Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do Macs Have an Edge Against APTs?

Posted by timothy on from the not-the-debian-variety-of-apt dept.

itwbennett writes "Macs aren't being hit with advanced persistent threat (APT) attacks, but that doesn't mean they're invulnerable, say researchers at iSec Partners. Speaking at the Black Hat conference in Las Vegas Wednesday, iSec founder Alex Stamos and his team of researchers took a look at the typical stages of an APT attack — and compared how the Mac would do versus Windows 7. Their conclusion: Macs provide good protection against the initial phases of the attack, but once the bad guys are on the network, it's a whole different story. 'They're pretty good for [protecting from] remote exploitation,' Stamos said. '[But] once you install OS X server you're toast.'"

11 of 210 comments (clear)

  1. Here We Go Again ... by WrongSizeGlass · · Score: 2, Insightful

    Wash. Rinse Repeat.

    Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable.

    How many times are we going to get the same stories? If the user is willing to do anything the app or websites tells them to, well, you can't protect them.

    1. Re:Here We Go Again ... by russotto · · Score: 1, Insightful

      Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable.

      How many times are we going to get the same stories?

      Until the Microsoft propaganda machine stops pumping them out, I suppose.

    2. Re:Here We Go Again ... by EreIamJH · · Score: 3, Insightful

      Wash. Rinse Repeat. Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly.

      I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago - there was plenty of malware for Amigas and Ataris, even though their numbers were measured in thousands rather than millions.

    3. Re:Here We Go Again ... by Jerry · · Score: 2, Insightful

      Two points:

      1) That old saw about Microsoft being vulnerable because of its market share is hog wash. There were over 3 million viruses and Trojans released last year. Were it a simple matter of market share percentages than about 12% of those would be Linux viruses and another 10-15% would be Mac viruses. But, they are not. Well over 99% of them are Windows viruses. Only 19% of Internet web servers are running Windows but they are the source of essentially all malware.

      2) Blaming Windows users for security holes that Microsoft keeps secret from them is worse than obscene. It's fanboism to the extreme.

      That 4,300,000 Windows zombie bot farm discovered last year wasn't all Windows because they were hard to break into, and the handful of command & control computers weren't Linux and Mac because they are easy to break into.

      --

      Running with Linux for over 20 years!

    4. Re:Here We Go Again ... by Gadget_Guy · · Score: 3, Insightful

      Do you have any evidence to suggest that Microsoft is behind this story in some way? Any at all?

      Apparently you've never read about James Plamondon and his "Technical Evangelists".

      So the answer is no then.

      Surely attempting to demean a study and its researchers by alluding to bad things done by a completely separate group of individuals (without any evidence linking the two) is exactly the kind of behaviour (of Plamondon) that you are decrying. The fact that Microsoft had technical evangelists does not mean that the opposition's products are without criticism, nor that such criticism will be sponsored by Microsoft. I have yet to see any indication that Robert McMillan or iSec Partners are shills for any company.

    5. Re:Here We Go Again ... by jc42 · · Score: 3, Insightful

      The article seems unlikely to be MS propaganda. Note that the writer quotes that one investigator (Rob Lee) as saying that he's never seen a compromised Mac, and he advises his clients to replace their compromised MS-Windows machines with Macs to prevent re-infection. Would a MS-paid writer be likely to put such suggestions in their article?

      This does bring up a curious aspect of the "logic" behind all the claims that poor little MS is being picked on because it's so popular. If this were true, you'd think that a sensible person would simply refuse to buy anything with a MS logo. True, if you buy a Mac or Ubuntu or whatever rather than Windows, you machine might be attacked sometime in the remote future. But, since we "know" that no commercial systems are totally secure, it would make sense to choose a system that might be attacked in the far future over one that you know will be attacked repeatedly on the first day and probably compromised in the near future. You don't need to know the technical reason for this; you just need to be sensible enough to trade likely near-future failures for possible far-future failures.

      So I'm puzzled about who might be behind all this "MS is only attacked because it's so popular" propaganda. I wouldn't think MS's marketers would be so stupid as to tell everyone such a good reason to avoid their brand. I wouldn't think a Windows fanboy would say this either, because it would amount to admitting that they intentionally bought a machine because it was highly likely to be compromised. But there doesn't seem to be any good reason for other vendors to make this suggestion, either, since it amounts to saying that their security isn't any better than Microsoft's. So who is really behind this bizarre bit of logic? Who profits from it?

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
    6. Re:Here We Go Again ... by artor3 · · Score: 4, Insightful

      While I agree with your conclusion (that Windows is a less safe OS than Linux), your first point is completely illogical. The number of viruses released in a given year can be a function of market share without being a 1:1 function of market share. Criminals will always target the OS with the largest numbers of technically unsavvy users. Why double your efforts to increase your pool of potential victims by only ~10%?

      Until a non-Windows OS is installed on a plurality of machines, Windows will be the primary target and have the most hackers going after it. The Pwn2Own contests have shown that Macs are plenty vulnerable when people are willing to put in the effort to go after them.

    7. Re:Here We Go Again ... by Daniel+Dvorkin · · Score: 4, Insightful

      I think russotto wasn't calling TFA Microsoft propaganda, but rather calling WrongSizeGlass' "Macs are only secure because they're less popular" comment Microsoft propaganda. Which it is, of course. Any argument that relies on security-through-obscurity is wrong, no matter how you try to dress it up. WrongSizeGlass and the zillion other posters who repeat this tired canard may not realize they're propagandizing for Microsoft, but that's what they're doing, sure enough. They should at least demand payment for their services.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    8. Re:Here We Go Again ... by 1729 · · Score: 5, Insightful

      OSX is not a target because there are very few people running OSX who have access to the systems with information that dedicated, skilled attackers want to get to.

      That's simply not true. For example, OS X is very popular among scientists and engineers at many of the national labs.

  2. Article is crap by topham · · Score: 4, Insightful

    "For example, Mac's Keychain software is vulnerable to what's known as a brute-force attack, he said."

    Idiot alert, article is crap.

  3. Sysadmin decides. by mjwx · · Score: 4, Insightful

    Windows server looked after by a good sysadmin == secure.
    Mac server looked after by bad sysadmin == insecure.

    As always, it's up to the people running it. Is any OS inherently secure, no, definitely not when there is a complete idiot looking after it.

    --
    Calling someone a "hater" only means you can not rationally rebut their argument.