Slashdot Mirror
Apple Snubs Security Firm That Spotted Mac Botnet
Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"
Why would they communicate with a supposed security researcher who doesn't even know that?
What political party do you join when you don't like Bible-thumpers *or* hippies?
http://www.apple.com/why-mac/better-os/#viruses
Mac's don't get viruses. it used to be magic pixie dust protected all the Mac's but my MacBook Pro and others bought since the death of St. Steve are protected by His Spirit
The spirit of Steve Jobs is alive and well.
Security industry bitten by the hand that doesn't feed it.
Because there isn't one?
*rimshot*
We don't know the antivirus group inside Apple.
Apple is to arrogant to admit they have any flaws, so odds are there isn't one.
Just like with the iPhone 4 antenna, they'd rather take bad PR and have their users suffer than admit there's an issue.
What do I know, I'm just an idiot, right?
"I found a security hole in your OS....."
"It's your fault scumbag. Keep quiet!" - Apple. Other companies have tried the same tactic, trying to silence/punish security people from publishing known holes. Like Microsoft. Sony. Nintendo. The Bluray Cartel.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Because there aren't any, I worked for them and customers that called in were routinely told there is nothing to worry about when it comes to malware.
On their corporate side you would be amazed at who states exactly the same thing when they should know better.
Just a taste:
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=OS+X&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=
Yes, they don't have much communication and cooperation with the 'security industry' since it is mostly full of leeches and parasites who make money spreading fear. Now, this doesn't excuse them from failing to acknowledge issues, since that's just as bad, but the less this 'industry' leeches itself to OS X the better.
Seriously? Is it really that difficult for a security company to search for "security" on apple's website and find this page?
https://ssl.apple.com/support/security/
Macs don't get viruses, tardo. This is a trojan. This guy claims to be a 'security researcher' but doesn't know the difference?
I think we might as well get over having lost this battle. All of the major media outlets (and thus the vast majority of Mindless Media consumers) are calling it a 'virus'.
But not to worry, we've got lots of other technological windmills to tilt at.
Faster! Faster! Faster would be better!
It will bite them in the ass someday
"It's not the job of Russian security firms to know where our security holes are"
And also, Macs only get malware "when you hold it wrong"
And nobody has cared about the distinction for a long time. Trojans are always called 'viruses' with Windows based operating systems.
I don't think you understand what he means, but oh well
How ya like your Mac now, fanboys?
That's so funny. A security link over https using an untrusted key! No wonder Apple is failing with security when they can't even get the basics right.
Apple has had the benefit of so many years of being such a small market share that it did not make sense for people to create Trojans that targeted them. However, Microsoft has had to respond to threats over the years and had the time to develop processes to assess threats and work with security researchers. Apple has ended up behind the curve in this spectrum because of how long they had a small market share. If Apple is able to suck up their pride and work with the researchers they could end up being able to deal with such threats appropriately, but right now their pride is getting the best of them.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
I don't know what they are talking about. What antivirus group inside Apple?
That's probably because Apple has no security team. They along with all their airhead customers refuse to believe the are vulnerable.
I'm sure that email address is to report the location of a lost and/or stolen prototype, and is emailed directly to the Commissioner.
Apple products are overpriced, insecure, not upgradable, developed by a CEO who believed integrity is optional, and makes it's outsized profits on breaking labor laws in developing countries. Why do the supposed 'creative' class continue to support this pile of dung?
Stay skeptical, my friends.
Yeah and you send something to that link on that page and then what?
He means he has the DIRECT information for MS's security, meaning email and phone numbers.
"If any question why we died, Tell them because our fathers lied."
Meh, close enough.
Trojan virus vs. trojan malware. Yes, it's technically not a virus, but it is a piece of malware that the Mac-heads have been convinced they are immune to. And it is, no doubt, the first of many; in time, if someone actually cares, perhaps a real virus (CIH style) will be created for the Mac. You know, something with a timebomb, that goes undetected, then fries the disk firmware?
I am John Hurt.
I'm pretty sure what he means is he doesn't know them all by name, because of the frequency with which he reports bugs.
'We don't know the antivirus group inside Apple.' means they haven't been to able to talk to them and get to know them. I saw the website, and I feel safe saying I don't know the Apple AV group. I'm sure Sharov found the website. As they said in the article, they just get no response from Apple.
I guess there is a difference between knowing a public email address and being on speaking terms with the people behind the address.
Official Apple statement: "You're holding it wrong."
They did that. They sent email there. They got ignored. What they have for Microsoft, what they *don't* have for Apple, is direct phone numbers/email addresses for the right personnel.
Boris is trying to spin Apple's response (or lack thereof) as a sign of arrogance or unpreparedness, I don't think it it's either. I think it's Boris' attempt to publicize himself and Dr. Web and might even be behind the engineering of the threat now that Mac saturation is broad enough to make A.V. for Macs a profitable market. I don't trust the Russians or the Chinese in any regard.
www.chihuahuarescue.com- Help to end dog abuse, abandonment and cruelty
"How ya like your Mac now, fanboys?"
Just fine, thank you.
OS X has what, TWO viruses now?
Wow, they sure are creeping up to the millions on Windows platforms.
Seriously? It's that difficult to understand the difference between a generic address that goes $DIETY knows where (and mail rent to it is probably vetted by an intern) and the actual address of the responsible individual(s)/team(s)?
Seriously? Is it really that difficult for a security company to search for "security" on apple's website and find this page?
https://ssl.apple.com/support/security/
I don't see a list of security team members on that page you linked to, which is what I believe Boris was referring to when he mentioned they have "all the security response team's addresses" for Microsoft
I don't think he was talking about a public support address where his email will sit in a queue for a month, then get ignored. When you work closely with another company, you have direct phone numbers and email addresses. That's all he means.
The iPhone is a juicy target for attackers. One wonders what attacks on the iPhone are in the wild but not generally known. Especially attacks that target individuals of interest.
That page does not have a single direct contact.
Attempts to contact Applie via info provided on that page apparently, according to Dr. Web, go nowhere.
retrorocket.o not found, launch anyway?
There is no security group within apple. You'd think security researchers would know that.
Dr Web was the only one with the stats and information and from Russia where alot of viruses come from. Am I the only one that things the bug came from them? Seems strange to me!
OS X has what, TWO viruses now?
Soon my armies shall pour forth from the shattered sandbox, ravaging this OS and all hope of resistance. My minions will find the vulnerability, wherever you choose to hide it. Then, at long last, BSD shall reign as the prime OS.
Fear is the mind killer.
Just to get things straight: the Flashback trojan is based on the Oracle-supported Java that is being shipped with MacOS.
Read two sentences before the one you quoted, right in the summary. They did contact Apple. Apple didn't respond back.
+5 informative indeed...
OS X has what, TWO viruses now?
Wow, they sure are creeping up to the millions on Windows platforms.
Enjoy it while you can, arguments like that have their days numbered.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Do you know the difference between communication channels for customers and those for partners and specialists?
I work in an IT support position, and sure, if I need to contact a special group (say the Exchange administrators) I could use the phone numbers used by the customers... and would waste valuable time by making the call center agent on the other end understand that I need to speak with the admins directly.
To avoid this, we have phone numbers and email addresses of those other divisions. You know: A direct line.
The security companies have direct lines to the security teams from Microsoft, and certainly Oracle, Red Had etc.
This is to everybody's advantage, as it reduces friction and increases response times.
Only Apple doesn't understand that they are part of an ecosystem where everybody relies to some extend on everybody else...
I think we might as well get over having lost this battle. All of the major media outlets (and thus the vast majority of Mindless Media consumers) are calling it a 'virus'.
You don't get a trojan from just surfing the web. Installing kracked software from TBP and then authenticating with your admin password is a loooooong way from random innocent people getting clobbered by drive-by malware.
With the first link, the chain is forged.
You know, something with a timebomb, that goes undetected, then fries the disk firmware?
Which would require (a) installing shady pirate software and (b) authenticating with your admin password.
They deserve what they get.
With the first link, the chain is forged.
Atleast thats a knee jerk response from most mac fans.
Fact is macs do get infected by malware, trojans, bootloaders, viruses and so on. Thing is people dont know they dont have it because apple wont publicly say so and ignore the problem (this article being a case and point) and users somehow think they are immune because "they read on the net macs dont get viruses" so they will believe it because it sounds good. Its kind of how like people still think and swear we only use 10% of our brain and 90% is unlocked potential because a article awhile back said we only use 10% of our brain for concious thought because the other 90% is used by the subconcious and autonomic and regulatory functions we have no control over, but somehow everyone has turned something into a falsehood just because "they read it in a article" or "read it on the net" or "a friend told them".
Apple products get the same problems as windows pcs do, apple products just dont get them nearly as much because they are a much lower produced product than a windows pc. Windows based pcs get so many because they are the majority of the market so people who make these viruses are obviously going to aim for the largest target possible instead of going for the little target that wont affect nearly as many people.
But bottom line is apple is to smug and pretentious to ever admit to their own faults or problems. They few times they have is when the majority of their users publicly complain about something, but apple still doesnt apologize they just fix the problem and go on. Other than that apple is just on a constant parade of how awesome they are and perfect.
You only need one bubonic plague...
It doesn't matter how many mac viruses there are as long as apple continues to plug it's ears when it comes to mac viruses.
As with any other claimed discovery, I'd like to see independent corroboration. I'm not saying it doesn't exist, just that I personally haven't seen it. Everything I've read credits Dr.Web as the source. Has nobody else confirmed their findings?
Then what? A bot directs you to the nearest Genius Bar where some washout never-was will utterly fail to comprehend the scope of your statement.
FWIW, I've seen that one already. The Feds didn't like my writing style or content, and ... suddenly, my disk is KIA.
(BTW, that works on the PowerPC version of OSX. too.)
'We don't know the antivirus group inside Apple.'"
The fellow was being nice, assuming there actually exists an "antivirus group" within Apple...
Can you say "elitist"?, or perhaps "head in the sand"?
Have already seen numerous comments from fanboi's that it's "Java's fault" and "Apple is stuck fixing someone else's problem". So Apple is going to get a pass on this one at least from their users.
Now that it's being increasingly targeted by botnet herders,
newsbreak- mac botnets increase from 0 to 1. increasingly targeted! infinity percent increase!
You focused on the right quote. The funny thing is you don't seem to understand what the words mean.
"For Microsoft, we have all the security response team's addresses,"
Let me help interpret this for the short bus crowd. What he is saying is that they have email addresses for real, live people on Microsoft's security team. Not some generic Apple security email address attracting millions of emails, that you have no idea who is going to respond or when.
They're not the same thing. "Is it really that difficult" to understand?
As the user base for Apple products increases, it will become more of a malware target, plain and simple. Apple should get out in front of this and start developing better relationships within the security community.
Not surprisingly, the summary is not as accurate as the article.
Sharov may describe this as "a symptom of a company that has never before had to work closely with the security industry", but the article correctly points out that it's more a symptom of having "little experience working with the community of security researchers who aim to dissect and shut down botnets." The botnet security community is different from the general security community. As far as I know, Apple has a decent working relationship with the latter. It's no real surprise they have limited experience working with the anti-botnet community, since until now they haven't really had botnet problems.
The article also notes that Dr. Web is relatively unknown and that in the opinion of Kaspersky (which is at least more well-known), Apple is taking the usual appropriate steps.
As far as them not getting a contact back, that disagrees with my experience in reporting a security vulnerability to Apple. You send a message to their easily-found, catch-all "security" address. In relatively short order, a security engineer gets in touch with you, and you communicate with that person from that point on. It seemed to work just fine, unless, I suppose, you're egotistical enough to think that you should be able to pick up the phone and talk to someone at Apple immediately -- which is a common-enough problem in security.
You don't know why you'd use a mac in a business, so you don't know why you'd write a virus for a mac.
(Except if you want to art school, not sure if that's a compliment or an insult, take it either way)
I e-mailed that address and got a response from a security engineer. Perhaps Dr. Web is holding it wrong.
Except that this was well enough done to nail 600,000 Apple users:
http://www.forbes.com/sites/andygreenberg/2012/04/06/researchers-confirm-flashback-trojan-infects-600000-macs-being-used-for-clickfraud/
Check your premises.
The Apple Security address isn't for customers, it's for security researchers.
Wow, they sure are creeping up to the millions on Windows platforms.
Citation Please
While we may see an actual, factual Mac virus someday, I don't believe we'll ever see something on the level of conficker or blaster on the Mac. There have been several proof-of-concepts out there, but few, if any, hackers seem to be exploiting them. Also, none of the POC's produce full-fledged, self-replicating viruses. They're all trojan-ish, and they require your password or an OK/allow click.
Ah, it was a Java Applet. That's what I get for not RTFA.
With the first link, the chain is forged.
You do realize that flashback evolved to where it needed neither, right? Unles you have Windows-style habits of relentlessly patching every thrid-party toolkit on your box, flashback is perfectly capable of installing itself without your assistance (beyond browsing the web in a normal way).
Socialism: a lie told by totalitarians and believed by fools.
Why doesn't Apple simply admit that they were wrong, and buy Dr. Web, and turn it into their security unit..
To carry the analogy further, there is no immune system evolution in the Mac ecosystem, and what exists are usually exact genetic clones.
In the biological world, this is a species extinction event waiting to happen.
Check your premises.
Obviously, they DID send information to that address (or another one off the web site), as Dr Web's rep said that they had turned over all their data.
Apple just didn't bother to respond.
Check your premises.
They got no response? It says right on that page that unless Apple desires more information from them that there will be no response.
So if you send them an email that says "If you do this and this in Java it infects the machine" Well then Apple probably won't write you back. It does not mean it was ignored. It says right there they won't make you feel special by responding to you unless they need more information.
On that same note, if you send an email that says "I found a security flaw, email me"... they will likely ignore you, as a troll.
If they legitimately desire more information from someone they will contact them. Not every report needs your personal help though once you've made the report.
Well, I admit that running an unsigned Java applet is not the same, but still.....running unsigned Java applets?
I guess normal people would do that...
With the first link, the chain is forged.
It seems that hundreds of thousands of normal people would. And with all the CA problems in the past few years, they would be signed if that was actually needed for them to spread.
Socialism: a lie told by totalitarians and believed by fools.
There are lots of words folks misspell for which the response is that everyone just takes it in stride. The plural of virus is not one of them because it's been so widely discussed. The debate has made clear that "viruses" is the only acceptable spelling.
And you can't even misspell it ironically because despite the decline of misspelling there are still many people who spell it wrong unwittingly. It's not obvious enough to be smooth sarcasm. If you're misspelling for fun and not trolling, you might consider adding a sarcasm/irony punctuation or other indicator.
It is their sandbox. They don't share. they don't play well with others. They don't have to. They are Apple. What kind of an expert are you if you don't know the difference between a computer company and a religion?
Vietnam Veteran / Former Postal Worker -- Use Caution When Taunting!
Wow, they sure are creeping up to the millions on Windows platforms.
Citation Please
if this is a Mac virus/trojan/malware (which it by all accounts seem to be) then the number is indeed increasing.
When the first major attacks against Microsoft appeared, they responded the same way Apple is responding now. Instead of, "Oh crap! Thank you for pointing that out. We'll take a look," the response was "If you disclose this, we will sue you into oblivion. We dare you!" Microsoft opened themselves up to a whole lot of people looking to make them eat their words. In the last 5 years, Microsoft seems to have had a change of heart. Love them or hate them, there has been a noticeable change of attitude toward security. I honestly believed their trustworthy computing intuitive would be a marketing BS and sugar coating. To say I am surprise that they did the right thing still boggles my mind at times.
whoosh?
As someone who has found and reported a (now) patched security vulnerability to that email address, I can say that I agree with Boris Sharov's complaint. You do get an automated response with a case #, that includes the text
We do not automatically provide status updates on issues as we work on them, but please feel free to request one if needed by replying to this message.
However, I received no replies to when I did request status updates (and supplied additional information about the affected systems with explicit instructions about what needed to be done to fix existing systems). Even when I contacted other sources (Secunia, who confirmed the problem, and US-CERT), I received nothing from Apple. Nor was the problem addressed in two releases of QuickTime in the year following my report.
How I finally got a reply from Apple was sending an email to sjobs@apple.com on Sept 4, 2010 with a copy of the now year old security report, and my statement that I was taking it to the full-disclosure list if I didn't hear back from Apple by Sept 15th. Fewer than 6 hours later (on a Saturday), I had a status update from Apple. Here's the meat of that reply:
Just wanted to let you know that a fix for this issue has been identified, and we are targeting an upcoming release of QuickTime to address it.
We provide status updates upon request.
Subsequent emails always got a reply, but before I sent my email to sjobs, it was like talking to a wall. Also, despite assurances that they understood the extent of the problem and my explicit instructions about needed remediation for affected systems, when they finally released the fix 3 months later, it only corrected the problem and did not provide remediation for the permissions on already affected systems, nor did it even mention that there were permissions to be fixed.
When it became clear that no remediation fix, nor an acknowledgement of the problem was coming from Apple, and ample time had passed for users to have installed the updated version of QT, I submitted my own fix to the Full Disclosure mailing list.
In total, it was 15 months for Apple to release a fix, a fix that in all likelihood involved altering or removing two lines of code that were granting excessive privileges to specific directories. Even then, they did not correct the permissions on machines that were already affected.
So, in my opinion, Apple has a long way to go in developing and maintaining communications with those who report security vulnerabilities. And in acting upon those reports in a timely and responsible way.
make imaginary.friends COUNT=100 VISIBLE=false
This is to everybody's advantage, as it reduces friction and increases response times.
Personally, I would want to decrease response times, not increase them.
... so much for the rationality of transnational corporation's agendas. Sometimes I think if only the CEOs of the world's top 10 corporations did an unbiased, impartial reality check on what they are doing vs. what would benefit mankind as a whole, the world economy as we know it would grind to a halt immediately.
It was obviously the researchers fault for suggesting that any Mac was vulnerable in any way to malware.
I'm starting the countdown to him getting sued by Apple for violations of trademark, copyright, defamation of character and aggravating upsetting of Apple fans.
If he was smart, he'd convert all his money into precious metals and go into hiding, because he's now got a target on his head, William Tell style.
I'm only partly joking. When I bought my last Mac Pro and was checking out, a polite gentleman asked if he would need any virus protection on his new Macbook. You could have heard the Genius' snort of derision from the sidewalk out front. My wife, who was picking out a nice Macbook Pro, spending the money from her most recent academic appointment, can do a great imitation of the nasally dismissive tone of the tubby, metrosexual Genius. She now makes the same snort whenever I walk into the kitchen on a Sunday morning and ask what she's making for breakfast.
You are welcome on my lawn.
It says right there they won't make you feel special by responding to you unless they need more information.
Not about making anyone feel special - it's about professional courtesy.
I'd note that the timbre of your post does not endear your fellow Mac enthusiasts to the rest of the world.
Check your premises.
I was under the impression that the guy's comment was tongue-in-cheek, and besides, BSD isn't Linux, even if it shares some of the same utilities.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
My point is more, who expects a response on a email address that specifically says "Do not expect a response"
I don't care what company it is, if the company says upfront that you likely won't get a response then no professional courtesy entitles you to expect one. It'd be far different if they said that they will get back to people right away and then never do.
You didn't have a "don't worry about security" PR disaster, pointing to over a half million infected macs, to submit.
I have a feeling the issue was submitted, and it kept escalating until it was long out of sight from whomever sits behind that little email address.
Apple is pissed that Dr. Web didn't update the infection figures after Apple rolled out a fix. Dr. Web said infected systems check-in every day, so they ought to know that the number of infections is now far lower than 600K. But I never saw any updated figures. The press just keeps echoing 600K.
I think you're trying way too hard to reason this away. The very fact they say not to expect a reply is weird, but that goes with Apple's desire to hide absolutely everything from the public.
Had this been practically any other company, I think a 600,000+ strong botnet discovery would attract their attention enough for a phone call. I think that the fact Apple explicitly doesn't do this speaks volumes their security considerations.
things sent to /dev/null don't get responses
It's not a virus, but a trojan. A trojan can be considered a virus, but in this case the term is misleading. A virus infects your computer without your permission or action. A trojan requires the user of the computer to install a program, usually by faking them out. You can screen for viruses, but you can't stop people from clicking "yes" to "You have a virus! Download THIS app now!". Macs don't have any known viruses, and people who don't understand this are the very people who keep installing the bloody trojans.
I e-mailed that address and got a response from a security engineer. Perhaps Dr. Web is holding it wrong.
Just like when you go the Apple Store and get a "Genius". Chances are the "security engineer" you got was a minimum wager working off a script. How many times were you asked to turn off the mac and check the cables? =D
I'm not sure when you worked for them, but for the past few years, they've had a top notch security group (ever since the self-updating XProtect came out). This group is in communication with most of the major AV and security groups. Interestingly, these groups have attempted to make contact with Dr. Web on a number of occasions, and have generally had no response. You'd think they'd at least be talking with Kaspersky, but they seem to enjoy playing their cards close to their chest. Maybe now that they're complaining about Apple, they'll be willing to talk with everyone else (including the Apple antimalware guys).
It's not that hard to find contact information for the security group at Apple. If they can't find it from contacting Apple, they could always contact someone ELSE in the security industry and ask THEM... Pretty much every major AV player has contacts in the Apple security group. The problem is that they contacted the consumer contact address that explicitly states they likely won't respond.
"Most mac users run at normal user level, a la Linux/Unix. When the computer needs to do something at the priveleged level, it asks for a password. Most Windows users usually run as administrator by default." - by sohmc (595388) on Tuesday April 10, @02:16PM (#39634517) Homepage
I run as Administrator here, & just like MacOS X does (this is how).
The settings to examine & change are as follows in gpedit.msc &/or regedit.exe:
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin
(Set as PROMPT FOR CREDENTIALS)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorUser
(Set as Automatically deny elevation requests)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableInstallerDetection
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableSecureUIAPaths
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations
OR
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableVirtualization
(Set as ENABLED)
---
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
OR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableUIADesktopToggle
(Set DISABLED)
---
* There you go... you can do all of what you state, & more, easily enough, but instead by using NATIVE TOOLS already present in Windows itself in, gpedit.msc or regedit.exe!
APK
P.S.=> To even FURTHER enhance that, albeit @ the application level? You can use taskmgr.exe, & set UAC Virtualization ENABLED on ANY RUNNING APP too: Further sealing it off from infecting/infesting other running apps or the entire OS by every users' profile, by simply right clicking on running apps & changing the
To carry the analogy further, there is no immune system evolution in the Mac ecosystem, and what exists are usually exact genetic clones.
In the biological world, this is a species extinction event waiting to happen.
Worse than that, OSX has effectively lived in a hermetically sealed and sterilized environment. This means the immune system has not learned any immunity and cannot respond to infections effectively.
Calling someone a "hater" only means you can not rationally rebut their argument.
They're parked outside your house in a white/glass van with a giant Apple on the side.
Task Mangler
is all they claim on the referenced web-page. This is true. They deserve and get custom-made malware, just like their Windows cousins. Apple's iDevices get NO malware, because you can only get carefully checked out programs through Apple's app store. With OS X 10.8, users who never want to be at risk from the Internet again, will be able to set their Macs to refuse to execute any program that hasn't gone through Apple's inspection program. Since nothing is perfect, Apple has made provisions to kill nasty programs remotely, on the odd chance that they made it through their inspection program.
Users who love and enjoy viruses and Trojans however, will still have the privilege of setting their Mac to run *any* program from the wilds of the Internet.
A sufficiently advanced simulation is indistinguishable from reality.
How ya like your Mac now, fanboys?
Just fine, thanks. Fortunately for me, by practicing slightly-below-average security, I was fortunate enough to NOT be one of the less than 1% of all installed Macs on the planet that got infected.
Call me back when I have to completely reinstall my system because I decided to download a track add on for a racing game, or a file that appeared to be Minecraft, or any of the other multiple computer wrecking malware my kids have collected over the years on a PC. Their behavior is no different on my Mac, yet they've never been able to wreck my Mac.
Here's a fun fact: I've had to reinstall every home version of Windows since Win95 due to malware and I've never had to reinstall any version of Mac OS from MacOS 7.6 up to OS X 10.7 due to malware.
Purely anecdotal, but that's good enough for me, because my time is valuable, and my anecdotes are mine. I'm the only one I have to prove my anecdotes are real.
People keep saying this. Did you ever stop and think WHY Apple viruses only pop up in intermittently? Could it possibly be because Apple squashes them, generally within a couple of weeks, with software update? Virus threats don't just appear then disappear with Apple sitting around doing nothing.
You won't hear shit about this stupid virus two weeks from now because the entire time all you basement dwellers are on slashdot making up statements like "apple doesn't care about security", Apple is probably busy fixing shit.
A certain, large percentage of the population is simply going to be made up of AOL users. Computer illiterates who can't and don't want to think for themselves. Not about the under-the-hood stuff, anyway.
And that's fair. Not everybody is a mechanic.
Apple is the new AOL.
The problem is, when you base your entire business plan on herding that kind of demographic together, is that once they become a significant market segment, they'll be targeted for abuse. I mean, if you can sell a person into using a Mac, you can trick them into giving up their passwords. As we have just witnessed.
Windoze users, by contrast, have become accustomed to, and psychologically resistant to the filthy side of the internet. Inoculated to a degree.
Mac users are going to have a painful learning curve exactly because they are not used to critical thinking when it comes to safe computing.
see subject.
Yes. In fact it doubled overnight.
How much malware is there for iPads and iPhones? Zero? After this summer, when OS X 10.8 arrives, Macs will be almost impossible to infect, because only fools will get software outside of the Apple Mac store or other vendors who get an Apple encryption signature for their software. Furthermore, Apple will have the capability of effectively wiping any possible malware that might get by the inspection system, by remotely revoking the encryption signature.
A sufficiently advanced simulation is indistinguishable from reality.
OS X has what, TWO viruses now?
They are called PROGRAMS, you insensitive clod!!!
>Could it possibly be because Apple squashes them, generally within a couple of weeks, with software update?
Yup, they already pushed out the fix a couple of days ago.
It works!!! Now all I need is to include a payload that:
1. 50 days after infection corrupts all filed synced to icloud and triggers a sync
2. Wipes all time machine backups on the network
3. overwrites the first Mb of each partition on the disk with random gibberish
4. Reboots the machine.
My work is done. Why? Because the vast majority of users don't use anything else but these products to protect their systems, once I have access the scope for destruction is limitless.
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=Linux&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve= Do you have a point? My list goes over 23 pages, yours not even over 3 and a half.
That's bullshit, I worked for apple technical support as well, we where told to say:
"While there aren't any known Viruses for mac, we always recommend using different kinds of anti-malware protection on your machine.
Apple works to deliver security updates via the software update function at all times, so keep your computer updated and you're at minimal risk - adding an anti-malware program to your machine will minimize the risk even more."
I bet you where one of those first-line agents acting all cool working for apple.... lol.
http://lmgtfy.com/?q=apple+product+security -> https://ssl.apple.com/support/security/ -> "Contacting Apple -
To report security issues that affect Apple products, please contact: product-security@apple.com
They asked me details about the security vulnerability I found, gave me status updates on their patching efforts, and credited me in the resulting patch. Seemed pretty legit.
Well, getting infected with this doesn't require an admin password and can happen just from surfing the web because it exploits a security vulnerability in Java that Apple were slow to release an update for, as they often are with third-party code that they distribute.
>>>
As someone who has found and reported a (now) patched security vulnerability to that email address, I can say that I agree with Boris Sharov's complaint. You do get an automated response with a case #, that includes the text
>>>
-snipped a whole lot of shit that this guy did gratis for Apple *sigh*-
Forgive me, but you are an idiot! People like you are idiots. I can see you are a nice guy, you all seem to be nice guyz! But stop sucking vendor dick in the name of doo-gooder-shitdom, or in the hopes of building a resume / cred / etc., would you please?!
Moreover, quit bitching about the big bad $megacorp_vendor, that doesn't love you back---will you please, I love you!
Your SOP should be:
Hack your shiz + crack your shiz + notify vendor + include a 1 / 3 / 5 / 7 / 9 / 11? biz day reprieve (or make it boilerplate in your sig) + then release your hackz. EOF.
Or. If you want to kiss ass, then please don't tell us how you got HepB.