Slashdot Mirror
Backdoor Trojan For Windows Ported To Mac OS
An anonymous reader writes "A Remote Access Trojan (RAT) for Windows, known as darkComet, has been ported to Mac OS X. The new backdoor Trojan is not yet finished, but it could be indicative of more underground programmers attempting to take advantage of Apple's growing market share."
darkComet (aka darkComet-RAT) is the name of a remote administration tool, which BlackHoleRAT's control functionality is derived from. The trojan is actually called BlackHoleRAT, but regardless, here's an article link.
And, while I'm going, the distortion of the term "trojan" is starting to test my patience. A trojan horse is a piece of software that is deceptive in nature, one which appears to perform a desirable function, but, in fact, steals information or harms the system its occupying. This application, darkComet-RAT, is referred to as a trojan itself all over the web in news articles relating to this beta of "BlackHoleRAT," which is NOT the case. darkComet-RAT is a legit remote administration tool, similiar in functionality to VNC, and should be treated as such.
I understand this butchering of the acronym "RAT," between its use as "Remote Administration Tool" and "Remote Access Trojan" may be confusing, as with all acronyms that use the same letters, but please, for the love of god, do some damn fact checking, and this would be less likely to happen.
Grumble grumble grumble.
vos nescitis quicquam, nec cogitatis quia expedit nobis ut unus moriatur homo pro populo et non tota gens pereat.
...it could be Sophos trying to drum up trade...
Normally, I'd read The Fine Article just to get a hint of what this story means, but there isn't any links and the summary is vapid and useless. It is a non-story. Allow me to distill its meaning: "A piece of malware (a remote access backdoor ill-defined thingy that probably isn't a trojan) for windows was ported to mac. This is probably bad. Considering Apple's 'growing market share', what could it mean?"
Bravo slashdot. A new low.
You should turn signatures off.
...they should note that the vast, VAST majority of it is iOS, not Mac OS X...
Slow day, cmdrtaco??
Beware, the sky is falling. All those other eeevul backdoor programs like SSH also work on a Mac.
Condoms should always be used when going in the back door. You never know what windows can spread if practicing unsafe sex!
Boy, what I got was not what I was after....
Hmm, you spout off on some stupid controversial opinion without even checking if it has anything to do with the topic on hand, yes you are a troll.
Though part of the fault is that whoever made this summary is also a troll, DarkComet is a Remote Administration Tool (Emphasis on TOOL) similar to VNC, SSH, etc. There is nothing about this that is Virus or Trojan related.
DEMETRIUS: Villain, what hast thou done?
AARON: Villain, I have done thy mother.
Shakespeare invents 'your mom'
Last week I installed several FireFox plugins. One of them managed to send out spam to all my contacts, using each of my email accounts. This is on a fully up-to-date Mac. How in the world does a browser plugin get that much access?
MacOS X actually comes bundled with a tool that is able to wipe the entire hard disk! Up till now this has not caused widespread mayhem yet, but considering Apple's growing market share...
I wish I had the ability to mod down an entire article...
Obviously when its a windows malware being reported, its somehow an OS flaw and now watch people "educate" us as to how this malware would only affect the stupid people, "its not the operating systems" fault .. oh good heavens no. It just means people can be tricked into installing bad stuff now. Facts are really really really important when its not microsoft. Then the second wave of idiots come along to point out some drive by exploit in a version of IE which is 10 years old and already patched. Whats that? Safari, Firefox all have had drive by exploits in them? Oh hush ! Linux has had privilege escalation exploits? More than the latest version of windows? Blasphemy ! Facts are not important now !! bla bla bla I can't hear you.. we must compare a 10 year old unpatched version of windows with the current day's linux source tree. Hush now ! Everyone knows that all you have to do is send a programming source text file into a server and everything is fixed. Responsibility for making sure the thousands of apps still work after the fix? Pshaw ! We're all serious OS hackers here.. you idiot !
Maybe now the artfags will shut the fuck up for ten seconds about how superior their overpriced fetish objects are?
Or... not so much. 'Bout time malware people took an interest.
People persecuting MS for poor security are living in the past. Windows is now a fine secure OS,
Actually, due to backwards compatibility, you too are living in the past. Windows is hardly more secure than it used to be. I bet anything most still operate as admin... undermining all the new security features. In fact, judging by the summary, it's security is so bad it makes other operating systems less secure.
The Admin and the Engineer
The medical model for disease works for computer viruses too. You need both a vulnerability and a vector. The number of potential hosts increases the attractiveness of the host for a virus (whether through natural evolution or malice aforethought.) The number of hosts also increases the vector span. But there still has to be a vulnerability!
Similarly, we need for the countermeasures to be demonstrated as both "safe and effective." My personal experience with Mac OS 9 and earlier anti-virus applications is that they were not very "safe", they caused a lot of problems. For OS X, I'm waiting for some reasonable demonstration of "effective" based on real-world threats. Predictions of doom from anti-virus vendors (who most certainly have a vested financial interest) that are not substantiated with real-world experiences are not persuasive to me.
By the way, what is the measured track record for successful penetrations observed by third parties, i.e. "in the real world", for both Win 7 and Mac OS? The argument that "Mac OS claims to be secure ... [by] not targeted as much" rings hollow to me. You'd think if vulnerabilities exist in a platform that is growing by leaps and bounds at the -high end- of the market would have garnered some successful penetrations, if nothing else than for the "glory of hacking the supposedly secure platform."
dave
Fanboi
HAHAHAHAHAHA good one. Now my turn to tell a joke. Windows is more secure than Linux!
It's not like you would have read the article anyways.
Incorrect. Regular and consistent updates including out of band when needed. The 2nd most secure browser included with the OS. Basic MAC in place, as well as DEP and ASLR. The introduction of UAC which means far far less people simply running as administrator. Sorry, Windows blows OS X out of the water as far as security is concerned.
If you ignore ACs because they are anonymous - you're an idiot.
is which end do you start eating it from?
Oh, sorry, I misread that as Cornet.
There may well be large gaping holes in Mac security. The question is: why is no one exploiting them? I don't mean winning a competition, but maliciously or criminally using them.
At what percentage of market share does it become viable to start writing malware? 25%? 50%? 75%?
Regardless of percentage, there are reckoned to be c. 94 million OS X users. Is that still not enough? As we all know, Mac users are computer illiterates with far more money than sense. Surely this sector would seem ideal for targeting by malware writers?
Assuming the reason for the lack of malware is NOT the inherent robustness of the OS; and it's NOT the market share: then what IS it?
Viruses attack computers. Virus writers write viruses so they can attack more computers! SHOCKING!
You owe me a new bottle of iced tea and a new keyboard.
It's not fair
This software allow you to make hundreds of functions stealthly and remotely without any kind of autorisation in the remote process.
Real administrators have had this functionality for years, it's called "ssh" with public key authentication. (There's absolutely no legitimate use for remote access with zero authentication.)
DarkComet is design with the latest IDE of Delphi
No one uses Delphi for writing serious software.
Works in chinese systems : The client is coded in a full natif Unicode environement then it can easily use and traduce in China, also since version 2.1 it works in all kind of Chinese operating system and display the correct Unicode characters.
Congratulations, welcome to the 21st century! Unicode has been supported by pretty much all mainstream operating systems for years. The fact that they have to mention it is indicative of poor software quality. Oh yeah, and the UI looks like it was designed by a 10-year-old in Visual Basic 6.
tl;dr, this program isn't worth bothering with for *any* operating system for any use. It's just so poorly written that it'll probably break while being used.
Not even basic protections? Then why a trojan, where the user has to give explicit permission to install and run?
Your comments are bogus until you tell me how the malware is installed on my Mac. Oh, I have to enter an administrator password to allow it? Well, then, shame on me for allowing it in! If it can sneak in without my explicit permission, then your comments are valid.
If I used a sig over again, would anyone notice?
Except it doesn't. Biological viruses are not driven by self-aware controllers with a financial interest, nor do they evolve in the biological sense.
But apart from that, a sound analogy.
Consensus according to whom? Your evidence is?
The average Windows user doesn't know how to run as Admin in Windows 7. The Admin account is hidden by default. Oh, you didn't know that? And the backwards compatibility you speak of is only in the Pro version, not the Home version. Face it, you don't actually have a point to make, you just wanted to bash Windows. Is this typical of Mac Users?
Regardless of percentage, there are reckoned to be c. 94 million OS X users. Is that still not enough?
One cannot hope to reach 100% of users. It's easier to hit X users if there are 50X users.
As we all know, Mac users are computer illiterates with far more money than sense.
Yeah, I agree that's an over-generalization.
What the hell, even malmare is vaporware now? Can I put in a pre-order for it to infect my computer sometime next year?
Support Right To Repair Legislation.
The same thing can be done with VNC, troll. Your argument is redundant.
Fine evidence that you didn't even read my post - yes, the same thing can be done with VNC, however I am not routinely removing VNC from unsuspecting users computers (infact, I have never come across a VNC install that the user didnt expressly know about in the first place).
Why spend time developing an exploit that will target at an extreme maximum 10% of the market, when you can spend the same time and effort and target 80% of the market? Given an equal amount of work, would you not choose the option that yeilds a significantly larger ROI?
If you ignore ACs because they are anonymous - you're an idiot.
It's always interesting to see the number of anti-Apple posters increases on work days, while on the weekends the fanboys reign. Does it pay well to post "comments" on public forums? I guess it doesn't pay enough to work on weekends...
Because a user does not have to give explicit permissions. Trojans don't have to run as admin, it depends on what they are trying to do. Simply sending out spam or recording keystrokes doesn't require admin access.
If you ignore ACs because they are anonymous - you're an idiot.
Usage share of web client operating systems. (Source: Median values from Usage share of operating systems for January 2011.)
Windows XP (41.70%)
Windows 7 (25.42%)
Windows Vista (15.43%)
Mac OS X (6.92%)
iOS (iPhone) (2.05%)
Linux (1.64%)
Still below 10% even including iOS...
Seriously? RAT? Next you'll be telling me SubSeven and Back Orifice 2000 will be ported. Guess what, no ones gives a shit about any of them, they're all ancient and obsolete.
Hey! Watch it with all that foam and spittle, will ya? That was almost in my eye, that one!
Gentoo Linux - another day, another USE flag.
You must be a microserf. You obviously don't know what you're talking about.
title say "ported" (past tense) and description says "not finished yet"
which is it?
Anti Troll missiles locked on.
As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS./
Sitation please? If you are going to make such a statement, please site studies and facts. In fact there is NO direct causal link, and you are abusing the statement without facts and citations. That said, I would agree that I think there is causal link, but you are further abusing the statement by not citing the magnitude, which is where proper citations would help. Windows has thousands of variants of malware. Mac OS X is in the dozens still, if that. No system is completely secure, and there will always be attempts to compromise a system, but saying ONE piece of malware suddenly brings Apple crashing in flames and "zOMG Mac OS X is teh insecurez they will be pwned!" is the worst kind of hyperbole imaginable.
The zealotry was on show yesterday in the OS X article where it was stated that OS X is more insecure than windows
I looked for an article yesterday on slashdot and the only article I found was one about how Apple is inviting security experts to look at their system. Sounds like a pretty responsible thing if you ask me, and I found no mention of this yesterday. Perhaps you'd like to review your citations?
People persecuting MS for poor security are living in the past.
Again, no citations. You sound like a MS schill. MS still has a poor record, period. Sure it's getting better but it's massive exaggeration to try to say that somehow MS gets a pass because 6 years ago they were utterly shitty shitty shitty, and suddenly now it's okay because they have improved to stinky farty smelly.
Hopefully as marketshare increases they will take responsibility and secure their OS, if for no other reason than to maintain their image.
How odd, Marketshare doesn't seem to have an effect on how secure an operating system is, because 90% marketshare never encouraged Microsoft. I do hope security remains forefront on Apple's mind, because they are the underdogs here and it will only continue to help them to be focused on security as they continue to compete for more marketshare, but here's another example of how off kilter your rant is.
Now I'm just waiting to be modded troll....
You will be, but just one more thing to nail the coffin shut. This is a goddamn fucking TROJAN HORSE!!! Do you know what that is? Do you remember the goddamn story of Troy? There's good movie released a few years back you should watch it. A virus is something getting in without your action or knowledge, but a Trojan horse requires the user perform an action, and the way it gets in is simply by deceiving a human being. You can inject a trojan horse into any system and hope to own it, Windows, Mac OS, UNIX, or other, just send the admin an email and hope he's stupid enough to open the attachment and do the work for you! You can't put a malware scan on the brain of an uneducated admin. It's not the fault of the OS makers if the admin is uneducated enough to open a file that they should not trust.
Like many rants before it, your rant is like buying the most secure home security system in the world, then giving the key to a random person on the street for safe keeping, and complaining to the security company when your house is robbed.
"All great wisdom is contained in .signature files"
Not to mention that face that GP didn't even take into account that MacOS 9, with a much smaller deployment base than MacOS X, had TONS of viruses for it. Deployment base != Infection rate. If this were the case, Linux Servers would be riddled with viruses. I'm pretty sure the GP is a troll, his last sentence is a troll within itself.
Sig: I stole this sig.
Yet Windows 7 still gets viruses on a daily basis. Some installed silently. Some installed just by clicking on a web page. Some just by surfing the internet. Still none for Mac.
How is that more secure?
Ahem!
Buffer overflowing a network daemon so it drops to a root shell prompt without any form of password access can be done without your permission.
Gentoo Linux - another day, another USE flag.
We have to be at work on weekdays - we can't get our kicks snickering at you from behind our cappucinos when you sit there posing with your MacBooks in coffee shops.
See? Simple explanation really...
Gentoo Linux - another day, another USE flag.
Ah UAC which was copied from the oh let's see Mac OS X and can be turned off unlike on the Mac OS. DEP and ASLR are actually not complete or either platform (as of Windows 7 and OS X 10.6) though Microsoft is ahead for now. How about code signing? Yep both have it sort of. Ability to be centrally controlled? again both have it, kinda... You know the laundry list of features does not make something secure. Just look at IE, no matter what features it supports Active X Controls, vulnerable plugins and an over willingness to install toolbars make it insecure. Windows is not more secure, it is just harder to manage due to all the "security features" which is one part of why end users are so bad at managing Windows while Apple with it's "lack" features is more secure because the features that are implemented are implemented in a way that my grandma can understand.
What matters to me, is does it run on Linux under WINE?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS.
Can you explain why there are far fewer exploits for Apache and *nix than for IIS and Windows? Linux and UNIX web servers are the vast majority in every marketshare evaluation that I have seen. Being that these servers can contain valuable information about hundreds or thousands of individuals instead of one desktop user, it would seem those should be the bigger target. It is true that Windows has gotten far more secure after they overhauled the code and adopted a similar security model to many *nix distributions, however there is still a huge marketshare of people that have not upgraded to those versions.
Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
Ahhh, I get a flamebait mod because some idiot doesn't like what I said.... Suck it up, your favourite tool is generally regarded as a nuisance. Just because you don't like being told that doesn't mean its not true.
Mod me whichever way you like, it won't change anything in the long run - your favourite tool has a poor reputation.
"financial interest", reproductive "interest". What's the difference? Rich guys get the babes. A complex life form is motivated by precisely the same principles as a single string of DNA. We are nothing more than an accretion of symbiotic life forms with a bit more centralized control than a jelly fish. And besides, everything we create is a result of a biological brain. So computer viruses are very "biological" within in its own framework.
For justice, we must go to Don Corleone
People persecuting MS for poor security are living in the past. Windows is now a fine secure OS
I would write a longer response, but I'm trying to help a friend get forty-eight viruses off their Vista machine without reinstalling the OS.
Awesome! So I no longer need to use AV??? That's fantastic. I'm telling everyone they no longer need to run those pesky antivirus programs that sllllooooowww down the boot time.
As much as people want to think otherwise, there is a direct causal link between marketshare and the amount of malware for a given OS.
The problem with this is that there isn't much to back up the assertion. What proves that marketshare is the driver for malware? And before you trot out some numbers, can you be sure that marketshare is the reason? It's not that I can't accept the concept. And, in fact, I agree with your couching the idea by noting a "casual" relationship. Marketshare has to be part of the equation. Unless you have a very specific target, it stands to reason that an attacker going after targets of convenience is going to want a suitable enough pool of victims or the attacks won't be convenient. But what makes up that pool is the question.
Sometimes being a big fish in a little pool is very attractive. Yes - OS X stil commands a smaller marketshare than Windows (in it's various versions). But even then, we're talking about something on the order of 36 million targets (adding estimated sales since 2007). If OS X is an easy target, there's an entire pool just waiting to be exploited. Consider that we're counting infections in units of 10k with notable botnets in millions. OS X could easily provide a suitable pool for new (or existing if one wanted to extend a botnet) malware to flourish. But that has yet to happen to any great effect.
People persecuting MS for poor security are living in the past. Windows is now a fine secure OS, while OS X doesn't even have basic protections in place and claims to be secure, simply taking advantage of the fact that they are not targeted as much.
I agree with this point as well. I'm not a Windows or Microsoft fan. But Microsoft has been getting on board. Although I would be cautious with how generous one hands out that credit. Not everything Microsoft has done as been well executed or as effective as their PR would have one believe.
Hopefully as marketshare increases they will take responsibility and secure their OS, if for no other reason than to maintain their image.
This has been the ongoing theme for the past few years. The doom and gloom has yet to descend (despite some pretty horrible mis-steps on Apple's part).
You should have read the opening sentences of his post a bit more carefully:
The medical model for disease works for computer viruses too. You need both a vulnerability and a vector.
That's the first line from the book "The Bluffer's Guide To Computers for Personnel Managers".
Gentoo Linux - another day, another USE flag.
How is that more secure?
Quite obviously, it increases the security of one's occupation, as Windows will forever have security issues, thus, there will always be a need for a Windows guy to say "hey, our ship is tight." Meanwhile, the true security experts that are in the midst of massive Windows installations does indeed have trouble sleeping at night. Or... at least he should.
The Admin and the Engineer
Not only that but due to the complacency (Apple is immune to viruses) and ignorance (I don't want to know anything about computers which is why I bought an Apple) of the average Apple user base, it is an audience as extremely ripe for the picking as a classroom full of children with HIV is to the teacher with chicken-pox.
WHEN Apple gains enough market share to be interesting to write specific malware for, I expect to see infections on a massive scale. I must say it couldn't happen to a nicer bunch of people.
Seven puppies were harmed during the making of this post.
I didn't know about that one. Thanks for the info. I'll see how to block it until Apple gets it fixed.
If I used a sig over again, would anyone notice?
No, it's not typical.
It's just that Mac users face an unending storm of abuse from people who don't use OS X for our choice of OS. Most of us are not zealots, or fanboys, and run multiple systems and OSes - right tool for the right job etc.
I try not to define my self worth by the operating system I use - the same can't be said for platform zealots, but they exist on all major platforms. I'm sure there are some BeOS zealots around here. Last time I took a poll, both BeOS users told me "Windows sucks!".
Rampant, trollish "windows sucks!" posts are no more representative of the Mac user base than the rabid anti-Apple troll in the other thread on here at the moment.
Holy Shmoly, I just discovered my Mac has a trojan as well. Not sure if people are aware of this thing, it's called FTP. Not sure what it stands for, but it allows people to log into my computer and if they have the correct permissions, they can read, write and execute files!!!! Oh the humanity...
The real Sig captains the Northwestern. This one captains
The same way Android phones get infected - alternative methods of software delivery. I believe a couple of years ago there were pirated torrents of Microsoft Office 2008, iWork, iLife, and Photoshop CSwhatever that had an additional package in their dmg's that were NOT in the official releases. That additional package installed a simple botnet into your Mac.
It's not as uncommon as you may think. People wnat stuff for free, and everyone knows that, so malware authors hitch a ride by infecting keygens, cracks and other things to spread. You may think you're protected, but it just takes one torrent or other thing. (Or how and why people will go to great lengths ot use alternative Marketplaces for Android, as well).
http://www.macrumors.com/2009/01/22/iwork-09-torrent-carrying-os-x-trojan/
http://www.intego.com/news/ism0901.asp
http://www.techjaws.com/osx-trojan-on-the-loose/
Just because you do not frequently encounter it, doesn't mean it isn't used by others. darkComet is not a trojan. A trojan is something that either installs some sort of malware or is itself some sort of malware under the guise of being a legitimate application. Also, having a secure OS does not prevent a trojan, because the software is installed willingly by the person administering the machine.
darkComet is a normally useful tool, that is being used by a trojan called Blackhole RAT(the actual trojan they should be talking about in this article). There are plenty of trojans and other malware out there using netcat or VNC to control machines remotely, does that mean netcat or VNC are trojans?
Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
What sense do they evolve in then, if not biologically? Viruses certainly do evolve. Sure, one of them isn't suddenly going to sprout legs and walk away, but what are all those mutations if not evolution in action?
Seven puppies were harmed during the making of this post.
Can you explain why there are far fewer exploits for Apache and *nix than for IIS and Windows?
Sure. There isn't.
To Clarify Secunia shows 6 advisories for IIS 7 for 2010 and 33 for Apache 2.2 for 2010
If you ignore ACs because they are anonymous - you're an idiot.
And an example of this would be?
Bonus points for something in the wild.
I know there have been privilege escalation exploits on OS X - I have read about them in the security updates when patching them. Are there any known open ones now? (ie, ones that have been discovered and published as bugs/exploits and as yet have been unpatched).
Repeat after me, market share!
If I am developing malicious software for an operating system with the intent of making a profit, am I going to spend my time developing malware for an operating system that constitutes less than 10% of market share or am I going to use that time to develop for the operating system with 75% market share? [Source]
Gee, I don't know....seems like a tough decision.
Windows isn't perfect, but has been getting better. I'm not familiar enough with OS X to give a legitimate opinion but I very much doubt that the human beings at Apple are that much superior at producing code that does not have avenues for exploitation. It's a lot of very complex code that has lots of moving parts ... mistakes happen.
There's more to being a target than mere marketshare. The smart criminals (if there are such things) will go to the rich neighborhoods where people feel so safe that they don't even bother to lock their doors...
I've seen a number of (so called) computer security experts spouting off about how insecure the Mac OS is and as evidence to support their position they suggest that, proportionately Mac users lose more money to phishing... You would think that someone with the terms "computer" and "expert" in their titles would understand the difference between an insecure OS and an uninformed individual...
But maybe you have some other evidence that Mac OS X is less secure than Windows??? Bring it on, because most real experts on computer security say that Mac OS X and Windows 7 are about the same...
Finally, you are right Windows 7 is a fine secure OS... it's just too bad that about 80% of Windows users actually prefer XP and Vista...
Viruses are not alive, so by definition can't evolve.
If you ignore ACs because they are anonymous - you're an idiot.
So I guess prions cannot evolve either... God is creating all of these, is he? Or perhaps the word "life" is not actually included anywhere in the concept of "evolution".
Seven puppies were harmed during the making of this post.
Just for the record, I'm 80% Linux user and 20% Windows XP user - not had a virus on either for as long as I can remember.
But let me tell you how that number of viruses got onto your friend's Windows machine - he put them there. Or you're exaggerating. Or a bit of both.
Yes, it may well be his virus detection didn't pick them up (does he use one and is it updated regularly?) but that many is a sure indication he's been downloading dodgy software, games, or serial cracks, probably via BitTorrent.
If your virus killer is up to date then you need to be confident that it can get to an executable and examine it before that executable runs and installs something dodgy on your PC. If that executable has been downloaded from a dodgy source, or copied from a friend, then it may well be virus ridden but compressed in a certain way such that the virus signature is concealed, and therefore not detected.
The obligatory car analogy would be having a car thief concealed behind the driver's seat and you locking the car with him still in it - in that case, the locks and windows on the car will be bugger all use in stopping the thief from stealing it.
Whatever operating system you use, if you install executables on it that you are not sure of the source of, then you can put something dodgy onto your machine, end of story. It just happens to be that Windows has a lot of dodgy software available for it.
Sorry, but if you believe that a virus scanner and maybe an adware blocker are the be all and end all of security on Windows, then you deserve what you get, I'm afraid. You also need some common sense in not bypassing the protection you do have by installing some dodgy executable or running a dodgy email attachment.
Gentoo Linux - another day, another USE flag.
nice post.
Rampant, trollish "windows sucks!" posts are no more representative of the Mac user base than the rabid anti-Apple troll in the other thread on here at the moment.
If I'm not mistaken, OS X users generally aren't the enemy of Windows. Windows zealots bring the fight to them, not the other way around. It appears to be a confidence issue, or a lack of confidence issue, on the part of Windows ops. Further, the whole purpose of the existence of Linux is for those that hate Windows. Nearly every single time Microsoft comes up with a proprietary Windows technology, the Linux heroes duplicate it for free, and with a superior implementation (AD/Exchange is an exception, give MS props where props are due). Its not always the case that Windows sucks, but it nearly always is the case that Linux is better than Windows, by any measure, even with all of the UI element issues Linux desktops have, and this is especially true after 6 months of Windows rot.
The Admin and the Engineer
You need to be aware of what versions of daemons (like SSH, HTTP, FTP, SAMBA, etc. etc.) are running on your system currently.
You then sign up to security alerts, from your OS vendor, but preferably from somewhere like CERT who will report the vulnerabilities first. If a security vulnerability is reported on something you are running, then ideally you'd turn it off until it's fixed by the OS vendor; if you can't, then wrap some connectivity restrictions around it from a firewall, TCP wrappers or network ACLs to restrict what IP addresses can connect to it. Then patch it when the OS vendor releases an update.
Anyone who cares about security should do this - just because you run Apple doesn't make you special.
Gentoo Linux - another day, another USE flag.
Vector and vulnerability. From the surface, I would believe that linux and unix web servers are going to be run by individuals with a higher degree of technical aptitude thus a bit more secure to attack so although the vector exists the vulnerability may not be there.
Also, targeting windows based systems is going to put you in to corporate systems more over than not, as Microsoft controls much of that marketplace (things are changing as more shops are going without Microsoft but this is still the exception). And, though I don't pretend to be citing evidence on this, from an anecdotal perspective I would be inclined to believe that the linux/unix web servers are more likely to be tinkers and people in the education / open source community. If my anecdotal line of reasoning is correct, it would stand to reason that greater ROI could be generated from targeting the Windows systems that have both significant vector and vulnerability.
I wonder about this too. May be it's a combination of factors.
Mac users are computer illiterates with far more money than sense.
Very true, but are they quite as oblivious as Microsoft junkies? Plenty of people switched to OS X once they heard that "it has no viruses". Here are people who are willing to switch OS for the sake of security. People who stayed with Windows until now, even after years of abuse by Microsoft, have done so either because they got locked in good, or because they cannot fathom how to combine words "computer" and "security" in the same sentence. Let's wait a few more years. Just like Windows before it, OS X may eventually have to reap the consequences of (1) being a monoculture, (2) users' refusal to upgrade because it costs money, (3) increased market share, (4) and the fact that it's marketed to idiots.
Without wishing to be rude, see the reply I gave to the other comment - here's a couple I chose at random (possibly quite old) from Google:
OpenSSH vulnerability
SAMBA vulnerability
If you're paranoid about it then you subscribe to Security Focus or CERT and keep an eye open for any new ones - then turn the daemon off or restrict connectivity until it's been updated.
The point is not to get complacent about security - every OS needs to be watched for vulnerabilities and updated to fix them.
Gentoo Linux - another day, another USE flag.
This isn't about market share because OSXs market share hasn't significantly increased over the past several years. It's about 5% world wide and 9% in North America...right where it has been for a while now.
The same reason that a criminal would rob a home instead of a bank. It is also better to hit a market that is 1/10 the size than it is to take a 1/10000 share of a larger market.
Repeat after me. Profit share!
If I am developing malicious software for an operating system with the intent of making a profit, am I going to spend my time developing malware for an operating system that constitutes less than 10% of profit share or am I going to use that time to develop for the operating system with 75% profit share?
The thing about the market share argument is that even if Macs had as many pieces of malware as Windows, but scaled down to their percentage of market share, there would be screaming left and right about how insecure OS X is.
Even when scaling things down, OS X is not getting hit nearly as hard as Windows.
On an anecdotal level -- ever seen an infected Mac? The last time I did was about two years ago when someone decided that the copy of iWork '09 available on a P2P distribution was a good idea, and downloaded a Trojan horse.
Now I'm just waiting to be modded troll....
Well at least your self-evaluation skills are good. Your logic and factual knowledge...not so much.
In sweeping broad-brush generalizations, Apple, as a culture, is far more commited to security than Microsoft has ever been, right down to the dreaded walled-garden approach to, well, everything the make.
So what? The user still had to type in the admin password to run the installer. To install the botnet (and the other software). Admin password gives you admin privileges and anything can be done then.
This is not the same as drive-by/scareware/malware installations that typically no user interaction, except maybe a single click in the case of scareware.
There are two types of people in the world: Those who crave closure
But let me tell you how that number of viruses got onto your friend's Windows machine - he put them there. Or you're exaggerating. Or a bit of both.
They complained their PC was running slow, we asked whether they'd run a virus scan and when they did it claimed to find forty-eight viruses.
And no, they're just an average user who does some web browsing, they don't download dodgy software or visit porn sites. Their kid does have an ipod, so we're guessing it may have got infected and spread viruses to the computer when plugged into the USB port.
How come every other OS doesn't need a virus scanner & adware blocker and constant vigil to keep them up to date?
How come every other OS requires elevated privileges to install applications system wide? Like UAC should - yet scareware gets installed with just a click.
There are two types of people in the world: Those who crave closure
OS X users generally aren't the enemy of Windows. Windows zealots bring the fight to them, not the other way around.
Number of "Apple switch" clips I've seen targeting Windows users: Lots.
Number of "Microsoft switch" clips I've seen targeting Mac users: ...gee I can't think of any. I've seen some parody things spoofing the Apple switch ones, but they weren't produced or endorsed by Microsoft.
There is also another argument at well, which not just applies to OS X, but Linux, AIX, Solaris, and other platforms:
Windows has always been a commercial, closed source platform. Developers write on it because it brings them cash. In general, there is no respect for the platform itself, so people don't think twice about writing malicious code. There is no respect in general by developers for it. This puts Microsoft in a bind because they have to drag lazy coders kicking and screaming to allow for basic security features (not running with Administrator rights.) Another example of this was Vista's more secure driver model. A lot of hardware makers released alpha/beta quality drivers, stuff broke and users bitched, and the companies told the end users to blame it on Microsoft, when in reality, it was the laziness/incompetance of the hardware/software makers.
However, other platforms don't have this issue. Devs tend to have some respect for $OTHER_OS. Even when $OTHER_OS gets a fundamental change which requires a lot of man hours for applications to work with the latest version, devs grumble, but they do it, and they put out at least a usable product, and a good product in their 0.0.1 or 0.0.2 release. On $OTHER_OS, devs know that malware will reduce their whole ecosystem base (when users move away from that platform), so are not going to write malicious code.
Because of the fact that programmers tend not to shit where they sleep on non-Windows platforms adds significantly to why Windows gets singled out for attackers as opposed other platforms like Solaris.
Actually, life is integral to the definition of evolution. See, evolution is more than just mutations....
If you ignore ACs because they are anonymous - you're an idiot.
That is overly simplistic, Fox News style approach to logic. Yeah, it seems like common sense, but without actual scientific evidence that this is true, it's conjecture on the part of basement dwellers everywhere.
Why would anyone write legitimate software for less than 10% of the market (yet they do)?
I would throw my conjecture out there too and say given Windows open architecture, it's easier to write crap for it. But I don't have anything to back it up except for making a shallow, sarcastic comment like, "gee, I don't know..." Equally snarky would be, "people who are dispicable enough to write malware probably know Windows, because they generally have made bad choices in life", but I won't say that.
The Samba FD_SET memory corruption vulnerability hasn't been patched on OS X yet as far as I'm aware. Privilege escalation exploits aren't rare on Windows, OS X or Linux, but Apple tends to be the slowest at patching them.
nor do they evolve in the biological sense.
You:
Or perhaps the word "life" is not actually included anywhere in the concept of "evolution".
No, but it is included in the concept of biological evolution. Bio - latin prefix for life or living organism. It's also funny that in the same breath you're arguing about the ridiculous of God creating things while simultaneously wishing to redefine evolution to nonliving things which would include the evolution of things made by a creator (like cars and computers totes evolving!) which is the same argument creationists go with.
That's because.... (wait for it....)
once you go Mac, you don't go back.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
If I'm not mistaken, OS X users generally aren't the enemy of Windows. Windows zealots bring the fight to them, not the other way around. It appears to be a confidence issue, or a lack of confidence issue, on the part of Windows ops.
Excellent comments. For example, as an OSX user, I cannot recall the last time I've called out somebody's sexual preference for using Windows.
Malware these days is about money.
I'm going with this ono too. Since MS users are more stingy and Mac people give money away easily, I'll take it that Mac people don't need viruses because they are just willing to cooperate. Also, many just give their information away in facebook and they also seem proud to show they have Apple products.
I'll go with Apple is safe because users just don't care to pay more, as long as the computer seems to run fast.
I agree - it's why I never (and to be honest most people who understand) say that OS X is not "immune" to threats, but is well protected in general - for example, SAMBA is not on by default in an OS X install which helps to limit the damage.
Windows probably wouldn't be half as bad as it was, reputation wise, if it shipped with things off by default.
I'm not seeing the issue with the OpenSSH one - the most recent version of OS X that is vulnerable is listed as OS X 10.1.5, which is *ancient*, and the page was updated in November 2007 according to the site, which is after OS X 10.5 shipped, so I assuming that 10.2 and above are not vulnerable to this?
nor do they evolve in the biological sense.
Malware authors do not evolve biologically. They can't actually be expected to shower, can they?
I don't want to argue semantics here but a virus scanner or an adware blocker do not keep a system up to date - they keep malware off it, you're (unintentionally?) mixing stuff up here.
The reason you need both of them is because of the amount of malware that makes use of flaws in extended privileges on Windows - that's partially down to bad design by forcing users to run in administrator privileges too much. I've not used any Windows beyond XP (mainly Linux) but I understand UACs are supposed to be a defence against letting software install with too high privileges.
But you can lock Windows down with user-only privileges, but how well that works for deeply-hooked applications like Outlook or IE I can't really say.
You do need to install updates (of course) but that's equally important on any OS - on a UNIX-like one, especially so if you're running network daemons that can be attacked from outside.
So by design, you're less likely to see a virus propogate across UNIX machines but it doesn't mean they're automatically safer because they do generally expose more potentially vulnerable daemons to the network - so more prone to different types of attack.
Gentoo Linux - another day, another USE flag.
Regardless of percentage, there are reckoned to be c. 94 million OS X users. Is that still not enough? As we all know, Mac users are computer illiterates with far more money than sense. Surely this sector would seem ideal for targeting by malware writers?
Assuming the reason for the lack of malware is NOT the inherent robustness of the OS; and it's NOT the market share: then what IS it?
THIS!
Further, if 5-10% market share is good enough for legitimate software developers to code for OSX, why isn't that good enough for malware authors?
So, when is the release date; and will there be an opt-out?
Now I'm just waiting to be modded troll....
You should be. There was no article to read and yet you still missed it: Trojan. A Trojan is a program that tricks the user into doing something they don't really want to do. THERE IS NO PATCH TO FIX THE USER. Has absolutely nothing to do with the security of the OS and everything to do with the user being stupid.
Still... For your "malware is proportional to market share" Internet forum regurgitation to work, it must be a given that all software is equally broken and insecure. We know this not to be true or there would be no point in applying a service pack to the desktop os with the leading market share. Clearly if software can be made better (eg service pack) then not all software is equally broken.
Sure, the market share increases the attractiveness of the target. However, as significant as it may be, it's only one factor of its attractiveness. There is another very significant factor: ease of exploit discovery and implementation. For some time Windows had had BOTH popularity and easy to break.
A large bank or casino might be an attractive target for having lots of money, but a smaller bank in a lower population area is often a more attractive target despite having less of what thieves want. Why? It's easier.
Stop pretending that there isn't a fucking thing poor MS or Adobe can do to to improve security. Any MS fan boy can point out periods of time where MS had improved security significantly. It wasn't a market share fluctuation that allowed them to do it. Wake up. Software is insecure and buggy chiefly because of poor development practices.
Put your money where your mouth is and show me some numbers. Show me a graph of infection rates and market share. And really has the market share changed enough to even be a reliable metric?
Are Firefox exploits proportional to its market? Are IE's or Chrome's? Show me the data. At least the browser market has significant variation in market share.
I've yet to see the supporting data. Even still you'll bring it up every single security related article to "prove your point." I don't know what else to call that other than trolling.
People who stayed with Windows until now, even after years of abuse by Microsoft, have done so either because they got locked in good, or because they cannot fathom how to combine words "computer" and "security" in the same sentence.
Windows user can, in fact, combine the words "computer" and "security" in the same sentence. They just add "lack of" between the two.
Avoid the MS tax, always buy I.B.M. PC's (I Built-it Myself)
Why spend time developing an exploit that will target at an extreme maximum 10% of the market, when you can spend the same time and effort and target 80% of the market? Given an equal amount of work, would you not choose the option that yeilds a significantly larger ROI?
The same reason tens (hundreds?) of thousands of developers spend 100% of their time and effort targeting less than 10% of the market by writing legitimate stuff for OSX and iOS?
... - just because you run Apple doesn't make you special.
Every time I tell my apple users this, they tell me I am wrong. They are special for using macs.
Then again, this is the same group of people that told us to replace all the projectors since none of the them had a mini display port input. Using the dongle adapter (from apple) ruined the look of their mac.
It's always interesting to see the number of anti-Apple posters increases on work days, while on the weekends the fanboys reign. Does it pay well to post "comments" on public forums? I guess it doesn't pay enough to work on weekends...
Most people I know browse Slashdot as a means of taking a quick break from work. Personally, I have a life, and I'm too busy living it on the weekends to bother posting to Slashdot.
Coders, coding. Or "God" if you prefer. Computer viruses: the creationists' wet dream.
Mod parent up!
evolution
ev-o-lu-tion
noun
1. any process of formation or growth; development
2. a product of such development; something evolved
3. Biology: change in the gene pool of a population from generation to generation by such processes as mutation, natural selection, and genetic drift.
If you're going to be so pedantic, at least don't be so wrong / off topic. Evolution != biological evolution.
As an aside, I've never heard of any creationists arguing that biological evolution should consist of non-biological changes at all.
I know a guy that recently switch to Mac from Windows for his photography business. He was annoying. Posting about how amazingly stable his Mac was on his facebook page a few times a week. Then he had some hardware problems crop up in his machine. Haven't seen much shouting from the mountain since then. :D
So they wait for a privilege escalation exploit. These are extremely common on all three of the major platforms, but Apple has historically been slower to patch them than both Windows and Linux. Although recently, Apple has been looking to make improvements and get patches out faster.
Blah blah blah, I have a doctorate in a biological field and I am an atheist. Learn to read, yeah? That's not my argument at all. The device I was using is called sarcasm.
Evolution exists on a molecular level, which is far more fundamental than the broad and ancient definition of life. Our new understanding of viruses and prions actually challenge some of the ancient notions of life which only considered the cell as the basic unit of life. However evolution is not concerned with the differentiation of cells, it is concerned with the mutation of DNA and proteins that make up those cells. Any phenotypical change in an organism must have an underlying genetic mutation. Since viruses contain either DNA or RNA, they are subject to the same evolutionary forces as cells are, even if you don't consider them "alive" because they don't fit your "cell" theory. It gets even more fun with prions since even DNA and RNA are not involved.
However I suspect that this is way above your head.
Seven puppies were harmed during the making of this post.
MacOS 9, with a much smaller deployment base than MacOS X, had TONS of viruses for it.
I'm not so sure you're using that word "TONS" correctly. The Macintosh Virus FAQ says there were about 40, which includes "related threats", stuff like: a disk that had a Windows virus on it managing to do some damage when the Mac was running emulation software, and malicious Hypercard stacks.
Your sig ( "Friendly Reminder: Apple, Google, and Nintendo are the three for-profit corporations a Slashdotter is permitted to like." ) confused me, until I realized that most people probably don't realize that Red Hat consider is technically a for-profit corporation.
/me: ducks
If you mod me down, I shall become more powerful than you could possibly imagine.
but that many is a sure indication he's been downloading dodgy software, games, or serial cracks, probably via BitTorrent.
Does it really matter? I don't think "Use Windows 7 because it's really secure if you avoid dodgy BitTorrent sites!" has a very good ring to it.
I mean, if that's what I use my computer for, I certainly don't want it to be vulnerable by default.
Not to mention, there probably isn't anything you can do with RATKit (or whatever it's called) that you can't do with a one-line perl invocation.
If you mod me down, I shall become more powerful than you could possibly imagine.
Not only that but due to the complacency (Apple is immune to viruses) and ignorance (I don't want to know anything about computers which is why I bought an Apple) of the average Apple user base, it is an audience as extremely ripe for the picking ...
Yet it still hasn't happened. How could this be? Perhaps the the "average user base" aren't as broad-brush ignorant as you claim.
WHEN Apple gains enough market share to be interesting to write specific malware for, I expect to see infections on a massive scale. I must say it couldn't happen to a nicer bunch of people.
That says loads more about you than it does Apple or Apple users. It also provides a good insight to the foundation of your incredibly juvenile logic.
The smart criminals (if there are such things) will go to the rich neighborhoods where people feel so safe that they don't even bother to lock their doors...
Yet they don't. The keep robbing the same lower class poor people they live amongst instead of going to the fancy neighborhoods.
The same thing is at work here with malware authors. Why leave your crappy Windows neighborhood to go break into some fancy OSX house?
Well, Aircrack and Metasploit are also marketed as TOOLS but are more often used for hacking. A simple Google search would tell you that DarkComet-RAT is used for "hax" and "bots."
FWIW, I agree with the GP.
No responsible IT professional has looked for a half-decent remote admin tool, seen something calling itself "darkComet RAT" and thought to themselves "Hey, that looks legitimate!". Same's true of BackOrifice, and for the same reason - the very name stinks of blackhat stuff, which is absolutely the last thing any respectable IT professional wants to be associated with.
How is that more secure?
Quite obviously, it increases the security of one's occupation, as Windows will forever have security issues, thus, there will always be a need for a Windows guy to say "hey, our ship is tight." Meanwhile, the true security experts that are in the midst of massive Windows installations does indeed have trouble sleeping at night. Or... at least he should.
Actually, no, it's not obvious.
What exactly does a typical piece of malware need to do that cannot be done as a non-admin?
Run at boot/login? Nope, don't need to be an admin.
Run without presenting any obvious UI or other sign you're running to the user? Don't need to be admin.
Read the user's files and data? Obviously not, that makes no sense at all.
Establish a TCP session with an arbitrary server? No, anyone can do that.
Send a copy of itself by email? That's no different to sending any other attachment. Anyone can do that.
No one should go anywhere NEAR the back door without a Trojan.
Surprise! Script kiddies have finally realized Mac users would make for easy targets. After all, they haven't been trained to install eleven malware scanners and click "cancel" on every popup that comes along.
How is this deemed newsworthy ? It's a computer, it's gonna get rooted. Hell, even BeOS had malware, and that OS was used by all of seven people.
-Billco, Fnarg.com
Speaking as a Mac owner and user (among other OSes), there's a certain amount of truth to this.
Macs are generally more expensive than non-Macs, so, by and large, you'd expect a Mac owner to have more disposable income than somebody with another computer. (I'm deliberately not getting into why they're more expensive, or value in relation to cost, or why people are willing to pay more.)
Macs are rather rare in the corporate world, so the marketshare is concentrated among home users. Any modern OS is hard to crack when well administered, and I'd expect workplace computers to be better administered than home computers, with real firewalls and such. (In addition, workplace computers are often locked down enough to stop users from installing trojans, and with web blockers that will keep users off many of the more dangerous sites.)
Macs are also marketed to appeal to those not quite comfortable with computers, so you'd expect a good many Mac owners to be fairly clueless, quite likely more proportionally than Microsoft Windows users (which are on the whole a pretty clueless bunch).
So, there's close to a hundred million users, which probably have more disposable income than most, and whose computers are generally badly administered. You would think that would be attractive.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
::Grab keyboard with two hands and smash into forehead::
As an IT admin, I think I'll run for the hills before my customers get infected. Better yet, maybe I should just call the police and tell them I read about a new trojan online and let them deal with it. Eek!
I knew I would be modded troll however because kids like you can't stand any negativee comments towards Apple, however accurate and factual they may be.
And no, Apple is fucking appalling at security. Sorry.
If you ignore ACs because they are anonymous - you're an idiot.
OpenSSH is pretty good at the moment - it's like all software, when a new major release comes out, you're probably more likely to see vulnerabilities reported but after a few dot releases, it'll usually be pretty good. Having said that, 5.8 was released earlier this month and had a security fix from 5.7 so even I should have a look and see what that one's about.
All I'm really trying to say is maybe scan your systems to work out what's running and what version the stuff is - then keep an eye on the security alerts from CERT, Security Focus or wherever.
Gentoo Linux - another day, another USE flag.
I'm not trying to offer any moral guidance here, I'm just stating the fact that if you go to dodgy parts of the Internet then you're more likely to pick up something nasty, especially if you download something that's some kind of executable program.
I stopped all that stuff years ago and haven't had a virus since - my view is that the amount of time I spent fixing virus-ridden PCs wasn't justified by the amount of money I saved running cracked software. If you or anyone else believes otherwise, that's fine, you now know the risks.
And whilst I agree there are no known viruses for Linux or OS X, in both cases you *should* pay more attention (than you would on Windows) to running daemons, stopping any that you don't need and keeping the ones you do need updated. That's standard UNIX security stuff across all the flavours of it.
Gentoo Linux - another day, another USE flag.
This is your wake-up call, macHeads. We march at dawn.
Windows has always been a commercial, closed source platform. Developers write on it because it brings them cash. In general, there is no respect for the platform itself, so people don't think twice about writing malicious code. There is no respect in general by developers for it. This puts Microsoft in a bind because they have to drag lazy coders kicking and screaming to allow for basic security features (not running with Administrator rights.) Another example of this was Vista's more secure driver model. A lot of hardware makers released alpha/beta quality drivers, stuff broke and users bitched, and the companies told the end users to blame it on Microsoft, when in reality, it was the laziness/incompetance of the hardware/software makers.
As much as I dislike Microsoft, I have to agree here. We'll give credit where it's due: Microsoft has been trying to get devs to write apps that run without admin rights for years. If I recall correctly, there was even a beta version of Windows that caused beta testers to complain because it made the first user account (after administrator) a limited user by default instead of an admin user. (can anyone remember which it was? escapes me ATM)
That said, however, I have to disagree with the "market share" idea. If that were the case, then there would at least be a few (a hundred or so) working viruses for the Mac. We don't see that. We see zero working viruses. I think it's less a smaller target and more a harder target. Can you write a virus for the Mac? Probably. Is it as easy as writing a virus for Windows? Doubtful. How do I know? Because of the fact that there are so many non-functioning viruses for the Mac, but zero working. If it were as easy as Windows, then people would do it for kicks. As it is, script kiddies can't hack it with a script, so they don't try, because they don't want to embarrass themselves in front of their friends when they fail, so they stick with Windows and show off their "l33t sk1LLz".
Does any of this make OSX the ultimate operating system? Not by a long shot. There are a number of things about the Mac that I'm not too crazy about, but they're minor. For instance, you can't disable mouse acceleration without a third-party hack. I still haven't gotten used to that. But at the moment, it's hard to get a virus on a Mac. You have to either be amazingly stupid (which, admittedly, describes a lot of people), or you have to be trying to get a virus. I'll put up with the mouse acceleration.
To be quite honest, though, I think that the virus problem will only disappear when rampant idiocy among users disappears (e.g., never). As long as there are people that click through the OK button without reading what the dialog says, typing in their password whenever asked for it (also without reading) . . . you are going to have viruses. No amount of virus protection or secure design will defend against determined stupidity.
I'm sort of lucky as a network admin on this one. Whenever anyone gets a dialog that they don't understand, they panic and call me. I'd rather put up with running up to the office every hour or so to click "ok" for everyone than spend countless hours scraping viruses off of computers. Most of them freely admit to being computer stupid - even my boss ("that's why we hired you"). And no, I don't give admin rights to anyone, but time and experience have shown that you don't need admin rights to get a virus or spyware.
(To be fair, I have to say that removing admin rights makes Windows a lot more secure than the statistics would give it credit for. I still think OSX is more secure, though, simply from experience.)
Do you have sex with strangers? Well, duh. Don't. Likewise don't inject strange software into your system.
I don't want to argue semantics here but a virus scanner or an adware blocker do not keep a system up to date - they keep malware off it, you're (unintentionally?) mixing stuff up here.
>
I think you misread his statement. He said:
How come every other OS doesn't need
a virus scanner
&
adware blocker
and
constant vigil[ance] to keep them up to date?
He's talking about keeping the scanners themselves up to date.
As far as non-admin privileges is concerned, in my own experience administering 50+ windows machines, you can lock a machine down, and any Microsoft software will do okay (or, as okay as MS software ever is). There are a few applications that will actually check for admin privileges through various methods, and refuse to run. If you can manage it, refuse to buy them. That said, however, it's not a silver bullet, because I've seen viruses get on a computer without admin privileges.
And yes, run updates on ANY operating system. Experience, again, has told me that on Unix machines, that only applies to security updates. Others (e.g., feature additions) should only be installed if needed, e.g., if the new feature is necessary.
So by design, you're less likely to see a virus propogate across UNIX machines but it doesn't mean they're automatically safer because they do generally expose more potentially vulnerable daemons to the network - so more prone to different types of attack.
Careful. That would go for any server-type operating system. Unix and Unix-like desktop OSes generally have the firewall enabled by default, much like in Windows. Any server, however, would have services exposed because it's supposed to.
I'll give you credit for at least posting a link, but I have to call you on it. The latest version of OSX vulnerable to the OpenSSH vulnerability is 10.1.5, which is patched, and the other has also been patched. Both are patchable just by doing Apple Menu->Software Update.
And ya, I know you said they were possibly quite old, but still. :)
To be fair (because it applies to Microsoft, too) buffer overflows are 1) extremely hard to detect and fix, and 2) extremely hard to exploit. It sort of boils down to bad habits on the coder's part.
From the advisory:
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 3.5.7 has been issued as security release to correct the defect. Patches against older Samba versions are available at http://samba.org/samb/patches/. Samba administrators running affected versions are advised to upgrade to 3.5.7 or apply the patch as soon as possible.
I believe this patch works with OSX as well. Not surprising, because OSX is POSIX-compliant. Even if it didn't, Samba is open source, so it's probably not too hard to find out where the source was fixed, apply it yourself, and recompile.
I'm not trying to offer any moral guidance here, I'm just stating the fact that if you go to dodgy parts of the Internet then you're more likely to pick up something nasty, especially if you download something that's some kind of executable program.
It's sort of like "if you sleep with a sleazy girl, then you're more likely to pick up something nasty." Good point, although there are other waysthan that to get viruses/trojans/spyware/scareware/$CATCHY_NEW_TERM$ware.
Interesting assertion. I assumed you were right, actually, but was prepared to argue that this would be due to convenience. It's easier to rob your neighbor since he's closer... Where there are more thieves, we expect to find more burglars. However, according to my city's crime statistics, the number of incidences of "Burglary of residence" was much higher in wealthy neighborhoods than in poorer neighborhoods. All other crimes were much higher in the poorer neighborhoods.
A lot of hardware makers released alpha/beta quality drivers, stuff broke and users bitched, and the companies told the end users to blame it on Microsoft, when in reality, it was the laziness/incompetance of the hardware/software makers.
No a lot of makers released alpha/beta quality drivers for Vista because they never thought MS would actually release on time. If you remember the history of Vista, MS scrapped their original code base and delayed the release several times. Even then makers were less than sure that MS wouldn't change the model before release.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I haven't needed an AV since Windows 98, and even then I only used it once when my Word document I was working on in the public library got infected. It's all about safe browsing. The AV is for after you're already infected. Safe browsing can be done on every browser. Just use your intuition and don't click on random shit.
Linux:
http://www.zdnetasia.com/linux-world-dismisses-new-trojan-risk-39009405.htm
The variant of a two-month-old Remote Access Trojan that attacks Linux machines has been categorized as a low risk. A Remote Shell Trojan (RST) is making its way around the Linux community, but security experts say it should not pose a risk if users are vigilant with the programs they run.
Fandroids hate facts.
Interesting counter, however I actually have the data (my work specializes in crime pattern analysis and visualization software). Property crimes are directly (inversely) proportional with income levels, in Central Texas, at least. Maybe San Antonio is an outlier, since the whole town is a sh!thole, but Austin shows the same patterns.
And yes, I think it is due to convenience...kind of like most accidents occur close to home (because we are usually driving close to home, or at least we are driving close to home more than we are not).
Also, it is more likely a poor person isn't going to report property crime to the police since there is a high likelihood they don't trust authority, and/or they don't have a lot of stuff to be stolen.
I think maybe because it's Texas, our data are different because our crazy citizens are packin' and our crazy laws let us shoot first and ask questions later.
That's basically irrelevant. Barely anyone using OS X is going to go grab the source and compile it. Until the fix is issued from Apple's updater the vast majority of machines running OS X remain vulnerable.
Even if this was a super evil virus tool, it's got the same problem that every other mac 'virus' has- How do you get it on the system?
The last so-called 'Mac Virus' required roughly the following steps:
1. Go to dodgy porn site
2. Attempt to watch shady video
3. Download dodgy video codec no one's every heard of in order to watch shady video
4. Mount DMG file of dodgy video codec no one's every heard of
5. Run installer for dodgy video codec no one's every heard of from DMG
6. Enter an administrator login for installer for dodgy video codec no one's every heard of
That wasn't a virus, it was a cleansing of the biggest idiots from the mac community.
Why will this be any different? There's a billion remote admin tools that can be used maliciously for OS X- but it's not a trojan unless you can install and configure it without the user knowing, or better yet without them doing it themselves.
There are so few that the OS itself includes the signatures (or blacklist) to prevent that iWork/Photoshop trojan, specifically.
Windows is just as susceptible to this kind of attack, except most users are running anti-virus software.
The few trojans and malware which have been mildly successful on OS X were blocked at the OS level by Apple. Obviously they aren't using some huge list of signatures but at this point it's not needed, and until the list is more than a few entries there's not much point to install a full fledged anti-virus to spend its time searching for Windows viruses.
OS X separations administration from normal user accounts (though users are quick to give away that password), it includes an easy to configure firewall which can even be more highly configured through third party tools, and it blocks the few pieces of malware that have been released for it. It does fail at not falling prey to zero day vulnerabilities (Pwn2Own). Not really sure how any of this points to a lack of even basic protections.
The advisory says it's a Denial of Service, where's the privilege escalation?
Samba is not turned on by default. Even turning on File Sharing does not turn on Samba, you actually have to go into a separate options window to enable it. The DoS is possible, but not out of the box, and it's also apparently unpatched in quite a few Linux distros (Fedora being largest).
The lack of running services out of the box has always been one of the "security" features of OS X against traditional Windows-type flaws. The main service running out of the box that I can think of is bonjour/mDNS, which is running under a separate non-privileged account.
Apparently, some people don't notice the warning and timed delay involved when installing add-ons to firefox. I've often wondered about solutions to user complacency in such matters...
As far as a user application having full access to your data - this is pretty much the norm for everybody. The problem is that we only think in terms of user-level security and hardly any thought / design is given to security within the user's account. Sandboxes are a hack and not a real solution.
Firefox running under my account should be restricted to a subset of MY account - not another sandbox user with hacked in bridging so I can actually use it.
Couple ways I can think of right now that would fix this but they require significant changes to the OS... except OpenBSD which has the hooks to pull off many ideas (probably this is where the solutions will come from.)
I shouldn't need a 3rd party 'reverse' firewall to control what apps do online... I shouldn't have to create complex to impossible sandbox hacks to limit apps to their domain within my account. The fact that we have to do such things indicates a need for more design.
Democracy Now! - uncensored, anti-establishment news