Slashdot Mirror
Intego's "Year In Mac Security" Report
david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."
...and let Software Update do it's thing with Security Updates.
Don't go online as Root, and really try not to open email attachments that claim to be "Nude Photos of (insert female athlete name here)"
Really, how hard is that?
Guaranteed! This comment 100% Anthrax free!
The results of pwn2own indicate the contrary.
As much as Intego wants to present the state of malware on the Mac, the truth is that even Intego works pretty much like any other AV engine which tries to detect malware based on its signature or heuristics (behavioral), that they receive either from someone sending them a sample or collected with their honeypots around the world.
The bots/trojans/RATs that are written for specific targets, do not have a signature, thus, are undetected. Then it becomes obvious that Antivirus solutions are not enough. You also need to control the apps that are reverse connecting (phone home), with products like (Little Snitch).
What they don't address are the vulnerabilities that exists in every day applications, which subject to a stack buffer overflow, will execute code in memory with the same level of permissions as the application/daemon that is running. Antivirus doesn't provide any protection for exploits in software.
On a side note, Intego mentions a "crack" for CS4 which is actually a Trojan, but doesn't mention that Adobe's own CS4 install tries to phone home.
Oo you definitely don't want to be deplugging usb drives, you kind of need them to keep their plugs so you can plug them in.
As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time on it (a client of mine's stock has become somewhat disorganised and lost track of what's faulty and what they've used themselves, and as testing harddrives themself is much quicker 'n easier on Linux as you can just badblocks the drive, completely partition 'n filesystem independant, I volunteered. So I was production lining a load of drives, different sizes, using three usb interfaces) ... and yeah, all without problem, apart from when a drive actually did have bad sects, but it didn't affect the machine or anything.
The revolution will not be televised... but it will have a page on Wikipedia
As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time
I think what he was trying to get at is what sometimes happens on a Mac if a user unplugs an external drive without un-mounting it first, a quirk that Macs have had since at least the System 7 days. I'm not sure why OS X will still occasionally have trouble handling that situation gracefully (although ninety-nine times out of one hundred the only "bad" result is a dialogue box that pops up advising you not to do that again) but it's not really a big deal as long as you remember to follow the proper procedure for disconnecting an external drive on any OS.
This ain't rocket surgery.
THis is missing the point. The reason jailbreaking is allegedly unsafe is because once jailbroken, you can install SSH, and if you're dumb enough to not change the default root password, you can get owned. You get warned about this specifically when you install SSH anyway. If the phone were sold "open" and you installed SSH, you'd have the same issue. The point is that if someone goes out of their way to install SSH on their phone (which is a pretty hardcore geek activity anyway) and doesn't change the root password, then they're kind of asking for trouble.
Back in 2004 Intego's big complaint about the Mac was that because it's based on UNIX, if you could get it to execute a shell script you could do anything on the computer, and that Applescript wasn't sandboxed. They never noticed that the same was true of CMD.EXE and VBscript on Windows, DCL on VMS, and every other native scripting environment on every OS, ever, anywhere.
Intego's business model appears to be FUD.
Actually, the 'single sheet aluminium case' being a non-user serviceable part thing is a myth. My MacBook Pro came with printed instructions in a little booklet telling my how to open the back panel and replace the hard drive. It did have strict instructions not to attempt to replace the battery, but when I opened the case the battery was right there next to the hard drive so I'm not really sure why they say that.
The article you like to is talking apples and oranges literally. If the implication is that BSD bug is also a bug in OS X, then it's false. The bug is not present in OS X.
iPhone on the other hand is a completely different beast and yes it is locked down platform mostly for the benefit of the users, so we don't have to worry if an application is safe to install and use.
Yes, there may be security issues in iPhone apps, but even the security updates of applications go through the same review process, which may catch an omission in the review of the previous version (which is what happened in the case of the software discussed in the article).
The review process is not perfect nor ideal, but I for one am thankful that someone else is testing the applications for me and I don't have to waste the time and money on tools to check what each app does and it it is safe to use on my phone.
As the island of our knowledge grows, so does the shore of our ignorance.
What? The jailbreak exploit has nothing to do with jailbreaking itself but the fact that most people that used the process installed SSH onto their iPhones and didn't change the default password on SSH. It had nothing to do with what Apple supplied on the phone but what 3rd parties modified the phone.
Well, there's spam egg sausage and spam, that's not got much spam in it.
FWIW, this has changed about jailbreaking. What you said used to be true on the 1.x series of iPhone software, where everything always ran as root. Therefore, a hole in libTIFF lead to (remote) root code execution. Starting with the 2.x series, Apple finally forced the restricted user account named Mobile to be used instead of root. That made it so now a libTIFF exploit *also* would require a privilege escalation exploit rolled inside; made things much harder. Starting around the 2.x software, the new way to jailbreak is by exploiting Apple's software update mechanism built into each device (Google: iBoot). This means that to jailbreak newer software/devices, one is required to attach the device to the computer first; the exploit is then done via USB.
For the last time, PIN Number and ATM Machine are redundancies!