Slashdot Mirror
AppleCare Reps Told To Skirt Malware Questions
Dominare writes with this bit from ZDnet: "'A confidential internal Apple document tells the company's front-line support people how to handle customers who call about malware infections: Don't confirm or deny that an infection exists, and whatever you do, don't try to remove it.' So basically, now that Macs have their own equivalent to XP Antivirus the best you can hope for is to be pointed at the store where you can buy something that may or may not fix your problem ... nice."
apple buries their heads in the sand just like most of their computer users....
You, sir, are an idiot.
Privilege escalation?
Right, because root privilege escalation bugs don't exist in OSX.
Fan boy tool.
If you think Apple software is inherently secure, read up on some of the past Pwn2Own contests.
Don't kid yourself - the only reason OS X doesn't have much malware (yet) is that Windows is used by far more people and is therefore a juicier target.
oh just you wait.
if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
I've never had such experience with my Windows box nor have millions of other Windows users. If they did, they would leave Windows by the millions a day looking to either OSX or word of Linux would spread like wildfire (like Facebook did for millions of people).
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Yup. And Linux's dominant market share in the server space means that it's an even juicier target. Which is why you hear about so many pwnt Linux boxes on the web.
Microsoft doesn't support removal of the hordes of malware on it's platform either.
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers. I feel safe with OSX and have no need for antivirus. If you give our your root password to a random program, well, you're stupid. But if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
It's a new thing for Apple. They haven't had to deal with this much at all before, and a lot less than in the Mac OS 9 days and before. So there's some growing pains while they get their procedures worked out.
Meanwhile, if you get a rootkit or malware on Linux, well, you'll get a lot less support than Apple is giving right now, unless you have a contract with Red hat or someone ... and maybe not even then. So it's not like this kind of support is easy to provide by default.
Remember that EULA what you got with your software? Software provided "AS-IS"? The GPL has that clause, too. It's the state of the industry. It's not an easy problem to deal with, like unplugged power cords or using the wrong mouse button.
but windows do have millions of PCs infected with various malware.
I have. The original XP did not spin up its firewall by default, and also started it after networking. I've seen people reinstall XP to get rid of some malware, only to have software popping up ads on their box before they finish the first boot.
To be fair, I have never had any malware with OSX and I'm certain I will not..
Welcome to relevant market share.
We Linux guys got the problems long enough, i also had to reinstall a VM because i forgot to change a default password.
You think XServe is dead because it was better?
I've never had such experience with my Windows box nor have millions of other Windows users.
Weird. I remember a co-worker doing a clean install of Windows XP on a PC a few years ago and it had been remotely infected by a worm before it even managed to install all the security updates from Windows Update.
And yes, giving it an unfirewalled network connection was probably a bad idea.
Jobs 3:16 For in this way Apple loved the world: that he gave the unique OS, so that all the ones trusting in Apple would not perish, but have eternal life.
Certainly the best way to deal with a problem is to deny that it exists altogether. I guess so long as people have faith that a mac is somehow immune (be it to actual virii or user error induced malware installs), and they keep selling, that's all that matters.
Steve must have been taking lessons from some govn't agencies.
Sent from my PDP-11
they must think so, evidenced by they don't massacre each other. of course if they had secret deals to buy (on credit) billions of WMDs, then they might have to kill each other off, just to get out of debt. we're smarter than that?
To be fair, poorly configured linux servers are pwned all the time.
But if you use Windows you get infected just by connecting to the internet.
What utter nonsense. Any version of Windows from XP SP2 onwards has a built in firewall. For earlier versions of Windows a program like ZoneAlarm will do an exceptionally good job (arguably better than the built in Windows Firewall, depending upon what you want). Modern browsers have anti-phishing and anti-malware stuff built in. You have to go out of your way to get infected these days.
Since I started using Windows in 1994 (after being an ignorant Unix using Windows hater) I have not had one virus/trojan/rootkit infection. Not one, in 17 years. Sure if you go to the wrong sites and download the wrong stuff, or download stuff you know has been hacked/cracked/pirated then you open yourself up to problems (as my brother in law did and ruined his PC, but that was his own fault, nothing to do with connecting to the internet, everything to do with his behaviour).
I still use Linux and Windows. Both are great. I don't use a Mac as I don't see the point paying a huge premium to have incompatible hardware that performs no better than a decent x86 PC that can run Windows or Linux.
Yes, because, as a lazy sysadmin *I* never had a box "pwnt". Guess what: I had. Never leave a Linux box running for over 1 year with no patches, on the public net, with WWW and SSH running in default ports. Get real, anonymous fag: linux is open source, and its release cycle is much faster than the other OS's. It's a moving target.
That, and no fanboy geek will ever admit he had a Linux box owned.
Apple declares: Fuck it, we're evil
"But our stuff is sooo good. You’ll keep taking our abuse. You love it, you worm. Because our stuff is great. It’s shiny and it’s pretty and it’s cool and it works. It’s not like you’ll go back to a Windows Mobile phone. Ha! Ha!"
http://rocknerd.co.uk
OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
Security by association? Many windows holes aren't a direct attack on the kernel either. Most expose vulnerabilities in network services or commonly used apps. If you think that OSX is immune from infection due to some mystic link to an OS written by bearded folk you're delusional. Every programmer at some point leaves a bug that could be exploited in a network attached program. Even programs like OpenSSH (with your precious BSD heritage) have had their fair share of vulnerabilities in the past.
Malware is a money making industry. If it becomes profitable to attack OSX, and if OSX becomes common enough to allow viruses to spread (if a certain percentage of a population is immune viruses are often prevented from spreading) you can kiss you sweet security by link to bearded men goodbye, as well as security by lack of motivation.
Heck there was a denial of service attack that could be performed on Windows as a result of the Bonjour service. What is Bonjour service? Something written by Apple installed with iTunes.
I hear that Sony has some "recently available" security engineers, maybe Apple should hire them to work the phones.
Shouldn't front-line support people actually know if it's actual bad malware or not? If it is, this is remarkably stupid to neither confirm nor deny that it even exists. That seems like it came from marketing, not tech support. sigh.
Enough said, although the internal memo from Apple smacks of "cover our ass" legal hot footing - they pretty much say "go look this up on the internet", which is not a great response, although this isn't actually a public response. No doubt there will be something forthcoming soon.
AppleCare techs *have* responded to people about how to remove it, although I guess that's not policy now, although given that it's still "an issue in progress" I expect these are temporary policies while they hammer something out - like a malware tool, or some specific legal thing. No doubt it will be trotted out every time a security issue comes up, along with the trolls saying things like "it takes years for apple to respond to any security vulnerability" (+5 insightful). mmm. Tasty truthiness!
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers. I feel safe with OSX and have no need for antivirus. If you give our your root password to a random program, well, you're stupid. But if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
...and the Steve was God, amen.
Yep, people seem to forget how much "Hackers looooooooooooooooove noodles". http://en.wikipedia.org/wiki/Ramen_worm
Code softly but carry a big magnet.
All you have to do is go into Safe Mode. http://support.apple.com/kb/HT1455 Then go into the Applications Folder > Choose MacDefender.app > Move to Trash. (in Safe Mode) Reboot normally and reset Safari.
Seriously, if you knew how many websites were running on un-patched Fedora Core 1 installs you'd shit your pants. And the thing is, they don't usually make the news because the 'sysadmins' (often web developers who know just enough to be dangerous) have no idea their boxen have been rooted.
hey, this is a web page claiming that your infected, click ok!!
umm, you clicked cancel, you really want to click ok, ok??
you know, it doesn't matter which button you push, both result
in the continuation of this racter like discussion.
wow, you clicked ok, wait while I install some software to 'help' you.
oh, while installing I noticed that I will need your password to continue....
wow, you gave me your password, can you google pwn3d ?
works on PC, works on Mac, likely works on every other modern OS.
this isn't an exploit via bug, its an exploit via user, if you drop your pants in front of a glory hole......
that said Apple isn't really helping by avoiding the topic.
Unix, an obscure operating system developed by bored researchers in an attempt to get a better game playing experience.
He's referring to XP Service Pack 1 and before, and most likely the blaster worm. Before MS got their crap together. Real techies know to stay away from any new OS until the second major round of patches come through. That applies equally to Windows and OSX.
Apple employees are directed to not help you fix a problem with a bad application you chose to install AND chose to give root privs to.
And ... ?
I've never had such experience with my Windows box nor have millions of other Windows users.
Weird. I remember a co-worker doing a clean install of Windows XP on a PC a few years ago and it had been remotely infected by a worm before it even managed to install all the security updates from Windows Update.
And yes, giving it an unfirewalled network connection was probably a bad idea.
The final straw for me was the nice Microsoft support person (in India, from the accent) telling me that I'd have to disable my firewall in order to install XP SP1. This was despite me telling her that my cable link was getting several intrusion attempts per second (bad route requests, login attempts, etc.), and I doubted that an unprotected Windows could survive the hour or so that the upgrade would take. AFAIR this was back in 2003-ish, in response to my email complaints that the XP SP1 install failed on my laptop with rather unhelpful messages.
Instead of installing XP SP1, I installed SuSE linux, which later got supplanted by Warty Warthog.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
I was waiting for MS to release such malware. Initially, I was surprised that it took so long, but it had to get to 3.0 before being adopted.
And Linux's dominant market share in the server space means that it's an even juicier target. Which is why you hear about so many pwnt Linux boxes on the web.
Sure, see for example how Sony got their PSN servers rooted and cored. Serves them right for running Windows in the server space. Now if only they had run an inherently safe OS, like Linux...
OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
Security by association? Many windows holes aren't a direct attack on the kernel either. Most expose vulnerabilities in network services or commonly used apps..
Among those: Norton's Antivirus.
to be fair, linux isnt sold to soccer moms in mass
No manufacturer covers malware as part of their warranty. Fun to see all the righteous indignation of this topic, but getting upset about it is utter nonsense. You put it on there, it didn't ship that way. If you run a red light and get smashed into, are you going to expect Ford to cover the costs of it? No, most rational people wouldn't that why there's insurance. If you infect your computer with some malware, well there's anti-malware for that. Guess what, you have to pay for it just like you do insurance.
brandelf -t FreeBSD
Most malware relies on stupid users clicking on, surfing to, and installing crap, something that generally doesn't happen on a modern server of any OS unless the admin is an idiot.
Dell, HP, Microsoft, take your pick. They will say the same thing, not our problem. Why are you people defending idiots who allow malware in their system? Or can't figure out how to remove it, or rebuild their computer? Calling a CSR asking for help is about as good a solution as banging your head on a brick wall, and feels worse.
The crux of the current problem is a setting in Safari that allows the computer to open"safe" documents automatically. The issue with that checkbox has been known for over a year and its one of the things I remember to do is to uncheck it (as it has been defaulted to checked, open those documents.)
Apple could have done an update to uncheck that box, or better yet remove the feature, but it sadly remained and now they are going to have to pay for thier ignorance of the issue.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
Little know that OS X comes wit built in virus protect with the Xprotect.plist... Not advertised because Apple want to keep the impression that Mac's don't get infected.
||| I still can't believe Parkay's not butter.
It clearly says "don't help remove". It does not say anything about not admitting that there is a problem, but obviously people read what they want to read. By the way - it's not an internal document, but an anonymous employee being cited. This article was also posted here earlier today....
The problem is Apple is NOT an OS maker, they are a system maker. In particular they make a unified system where they do it all. If you talk to a Mac head this is one of the things they talk about being so great, that Apple creates a "unified experience" and supports everything. They push the model of "Just bring it to the Mac store," as how you handle support and all that.
Fine but that means that you are going to get questions about malware and the like. They can't play it off with "But MS doesn't help!" They are selling the "We are the company that takes care of you and makes everything," they get to deal with the support calls.
Also, MS DOES in fact help with that shit. If nothing else they publish the malicious software removal tool (which Windows get automatically) and make Microsoft Security Essentials available for free. While they don't do everything, they do provide free tools to help.
A customer of mine had some trouble over the weekend and the genius fixed it no-charge
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers. I feel safe with OSX and have no need for antivirus. If you give our your root password to a random program, well, you're stupid. But if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
This is the problem Apple is going to have when it gains a respectable marketshare, the masses seem to think OSX is magically safe from viruses and malware, when in actuality it's just too tiny of a target.
The headline implies Apple is skirting questions about the existence of malware. This is not true. They are telling their support people they must not confirm or deny that the callers particular machine is infected, because they don't do antivirus malware cleaning support, (Neither does MS).
(If at first you don't succeed, do it different next time!)
I don't see a problem. I'm guessing the vast majority of infections aren't the fault of the OS or hardware. So why should Apple be on the hook to repair some guy's machine who infected himself by running a porn dialer or some app he grabbed off a torrent site?
The reason Sony got bent over backwards was they were running out-dated, unpatched apache web servers with no firewall, not really because of the OS they were using.
Even programs like OpenSSH (with your precious BSD heritage) have had their fair share of vulnerabilities in the past.
Clue me in, what is the "fair share" for a program such as OpenSSH? A zero-day on OpenSSH is the rough equivalent of raising the Libyan flag at the center of the Pentagon.
I can't stand the thinking that buffer overflows are a fact of life. Only if you believe that shoddy workmanship is a fact of life. Subtle edge cases in a tricky protocol account for maybe 1% of the buffer overflows out there. The majority are copy first, ask questions later. There are plenty of these people out there programming computers; very few of these people are accepted into med school. The root cause of most buffer overflows in commercially important applications with large, well-resourced development teams is the network effect. There's a hideous pressure to be first, rather than right, or solid and tight.
Imagine if PC Magazine back in the fat 1980s had a penetration testing department that stamped "did not qualify" on every beta software product tested where any serious failure mode was tripped. But no, if the software could do one important function correctly 10% faster than the next piece of software (by hook or by crook), it was stamped "editor's choice".
In sports forums where there is serious discussion about prospects, this is ridiculed as "saw him good". There's always a contingent out there drooling over the next hockey jesus with the flashy stick move who leaks the puck in his own end ten times per shift, and wailing with incomprehension over why the professional hockey minds have his ass stapled to the bench or racking up demotion miles to a lower league.
The only difference is that in software, your pimply hockey jesus is referred to as the next "killer app". A certain type of consumer is busy drooling over the 30 second highlight reel without any real concern over whether the kid is willing to learn how to play a two-way game for sixty minutes.
Moral of the story: you get what you drool over.
Apple is trying to protect themselves from becoming a helpdesk, which is something they are not. They are very clear about this. The Genius Bar is also, very clear about this. They are not a help desk, and in advanced cases support comes at a price. Just as apple is not on the other side of the phone to teach you what each keyboard shortcut does, they're not there to fix every little computer problem you have. You can't call apple if you delete a photo, and all the same you can't call apple if you clicked a link and had your system violated.
The major problem is that we now have to recognize exactly what this means. This does not mean that the mac is more or less vulnerable, because it's not - it is exactly as vulnerable as it was before. The problem is that as the total users of Apple computers grows, the ratio of of (minority) secure users to (majority) vulnerable users grows in distance. As the Apple becomes more popular, the chance of the user interacting with the system is likely to follow a malicious link, open a malicious email, or fall for a malicious ad, is greater; there is a higher chance that this user is the type of user interacting with the system, as these are the most common users on the internet.
This is a trend that was not witnessed with PCs, as by the time Malware became a heavy component of the PC/Internet world, PCs had penetrated every aspect of the general public. Mom and little brother would follow any link to their hearts content, would want to help the Nigerian Prince, and would feel obligated to save the Penguins of North Africa. Apple has now begun penetrating this market as well, and it can only be assumed that the same ignorance will also affect the Apple community.
You can secure a computer all you want, it's very difficult to keep most people from clicking the latest joke link and falling for any one of the thousands of ads they'll see in a 5 minute time period. The only perfect solution, is to not let them on the computer at all.
I do agree, a correctly configured and updated linux server is a great moving target, and a non-updated one that just sits there, is a marvelous broad side of a barn target.
A confidential internal Apple document
Speaking of security...
As if the 3x inflated price vs the same hardware in the PC world, with more limitations wasn't reason enough...............
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
To be fair, I have never had any malware with Windows and I'm certain I will not. All (read that again, "all") operating systems are vulnerable to malice, and all (once again, "all") operating systems can be made mostly impervious to malice. All it takes is a little proactive prevention. In a system like Linux, it's configuring your security and permission settings properly and modifying software settings so they're not running on default ports, etc. And keeping everything up to date at all times. On Windows where things aren't so customizable, you are usually best off behind a hardware and/or software firewall with realtime and scheduled-scan antivirus software running. On Macs you haven't really needed to worry much because Macs have never been a target for widespread malice. On all systems, user incompetence can completely outdo even the strongest security configurations because all you need to do is download miley_cyrus_real_nude_pic.jpg.exe, run it, enter your root password, and hit Allow Forever on every antivirus popup that opens.
As the Mac market share increases, Mac malware will become more and more widespread. Just you wait. The only reason they have the least viruses (note that they DON'T have NO viruses) is because the market share has been so small that Windows has been a much more profitable target.
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
To be fair, I have never had any malware with Windows and I'm certain I will not. All (read that again, "all") operating systems are vulnerable to malice, and all (once again, "all") operating systems can be made mostly impervious to malice. All it takes is a little proactive prevention. In a system like Linux, it's configuring your security and permission settings properly and modifying software settings so they're not running on default ports, etc. And keeping everything up to date at all times. On Windows where things aren't so customizable, you are usually best off behind a hardware and/or software firewall with realtime and scheduled-scan antivirus software running. On Macs you haven't really needed to worry much because Macs have never been a target for widespread malice. On all systems, user incompetence can completely outdo even the strongest security configurations because all you need to do is download miley_cyrus_real_nude_pic.jpg.exe, run it, enter your root password, and hit Allow Forever on every antivirus popup that opens.
As the Mac market share increases, Mac malware will become more and more widespread. Just you wait. The only reason they have the least viruses (note that they DON'T have NO viruses) is because the market share has been so small that Windows has been a much more profitable target.
I forgot to add that the above steps will mostly protect you from automated attacks. A dedicated, knowledgeable, and well-versed individual trying to manually break your box can probably do so given enough time and just one slip-up on the victim's part.
If you give our your root password to a random program, well, you're stupid.
Actually, you no longer have to give out the root password. The unix security model has long since been replaced on linux and OSX systems with a scheme that accepts your personal password, and "escalates" it to root permission. If you use the sudo(8) command, you may have noticed that it now asks for your password rather than root's, and that suffices to get root permission. This means that if you've given your own password to any of those popup windows that request it, you have given them "root" access to everything on your machine. Unless you have the source code and have compiled it yourself, you don't know what that program did with your password. You also don't know how many databases scattered around the Net also now contain your login id and password, allowing their owners to do the same any time they like.
Yes, this capability can be disabled. But this privilege escalation is enabled by default. Do you know how to disable it? (Without looking it up; be honest now. ;-) I've found that hardly any linux or OSX users can answer this when I ask them.
Really, the only remaining vestige of actual security on linux or OSX is the local custom of asking your permission to do something, rather than just using its cached copy of your password that you don't know about. But we can expect that software is being developed that, once it's tricked you into divulging your password, never asks for it again, but just uses it to get root permission thereafter. And note that none of this requires knowing your root password.
Of course, this is still somewhat more secure than the Windows scheme of doing "system" updates without asking permission, even if you've disabled automatic updates. MS has admitted that this feature has been in Windows since XP. So all it takes is greasing the right palms at MS to get access to this, and you can "upgrade" any part of a Windows box's "system" to include your code any time you can reach it from the Net.
Anyway, lest someone thing I'm kidding, I just opened my handy Macbook Pro, fired up a Terminal window, and typed:
gavving:/Users/jc: id
uid=501(jc) gid=20(staff) groups=20(staff),98(_lpadmin),81(_appserveradm),79(_appserverusr),80(admin),101(com.apple.sharepoint.group.1)
gavving:/Users/jc: sudo csh
Password:
gavving:/Users/jc: id
uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem),8(procview),29(certusers),3(sys),9(procmod),4(tty),5(operator),80(admin),20(staff),101(com.apple.sharepoint.group.1) gavving:/Users/jc:
I typed my own password to the Password: prompt, not root's (and they're different). Note that I became root when I did this. This also works on my two linux boxes.
(Bonus points if you can name the SF novel that the machine's name came from ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
To be fair, soccer moms aren't putting up web servers.
You are welcome on my lawn.
(Bonus points if you can name the SF novel that the machine's name came from ;-)
The Integral Trees by Larry Niven
I did, about eight years ago. I was performing my yearly reinstall of Windows and the infamous W32.Blaster managed to infiltrate my system. It required no user interaction whatsoever and I couldn't even keep the damn computer on for more than 60 seconds to download the necessary patches or removal tool. I had to download them from a second, patched machine. So it's not the norm, but it has actually happened at least once. And I still kept on using Windows for quite some time after that, before switching to Linux, mostly because I had never heard of any alternatives to Microsoft's jewel.
Your group is "staff". You are running as a user with administration privileges, which is close to, but not the same as, root. You may want to make your everyday account a normal user, and keep a separate administration account for times when you need it.
Since when is Linux sold by the Church? You may have been thinking of "en masse".
Remember those botnets that were attempting to distributively brute force ssh, targeting only machines that used OSX? I had machines running Linux and Windows with Cygwin's sshd, and they weren't touched. I heard the botnet members were infected with a Trojan from an Adobe CS crack.
To be fair, soccer moms aren't putting up web servers.
to be fair, soccer moms are putting up web cams all the time.
I'll admit I had a box pwned.
Setup a VPS with a bunch of software and forgot about it for a few months so it never got updated. Logged on and one of the daemon users had a bunch of stuff running on it(Chinese spam going to Chinese boxes, so no real damage occurred) It wasn't rooted or anything but i wiped the machine anyways.
O.o
That was caused by a single exploit - the one MSBlaster became known for using. A firewall, NAT, or security update blocks it - but not everyone has a NAT, and XP SP0 (and SP1?) does not have a firewall, and obviously lacks the needed security update.
Just like my father used to say,
"You got a herpe, son? Now you are a man. Don't admit anything."
woot
Yup. Now you might be able to also guess the names of my two nearby linux boxes, one of them the gateway to the outside world. ;-)
Actually, there are lots of other usable names in those two novels. Niven seems to have decided to make up names that aren't quite the same as any in use by the major cultures on our planet right now, and not many geeks have noticed this. So we get lots of machines named after HHGttG, Star Wars and Dune characters, but none from The Integral Trees.
OTOH, there are also lots of other works of fiction that are rich sources of machine names. I've been surprised that there are so few Tolkien-Ring-themed (Token Ring?) sites around. We've all read that series, right? For that matter, where are all the Harry Potter groups of machines?
But this is sorta OT ...
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
(Emphasis mine.) No, that's a reason, in a long list of reasons. Seriously, you just have not thought about security, if you think that Windows is only attacked because it's common. Windows is fucked up in a way that most other platforms aren't. Wake me up when you have to turn on an .exe file's executable bit before you can run it, like you can on every Unix and Unix-like OS. Wake me up when Windows doesn't come out-of-the-box with something even half-as-silly as ActiveX enabled. And I don't know if this is still the case (I think it might not be) but Windows used to have something on by default, where merely inserting media (e.g. a CD) would cause the OS to immediately load and execute code.
Then, on top of all that, most machine that have Windows, come with borderline malware preinstalled by the hardware vendor. Hey, I'm not saying this is Microsoft's fault; it's not. But it is the reality of the situation and the installed base of machines out there. And it is part of the culture; if someone is willing to settle for Windows, they really are willing to settle for their "ware" being more "mal." That's how they vote with their wallets.
Seriously, Windows is just plain bad. It's below average when it comes to security. MacOS, like Linux, is pretty average. And then there are the good OSes (which nobody likes to use). With equal marketshares, Windows is still going to have more malware than anything else.
Even better is building it right in the first place. There's really no excuse for bad RAM (expeically at the prices Apple charges). Diagnosing bad ram can be extremely time consuming and the symptoms aren't easy to spot (unless it's really DOA). You've drunk the Apple-aide on the iPhone. Rather than complaining a crappy, poorly manufactured product, you're proud that you bought a defective item and then when you identified the customer they fixed it. How much time did you spend going to the ARS, waiting in line, talking to someone to get a defective product fixed.
If you had bought a Dell and it came with defective RAM or flash, you would complain about the crappy quality of PCs. With Apple, a bad product is a way of delighting the customer.
I have to say that in purchasing close to 100 Dells for my company I've never gotten a DOA device or bad RAM.
No, I don't think so. I did it again, typed "id -r -u" and "id -r -g" command, and both gave me 0. My real and effective uids and gids are all 0; I have full root permissions. And I didn't need to type the root password, just my login's password.
Granted, I did this as an admin user. That's also the default setup for OSX, and very few Mac users (and not many more linux users) would have any idea how to correctly set up an account that can't be escalated to root this way.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
http://www.apple.com/support/security/guides/
For starters, @ least. That's CERTAINLY better than doing nothing, which avoiding questions basically, is.
However - doing that guide's points/tips/tricks/techniques?
That's up to the user, or a family member OR pal/friend perhaps, to help them with possibly.
I figure it THIS way:
Sometimes? If you want help, you HAVE to help yourself! It's not like Apple's "not helping" here, either... it's just that like with Microsoft Windows, and yes, EVEN LINUX SeLinux bearing distros?? They do NOT, by default, ship them as "security hardened" as is possible.
Which, imo @ least, speaking "seller to buyer", makes sense: However, guides like this one & others like it??
Sometimes "turns off" things some users want on by default, or wouldn't KNOW how to turn back on themself... from a seller to customer perspective @ least!
Personally, were I ANY of these OS vendors??
I'd ship the OS' "super-hardened" & secured by default ( & let the user assume responsibility for opening up any doors after that, themself!)
(Personally? I think that IF you want to do a job right?? Educate yourself, thoroughly & from reputable sources FIRST, & DO IT YOURSELF! That guide above's a great starting point for Mac freaks imo!)
APK
P.S.=> I've been doing guides like this for Windows since 1997, & yes, they do help/work! See here:
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]
The MacOS X guide's pretty good, & pretty much fairly along the same "generic lines" as what MY guides for Windows espouse (layered security techniques)
... apk
To be fair, I don't know of any OS that is being sold during Catholic religious services.
Oh! Did you mean "en masse"?
So, Apple allows you to install any software you want, by giving it the root password... So a user action. Yet, Apple rolls out the App Store on OS X to avoid this issue, and /. lambastes them because they are making the OS less "free" - so which do you want - the ability to totally fuck your computer up - or a guardian angel?
If you took it to an Apple store they would help. AppleCare "technicians", generally speaking, are Tier I support. Mac Genii are considered tiers II and III. There's a whole lot of stuff AppleCare techs aren't given permission to do, that a Mac Genius will. Not to mention, I'm sure any reputable Apple authorized service provider would be more than willing to help and put it on Apple's dime. I've personally never drank anyone's Kool-Aid, I prefer Macs for home (for simplicity and ease of use), and was a Mac Genius for about 3 1/2 years. I now support about 1000 Windows 7 machines, and a couple dozen windows 2008 servers. They're all infernal machines to me :). The truth is there have been virii for Macs for a long time. One of the big reasons people don't get infected is, you have to authenticate for there very installation. If you're typing your password in to install a package, and don't know what it is, that's the problem, not the operating system.
Are people so idiotic to think malware could be removed with any assurance, or that Apple would want to warranty its removal?
Once malware is installed, the machine, the drive needs to be wiped from a clean machine and restored from a backup prior to the installation of malware. I bet that that's all Apple would sign up to do too.
Do you know how to disable it? (Without looking it up; be honest now. ;-) I've found that hardly any linux or OSX users can answer this when I ask them.
visudo or Gnome's user control panel. But how many things do you know how to do off the top of your head? Are we going back to the days of the ancient Greek philosophers where having to looking up a piece of information was considered a mental weakness?
"When information is power, privacy is freedom" - Jah-Wren Ryel
Have you heard of Jesux?
Customer support should never, ever confirm or deny the possibility of malware on a device. It presents a huge liability issue, especially if there is malware and a chat/phone technician starts snooping around and tries to remove it. Accidental data loss by techs is a huge problem. Security issues should always be escalated to senior technicians. My company has a policy that forbids anyone to remove _any_ data on customer equipment. We've been sued for it before.
Does anyone not notice that this is from Ed Bott's Microsoft blog, just like yesterday's Mac "malware explosion" article was also from Ed Bott's Microsoft blog?
You have to install a virus intentionally, or should I say Stupidly! Most come from torrent copies of pre infected versions of Mac software. Those people with infections deserve it!
When the system asks for your admin password, there's a reason.
Pirates!
so they are the same level as geek squad?
as most geek squad reps just hook up systems to a remote link to get them fixed.
You make some good points, but:
Unless you have the source code and have compiled it yourself, you don't know what that program did with your password.
this one isn't correct. The app doesn't get your password, the system gets your password and give the app permissions.
Unless it throws up a dialog that just happens to look like the system's dialog, of course.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
By definition, this malware is 3rd party software. Users have to enter their admin password to install it. Just like any other third party software, I am not sure why people think that Apple should provide any support for it. For example, if I install some 3rd party shareware program that turns my pointer into a naked girl with bouncy boobs and it causes conflicts with other software or eats up system resources or sends out emails on my behalf, then I have zero expectation for Apple to supply support for the situation I got myself into.
Just because Apple sells both the hardware and OS doesn't mean they have to provide support for or have their staff trained to deal with every piece of software that could possibly run on that machine. The same is true of any computer with any OS. If you are typing in your password to install something, know what you are installing first. Duh.
You do know those 'soccer moms' on those porn sites with the webcams are fake soccer moms?
Once malware has run on your box, it's a wipe and reinstall issue. And if it is a business machine then there are potential legal issues with disclosures and so on. In that environment there is no safe guidance a technician can give.
Help stamp out iliturcy.
The Zdnet article compares an internal apple memo relating to a brand new piece of malware that they're still figuring out how to deal with to Microsoft's stated policy which can be found on their website. It's not exactly a fair or meaningfull comparison, since what Apple will end up doing in the end is not yet known. The Apple memo is just a stop gap measure.
There is a reason for this that most people eager to hate will conveniently overlook, Applecare does not cover malware. Apple is not bound by any agreement to diagnose or remove malware or repair problems caused by an an infected program or file. Also, if a Apple employee were to remove a file from an end user's computer and the computer stopped functioning in any way, Apple would be liable. They don't do it. Don't confuse their unwillingness to do stupid shit that leaves them at risk of a lawsuit as them "skirting" an issue.
Granted, I did this as an admin user...
That right there is why I stopped listening to you. If you follow what the grandparent poster said about giving yourself and regular users LIMITED ACCOUNTS and leave the administration separate you won't run into so many of these problems. (as if they're very prevalent anyways).
...instructing users to perform rituals which include special attire, dance-like moves and chanting in strange forgotten languages?
You know... the usual for such an "institution".
Mit der Dummheit kämpfen Götter selbst vergebens
No, not necessarily. I've run a lot of Windows boxes, and the ones that other people do not touch do not get infected. I've had to remove exactly one malware infestation on a machine that only I use, but plenty of them for friends, family, and work. This is distinct from servers, which are public, stationary targets.
And no, I'm not a Windows apologist. I dislike almost everything Microsoft stands for, but I dislike ignorant haters who decide to spout nonsense simply for the sake of seeing their words on a screen just as much.
It was swamp gas from a weather balloon that got trapped in a thermal pocket and reflected the light from Venus. Your Macintosh is fine. Trust Our Father Saint Jobs.
Yup. And Linux's dominant market share in the server space means that it's an even juicier target. Which is why you hear about so many pwnt Linux boxes on the web.
http://www.zone-h.org/news/id/4737
Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements. Why and how this is happening? [...] Since many years ago, Linux became the most used OS for webservers and of course the preferred target for the defacers. Last year we archived 1.126.987 attacks against websites running on the Linux systems. The most used exploit by the defacers is the CVE-2010–3301, that was fixed in 2007 and was mysteriously reintroduced in 2008, in a large pile of kernel versions x86_64.
You are obviously right - 80% of website defacements last year all dues to rooted Linux servers - and you don't hear about it, so it must not have happened.
Fandroids hate facts.
If the Apache server was meant to be public facing, how would a firewall have helped?
It would have had rules to allow access to the Apache server, so it would still have been exploited... Infact, if they'd been using a firewall then an attack like that would have got you a foothold behind it, where there would probably be far more easily exploitable holes hidden behind the firewall.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
A properly configured linux server simply won't have a browser installed for stupid users to do that with...
Windows does by default which is difficult to remove, and sooner or later it ends up being used, either by accident in an rdesktop session or to perform some troubleshooting. It's quite a common vector for exploitation really.
You quite often get cases where people use the default browser on a windows "server" in a corporate dmz to bypass the web filtering policy of that company...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
More to the point - the Apple malware right now is still social-engineering based. It requires you to actively give it your admin password so it can install.
Linux on the server isn't particularly vulnerable to this because nobody in their right mind is surfing the web from their webserver.
The post you're replying to is using 8 year old experiences as a reference.
Back then, many ISPs didn't give you a router, they gave you a USB modem. Your PC connected, got a public IP address your ISPs own support desk told you not to use a firewall of any description because they wouldn't support it. Windows XP didn't get its own built-in firewall until service pack 2, released in 2004 - by then it was sorely needed. There were so many portscanners and Microsoft took such a laissez-faire approach to security that the average time between plugging a Windows PC into the public Internet without a firewall and finding it utterly pwned was about 15-20 minutes - and you didn't even need to bring up a web browser.
If you ever got support for some PC, you would know that after 3 minutes of tinkering they would default to the Factory reset, procedure. Something that might solve the problem (and remove alll custormer data... but hey... you got a backup not?).
Most helpdesks do not support 3th party software anyway, even if that software was installed via a exploit. You could call malware 3th party software. And then, there is software that is not clearly malware (like browser bars), that are installed with a question, but only make clear what they do if you manage the 10 page TOS.
There is nothing to say the servers defaced were rooted, just that they were defaced... It's quite possible to deface a website with only access to the user account that owns or runs that site.
It also goes on to say that most of those defacements were due to bugs in web applications like remote file includes, now if you write buggy code and put it on a public facing webserver it will be vulnerable regardless what type of webserver you deploy it on.
Also, what type of sites are being defaced? Are they important corporate sites with a significant budget behind them for security hardening, or are they small single person blogs etc?
Similarly, with poorly configured shared hosting exploiting one user's site may get you an increased level of access to another site, for instance in many shared hosting environments the web server process runs as the same userid for all sites, meaning if you exploit one you will have the ability to read files and possibly write to some areas.
Then of course, if you do root the system you instantly gain the capability to deface all the sites hosted on it.
It seems mass defacements are not uncommon, and will naturally skew the stats towards linux as its far more common to host a larger number of sites on a single linux box. Such hosting is also generally the cheapest kind available, and therefore more likely to be used by less savvy users and operated by less competent sysadmins.
Also if you look at the stats, it's only in 2010 that linux defacements have become proportional to market share... In previous years, windows has accounted for a far higher proportion of defacements than its overall webserver marketshare would dictate, especially in 2000-2002 where windows defacements actually outnumbered linux despite having a minority market share.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I have encountered many windows users who have become infected with all sorts, often repeatedly despite paying significant amounts of money both to have infections removed and for ineffective "protection"...
Most of them don't realise that anything other than windows exists, and simply accept the risk and cost of malware as an inherent part of using a computer...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The windows (NT) kernel is not really the problem anyway, the problems lie further up the stack because of all the extra complexity, much of which has been inherited from the win9x series.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Yes, this capability can be disabled. But this privilege escalation is enabled by default. Do you know how to disable it? (Without looking it up; be honest now. ;-) I've found that hardly any linux or OSX users can answer this when I ask them.
Sure, just run things as a user who isn't in the sudoers file (by default on most distros sudoers has a group added, with anyone in that group allowed to sudo rather than adding individual users to sudoers)...
Note that you still need a valid password in order to elevate privileges, and just exploiting a userland application such as a browser will not give you that password.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Suspension of disbelief?
Remember to maintain your supply of
Yeah. I wouldn't use it on a production box, though. Damn OS keeps crashing and taking 3 days to reboot...
So the consensus seems to be that Apple has convinced its users that they can't get viruses and don't need anti-virus, which is bad.
In fact, these users are apparently so convinced that they don't need anti-virus and can't get a virus, that the minute a web page tells them they do have a virus (which they believe they can't get), they download the fake anti-virus package (possibly paying for it first even though they believe they don't need it), double-click on the installer, click on "OK" to get past the "this may be malware" warning, click through the installer prompts and finally type in the administrator account user name and password to allow installation to proceed. You know, proceed to install that anti-virus package that Apple, being evil, convinced them they didn't need to install.
Seriously, is this some kind of new low? Asserting that people are convinced they don't need anti-virus and that's why they're installing anti-virus? :-)
Apple are indeed *so* desperate to deny that anti-virus is needed that they allow Intego AntiVirus to be sold through the Mac App Store of all places. That app's description even has headlines warning about this particular trojan, so it's up to date.
http://itunes.apple.com/gb/app/virusbarrier-plus/id430337549
Two obvious suggestions:
http://www.zdnet.com/blog/security/apple-adds-malware-blocker-in-snow-leopard/4104
Hello, Pot, this is Kettle, you're black....
That so called OS X integrated antivirus is just a basic tool that can discover... hold your pants on... 4 viruses. FOUR!!!
For United States and Canada
The computer safety team is available for computer virus and for other security-related support 24 hours a day in the United States and in Canada.
To obtain computer virus and security-related support, follow these steps:
1.Before you contact a support engineer, make sure that you run updated antivirus software and updated spyware removal software on the infected computer.For more information about how to obtain a free computer safety scan, visit the following Microsoft Web site: http://www.microsoft.com/security/scanner/(http://www.microsoft.com/security/scanner/) For more information about antispyware software, visit the following Microsoft Web site:http://www.microsoft.com/protect/computer/spyware/as.mspx(http://www.microsoft.com/protect/computer/spyware/as.mspx)
2.Call 1-866-PCSAFETY or call 1-866-727-2338 to contact security support.
There is nothing to say the servers defaced were rooted, just that they were defaced...
Yes, it says exactly that - learn to read. "The most used exploit by the defacers is the CVE-2010–3301" - a Local Privilege Escalation Vulnerability in the Linux Kernel. Are you telling me they only bothered to escalate to web-admin and not to root?
Damn Linux apologists who think Linux is soooo safe from malware unlike other OSes, and feel they need to tell everybody about it and then can't accept it when shown wrong. Gee, I wonder if the next article by Mr. MS sponsored journalist for ZDNet will be about them - wouldn't that be fun?
Fandroids hate facts.
But while it's up, it sure keeps the daemons running!
Are we going back to the days of the ancient Greek philosophers where having to looking up a piece of information was considered a mental weakness?
To be fair, there was only around twelve pieces of information in the world back then.
I choose to believe they are real soccer moms, thank you very much.
Some see the cream-pie as half empty, I choose to see it as half-full.
You are welcome on my lawn.
http://www.reddit.com/r/technology/comments/hfydw/macdefender_just_had_a_mac_checked_in_for_it_will/
Any further questions, Applefags?
That guy has ZERO certifications *I know him personally* and he just owned your entire paid-for support team.
Enjoy buying useless services that Apple can *NEVER* live up to.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
If you follow what the grandparent poster said about giving yourself and regular users LIMITED ACCOUNTS and leave the administration separate you won't run into so many of these problems.
Well, yeah; I've done that, when I was working inside corporate networks. But note that I was talking about the large number of personally-owned Mac and linux systems, whose "admins" are their individual owners. How do you propose we go about forcing them to use limited accounts on their own personal machines? With the exception of a very few owned by knowledgeable geeks, those machines will continue to default to a single login that has admin access, and that login's password will continue to allow the software to automatically escalate to root permissions.
(It's also my experience that companies that allow non-MS machines at work usually also allow this default setup. The IT drones that handle such things usually can't be bothered to learn how to handle unix-like security setups. They all have their MSCE certificates, and they know all they need to know about security. If a real problem comes up, they simply ban the non-MS systems. ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
A car manufacturer being held responsible and having to find a solution to someone
who fills their petrol car with diesel..It's not their fault that people do silly things.
3rd party problems (Malware or not) issues affecting users are not Apples problem.
If it is an OS / Hardware issue then yes they need to attend to their customers technical
issues. They didn't create the problem - they are trying to deal with it best they can.
How would zone-h know what exploits were used? All they see is the defaced site, it's unlikely most victims of defacement are going to go around telling defacement mirrors how they were hacked, and its unlikely most of the hackers will talk about what it is they used.
Also you can't use a local privilege escalation exploit until *AFTER* you have obtained user level access. How was this level of access obtained?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
How would zone-h know what exploits were used? All they see is the defaced site, it's unlikely most victims of defacement are going to go around telling defacement mirrors how they were hacked, and its unlikely most of the hackers will talk about what it is they used.
Also you can't use a local privilege escalation exploit until *AFTER* you have obtained user level access. How was this level of access obtained?
Mostly the defacers tell them. But yeah, those people will lie about rooting a Linux box, they actually just defaced a Windows box. Thanks for proving my point about people like you.
Fandroids hate facts.
Also you can't use a local privilege escalation exploit until *AFTER* you have obtained user level access. How was this level of access obtained?
PS: you can tell by just looking at the time the server was defaced and the kernel version you can get from the info the server returns (as well as the sheer increase in numbers) : If it was after mid-September, and the kernel wasn't the one with the fix (or something really old), no hacker would have not used the sure way to root the machine.
And who fucking cares what they used to go into the machines: they did - and rooted them. Because all it takes is a vulnerability in some much-used gadget-add-on for Apache and one of the ever increasing number of local priv. escalation bugs. And if you look at previous stats, you'll be able to see how wrong the "Insightful" claims about the unpwnability of Linux boxes are. Well, you probably won't. Which was my fucking point about you hopeless cases - who feel the need to paint all Mac users in a similar brush. That's first rate irony.
Fandroids hate facts.
Actually, i am a regular user of both Mac and Linux (and other unixes, but less so these days)... Using a macbook pro to type this.
OSX is not immune to local privilege escalation vulnerabilities, take for example http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c and there are
Similarly a webapp level bug would yield user level access just the same on OSX as Linux or any other platform (and probably give you instant root equivalent on windows, since apache runs as SYSTEM by default there).
I am in no doubt that hackers would try to root OSX machines if they found vulnerable webapps running on one.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!