apple or a kevlar vest. You'd shoot the apple into smitherines then say "Obviously the kevlar vest would crumble similarly if I shot it therefore neither are bulletproof".

Your choice of fruit for the analogy helps make your point quite nicely.

Re:Macs have never been "immune" to viruses

[drsmithy]

True, Macs haven't been tested with a huge market share like Windows has, but you seem to be using that as proof that Macs have as bad-a security model as Windows.

From a technical perspective, they have a *worse* security model.

(Note to standard responders: default configuration of user accounts for a certain subset of installations has *nothing* to do with the security *model*. It's a configuration semantics issue, nothing more.)

That doesn't mean they're as bad as Windows though, so if you say something like "Nor even markedly more resistant" how about you back up that comment...

Simply by observing that there's no technical aspect that *makes* them more resistant. A somewhat better default configuration ? Yes. Technical barriers ? No.

Re:Gosh, it does sounds like MS.

[ZachPruckowski]

Errr, you'll actually have to provide me with an IP address to do that.
172.25.123.154

No, I'm not the AC from above.

The never were immune

[Vexorian]

Although the article claims that they may no longer be immune, the reasons it states are that the mac market has grown which is equivalent to saying that the reason no one made viruses for mac before is that hackers didn't give a crap.

well oh well

[zpok]

I've been running sophos anti virus software on my mac since, well, since they became available. Thing is, apart from updating itself once in a while I haven't had ONE virus showing up. Every now and then I even scan my system. Just for kicks (I'm easily excited).

Apart from all the other "usual crap", I wonder how this type of articles make it to mainstream news outlets. Even Steve Jobs' brand of underwear would be more newsworthy than this kind of FUD.

There is - like in most of this type of journalism - no real defense against it. Whatever argument you use against "two guys encountering something weird" in "serious news outlets", you must be a mac zealot in denial. Right?

Re:well oh well

[radish]

Well I have never had a virus in 15 years of running Windows. Does that mean that viruses on Windows are impossible? or a myth?

Re:well oh well

[zpok]

No. It means that according to the standards maintained in this news article you and I have equal authority and should be on the frontpage of CNN, sharing a scoop, reporting that OS X and Windows are equally safe and that contrary to expert opinion, there's no such things as a computer virus, except for maybe that one thing you ran along some 15 years ago.

I admit though that I didn't make much of an argument, it was a bit of an emotional post...

Re:well oh well

[Bassman59]

I've been running sophos anti virus software on my mac since, well, since they became available. Thing is, apart from updating itself once in a while I haven't had ONE virus showing up. Every now and then I even scan my system. Just for kicks (I'm easily excited).

So, exactly what viruses are this software looking for ?

Re:well oh well

[zpok]

um, good question. Windows and pre-os x stuff I gather. Maybe also proof of concept stuff now, although I have doodahs for that as well (those browser alert thingies). I'm lazy, but you can always check Sophos' website, they have pages and pages on their products and its virus definitions.

Re:Macs have never been "immune" to viruses

[drsmithy]

Heck, the "virus" described in the article isn't a virus at all. It's a trojan, and a shitty one at that. The guy downloaded an executable from an unknown source, and willingly ran it. "strange commands ran as if the machine was under the control of someone -- or something -- else."

That also describes the majority of Windows "viruses".

Don't bother with silly semantic games that only Slashbots care about. In the media when they say virus, they're talking about malware in general. Most Windows malware falls into the "trojan" category and requires varying levels of user interaction to get started.

Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.

I do, because it's by far the most common vector for malware and, indeed, all security breaches.

It's also damn near impossible to defend against programmatically.

What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password.

Bollocks. For a start, any user can delete files they own - ie: the most important data on the machine.

Secondly, any user's account can turn the machine into just about anything an attacker might want, include allowing a remote login for further attempts at privilege escalation (because the OS X firewall is disabled by default).

Finally, any user in the Admin group (the default for most users) can delete (or modify !) not only just about everything in /Applications, but also other "system" files in /Library and /System.

It is impossible to run OS X as root.

Actually it's trivial. Running code as root is marginally easier than actually logging in to the GUI as root, but neither are particularly difficult to do.

If a program's trying to screw with your settings and files, you're going to know about it!

Highly doubtful. Most users have no ideas what processes run on the systems and even fewer actually monitor them.

Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).

Windows's file permissions - indeed its security capabilities in general - are vastly more capable that OS X's.

In short the whole "but root is disabled" argument (and variants) is largely irrelevant. Elevated privileges are simply not required for the vast majority of things malware wants to do.

By your logic, because approximately 70% of the internet's web servers run Apache, [..]

(Wow, the good old Apache argument, what a surprise.)

Websites != Servers.

Also People Running Apache != People Running IIS. The bar for running an Apache server is set higher.

[...] we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, [...]

Actually we do. For the last few years, Apache has had a worse security record than IIS.

[...] and because administrators are generally not stupid enough to run unmarked executables.

Users are not administrators. Users have *extreme* difficulty identifying malicious code before running it.

OS X and unix are inherently more secure by design than Windows is.

False. There are many aspects of traditional UNIX "design" - including that in OS X - what are inherently less secure than Windows. For example, the concept of 'root'.

I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case.

Firstly, the product OS X was is actually a touch older than NT. Secondly, it was basically yet another reimplementation of the flawed unix "design".

Re:Macs have never been "immune" to viruses

[JulesLt]

The one thing that is true is that Apple don't know how to deal with security, although they seem to be learning. You can't ignore the press and hope that the facts are good enough.

Especially when there an army of 'security researchers' out there, with a story to tell, and a public who can't tell the difference between 'immune' and 'robust'.

Say 9/11 and Saddam in the same sentence enough times and people will start believing there is a link - even if your sentence is 'There is no known link between 9/11 and Saddam'.

That is very similar to cell phone viruses hype

[S3D]

Antivirus vendors are looking for new markets to expand. Especially with looming Microsoft extrance into anti-virus market.

What increasing marketshare?

[dnaumov]

Maybe you mean increasing install base? Apple worldwide marketshare hasn't been over 3% for many years.

Re:What increasing marketshare?

[99BottlesOfBeerInMyF]

This article claims 16% according to the SPA. Personally I'd estimate it is somewhat lower, maybe 7%. Sales figures alone place it at about 4% for the year, but the average in use lifespan of a mac tends to be 1-2 years longer than that of the average PC (although close to that of other high-end machines). Also sales of macs were up 32% year over year from 2004 to 2005. The industry as a whole went up 18%. That means 14% of roughly 4% of all computers old would put Apple ahead by a little more than half a percent of the total PC market, to 4.5%. They've been doing quite a bit better so far in 2006, by all reports. So for a very conservative estimate you could say they have more than 4.5%, possibly considerably more than that. Anecdotally, here at work they have grown from 5-10% of the machines to about 50% or more in just a few years (mostly professional coders and security experts).

Re:Macs have never been "immune" to viruses

[drsmithy]

Incorrect. OS 9 and prior certainly had viruses, despite a market share comparable to OS X based machines. Not as many as Windows, but enough to cause problems for Mac users.

Not even *close* to as many as DOS and Windows. Heck, I don't think the number of MacOS Classic viruses even hit triple figures.

Even taking out the obligatory fifty-odd minor variants of every DOS/Windows virus, there would still be an order of magnitude plus more pieces of malicious code on that platform.

Added to that, MacOS - particularly in its heyday - had much more marketshare than it has now. Indeed, it's only relatively recently OS X has exceeded MacOS Classic in marketshare and both must share the relatively smaller MacOS pie.

OS X is substantially more resistant to virus attack than all prior Mac operating systems, and most default Windows installations.

Not really. Marginally more resistant, yes - many areas of the system are protected. Just about everything in /Applications and many parts of /Library, however, are writable by Admin users (the default for most users). Not to mention any files - both local and networked copied and/or created by the user themselves.

So, OS X *isn't* especially more resistant. Certain parts of the system will withstand an attack from malicious code, but many won't and neither will any of the user's own data (the most important on the machine).

Failing to be 'immune' does not mean 'equally vulnerable'.

Neither does "exploited more frequently" mean "less secure", but try explaining that to the typical slashbot.

The default installation implements much of what corporate Windows admins have to implement to secure a Windows system / will be implemented by default in Vista.

A default *corporate* Windows install is reasonable, assuming even a barely competent IT department. It's the default *non-corporate*, unmanaged install where OS X has a superior configuration (although realistically the additional protection is marginal).

Vista = slam dunk? When did this happen?

[TheNoxx]

Most of what I've seen on /. and other sites about Vista has been extremely negative, majorly centering around MS continuing to ignore the voices of consumers and implement draconic DRM while losing several promised features and delaying the release for the umpteenth time...

Unless I was in a coma when the press release came out stating Vista suddenly became the best coded OS of all time, where's the "slam dunk"?

Seems much more likely that this is a result of MS shitting bricks over Apple gaining popularity and switching to a chip platform that will continue to bolster their market share.

We never were Immune

[nurb432]

Apple users were Just (much) safer then windows. And less of a target. But in no way were we ever immune.

Not again!

[void+bear(void)]

Nothing to see here, move along. This has already been covered to death EVERYWHERE, why is it being talked about again YAWN!

Car thieves steal Accords because they are common

[rufusdufus]

Thieves steal honda accords more than any other car. Not because Accords are better, but because they are more common.
You don't see a lot of mac viruses because virus writers are looking for a large population to spread their malware, and macs are few and far between.

Re:MSNBC is a MicroSoft shill

[drsmithy]

This has no foundation in reality, and belies the fact that Windows is constantly adding unix-like security features, just to try to catch up.

Like what ?

No, it's not the x86, it's Safari & LaunchServ

[argent]

It's not the x86, it's Safari and Launchservices.

Stupid beggars. Microsoft proved that trick never works in 1998.

OSes 9 and before had MORE viruses and fewe users!

[objekt]

And why do we have to see this same story about Macs and viruses every month?

Architecture?

[sottitron]

Does the Apple switch to Intel really mean anything to a virus writer? I thought it was Microsoft's crap software [IE, Outlook Express, Windows] and their associated APIs that the were the real targets? Its not like VBScript is going to run on a Mac just because the chip is a Core Duo.

what was the name of this 'virus`

[rs232]

"Daines was the victim of a computer virus .. He and at least one other person who clicked on the links were infected by what security experts call the first-ever virus for Mac OS X".

What was the name of the originating web site.
Who was the one other person who caught the 'virus`.
Can we see a sample of this 'virus`.

"In Daines' infection, a bug in the virus' code prevented it from doing much damage. Still, several of his operating system files were deleted, several new files were created and several applications, including a program for recording audio, were crippled."

Does a default Mac installation run applicions by clicking on an icon on a web page. Does the application require root to do any damage. Can a Mac be configured to not clack and run. If the home directory was made noexec would any of these alleged exploits work.

The article is a little short on real facts. Just a case of some 'security` company fudding up some business.

re: Why? One good reason....

[King_TJ]

It's important to "throw poorly researched stories to the wolves" once in a while, so people can pick them apart.

I, for one, am happy when Slashdot finds these stories with ridiculous claims or patently false information and brings them to our collective attention. Otherwise, as an I.T. professional, it can become really frustrating when a client drags one of them out as ammunition to back up a potentially bad business decision. If you're previously unaware of such an article and it suddenly gets thrown in your face - you're put on the spot to defend against it.

Nothing to see here. Move along.

[cei]

This is the same "virus" that we talked about in February. link 1, link 2. The CNN (AP, really) article mentions Benjamin Daines as finding it. MacRumors forum post from Benjamin Daines dated Feb 13 whining about how he was duped by someone posting a link to said trojan. We've gone over this before. This is nothing new. Must be a slow news day at AP...

Re:Nothing to see here. Move along.

[necro2607]

Yup, here's a thread of the guy saying he was interviewed by CNN:

http://forums.macrumors.com/showthread.php?t=19746 9

The point of the article...

[SiMac]

"The bottom line is we still feel more comfortable using a Mac than a (Windows) PC," said Alan Paller, director of research for SANS.

But as Daines can attest, there are no guarantees.

"We're all sort of waiting with bated breath to see if any problem will happen and the jury is still out," said Thayer, the independent security consultant. "I don't think you'll find a consensus."

The article seems to be saying, "look, two people with Macs got infected with a virus! Now Windows is more secure than the Mac." For some reason, I trust the director of research at SANS more than this British chemical engineer or the "independent security consultant." Macs have never been immune to viruses, it's just that there are thousands of times fewer Mac viruses than PC viruses. And this is still the case.

Re:MSNBC is a MicroSoft shill

[The+Snowman]

First, how about moving to least privileged users? Separating binaries and data: Program Files and Documents and Settings (usr/bin, /etc, /home). Shipping with only the necessary services turned on. Detaching IE from the OS. Sure, some of these have to wait for Vista, but they've already made improvements. Whether it is enough or is effective is up to debate, but Microsoft are making efforts.

Re:Car thieves steal Accords because they are comm

Real car thieves respond to market forces and steal the car that either needs the most repair parts or will sell the easiest on the black market. For a while, Hyundais were a popular theft car, not the most popular on the road, but needed the most parts...

So "security" doesn't exist?

[khasim]

Thieves steal honda accords more than any other car. Not because Accords are better, but because they are more common.

So ... if I drive a Honda Accord, then there is nothing I can do to prevent it from being stolen by any kid who wants to take it?

Fascinating.

You don't see a lot of mac viruses because virus writers are looking for a large population to spread their malware, and macs are few and far between.

So ... if there were more Macs than Windows boxes ... the Macs would have a higher percentage of infections due to worms that somehow manage to spread to machines that ship with no open ports by default?

Machines can only be infected by:
Worms
Viruses
Trojans

Worms spread via open ports. If Macs have no open ports by default, then the worm threat should be near zero for Macs.

But you say that it is just because there aren't a lot of Macs out there. So ... the worms would somehow manage to infect a machine with no open ports ... if that machine were more commonly found.

Fascinating.

Re:So "security" doesn't exist?

[PitaBred]

No. But the knowledge of HOW to steal your Accord is going to be much more prevalent than it would be for, say, a Ford Pinto. You aren't completely correct, but neither is the parent. Part of it is popularity of the system, part of it is the security practices of the system (software and administration-wise). Add both factors together, and you figure out how likely it is that you get infected/hacked/whatever.

What's the Difference Between Me and You?

[Greyfox]

The difference between OSX and Windows is that on OSX you have to download the "virus", run it and supply it with your root password. In Windows, you pretty much have to connect an unpatched install to the Internet without a firewall and wait 20 minutes.

Still, I WOULD like to see Apple try to do more to keep OSX secure. The system should only allow its system directories to be modified in single user mode -- I'm pretty sure BSD has a flag for that. I'd also like to see downloaded applications run as some other user that isn't allowed administrative access to the system at all, password or no. They'd probably have to make some changes so that the user could be restricted from changing its user ID to minimize the damage of people providing their passwords blindly when the dialog comes up. Allow the user to take explicit action if they want the application to be able to run as the regular user.

It still wouldn't be a perfect defense, but nothing can help you if the user's going to bend over backwards to give an application access to the system. Operating system companies really should err on the side of paranoia whenever possible.

Re:What's the Difference Between Me and You?

[sqlrob]

admin users can write /Applications without the password dialog or sudo. They need to fix that.

Re:What's the Difference Between Me and You?

[prockcore]

The difference between OSX and Windows is that on OSX you have to download the "virus", run it and supply it with your root password.

This is exactly the kind of thinking that's going to get you burned.

Apps don't need your root password to do damage. Every program inside Applications (this includes Safari, iTunes, etc) can be *modified* by the regular user... no root password required.

Do mac users not download software? Isn't there a crapload of shareware out there? Any program you download and run can backdoor Safari so that whenever you run your browser it opens a port and spawns a shell to anyone who connects. You could then decide that shareware program wasn't worth it and delete it.. and you'll still be infected.

Re:What's the Difference Between Me and You?

[Gropo]

Operating system companies really should err on the side of paranoia whenever possible.

As is apparently the angle Microsoft is lately coming from--according to Paul Thurott's latest Vista Beta preview. It sounds absolutely attrocious. I wonder where the balanced middleground is... If Apple or Microsoft will get there first.

Re:What's the Difference Between Me and You?

[Greyfox]

Yep! Chrooting applications would help with this. It's not like UNIX people haven't been thinking about these problems for thirty years. Apple's done a pretty good job of making the system more secure than Windows while maintaining their world class user friendliness. If they can take it to the next level while continuing to maintain the usability it will be a huge win in the industry.

Re:But...but..but..

[cyber-vandal]

You're right, perhaps contradictions was too strong a word, I was objecting to that quote in the grandparent poster's sig seeming to show that Muslims are told not to associate with people of other faiths when it's a lot more complex than that.

Re:Macs have never been "immune" to viruses

[jcr]

It is impossible to run OS X as root.

No, it's not.

-jcr

"Targetted" vs "Compromised".

[khasim]

Nonsense. Microsoft is the target of viruses and spyware because of Microsoft's moronic design decisions and security policies AND because of marketshare.

Okay, if you want to be specific:

Microsoft is the most often TARGETTED because of their marketshare.

Microsoft is the most often COMPROMISED because of their design.

I have Apache servers that are often TARGETTED by worms running on Microsoft machines. But my servers are not COMPROMISED by those worms.

Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.

That may be correct. But "targetting" a platform is NOT the same as being able to "compromise" that platform.

Anyone can write a virus or worm or trojan for Linux. That is "targetting" Linux.

It's very difficult to get that virus / worm / trojan to spread to other Linux machines. This is "compromising" Linux. And the reason for that is because Linux's security model and implementation is better than Windows.

The same with Macs.

The fact that it's so trivial to exploit Microsoft software is purely because of the moronic design decisions and security policies, not because of marketshare. But the fact that Microsoft is so frequently the target of virus writers is a function of marketshare as well.

I'll disagree.

If it were 100x harder to compromise a Windows box than a Mac, but Windows boxes were 10x more common than Macs, you wouldn't see the same results you see now.

"Marketshare" in this instance means nothing WITHOUT the vulnerabilities.

The only thing that marketshare determines is the SPEED at which the virus / worm / trojan spreads. That's because with 90% of the market, the odds of any one infected machine finding an uninfected machine within a minute are very high.

The odds of one infected Mac finding another Mac with the same vulnerability within a minute is low. But given enough time, that one machine can scan the entire IP address range of the Internet.

Re:"Targetted" vs "Compromised".

[drsmithy]

Microsoft is the most often COMPROMISED because of their design.

Actually, they're the most often compromised because of their userbase, because the vast majority of Windows "compromises" require user interaction to work.

It's very difficult to get that virus / worm / trojan to spread to other Linux machines. This is "compromising" Linux. And the reason for that is because Linux's security model and implementation is better than Windows.

No, it's because getting the average Windows user to execute arbitrary code is rarely more difficult than a "click here to see teh free b00bies" box. Getting the average Linux user to execute arbitrary code, OTOH, is substantially more difficult.

Linux's security and implementation aren't better than Windows, assuming you're comparing apples to apples (heavily customised and patched Linux installations ain't apples).

The majority of Windows exploits require interaction by the end user. They're not automatic, they're not remote and they're not really exploiting system weaknesses. While there have certainly been some high profile automated remote exploits for Windows, they're far from common - and most are patched before they're in the wild anyway.

The only thing that marketshare determines is the SPEED at which the virus / worm / trojan spreads. That's because with 90% of the market, the odds of any one infected machine finding an uninfected machine within a minute are very high.

No, it also determines the likelihood of a compromise occurring. More marketshare -> higher number of ignorant end users & more machines -> higher number of compromises.

There is also a correlation between OSes with smaller marketshare and those having userbases with lower levels of ignorance. Smarter users are less likely to be compromised, even by exploits that don't require end user interaction. They're also far, far more likely to notice their system has been compromised, fix it and protect it from happening again.

I find it really, really weird that so many people try to dismiss marketshare as irrelevant, when even a cursory evaluation shows it to be a critical factor of any given platform's "security problems".

CONTINUED: Mac users in denial

[NutscrapeSucks]

Here's another version from a pro-Mac paper:

http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/ 05/01/BUGK7IHGOC1.DTL

Sourced mainly from SANS, which is for real.

I love these Apple stories!

[cypherz]

'Cause they generate such great discussion/trolls/flamewars! Thanks Slashdot!

"No Longer" Immune?

Macs May No Longer Be Immune to Viruses

Nobody with a functioning brain thought that Macs were ever immune to viruses.

Re:"No Longer" Immune?

[bogie]

I guess a shitload of mac users are brainless then because plenty of them have been proclaiming that for years.

Re:Macs have never been "immune" to viruses

[guillecabeza]

Please take a look at the verified attacks and defacements of today.... http://www.zone-h.org/ I guess you don't know much about operating system design either,you just like to repeat something you heard somewhere...

ICBM

[blueZ3]

Intel Chip-Based Macs

It is funny... not as funny as the first time I read it, but funny.

User-base fallacy

[Dr.+Brad]

If the installed base size is the critical factor for exploit success, then why are there more successful exploits for Microsoft IIS than there are for Apache?

Take care,
brad

Re:But...but..but..

[99BottlesOfBeerInMyF]

I recall reading somewhere the first person executed when Europeans colonized North America was for bestiality, and they did commonly hang animals for their part in the offense. Sadly that is no where near the pinnacle of the ridiculous things done in the name of christianity.

Re:Car thieves steal Accords because they are comm

[metamatic]

Yes, but why do they want to steal cars that are more common?

Because it makes it easier to fence the parts.

There's no corresponding issue for virus writers. If you have a botnet of 10,000 hosts, it doesn't matter what platform those hosts run, so long as they can send spam.

If a virus writer had a good chance of putting a rootkit on 10,000 network-connected OS X Macs, he'd do it.

Re:Car thieves steal Accords because they are comm

[l3prador]

Thieves steal honda accords more than any other car. Not because Accords are better, but because they are more common. You don't see a lot of mac viruses because virus writers are looking for a large population to spread their malware, and macs are few and far between.

That has to do with reasons that do not carry over to computers! The two reasons that the commonness of those cars makes a difference is because: 1. They are easier to sell for parts, because the parts are more commonly needed, and 2. A stolen Accord is unlikely to be noticed among the millions of Accords, whereas a stolen Ferrari is going to draw much more attention.

This story is all over the press, not just MSNBC

[I'm+Don+Giovanni]

This AP story is all over the press, not just MSNBC

For example:
http://www.foxnews.com/story/0,2933,193749,00.html
http://sfgate.com/cgi-bin/article.cgi?f=/n/a/2006/ 04/21/financial/f080720D78.DTL
http://www.mercurynews.com/mld/mercurynews/news/lo cal/states/california/northern_california/14397469 .htm
http://www.signonsandiego.com/news/tech/20060424-0 012-ca-applesecurity.html
http://hosted.ap.org/dynamic/stories/A/APPLE_SECUR ITY?SITE=KFWB&SECTION=HOME&TEMPLATE=DEFAULT&CTIME= 2006-04-30-15-15-12

Re:Macs have never been "immune" to viruses

[JulesLt]

Largely I would agree, except I would not describe the additional protection as marginal - realistically it has proven sufficient.

I'd have to say that being callous I have little concern for the user's own data. They should be backing it up anyway*. Nor can I see an easy way of protecting it (a database style approach may work, where the data is owned by another user and only accessible via specific client applications, but this would be annoying for many reasons).

However, it's been a long time since your typical virus merely damaged user data. Installing automatically executing code that survives between reboots, without alerting the user, is not something anyone has yet achieved - despite the fact that there have been known auto-execution AND privilege escalation issues, no one has yet been able to combine the two in a dangerous way.
(They came close with the 2-week window where sites could auto-install Dashboard widgets).

Of course, viruses aren't the only threat. Trojans are increasingly significant (especially as virus-delivery becomes harder on Windows) - and the Mac is not substantially more 'trojan-proof'. An idiot installing a p2p program will not be stopped by an admin password, and a family are as likely to set up every user as Admin on a Mac as on Windows.

Actually the whole discussion on security is generally crap.

Vulnerabilities in IE where 'viewing a web page can allow execution of arbitrary code' sound bad to ignorant users - they don't understand they need to visit a specially crafted page rather than Amazon or ebay. Security sites don't help by calling such issues 'critical'.

We need to distinguish between risks that result from user action (visiting a specific web page, downloading p2p software) and user inaction. The ability to exploit the default installation of an OS through open ports, or transmit a virus through reading an email is at least an order of magnitude greater in risk.

On those grounds, OS X has always been a much lower risk platform (Windows continues to improve with each SP).
Instead the discussion has largely deteriorated into throwing vuln counts at each other.

* Apple, like Microsoft, deserve shooting for not incorporating backup as a standard feature in their consumer operating system - selling it as part of a .Mac subscription is completely underhand.

Re:Car thieves steal Accords because they are comm

[feijai]

In 2004 (the most recent year of record) the #1 most stolen car was the 1995 Honda Civic. The #2 most stolen car was the 1989 Toyota Camry. The 1991 Honda Accord came in at #3. #4 was the 1994 Dodge Caravan.

So. Not Accords. But get the picture? Nine year old Civics? The most common cars stolen are those which are owned by people living in the neighborhoods where thieves operate.

What really matters is no the most common car stolen but the car with the highest rate of theft. And for that, the top ten are: 1999 Acura Integra, 2002 BMW M Roadster, 1998 Acura Integra, 1991 GMC V2500, 2002 Audi S4, 1996 Acura Integra, 1995 Acura Integra, 2004 Mercury Marauder, 1997 Acura Integra, 1992 Mercedes-Benz 600. Someone likes those Integras.

Thing is, theft rate doesn't help your dorky argument. Because not only are there few Macs being broken into or zombied or attacked by virii, but Apple's *rate* is nearly zero as well.

This is an AP story

[I'm+Don+Giovanni]

It's on msnbc, cnn, and foxnews (as well as newspaper sites like sfgate.com, mercurynews.com, sandiegowhatever.com) because it's an AP story. Those that are saying this is MSNBC propaganda are just the type of Mac users that the article describes as being "in denial".

This is indeed a "virus"

[I'm+Don+Giovanni]

This is a "virus" as much as Windows malware is labeled as such. In addition to infecting a system by visiting a website (I'm not sure if the user has to explicity download and run the malware), it also propagates itself via Instant Messaging. This is no different than Windows "email viruses" and "IM viruses".

From the article:

Benjamin Daines was browsing the Web when he clicked on a series of links that promised pictures of an unreleased update to his computer's operating system. Instead, a window opened on the screen and strange commands ran as if the machine was under the control of someone -- or something -- else. Daines was the victim of a computer virus. ...
In Daines' infection, a bug in the virus' code prevented it from doing much damage. Still, several of his operating system files were deleted, several new files were created and several applications, including a program for recording audio, were crippled. Behind the scenes, the virus also managed to hijack his instant messaging program so the rogue file was blasted to 10 people on his buddy list.

Limitations of "I'm smart so I'm immune"

[Beryllium+Sphere(tm)]

>I have been using W2K with no anti-virus software

Good work, congratulations on your success. I used to try the same approach. It worked until I got infected by *selecting* a piece of frelling email. Not (of course) opening an executable attachment, not opening an executable attachment with a non-executable extension, not opening a non-executable attachment (because those can exploit image handling bugs), not even *opening* the email, but simply having it appear in the preview pane. Someone's certain to call me "stupid", but fact is that is a routine operation and would be safe on any sane application suite.

Microsoft has fixed that "feature", and I've added antivirus software and a policy of not using Internet-facing software from them until they accumulate a *long* clean track record. To run without antivirus I'd feel obligated to add a no-email policy and a no-Web policy (even with Firefox).

Experience base

[Beryllium+Sphere(tm)]

>because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case.

We're getting into philosophy here and it's unclear how much this affects user experience, but...

OS X's Unix infrastructure has 30 years of experience behind it, most of that networked. Since 1988 Unix developers have had to consider the network hostile.

That would just suck, huh?

[kitsunewarlock]

Well the point is there might be files out there for dumbasses to download other than .exe. So many piss poor and obvious viruses are done on .exe...anyways, despite the claim, there are a suprizingly high number of people on macs who have no fuckin' idea how to use a computer. I'm the only one in my class of like 100, in one of the top architecture colleges in the country, who even knows the basics of HTML, FTP, etc... And there are tons of people running around with "cute powerbooks" or "cool powerbooks" whose (referring to the computer) sole purpose in life is bittorenting anime.

Re:That would just suck, huh?

[Bassman59]

anyways, despite the claim, there are a suprizingly high number of people on macs who have no fuckin' idea how to use a computer. I'm the only one in my class of like 100, in one of the top architecture colleges in the country, who even knows the basics of HTML, FTP, etc.

Jeez, you're full of yourself. Ya know, people buy computers to run the applications that interest them. You know, obvious things like word processing, accounting, e-mail, web browsing, design circuits, laying out PC boards, playing games. None of these tasks require the user to know how to use ftp or write HTML.

Re:Macs have never been "immune" to viruses

[PitaBred]

Actually we do. For the last few years, Apache has had a worse security record than IIS.
I call shenanigans.

Apache 2.2.x and IIS 6 have no open bugs in Secunia. But those are brand new. However:
IIS 5
Apache 2.0
For those who don't want to click, IIS5 is "Moderately Critical", and Apache 2.0 AND 1.3 are both "Less Critical". Being as these are the most popular versions of these servers... I think you're just a shill. Stop spreading FUD.

Re:MSNBC is a MicroSoft shill

[Moofie]

"Whether it is enough or is effective is up to debate,"

No, it's really not up to debate. It's a massive charlie foxtrot, and has been since 1995.

"but Microsoft are making efforts"

Not good enough for my money. I pay for solutions, not attempts.

Re:Macs have never been "immune" to viruses

[Sith1ord]

"What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password. It is impossible to run OS X as root. If a program's trying to screw with your settings and files, you're going to know about it! Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...)." Keep in mind that most people are stupid enough to download unknown files and run them with the Admin password... Linux is more protected than OS X not because of superior design, but because of superior users. Most people on this site are protected even if they use Windows... just like car theft, virus issues come to those that have their Windows down or their doors unlocked.

Re:Car thieves steal Accords because they are comm

[defy+god]

thieves steal honda civics and accords because they can be easily broken in to. take a flathead screw driver, push it into the car door keyhole, and turn. do the same with the ignition. it really is that easy. now, i also admit they are very common cars. combining the two is a great reason why thieves target them. you'd think some would rather go for high end cars, like mercedes, bmw, etc. the more experienced thieves can and do. but the time and effort is not worth it to many. now, replace the cars i've mentioned with windows and mac os x...

You could already do that.

[Slithe]

PearPC is a PowerPC emulator that is capable of running versions of OSX up to 10.3. Since developing and testing exploit code should not take much resources, any cracker can run OSX well if they have a relatively modern PC.

Re:Macs have never been "immune" to viruses

[Foolhardy]

Since Windows NT 3.51, desktop objects have been the security barrier for USER and GDI objects like the window objects required for a shatter attack. Each desktop has a security desciptor which makes them fully securable. Microsoft documentation clearly specifies that privileged processes shouldn't create windows on the default interactive desktop. According to the design, it is a security error to put two windows on the same desktop which belong to processes of different privilege levels, the exact situation that a shatter attack requires to work. The fact that many pieces of software choose to disregard this is not a problem with the design of Windows's security system.

Since Windows 2000, the JOB_OBJECT_UILIMIT_HANDLES job restriction can be used to put unprivileged processes into a UI sandbox on a desktop where privileged processes have windows open. Shatter attacks won't work when the malicious process can't get a handle to the target window.

Re:Excuse me, but... huh?

[miketkrw]

There have been no true virus that I have heard of, although the media reports anything and everything as a virus. There was a trojan horse, but I do not consider stupid users to be an OS vulnerability. To install anything on OSX requires you must enter your admin password, unlike XP which will install anything with no warning at all. What more can Apple do? This whole thing reeks of carefully planned and released FUD against an OS that has evolved far beyond its competition and is gaining in favorability.

Still waiting

[Gorimek]

Just wait.

I've waited for the first MacOS X virus for many productive and fun years now.

Meanwhile, the wait for a freshly installed Windows machine to be infected was counted in minutes last I heard.

That is just a difference in degree, in the same way that the difference between my income and Bill Gates' is.

Re:Macs have never been "immune" to viruses

[The+One+and+Only]

It is impossible to run OS X as root.

I've done it. Set the login window to text input for username and password, and type in "root" and your root password.

Re:Car thieves steal Accords because they are comm

[phantomfive]

Thieves steal honda accords more than any other car. Not because Accords are better, but because they are more common.

Actually that's not true. Hondas are stolen more often because they are easy to steal. For example, most Honda Preludes from the 90s have a window that can be pushed in without breaking it, allowing easy entry. Also, actually starting the car without a key is relatively easy.

The people who target these cars steal them because it is easy. Often they will just steal them to show off to their friends or something, then after a joy ride dump them. In some places 90% of stolen cars are recovered because of this. These people are basically the car thief equivelent of script kiddies.

If you don't believe it, come to Modesto CA and I will show you what I mean.

Bullshit.

[Archeopteryx]

Changing processor architectures changes NOTHING about the good and careful design of the Darwin/BSD/OSX software stack.

This is just wishful thinking on the part of people who still respect Microsoft in spite of everything M$ has done to them.

Re:Bullshit.

[argent]

Changing processor architectures changes NOTHING about the good and careful design of the Darwin/BSD/OSX software stack.

You're excluding Safari, Finder, Mail, and LaunchServices from your definition of that stack then?

Re:Bullshit.

[Archeopteryx]

You think a change in processor architecture will change those items?

I don't.

Re:Bullshit.

[argent]

You think a change in processor architecture will change those items?

I think the idea of referring to them as having "good and careful design", at least as far as security is concerned, is hilarious.

Re:MSNBC is a MicroSoft shill

[The+Snowman]

Good, then don't give them your money. I think Microsoft still fall short of making a secure operating system, however, that's not my point. My point was in reponse to the parent poster, saying that they are borrowing some ideas from Unix. I was not referring to Windows being secure, but their improvements being satisfactory compared to the Unix features they emulate.

Re:MSNBC is a MicroSoft shill

[Moofie]

You've got a pretty low bar for "satisfactory".

Re:MSNBC is a MicroSoft shill

[The+Snowman]

I was not stating that it was satisfactory, but saying that's the issue. Actually, with some of the nitpicking in this thread, I've already forgotten what I was talking about.

Microsoft tries to improve security by borrowing from Unix. I think they fail. But they are making progress. Windows still isn't worth paying for.

Re:Apple == MS

[Keen+Anthony]

The only difference between Apple and MS/Bill Gates and Steve Jobs is cash. If history had run differently and it had been Apple that gotten to be the giant then there really wouldn't be that much change.

I think they are really two very different personalities. Bill Gates is competitive to the point of being a bit mental. He's still fairly pragmatic, but he has a win-at-all costs attitude. Steve Jobs is idealistic and dismissive. Had Apple won the war - even with Steve Jobs at the helm rather than Apple's other captains, I think the personal computer market would be far more balanced. We'd still have Amiga, C64, Atari, and TI in addition to the PC with all its OSen. Steve did hate the clones though, and he did put an end to them. Apple is very litigious, true. A lot of it has to do with animosity Apple has had with Microsoft and the anger the company has with PC vendors that have copied Apple's innovations while simultaneously trashing Apple. Yeah, at some point it gets childish. I think Apple was an angry, misdirected, company for a while, but it wasn't like SCO or Microsoft - companies that sue in order to gain strategic ground.

How many of you believe that is the media part of Sony that has been crippling the company by insisting on DRM that hardware consumers don't want?

I wanted to buy miniDisc but was overwhelmed with all that ATRAC mess. Grrrrr. I think even here though you've got a company that has more in common with Apple than it does with Microsoft. Sony does wierd things sometimes just cause it's Sony. Like Apple, Sony certainly doesn't care whether everyone uses their products, but they're so obsessed with their brand, the loyalist customers often get bit in the ass.

Re:But...but..but..

[killjoe]

Seems weird especially for a christian. What they are admitting is that the animal actually made a conscience and moral decision to have sex with a human and must be punished as a human. Christians don't normally recognize animals as having souls. We are supposed to have dominion over them.

Weird, but then again it's religion.

Re:Macs have never been "immune" to viruses

[Shannon+Love]

It is impossible to run OS X as root.

Actually it's trivial. Running code as root is marginally easier than actually logging in to the GUI as root, but neither are particularly difficult to do.

Not sure how you define trivial. The root user is disabled by default and can only be enabled by going into the network utility. The vast majority of users have no idea the root user even exist. The administrative user, which can su to root, is not the user default either. Even if someone is running as admin, they are presented with password request for every process launched. Most Macs spend most of their time running in standard user space making it hard to seize control of the machine remotely.

I would say that the biggest problem windows permissions is not the permissions model per se but rather the large number of legacy/poorly written apps that will not work under it. A lot of windows boxes are running exposed because their apps won't work any other way.

Harvard Architecture?

[compact_support]

PowerPC is not Harvard architecture. It has seperate L1 instruction and data cache, but that's it. Harvard implies that the instruction memory is in a distinct address space from the data address space, and that no instructions exist to allow one to write to the program memory.

Re:MSNBC is a MicroSoft shill

[drsmithy]

First, how about moving to least privileged users? Separating binaries and data: Program Files and Documents and Settings (usr/bin, /etc, /home). Shipping with only the necessary services turned on. Detaching IE from the OS. Sure, some of these have to wait for Vista, but they've already made improvements. Whether it is enough or is effective is up to debate, but Microsoft are making efforts.

These things are "taken from unix" only if your worldview ends at unix and windows.

Multiuser OSes were around before unix, and implemented better. Windows NT has always been multiuser.

Windows NT has always seperated user profiles from application files. Windows 9x has done it since about 1997 (although, obviously, it couldn't be enforced by filesystem permissions).

IE is no more "detached" (or "attached", for that matter) to the OS than it was before. It's architecture has remained basically unchanged since IE3 back in 1996. It's still just a shared component like khtml is in KDE.

Just about all the stuff you're talking about - and likely thinking of - aren't really changes to Windows at lower levels, they're just improvements in default configurations and UI.

Re:Macs have never been "immune" to viruses

[drsmithy]

Largely I would agree, except I would not describe the additional protection as marginal - realistically it has proven sufficient.

I would argue that it has hardly been tested, so one can't really say that it has "proven" anything.

The usefulness of non-root users in protecting the typical desktop machines is *vastly* overstated. The only reason most malware fails with a low privilege account is because it is poorly written, not because it actually needs the higher privileges.

I'd have to say that being callous I have little concern for the user's own data. They should be backing it up anyway*. Nor can I see an easy way of protecting it (a database style approach may work, where the data is owned by another user and only accessible via specific client applications, but this would be annoying for many reasons).

Never the less, it is still the most important data on the machine. An OS (and applications) can be reinstalled in a matter of hours. Some types of data can *never* be recreated.

(This is why the "but it's a regular user account" is bogus for machines that aren't servicing multiple users.)

Installing automatically executing code that survives between reboots, without alerting the user, is not something anyone has yet achieved - despite the fact that there have been known auto-execution AND privilege escalation issues, no one has yet been able to combine the two in a dangerous way.

Well, it wouldn't be particularly *hard* - just get something into the user's LoginItems.

Added to that, get a user to throw in a password to a sudo prompt wouldn't be difficult, to get something in /etc/rc.local.

Of course, viruses aren't the only threat. Trojans are increasingly significant (especially as virus-delivery becomes harder on Windows) - and the Mac is not substantially more 'trojan-proof'.

I would argue that trojans are *very* significant. They're certainly the most common vector on Windows. Pretty much every "email virus" for example, is/was a trojan, as are most ActiveX exploits.

Apple, like Microsoft, deserve shooting for not incorporating backup as a standard feature in their consumer operating system - selling it as part of a .Mac subscription is completely underhand.

Microsoft at least have always included a backup program with Windows. The UI - along with automation for typical useres - however, could use improvement.

Re:Excuse me, but... huh?

[argent]

Wasn't there a recent spate of OS X exploits, including a virsus or trojan of some sort?

There is no such thing as a "safe" file.

Re:Macs have never been "immune" to viruses

[drsmithy]

Not sure how you define trivial.

'sudo blah' runs 'blah' as root.

'sudo -i' gets you a root shell.

Every time you type in your password at one of those "Enter your password" prompts you are running the subsequent code as root.

'sudo passwd root' enables the root account for a GUI login (assuming you type in a password).

I would call all of those fairly trivial.

The root user is disabled by default and can only be enabled by going into the network utility.

Because of the primitive unix security model, "disabling" the root account doesn't stop the ability to run code as root. It just stops you being able to directly login as root.

The vast majority of users have no idea the root user even exist.

Never the less, they are running code as root every time they type their password into one of those graphical (or console) sudo prompts.

The administrative user, which can su to root, is not the user default either.

This is not correct. The default first user created on an OS X system *is* in the admin group.

Even if someone is running as admin, they are presented with password request for every process launched.

Most of which are spurious. An "admin" user on OS X can do a *lot* of damage, even without elevating their privileges. Just because all your legitimate applications like to spam the user with password prompts, doesn't mean malicious code will.

Most Macs spend most of their time running in standard user space making it hard to seize control of the machine remotely.

I'm not sure what you're trying to say here.

I would say that the biggest problem windows permissions is not the permissions model per se but rather the large number of legacy/poorly written apps that will not work under it. A lot of windows boxes are running exposed because their apps won't work any other way.

This is certainly a problem. It is not, however, a problem that can be blamed on either Microsoft or Windows, certainly not any more.

Re:But...but..but..

[Jay+Random+the+Other]

And nowhere near even the ground floor of the ridiculous things done in the name of atheism. Read The Black Book of Communism lately?

Proven historical fact: People will kill each other for any damn fool excuse, or for none at all. Although a pissing contest over one's favoured OS has yet to yield any reported homicides, probably because few /.ers are capable of the level of face-to-face human interaction required to commit murder. HHOS.

Re:Macs have never been "immune" to viruses

[drsmithy]

For those who don't want to click, IIS5 is "Moderately Critical", and Apache 2.0 AND 1.3 are both "Less Critical". Being as these are the most popular versions of these servers... I think you're just a shill. Stop spreading FUD.

I encourage everyone to open up those links and draw their own conclusions. One thing you may wish to consider are the relative numbers of exploits - 28 vs 9 - of Apache and IIS over the last 3 years.

Re:Yes, and ...

[toddestan]

-Noone- tries to steal my old piece of s**t. And I do not even have an alarm system. And I leave the keys -in- it.

Just wait until you come accross the other type of car thief: The kid who wants to go joy riding and will take whatever he can get started. Most of these kids are known to target old, crappy cars because they are easy to get started and less likely to be missed right away.

Waiting for them to be right?

[Enrique1218]

Ah yet another prediction that Mac OS X is going to be swarm with viruses. Yawn!!! What is this, the 10000th one? This article should be modded -1 Redundant. Here the theme, "As soon as its it marketshare get bigger, the viruses will come. Apple won't be ready. You'll see". But, if I go online and search today for Mac OS X viruses, I can't find any information about specific viruses or stories about infection. Hell, I couldn't infect my Mac if I wanted too!!! It is obvious we are still in hypothetical land. Equally obvious, virus writers are going to attack the platform with the largest marketshare and Apple has been in single digits for the past 8 years. So, why am I going to spring money for antivirus subscription when there is no virii out there. But, I'll bet one day that they will be right. Shit, a broken watch is right twice a day. Until then, I going to keep on computing with an extra $60 in my pocket.

Re:Car thieves steal Accords because they are comm

[mscamara]

Not to say anything about the fact that macs being more expensive, scrip kiddies don't always have their hands on one to learn to to exploit the system....so unfamiliarity with and os X and the g4 processor. I am not a programer but I believe I can safely assume that you have to have some intimate knowledge the of the target system hardware to take advantage of things such as buffer overflows and the likes. Most people who use the ibm power processor are likely to be professionals, not some one in some basement.

Neither...

[dark-br]

... Duke Nuken Forever will go gold first!

Re:Macs have never been "immune" to viruses

[strider44]

ha! I didn't even realise that as I was writing it. As normal for any internet posts, my post accidentally says more then I wanted it to say.

To tell the truth I didn't think about the connection between Apple and apple. I was just thinking about all the apple exploding videos around - it's probably the fruit that's most fun to put a bullet into.

I'm sorry but...

[lowededwookie]

How does merely changing to a different processor automagically open one up to viruses?

A virus is OS dependant not processor dependant and therefore there is equal chance of PPC OS X getting the same virus as Intel OS X if the virus writer has any degree of skill - although very few virus writers seem to be anything more than just little pathetic script kiddies.

Bring back the good old days where viruses destroyed your BIOS and knackered the bootsectors of your drives.

Re:Macs have never been "immune" to viruses

[elhedran]

Even if someone is running as admin, they are presented with password request for every process launched.

Most of which are spurious. An "admin" user on OS X can do a *lot* of damage, even without elevating their privileges. Just because all your legitimate applications like to spam the user with password prompts, doesn't mean malicious code will.

Huh? you do realize that the code that results in the root password being needed IS NOT the code that opens the dialog. No dialog, no permissions. Its like this..

• malicious code: I want root permissions please
• OS X: I'll just check with the user first
• User, Huh, no I don't trust "Bob's Super Smileys" that much. cancel
• OS X: Sorry, you don't get root permissions
• malicious code - FAILED

You can't write code that does root stuff without a password coming up. There is no way to bypass this except possible bugs in the OS X code. Legitimate applications don't spam the user with password prompts to be nice, they have no choice. Write some code requiring admin access some time and find out for yourself. Now you can rely on user naivety (I suspect a lot would trust Bob's Smileys). But if you think you can get away without the password being asked you don't know that much about how user and process permissions work.

Re:Macs have never been "immune" to viruses

[drsmithy]

You can't write code that does root stuff without a password coming up.

You're missing the point. There's a great deal of things that can be done *without* requiring root permissions. For example, deleting or modifying just about everything in /Applications and many things in /Library does *not* require any privilege escalation if a user is in the admin group ("admins" have write permissions to those locations and most files in them).

Legitimate applications don't spam the user with password prompts to be nice, they have no choice. Write some code requiring admin access some time and find out for yourself.

Anytime I - as an admin user - run a program installer than does nothing more than copy some files in /Applications and maybe ~, and it pops up a password request, I am being needlessly spammed. My user alredy has write permissions for that location, the machine shouldn't need to ask for any privilege escalation.

I've seen several application installs that do this, and they shouldn't.

However, it may just be that the developer has told the Installer to do something "tricky" - maybe chown the copied files to root:admin - and that's why the dialog is raising. I haven't looked into it that closely. I'd still consider that dialog spam, as well.

Now you can rely on user naivety (I suspect a lot would trust Bob's Smileys). But if you think you can get away without the password being asked you don't know that much about how user and process permissions work.

I know more than enough about unix permissions to see that a user in the "admin" group has write access to places like /Applications and /Library, and that this is a possible vector for malicious code to delete or modify files in these locations.

and I call bullshit on your nonsense

[Scudsucker]

Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.

Bullshit for two reasons: you have many millions of computers in business and government that wont have credit card data to steal, as opposed to personal machines. The second reason: Macs cost more than your bargin basement PC's. So going after Macs would be a much better investment on your hacking dollar, because your number of false positives would be reduced enourmously, and the numbers you WOULD get would be from people with better finances (and credit ratings). Besides, if viruses writers go where the money is, why has IIS had far more exploits than Apache? Apache has more marketshare and runs commerce sites all over the globe.

Furthermore, the main reason people write viruses isn't to collect information, it's to make an impact on the world and for "props", as other posters have pointed out. Say you write a show stopping Windows virus that brings millions of Windows boxes to their knees. BFD. It's been done a thousand times before. However, if you wrote the first show stopping Mac virus, you'd go down in history as the first guy to do so.

So, once again: marketshare has nothing to do with it. If Apple had 95% of the industry, they still wouldn't have Outlook, Active X, piss poor privledge separation, or dozens of ports and services open by default. Microsoft would.

Re:Car thieves steal Accords because they are comm

[Scudsucker]

Not because Accords are better, but because they are more common.

No, not because they are more common. Because they are easy to break into (see other posts), and because Hondas hold their resale value very well.

Re:Macs have never been "immune" to viruses

[elhedran]

I read back over it. I accept I might have misinterpreted the point.

Although I hadn't realized the Applications directory was writable by the admin group. thats terrible. I had thought(assumed) it was the wheel group like /System. I'm going to have to look more closely into exactly what the difference is between the wheel and admin groups. Although I can't think of any reason to have that folder default writable by admin and I can't think of any way that could still be safe.

Re:Macs have never been "immune" to viruses

[JulesLt]

>I would argue that it has hardly been tested, so one can't really say that it has "proven" anything.

As atheists have long known, it's almost impossible to prove the absence of something, despite the complete lack of evidence for it's existence or nature. Faith always wins out.

I would argue that (as per first post) that you can, at the very least, compare OS X with Classic - the threat level is about the same, and we are seeing almost nothing. It is certainly not for want of effort.

I am not disagreeing that Mac security is often over-stated. There have been two KNOWN problems that I would categorise as genuinely critical - the 'auto-install widgets' incident, and the issue covered in the parent article (failure to detect a file is in fact a shell script). The only reason either didn't spread widely is definitely down to market-share - 2 weeks would be long enough to cause substantial problems on unprotected PCs.

However, I do think the threat hysteria is often over-stated - every other vulnerability, including the 7 outstanding issues, has been as meaningless and low-threat as your typical reported Windows or Linux vulnerability. (As you note, the main vector is trojans, not code embedded in JPG on web pages).

Mac users do also have the useful advantage that even a slight potential threat makes mainstream news coverage.

Re:MSNBCFUD explained - part deaux

[mgabrys_sf]

Well sonofagun - Apple's running Windows viri ads on their website and tv this week. By qwinkydink! What a coincidence. Think someone in Redmond got a leak-tape early and went into dammage control.

Naw - they're too smart for spite FUD. Too - too - smart.

drsmithy is a MicroSoft shill

[tm2b]

Are you seriously suggesting that Windows NT was around before Unix? You do realize that Unix dates back to 1971, don't you?

Some people like to point out that Windows NT inherited a lot of its concepts from VMS, which did predate Unix. However, while NT on paper took a lot of concepts from VMS, in implementation it tended to sacrifice them in the interests of perceived at-keyboard performance.

And even that said, VMS was first seen on the VAX in 1977, and its first non-beta release was in 1978.

Other, older OSes did have different multi-user paradigms, but they were far, far more baroque than the simple file/directory ownership one that most modern OSes inherited from Unix and tended to be based more on volume ownership than file ownership (because they in turn tended to look at the world as a series of mounted tapes rather than random access hard drives).

Re:drsmithy is a MicroSoft shill

[The+Snowman]

I may not remember this precisely, but I think what really happened is Microsoft hired an old Unix programmer to work on Windows NT. They used some BSD-licensed code, but by the time NT 3.5 got out the door, the vast majority of the code was rewritten anyway. So it wasn't really based on Unix, they just hired a guy who was part of the old-school Unix community. I could be wrong though.

Re:drsmithy is a MicroSoft shill

[WinterSolstice]

The man you're thinking of is probably Dave Cutler from Digital Equipment Corp (DEC). As you may or may not know, DEC created VMS in 77/78.

He brought things like the Hardware Abstraction Layer (HAL), the finely grained (non-unix style) security, etc. Windows is still far ahead of the default Sun/Linux type file security.

Unix until fairly recently contained only a pretty rudimentary security - rwx. It has some gaping flaws ( like setuid ), and still doesn't have the security that DEC had in the early 80s. Most of the "security features" in modern OSs come from a continual hardening process, and tend to be based on reactions to environment and co-evolution more than borrowing from a specific progenitor.

-WS

Re:drsmithy is a MicroSoft shill

[drsmithy]

Are you seriously suggesting that Windows NT was around before Unix?

No. And re-reading my post, I can't even begin to see how you got to that conclusion.

All I was saying is that multiuser OSes - especially as a concept, rather than specific implementations - had been around before (and since) unix. To say NT copied *Unix* (and only Unix) to get its multiuser design is ludicrous - it doesn't even pass the laugh test. It would be like saying .NET copied the idea of a VM from Java (and only Java).

Unless, of course, your worldview begins and ends with Unix and Windows.

The point I'm trying to make here is that saying "NT is copying Unix" (or, even sillier, "Linux") is simply wrong. In the very few cases where there are actually new features being implemented which also exist on Unix, those features also existed elsewhere prior to their existence in Unix.

Other, older OSes did have different multi-user paradigms, but they were far, far more baroque than the simple file/directory ownership one that most modern OSes inherited from Unix and tended to be based more on volume ownership than file ownership (because they in turn tended to look at the world as a series of mounted tapes rather than random access hard drives).

Uh, NT's "multiuserness" is a lot more complex than simple file/directory permissions - particuarly the crude and primitive root/not root and user/group/other divisions found in Unix. Access to just about every object in the OS is governed by per-user ACLs. There is no concept of a "superuser" in NT, for example, and hence the security flaws that come along with that concept are absent. If anything, NT is *more* "multiuser" than Unix is.

Are You An Expert? Or Just A User With An Opinion?

[Makarakalax]

No offence, but you sound like a user, not someone who actually knows much about operating systems. As someone who knows a fair amount about operating systems, I conclude Windows is very useful, but it is poorly designed with a good deal of rushed implementations. It doesn't compare favorably to Unix in terms of design.

I'd like an OS expert to comment, but I've yet to meet one who isn't zealoted in proposition of Unix, or something really obscure (Plan9 anyone?), so it's hard to get a decent comment out of them. In my experience.

Re:Are You An Expert? Or Just A User With An Opini

[IAmTheDave]

No offence, but you sound like a user, not someone who actually knows much about operating systems.

While not a kernel hacker, I do know a good deal about operating systems, having studied them relatively instensly in college.

The reason that you find UNIX zealots is because the UNIXes were written so many years ago and still represent the best in OS design and development. Plan9 was also an incredibly solid OS, although the laptops it ran on were a ton if they were a pound.

My point was in relation to the parent of my original post, who insisted that Windows ability to be hacked was because it was a piece of shit. On the contrary, for the amount of third party drivers, software, and backward compatability in Windows XP and 2000, the Windows OS is indeed quite an achievement. Would I like to see MS concentrate more on security? Sure. But one of the reasons that OSX may be more secure is that they own a lock on driver interaction, hardware compatability, and have several times shunned backward compatability in the OS.

My point was simply that there is still a lot of improvement to the security model that all OSes could use. Windows is hardly alone in the world of insecure OSes.

Re:Car thieves steal Accords because they are comm

[mrchaotica]

Someone likes those Integras.

FYI, that's because the thieves take the engines out and sell them to all the ricers that want to soup up their Civics (because Integra engines are more powerful, and fit with little to no custom work).

Re:Macs have never been "immune" to viruses

[drsmithy]

I would argue that (as per first post) that you can, at the very least, compare OS X with Classic - the threat level is about the same, and we are seeing almost nothing. It is certainly not for want of effort.

I have to disagree. OS X's marketshare is much smaller - *especially* as a relative measure - than Classic's was.

Really, OS X machines are simply not on the radar of malicious coders. There's not enough of them to be useful as distributed networks of any type and very few enterprises use OS X Servers in "useful" (from an exploitation perspective) mission-critical roles. To be blunt, there's hardly any reason to target Macs (as a general thing) in the first place.

Added to that, it's my feeling that the end-user demographic of MacOS has moved away from its historical "clueless user" base in recent years and is now largely made up of people who - while they might lack in-depth technical knowledge - are accomplished and experienced computer users able to identify most scams(/trojans) for what they are. Plus, as you note, news spreads fast in the Mac community - scams are relatively short-lived and the majority of machines are patched and up to date.

Even ignoring marketshare - which I firmly believe to be an integral part of a platform's "perceived security" - OS X simply doesn't have the same risk profile as Windows. Neither does Linux, for that matter, but mostly for different reasons.

IMHO, until marketshare levels are at least in the same ballpark, meaningful comparisons based on "security reports" are impossible - because there's a whole bunch of other stuff that comes along with increasing marketshare that dramatically changes the risk profile of a platform. If Linux and OS X were to (collectively) get up up around the 40% - 50% mark of the Desktop market, then I'd say meaningful comparisons could start to be made, based on things like how frequently exploits occur, their impact, etc, etc. Until then, no chance.

No superuser in NT?

[Lotharus]

Er, then what do you call the Administrator account?

Granting that I may hold a misconception of the definition of 'super-user'. But you can't hide anything from Administrator, nor can you deny any permissions to the Administrator.

Re:No superuser in NT?

[drsmithy]

Er, then what do you call the Administrator account?

An account with a lot of privileges.

But there are other default accounts with more - SYSTEM, for example.

Granting that I may hold a misconception of the definition of 'super-user'.

A 'superuser' account is one that effectively bypasses the entire security system. Ie: anything that checks permissions basically does the equivalent of 'if ($USER != root) then check_permissions() && do_stuff(); else do_stuff();'

But you can't hide anything from Administrator, nor can you deny any permissions to the Administrator.

Yes, you can. Many a newbie NT user has locked themselves out of - if not completely disabled - their entire system by removing or denying Administrator or SYSTEM access from critical files.

An Administrator account in NT can't do anything unless permissions are specifically granted for it to do so. In theory, there is nothing inherently "special" about the Administrator account. OTOH, the very definition of root is that it *can* do 'everything' without needing permissions - it *is* special. The fundamental unix security model is that you're either root, or you're not - and if you're not, what you can do depends on file permissions and what groups you're in.

Re:No superuser in NT?

[Lotharus]

Sir, I stand corrected. :-) Thank you for the informative (and not condescending) reply! Someone mod this fellow up [Informative].

Cheers.

Re:Macs have never been "immune" to viruses

[The+One+and+Only]

I never said it was enabled in the default configuration. I only said it was possible.

Re:Are You An Expert? Or Just A User With An Opini

[Makarakalax]

Yes I have to agree, nix security is just waiting for attention. I imagine bash or just plain sh could produce a fair amount of malware. Bash is powerful and is basically installed on all *nix which removes the "heterogenous environment" argument.

You could always use wget to grab a platform specific version of yourself if you were spyware/malware anyway.

And anyway, it's mostly social techniques that get most malware on boxes nowadays. All those activex controls tend to require dialog confirmation, but they target kids sites and the kids just ok everything.

I don't think Vista plans to address that, but of course, Macs don't either.

Re:Limitations shlimilitations...

[bananaendian]

Your points raised a number of things worth mentioning.

I think using W2K/FF/Eudora/Pegasus instead of XP/IE/Outlook has benefitted me greatly over the years. First of all a virus arriving at my email client doesn't have a chance since it's so old it cannot even open attachments or view complex html. W2K has been patched up pretty well with SP4+SR2. IE on my machine is disabled as far as possible and its internet connection is banned. A small program sits on the registry and notifies me if some process wants to change it. And finally a software firewall, and in the end my hardware firewall on the router will block any attempts by unknown software doing anything I don't like.

So as you can see, I'm not just complacent about not using anti-virus software but I've actually found a better alternative. This way I'm in control and don't overburden or impede the machine's daily functions. BTW: I do also run an Apache/SSL and SSH servers on this same machine so those firewalls are there for a reason.

I would comment on your doubt as to the security of Firefox. Indeed it is very likely that vurnerabilities will be found in it. However this does not make it unusable. Any kind of virus software won't protect you against birthday viruses so as long as you keep uptodate with news on the current vurnerability situation out there while keeping your nose clean of unrealiable sites you're very unlikely to be the first one hit by it and consequently will have warning in advance to avoid and patch up any such vurnerabilities.

At the end of the day you have to balance your needs and requirements in the altar of security vs. usability. I've found that virus-software impedes usability too much without giving me much security in return. But taking regular backups and having a spare machine also helps. :P

Re:Car thieves steal Accords because they are comm

[feijai]

Now THAT was an informative comment. I learned something today.