Slashdot Mirror
Report That OS X Snow Leopard May Include Antivirus
File this firmly in the "rumor" category for now. the JoshMeister writes (in the third person) "Mac antivirus company Intego broke the story this morning that Apple is apparently including antivirus functionality in its upcoming operating system, Snow Leopard. But which antivirus engine is Apple using? Security researcher Joshua Long discusses the likely candidates."
>It's a trojan that only installs if you're stupid enough to download a program from a dodgy source
Err, thats pretty much the biggest vector for malware. Pick any popular app for Windows, go to pirate bay, download it, run it, and guess what? You have an infection.
Storm botnet was built by people double-clicking greetingcard.exe.
Dont underestimate people's abilities to go out of their way to find malware to run. You'll find tha you dont need to exploit any vulnerability other than ignorant on the user's part to root the machine.
The "virus"mentioned in the screen shot isn't much of a virus. It's a trojan that only installs if you're stupid enough ...
I could put Ubuntu on a netbook and give it to my sister and she'd have no clue how to use it. But you can bet every last cent that if the source code to a virus was presented to her she would have it compiled (with all the right flags set to target her correct OSX version) and installed in a few minutes. It's borderline magic. Did you know they have LimeWire on Macs now? She managed to find that, install it and learn how to use it on her own but didn't have a clue as to how to move pictures from her old Windows machine to her MacBook. If only curing cancer compromised your computer, she'd have that done in a heart beat.
I knew she would be better off with a mac but your statement of "anybody who uses a Mac knows" makes me cringe. Bottom line: do not underestimate stupidity.
My work here is dung.
Apple has been light on details they have made public about Snow Leopard. We know they implemented a CDSA security architecture, expanded use of the sandboxing, and now there is this report of actual malware scanning, but the info on Apple.com is basically nonexistent. I surmise this is intentional. Security people either have developer accounts or will read up on this stuff in technical papers when NDA's expire next week. For regular users, Apple doesn't even want to bring up security as an issue. They will make blanket marketing statements about it, but they would rather leave all the details to more technical venues. This was their policy for Leopard too, with most users having no clue that a full port of TrustedBSD's mandatory access controls was included and being used to sandbox certain potentially vulnerable services.
There was a guy who was studying technical writing at my university. He uninstalled his anti-virus software because it was preventing him from installing some free software he wanted.
I wouldn't put too much faith in "drag to install", because most malware doesn't actually need system privledges.
Also, reportedly websites have figured out how to make Safari automatically download this trojan and then launch the installer program. Users still need to enter their password, but having the dialog automatically popup makes the social engineering step that much easier.
Business. Numbers. Money. People. Computer World.
Dunno. While no platform is 100% secure, design does count for a lot. There are a lot of "proof of concept" hacks out there for the Mac, but very, very, very few "in the wild" 'sploits floating around, especially self-replicating ones like viruses and worms. The installed base of Internet-going Macs is a few dozen million at the least, and mostly personal computers with personal info and used to buy stuff online - prime targets for the big-shop black hats. I doubt very much it's not worth their while... I just think they can't go after a system with even a moderate level of security.
I don't think this says something about Apple (see the part above about "proof of concept" hacks), I think this says a ton about Microsoft.
I really don't buy "ecosystem" arguments - why is IIS and MSSQL pwnd on a regular basis by automated attacks, but Apache and MySQL only once in a blue moon (and Oracle almost never)?
Problem with having a single, unified anti-virus (if ever such a thing is reliably possible), programmers will have an easier time guessing what protections they'll face when creating a virus.
I agree, to some extent. In terms of attacks on the antivirus system itself a single system may be more vulnerable. In terms of bypassing signatures, however, there is no reason centralized anti-malware cannot draw signatures from disparate feeds, the user subscribes to, be they supplied by Apple, open projects, or commercial companies, for free, or charge.
That said, Apple including malware detection doesn't mean users can't install other malware detection services as well. ClamAV isn't going away just because Apple ships a built in competitor.
End users aren't encouraged to practice personal responsibility, they pay and trust... pay for trust...
From Apple's Snow Leopard Web site:
Security Advice The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection. Here are some other ways to help keep your information as safe as possible:
That sounds to me like end users are being encouraged to practice personal responsibility.
Have you seen the obscene amount of Mac shareware out there? Don't get me wrong a lot of stuff does "just work" on the Mac, but a lot of niches aren't filled, and it seems like while on Windows you're likely to find spyware infested free programs, and on Linux you're likely to find reputable OSS programs, on Mac you better be prepared to pay $20 a pop for all those little apps. Maybe I'm just being naive, but it doesn't seem like they'd all be around if some significant chunk of mac users weren't downloading and buying these programs.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
I knew she would be better off with a mac but your statement of "anybody who uses a Mac knows" makes me cringe. Bottom line: do not underestimate stupidity.
I wouldn't call it stupidity. Just because somebody isn't aware of all possible malware infection routes that doesn't make them stupid, naive is perhaps a better word for it or perhaps just unlucky. Expecting the average user to be aware of every possible way of getting his computer infected is about as realistic as expecting a non-medically educated person to be aware of all possible ways to get a disease. We all know any number of things we can do to avoid getting diseases, some of these behaviors are even hardwired into our DNA but they aren't 100% effective. How many of us are likely to go through life without ever catching a disease like, say, Influenza?
Only to idiots, are orders laws.
-- Henning von Tresckow
Sounds like you haven't seen the Mac warez scene. There's heaps of warez, cracks, serials out there for Mac applications -- you can get them as readily as you can get Windows ones.
I do think it's true that Mac users are more likely to buy/pay for "shareware" apps though.
Offtopic, but "shareware" seems like the wrong word for it. Doesn't feel quite right.
Also, I dispute the notion that there's not much open source/freeware on Mac OS X. There is, but like a lot of open source stuff, they're often not the best-of-breed. I'd rather pay some money and get the best there is, like Transmit (for FTP) and CSSEdit/Espresso (for editing HTML and CSS).
The open source apps I use the most on OS X are Firefox and VLC.