Slashdot Mirror
Macs May No Longer Be Immune to Viruses
Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"
One might wonder why this (non-)story is featured on the front page of MSNBC... ;-)
:%s/Open Source/Free Software/g
YTARY!
They never were immune. It's just that most virus writers don't give a crap about Macs.
Maybe we'll be seeing x86 and PPC virus fat binaries?
Never underestimate the power of stupid people in large groups.
What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.
I'm not even a Mac user and I still call FUD on this one. TFA was so slim on detail it was impossible to work out what had actually happened, and after searching for real info it turns out the virus, Leap.A, needs a root password to do any damage. Better article here: http://edition.cnn.com/2006/TECH/04/30/apple.secur ity.ap/index.html
"I've got more toys than Teruhisa Kitahara."
Why does Slashdot continue to post Apple-related non-stories? Every time Steve Jobs farts or some idiot proclaims the coming Mac-Virus-Mayhem (tm), Slashdot takes the bait.
This MSNBC(!) story contains no facts whatsoever. No piece of significant OS X malware has been discovered so far, and I believe it's highly likely that there won't be any in the immediate future. WTF does the Intel switch have to do with that?
Anyone knows you don't get something for nothing.
Viruses for all different operating systems exist.
There are holes and exploits for practically everything known to man.
Now, if I walk into the dodgiest parts of town (with my turtle neck sweater on) and ask the shady guy at the street corner for a forbidden secret preview of the next big thing do you really think I will survive with the same number (and size) orifices as I started with?
Once you leave the beaten track, you cannot be sure what lurks in the shadows.
liqbase
Nor even markedly more resistant. They have just been less targeted.
Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.
CNN is carrying this article and so is msnbc, however no one mentioned the viruses name. I swear this is old, it sounds like the OSX/Leap-A incident that occurred back in early February. It wasn't even a virus is was a trojan horse. Apple will patch for this like they did the others and life will go one. At least Apple patchs for these unlike Microsoft that just recommends installing its "beta" program to "fix" the problem or some other 3rd-party software that may or may not cost even more money.
If your new powerbook is running BootCamp and your currently using XP then you need to lower your expectations, its a Mac, its running a flawed OS, so unless your careful you are going to end up with a virus, just like the other X Million windows users, regardless of hardware.
If your running OS X then I'd say your risk is just that bit lower, its a less flawed OS. My last check showed 4 viruses aimed at OS X; (Symantec) OSX.Leap.A; OSX.Inqtana.A; OSX.Inqtana.B; MacOS.MW2004.Trojan; Which is a few orders of magnitude less than for Windows XP (Nevermind all the other versions).
Sure the OS X on intel has shown a few flaws and sure some of them will be exploited but its a world away from the threat to a Windows Machine. I dont think that there is an OS out there in common usage that isnt succeptable to infection, its all about how prevelent the threat is.
Take your chances and see where it leaves you.
No-one can deny that with growing popularity of OS X that it becomes an increasingly attractive target. Malware writing works on similar economics to regular software: this implies that malware will exist but be a niche deployment. So it is a concern, but not the end of the world, or of Apple, as the world likes to regularly predict.
/less/ vulnerable than the mainstream desktop OS. The thesis that using an intel processor increases security risks is not true - OSen don't allow direct hardware access as such, and how many script kiddies write x86 microcode?. Running Windows on a IntelMac may potentially increase security probems, and reduce the Macintosh (not OS X) brand reputation for security. It depends on how the 'wall' between x86 file access and OSX file access is implemented.
The article was mixed in accuracy. Many Mac users believe themselves to be invulnerable - the truth is they are currently
Nothing in IT or anywhere else is 100%. Currently OS X is more secure in many areas than its competitors. To maintain or improve on this, constant vigilence and innovation are required by Apple, ISVs and most importantly users.
I wonder what percentage of some anti-virus software company's profits are a direct result of this article.
I'm in denial about invisible pink unicorns too. Put up or shut-up.
Direct away from face when opening.
The advisory is from 9 days ago. It is from a company that would like to sell you stuff related to its advisories. No known instance of the alleged flaws exist publicaly. The descriptions of the flaws do not support the conclusion of either a DOS attack being possible or compromising of one's system. As such, I invite you to use this flaw to do anything to my Mac.
Or, even present me with a URL where I can observe the alleged flaws in the wild.
Your handle, Whiney Mac Fanboy (963289), should be a tip-off that you are not posting about this matter in good faith.
I'm calling bullshit on that. True, Macs haven't been tested with a huge market share like Windows has, but you seem to be using that as proof that Macs have as bad-a security model as Windows. My favourite analogy to this is asking which one is more bulletproof, an apple or a kevlar vest. You'd shoot the apple into smitherines then say "Obviously the kevlar vest would crumble similarly if I shot it therefore neither are bulletproof".
You're right that they have never been "immune" to viruses. I don't expect you to say something stupid like that *nothing* is immune to viruses unless you can successfully hack my hello world program, but macs definitely aren't. That doesn't mean they're as bad as Windows though, so if you say something like "Nor even markedly more resistant" how about you back up that comment...
The Year of the Linux Desktop
or
The Year of The OS X Viruses
Inquiring minds want to know.
I gots ta ding a ding dang my dang a long ling long
This is completely off-topic so will doubtless be modded as such. You will actually find that the lines: "And magnify Mohammed and his followers as thou didst magnify Abraham and his followers..." "And bless Mohammed and his followers as thou didst bless Abraham and his followers..." are recited (at least) thirteen times _per day_ in the compulsory Muslim five daily prayers. Now what use would these lines be if you didn't know whom Abraham or his followers were? The key is context, in order to find out what those lines are teaching, you have to go and do a little bit of historical homework on Abraham and why he was such a good pal of God's, to the extent that people living thousands of years after Abraham are still being taught to behave like him and his congregation. Similarly, for the verses mentioned above, context is needed otherwise the lines can easily appear to be contradictory. The verse about not taking Jews and Christians as friends is very often misused by Muslims and non-Muslims alike. But the actual historical reference (remember, that histroy homework again is needed), actually refers to when the northern Arabian tribes were becoming politically unified through their common adherence to Islam. Just as the Vatican or Israel would hardly trust its affairs to, eg, Iran or Saudi Arabia, and not necessarily because of antagonism but merely due to sensible political considerations, the same was true at the time for the fledgling Arab-Muslim state. Political Islam, or indeed Christianity or Judaism, is somewhat divorced from how you should treat your neighbour: it is how one nation should treat another. The verse about taking Christians as friends is the non-political way in which Man should deal with his brethren in the world, holding up the pious Christians of the time as an example to be followed. One can therefore easily ascertain how consistency is not lacking between the two verses, merely that people do not do their homework.
I'd take an Apple spokeswoman's word over Tom Ferris's word. He's fairly good at finding crash bugs, but he frequently reports zero dereferences as "buffer overflows", etc. See his record in bugzilla.mozilla.org, for example, starting with bug 303433. I have no idea why the media keeps calling him a security expert.
I call bullshit.
By your logic, because Apple now has a much higer visibility, it is a more likely target for viruses.
This is true, and I'm not going to argue with it. However, your reasoning behind it is faulty. Just because it is now being targeted more, does not mean that we are going to see huge numbers of viruses cropping up for OS X.
Heck, the "virus" described in the article isn't a virus at all. It's a trojan, and a shitty one at that. The guy downloaded an executable from an unknown source, and willingly ran it. "strange commands ran as if the machine was under the control of someone -- or something -- else."
Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.
What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password. It is impossible to run OS X as root. If a program's trying to screw with your settings and files, you're going to know about it! Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).
By your logic, because approximately 70% of the internet's web servers run Apache, we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, and because administrators are generally not stupid enough to run unmarked executables.
OS X and unix are inherently more secure by design than Windows is. This is a known fact that has been proven by time. I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case. 95% of Windows viruses, trojans, and spyware would not be possible on OS X or unix simply due to the design of the OS.
Likewise, the article points out seven new vulnerabilities that were discovered two months ago that have yet to be patched, and draws the conclusion that "They didn't know how to deal with security", but later admits that the vulnerabilities wouldn't actually allow someone to execute malicious code on your machine, and that they're being rolled up into the next OS X security update. (Coincidentally, I've got to praise apple for their cumulative and bundled security updates. It makes it TONS easier for end users and administrators to install the updates, avoids confusion, and makes it significantly more likely for these people to install the updates to begin with, compared to the many crypticly-titled windows security fixes and the ActiveX horror that is Windows Update)
In short, the entire article is a piece of crap. Sure, OS X isn't perfectly safe, and it's a given that any system is vulnurable to a stupid user. However, it's damn better than anything else out there. Shame on slashdot for posting such a poorly-researched piece like this.
PS. Do not blame MSNBC for the content of the article. The article came through via the Associated Press, and appears on Cnn.com in addition to a plethora of other sites.
-- If you try to fail and succeed, which have you done? - Uli's moose
Nonsense. Microsoft is the target of viruses and spyware because of Microsoft's moronic design decisions and security policies AND because of marketshare.
Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.
The fact that it's so trivial to exploit Microsoft software is purely because of the moronic design decisions and security policies, not because of marketshare. But the fact that Microsoft is so frequently the target of virus writers is a function of marketshare as well.
Incorrect. OS 9 and prior certainly had viruses, despite a market share comparable to OS X based machines. Not as many as Windows, but enough to cause problems for Mac users. Hell, I remember virus problems on Macs when the only way of distributing a virus was by floppy disk and the operating system was held in a ROM.
OS X is substantially more resistant to virus attack than all prior Mac operating systems, and most default Windows installations.
That doesn't mean it's 'immune'. Equally an increase in popularity will almost certainly raise the threat level - but that doesn't change the fact that the underlying system provides better protection by default. Failing to be 'immune' does not mean 'equally vulnerable'.
The default installation implements much of what corporate Windows admins have to implement to secure a Windows system / will be implemented by default in Vista.
Obviously there are other Unix systems that are still more secure - some security has been sacrificed for ease of use. It would be much more secure if new startup services and firewall changes had to be manually configured - but users won't stand for it. (Hence why we got in this mess in the first place).
'Capitalists of the world, unite! Oh
Seriously, it's way too easy to have a go at this MSNBC BS. What is more worthy to note is the frequency and desperation with which these articles keep appearing, claiming sleeping beauty mac-users are in imminent danger if they continue to refuse to take part in the virus paranoia of the Windows world.
I have been using W2K with no anti-virus software for years with no side effects. Sadly and with amusement do I follow the antics of my fellow XP users with their shiny anti-virus crapware popping up redundant warnings and notifications and slowing the machine to a crawl. And to top the irony they have to turn off anti-virus whenever they install anything or run certain software. And when you go to your workplace or school the machines there have been made almost entirely useless by over zealous protection software.
Having a go at Macs for security is either stupidity or plain propaganda. Security doesn't come from anti-virus programs. It comes from the underlying architecture of the OS and the third-party software having to comply with the security principles of the underlying architecture. Anti-virus software only protects the computer against clueless users and thus it can be claimed that any computer/OS architecture requires some.
And as for the age old user base threshold argument I'm still waiting. OSX has been for some time the most common UNIX based OS. It is remarkable how little vulnerabilities have been found considering the amount of software and services running on OSX by default. Thus, comparatively, statements involving OSX and poor security continue to be plain ludicrous.
As for me I'll merrily continue running my apparently 'immune' W2K box (behind two tailor made firewalls) and wave my greetings and encouragement to my fellow mac users.
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
I'll believe that when I see water running uphill!
Join the anonymous, help develop the network: http://www.i2p2.de
no system is 100% virus free. there may be systems that have probability that is very low.
people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.)
ignorance is the problem. education is the solution. it may be easier to avoid getting worms and viruses in linux than windows but educating a user might be able to avoid the same with windows as well.
Live your life each day as if it was your last.
I've been running sophos anti virus software on my mac since, well, since they became available. Thing is, apart from updating itself once in a while I haven't had ONE virus showing up. Every now and then I even scan my system. Just for kicks (I'm easily excited).
Apart from all the other "usual crap", I wonder how this type of articles make it to mainstream news outlets. Even Steve Jobs' brand of underwear would be more newsworthy than this kind of FUD.
There is - like in most of this type of journalism - no real defense against it. Whatever argument you use against "two guys encountering something weird" in "serious news outlets", you must be a mac zealot in denial. Right?
I think, therefore I am...I think.
That also describes the majority of Windows "viruses".
Don't bother with silly semantic games that only Slashbots care about. In the media when they say virus, they're talking about malware in general. Most Windows malware falls into the "trojan" category and requires varying levels of user interaction to get started.
Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.
I do, because it's by far the most common vector for malware and, indeed, all security breaches.
It's also damn near impossible to defend against programmatically.
What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password.
Bollocks. For a start, any user can delete files they own - ie: the most important data on the machine.
Secondly, any user's account can turn the machine into just about anything an attacker might want, include allowing a remote login for further attempts at privilege escalation (because the OS X firewall is disabled by default).
Finally, any user in the Admin group (the default for most users) can delete (or modify !) not only just about everything in /Applications, but also other "system" files in /Library and /System.
It is impossible to run OS X as root.
Actually it's trivial. Running code as root is marginally easier than actually logging in to the GUI as root, but neither are particularly difficult to do.
If a program's trying to screw with your settings and files, you're going to know about it!
Highly doubtful. Most users have no ideas what processes run on the systems and even fewer actually monitor them.
Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).
Windows's file permissions - indeed its security capabilities in general - are vastly more capable that OS X's.
In short the whole "but root is disabled" argument (and variants) is largely irrelevant. Elevated privileges are simply not required for the vast majority of things malware wants to do.
By your logic, because approximately 70% of the internet's web servers run Apache, [..]
(Wow, the good old Apache argument, what a surprise.)
Websites != Servers.
Also People Running Apache != People Running IIS. The bar for running an Apache server is set higher.
[...] we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, [...]
Actually we do. For the last few years, Apache has had a worse security record than IIS.
[...] and because administrators are generally not stupid enough to run unmarked executables.
Users are not administrators. Users have *extreme* difficulty identifying malicious code before running it.
OS X and unix are inherently more secure by design than Windows is.
False. There are many aspects of traditional UNIX "design" - including that in OS X - what are inherently less secure than Windows. For example, the concept of 'root'.
I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case.
Firstly, the product OS X was is actually a touch older than NT. Secondly, it was basically yet another reimplementation of the flawed unix "design".
Antivirus vendors are looking for new markets to expand. Especially with looming Microsoft extrance into anti-virus market.
Apple users were Just (much) safer then windows. And less of a target. But in no way were we ever immune.
---- Booth was a patriot ----
It's important to "throw poorly researched stories to the wolves" once in a while, so people can pick them apart.
I, for one, am happy when Slashdot finds these stories with ridiculous claims or patently false information and brings them to our collective attention. Otherwise, as an I.T. professional, it can become really frustrating when a client drags one of them out as ammunition to back up a potentially bad business decision. If you're previously unaware of such an article and it suddenly gets thrown in your face - you're put on the spot to defend against it.
This is the same "virus" that we talked about in February. link 1, link 2. The CNN (AP, really) article mentions Benjamin Daines as finding it. MacRumors forum post from Benjamin Daines dated Feb 13 whining about how he was duped by someone posting a link to said trojan. We've gone over this before. This is nothing new. Must be a slow news day at AP...
This sig intentionally left justified.
"The bottom line is we still feel more comfortable using a Mac than a (Windows) PC," said Alan Paller, director of research for SANS.
But as Daines can attest, there are no guarantees.
"We're all sort of waiting with bated breath to see if any problem will happen and the jury is still out," said Thayer, the independent security consultant. "I don't think you'll find a consensus."
The article seems to be saying, "look, two people with Macs got infected with a virus! Now Windows is more secure than the Mac." For some reason, I trust the director of research at SANS more than this British chemical engineer or the "independent security consultant." Macs have never been immune to viruses, it's just that there are thousands of times fewer Mac viruses than PC viruses. And this is still the case.
Real car thieves respond to market forces and steal the car that either needs the most repair parts or will sell the easiest on the black market. For a while, Hyundais were a popular theft car, not the most popular on the road, but needed the most parts...
Fascinating.So
Machines can only be infected by:
Worms
Viruses
Trojans
Worms spread via open ports. If Macs have no open ports by default, then the worm threat should be near zero for Macs.
But you say that it is just because there aren't a lot of Macs out there. So
Fascinating.
Still, I WOULD like to see Apple try to do more to keep OSX secure. The system should only allow its system directories to be modified in single user mode -- I'm pretty sure BSD has a flag for that. I'd also like to see downloaded applications run as some other user that isn't allowed administrative access to the system at all, password or no. They'd probably have to make some changes so that the user could be restricted from changing its user ID to minimize the damage of people providing their passwords blindly when the dialog comes up. Allow the user to take explicit action if they want the application to be able to run as the regular user.
It still wouldn't be a perfect defense, but nothing can help you if the user's going to bend over backwards to give an application access to the system. Operating system companies really should err on the side of paranoia whenever possible.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
If the installed base size is the critical factor for exploit success, then why are there more successful exploits for Microsoft IIS than there are for Apache?
Take care,
brad
So. Not Accords. But get the picture? Nine year old Civics? The most common cars stolen are those which are owned by people living in the neighborhoods where thieves operate.
What really matters is no the most common car stolen but the car with the highest rate of theft. And for that, the top ten are: 1999 Acura Integra, 2002 BMW M Roadster, 1998 Acura Integra, 1991 GMC V2500, 2002 Audi S4, 1996 Acura Integra, 1995 Acura Integra, 2004 Mercury Marauder, 1997 Acura Integra, 1992 Mercedes-Benz 600. Someone likes those Integras.
Thing is, theft rate doesn't help your dorky argument. Because not only are there few Macs being broken into or zombied or attacked by virii, but Apple's *rate* is nearly zero as well.
This article claims 16% according to the SPA. Personally I'd estimate it is somewhat lower, maybe 7%. Sales figures alone place it at about 4% for the year, but the average in use lifespan of a mac tends to be 1-2 years longer than that of the average PC (although close to that of other high-end machines). Also sales of macs were up 32% year over year from 2004 to 2005. The industry as a whole went up 18%. That means 14% of roughly 4% of all computers old would put Apple ahead by a little more than half a percent of the total PC market, to 4.5%. They've been doing quite a bit better so far in 2006, by all reports. So for a very conservative estimate you could say they have more than 4.5%, possibly considerably more than that. Anecdotally, here at work they have grown from 5-10% of the machines to about 50% or more in just a few years (mostly professional coders and security experts).
PowerPC is not Harvard architecture. It has seperate L1 instruction and data cache, but that's it. Harvard implies that the instruction memory is in a distinct address space from the data address space, and that no instructions exist to allow one to write to the program memory.