PDA

View Full Version : Does Mac Have Potential For Hacker Attacks?


MacBytes
Feb 12, 2006, 10:44 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Does Mac Have Potential For Hacker Attacks? (http://www.macbytes.com/link.php?sid=20060212234413)
Description:: The Apple Macintosh enjoys a reputation as one of the more secure systems out there, but the recent discovery of vulnerabilities in two of Apple’s most popular applications serves as a reminder that no Internet user is immune to attacks.

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

cwtnospam
Feb 12, 2006, 10:54 PM
This is getting to be annoying. Every time security is discussed, some bonehead has to claim the Mac is secure because it's obscure. I'd love to know how these guys explain the fact that before OS X, when the Mac market share was lower than it is now, there were Mac viruses. Or maybe they could explain how at least one cell phone OS with far fewer users had a virus.

~Shard~
Feb 12, 2006, 10:57 PM
OS X Is based off UNIX, which is inherently secure. It doesn't matter whether OS X has 5% marketshare or 95% marketshare, the fact that it is secure would remain the same.

Stella
Feb 12, 2006, 11:09 PM
OS X Is based off UNIX, which is inherently secure. It doesn't matter whether OS X has 5% marketshare or 95% marketshare, the fact that it is secure would remain the same.

Yes, you are correct.

Take a good example: Symbian is the market leader in smartphones ( still outsells windows mobile ( people were raving about mobile 6 ) by a HUGE margin ( thanks to Nokia )), its user base is quite small... on a population basis, but still, there are viruses.


HOWEVER, OSX is still software, it may be UNIX based - inherently, more secure than windows. BUT STILL, Unix has its vulnerabilities... OSX has more.. with its UI interfaces et al - I'm sure there are plenty of Vuns to take advantage of. AppleScript I'm sure is quite unsecure - if taken advantage of.

As the previous poster correctly says - security by obscurity, is NOT security.

Mac Users are waaaay too smug. Far too smug.

macsupport
Feb 12, 2006, 11:11 PM
I found another discussion happening on another forum (http://forum.usedmac.ca/viewtopic.php?t=93). One user states that he got something called the nachi worm on his Mac. Any idea what exactly that was?

grapes911
Feb 12, 2006, 11:15 PM
OS X Is based off UNIX, which is inherently secure. It doesn't matter whether OS X has 5% marketshare or 95% marketshare, the fact that it is secure would remain the same.

And if you want to examine that even closer, Unix split into Sys5 and BSD. BSD is considered the most secure OS ever. OS X was built directly off BSD. How insure can OS X possibly be?

~Shard~
Feb 12, 2006, 11:16 PM
I found another discussion happening on another forum (http://forum.usedmac.ca/viewtopic.php?t=93). One user states that he got something called the nachi worm on his Mac. Any idea what exactly that was?

Nope, not possible according to Symantec's site:

Also Known As: W32/Welchia.worm10240 [AhnLab], W32/Nachi.worm [McAfee], WORM_MSBLAST.D [Trend], Lovsan.D [F-Secure], W32/Nachi-A [Sophos], Win32.Nachi.A [CA], Worm.Win32.Welchia [Kaspersky]
Type: Worm
Infection Length: 10,240 bytes
Systems Affected: Microsoft IIS, Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT

~Shard~
Feb 12, 2006, 11:17 PM
And if you want to examine that even closer, Unix split into Sys5 and BSD. BSD is considered the most secure OS ever. OS X was built directly off BSD. How insure can OS X possibly be?

Yep, another good point.

I'm not saying that Mac users should ignore any possible threats and be smug about it, but the facts are the facts - we are running a very secure OS. :cool:

macsupport
Feb 12, 2006, 11:18 PM
Nope, not possible according to Symantec's site:

Also Known As: W32/Welchia.worm10240 [AhnLab], W32/Nachi.worm [McAfee], WORM_MSBLAST.D [Trend], Lovsan.D [F-Secure], W32/Nachi-A [Sophos], Win32.Nachi.A [CA], Worm.Win32.Welchia [Kaspersky]
Type: Worm
Infection Length: 10,240 bytes
Systems Affected: Microsoft IIS, Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT

Thanks for the reply. The user must have had something else wrong with his computer.

~Shard~
Feb 12, 2006, 11:22 PM
Thanks for the reply. The user must have had something else wrong with his computer.

There have been some Office-based exploits involving macros which technically could manifest themselves on a Mac, since they use the same programs, however even then they probably wouldn't be able to do much damage. Apart from that, you won't hear about too many Mac users being affected by things such as this. :cool:

grapes911
Feb 12, 2006, 11:24 PM
I'm not saying that Mac users should ignore any possible threats and be smug about it, but the facts are the facts - we are running a very secure OS. :cool:


I agree. I turn on the firewall and use little snitch. I'm not stupid. Things could go wrong. I run a mac webserver that was once hacked. Nothing major, but it was enough to take the server off down. We fixed it and added better firewall rules. No problems since.

It feel nice to not have to "baby" my Mac. My windows box runs very smooth. Almost as nice as my Mac. But I "baby" my PC. I probably put about 1 hour of work into a week just to keep it running right.

winmacguy
Feb 13, 2006, 12:42 AM
Thanks for the reply. The user must have had something else wrong with his computer.
The poster is labeled as a new member :)

littlejim
Feb 13, 2006, 04:06 AM
I remember the one and only Virus/Worm I got on a Mac - it was about 7/8 years ago (AUTOSTART 9805 as I remember).

This worm spread like wildfire through the design community via Zip disks ... this was in the days when few people used the internet.

I suppose what I'm saying is that Mac Users are a close and friendly community and surely IF a Worm/Virus was written for the Mac then it would spread as fast as it did 7 years ago between us?

Applespider
Feb 13, 2006, 04:11 AM
I found another discussion happening on another forum (http://forum.usedmac.ca/viewtopic.php?t=93). One user states that he got something called the nachi worm on his Mac. Any idea what exactly that was?

Well, he might have got it - if he downloaded a file with it or received an email with it attached - and an AV scanner might have picked it up as being on his Mac. But since it couldn't run on the Mac, it wouldn't have done anything to his system except take up a miniscule chunk of HD space.

Mitthrawnuruodo
Feb 13, 2006, 04:58 AM
I remember the one and only Virus/Worm I got on a Mac - it was about 7/8 years ago (AUTOSTART 9805 as I remember).Noone has said there never was ant Mac viruses, in fact there were several back in OS 7, 8 and 9 days... in addition to above mentioned macro viruses that could exploit holes in Office... but none, I repeat none, for OS X. Yet (;)).

This worm spread like wildfire through the design community via Zip disks ... this was in the days when few people used the internet.Wildfire...??? :rolleyes:

Never knew anybody that got infected, and I used zip disks on a daily basis... ;)
I suppose what I'm saying is that Mac Users are a close and friendly community and surely IF a Worm/Virus was written for the Mac then it would spread as fast as it did 7 years ago between us?It's not that it's impossible to write a nasty trojan, but I still don't see how you gonna get massive distribution... All Macs has built-in secutrity and unless you get thousands of Mac users to either provide their admin password when the malware asks for it, and ignores all other warnings, I don't see how any trojan can do more than minimal damage for a few poor suckers... ;)

ethernet76
Feb 13, 2006, 12:07 PM
This is getting to be annoying. Every time security is discussed, some bonehead has to claim the Mac is secure because it's obscure. I'd love to know how these guys explain the fact that before OS X, when the Mac market share was lower than it is now, there were Mac viruses. Or maybe they could explain how at least one cell phone OS with far fewer users had a virus.

Obscurity is one of the best things OS X has.

OS 9 and it's similar predecessors had it's own flaws. OS 9 was so easily hackable. Attack the resource forks and you're in. OS X is better in ways. Authentication provides protection from background applications installing themselves.

Cell phones however are easy targets. The operating system is simple and looking for exploits is easier. There isn't as much disassembly and other shenanigans to do.

All it takes though is one application. Maybe a cross-platform virus written in java that not only attacks Windows, but also Macs.

I think the only thing Mac users can hope for is for a benevolent virus when the first one makes the rounds. Otherwise, firewall or not, 5 percent of computer users could get screwed.

Windows users are aware that at any point a virus may delete all their data. Macs have more to lose. Not only will it be a blow to Mac "fanboys", but ever since my Powerbook, my backup habits have been a tad sloppy.

ethernet76
Feb 13, 2006, 12:21 PM
Noone has said there never was ant Mac viruses, in fact there were several back in OS 7, 8 and 9 days... in addition to above mentioned macro viruses that could exploit holes in Office... but none, I repeat none, for OS X. Yet (;)).

Wildfire...??? :rolleyes:

Never knew anybody that got infected, and I used zip disks on a daily basis... ;)
It's not that it's impossible to write a nasty trojan, but I still don't see how you gonna get massive distribution... All Macs has built-in secutrity and unless you get thousands of Mac users to either provide their admin password when the malware asks for it, and ignores all other warnings, I don't see how any trojan can do more than minimal damage for a few poor suckers... ;)

I think you only need to look at the jpeg rendering problem of IE to realize your firewall isn't going to help. Mail, safari, any application receiving data or handling it is open to attack.

Let's say someone targets Safari. There's some sort of PNG handling error that allows the virus to run malicious code. This malicious code could modify iTunes and insert malicious code so that every time iTunes the program tries to infect other people.

It really isn't that hard. Mac's low user rates have helped more than the mac faithful are willing to give credit for. If we Mac users had as many people after us Windows does, all of us would have a little black and white virus-scan logo right next to the time display in the upper right.

Mitthrawnuruodo
Feb 13, 2006, 12:32 PM
I think you only need to look at the jpeg rendering problem of IE to realize your firewall isn't going to help. Mail, safari, any application receiving data or handling it is open to attack.Never mentioned my firewall... :confused:

And who's stupid enough to have preview and load images on in Mail, as default...? :rolleyes:

Let's say someone targets Safari. There's some sort of PNG handling error that allows the virus to run malicious code. This malicious code could modify iTunes and insert malicious code so that every time iTunes the program tries to infect other people.

It really isn't that hard. Mac's low user rates have helped more than the mac faithful are willing to give credit for. If we Mac users had as many people after us Windows does, all of us would have a little black and white virus-scan logo right next to the time display in the upper right.And still it hasn't happened, yet... not in Safari, nor Firefox, nor Mail... funny, hah...?

And the trojan attempts has been really embarrasing so far... much like the old "manual virus" joke...

The only known vulnerability in OS X that I fear at the moment is the sudo grace period... still, even that I don't fear enough to manually set it to 0, myself... ;)

jhu
Feb 13, 2006, 12:58 PM
OS X Is based off UNIX, which is inherently secure. It doesn't matter whether OS X has 5% marketshare or 95% marketshare, the fact that it is secure would remain the same.

inherently secure? i don't think so. take a look at xenix, sco unix, or even sunos back in the day. however, often it is the ancillary programs that give the entire os a bad rap. take sendmail for example. for the longest time it was a bug infested piece of something. even bind isn't immune to exploitation. saying unix is inherently secure is rather off-base. rather it's the programmer's attention and vigilance to security that gives that group of oses its good name.

additionally, marketshare does matter. take a look at this zombie net (http://msnbc.msn.com/id/11277829/). now, how are you going to get a significant zombie network on a computer architecture with a 2% market penetration?

Timepass
Feb 13, 2006, 01:03 PM
I think you only need to look at the jpeg rendering problem of IE to realize your firewall isn't going to help. Mail, safari, any application receiving data or handling it is open to attack.

Let's say someone targets Safari. There's some sort of PNG handling error that allows the virus to run malicious code. This malicious code could modify iTunes and insert malicious code so that every time iTunes the program tries to infect other people.

It really isn't that hard. Mac's low user rates have helped more than the mac faithful are willing to give credit for. If we Mac users had as many people after us Windows does, all of us would have a little black and white virus-scan logo right next to the time display in the upper right.


In theory you are correct but in pratic it is really hard. To think that ones computer is impossible to hack is plannly stupid. There is only one way to make sure your computer is never compromised, that is not to have it be able to connect to any out side sorce and never install any software on it. That is impossible for one to compromise.

But something that could be intersting is as soon as some one finally figures out how to hack or put a virus on a mac more will soon follow based on the same sorce code. A lot of virus for windows use very simlure sorce code. But first thing first is some one figuring out how to hack into a mac.
It is correct that it is really hard to hack and compromise a mac. It is far from impossible. Just no one has figured out how to do it yet. By the time some one figures it out OSX may no longer be in use but some one will figure it out some time. It is not a question on if. It is more of a question on when will some one figure it out.

There is potentional there for something to be as damaging to more damaging that MSBlaster was but the chances of that happening are very very low. Because first of the very small user base and the fact that mac are also very hard to hack and write viruses for in the first place. No one figured it out yet. I for one am not going to complain about that. I kind of dread the day that someone does figure and release it because it going to run very wild with the average mac have less 2nd line defences than the average window users (2nd line being AV, firewall program, OS and what not is first line. And lets face it Apple first line of defences is really great to the point it understandble why there is no really need for a 2nd line of defences that windows users really need)

dr_lha
Feb 13, 2006, 01:05 PM
take sendmail for example. for the longest time it was a bug infested piece of something.
Good thing that OS X uses Postfix then isn't it? ;)

jhu
Feb 13, 2006, 03:42 PM
But something that could be intersting is as soon as some one finally figures out how to hack or put a virus on a mac more will soon follow based on the same sorce code. A lot of virus for windows use very simlure sorce code. But first thing first is some one figuring out how to hack into a mac.
It is correct that it is really hard to hack and compromise a mac. It is far from impossible. Just no one has figured out how to do it yet. By the time some one figures it out OSX may no longer be in use but some one will figure it out some time. It is not a question on if. It is more of a question on when will some one figure it out.


in this day and age, the question is whether it is profitable to successfully exploit the mac. given its low user penetration compared to windows, the answer is no (please see my previous post). the same can be said for linux, *bsd, aix, solaris, openvms, or practically any non-windows operating system.

Timepass
Feb 13, 2006, 03:53 PM
in this day and age, the question is whether it is profitable to successfully exploit the mac. given its low user penetration compared to windows, the answer is no (please see my previous post). the same can be said for linux, *bsd, aix, solaris, openvms, or practically any non-windows operating system.

Boy you really dont know much about the underline stuff on a mac. I not going to deny the fact that the low market share out there helps out with the defence. That never been a question. It is a fact that is also harder to compromise a mac. You would think in 5 years that something would of come out that would of done something.
Windows is easier to hack that the others. Plus there is quite of bit of sorce code out there for a start point.

Unix based OS (and guess waht bsd, Linux and OSX I know for a fact are all based on) are just more securit then the others. You my friend dont know much about the underworking of the OS's

asherman13
Feb 13, 2006, 03:57 PM
Just because we are secure doesn't mean we're completely secure, IMO. Most Apple users aren't stupid enough to download a virus, but, IMO, if there's a strong enough will, those who have it will find a way, and I'm just thankful that there isn't a strong enough will yet.

jhu
Feb 13, 2006, 04:41 PM
Boy you really dont know much about the underline stuff on a mac. I not going to deny the fact that the low market share out there helps out with the defence. That never been a question. It is a fact that is also harder to compromise a mac. You would think in 5 years that something would of come out that would of done something.
Windows is easier to hack that the others. Plus there is quite of bit of sorce code out there for a start point.

Unix based OS (and guess waht bsd, Linux and OSX I know for a fact are all based on) are just more securit then the others. You my friend dont know much about the underworking of the OS's

you don't understand how unprofitable it is to exploit systems with a low installed user base. you also don't understand that unix-based oses are not necessarily inherently more secure. please refer to my previous posts (and this link (http://msnbc.msn.com/id/11277829/))

Timepass
Feb 13, 2006, 04:48 PM
you don't understand how unprofitable it is to exploit systems with a low installed user base. you also don't understand that unix-based oses are not necessarily inherently more secure. please refer to my previous posts (and this link (http://msnbc.msn.com/id/11277829/))


I have. A vaste majority of your agurment is based on market share and that alone. Which no one is saying it not one of the reason for security
But a good point to bring up is in 5 years you would think there would be 1 at LEAST 1 virus made for OSX.
And in 5 years there have been 0 virus, that right 0. It also just planily harder to hack. A vast majority of the big viruses out there entire point is not to make money but make a name for itself.

Lets see a virus for OSX would be huge. I sorry but your argument is all number based so it falls apart right there. Based on what you are saying it just as easy to write a virus for OSX as it is for XP.

But even from that we can look at the server sides. MS server OS numbers are smaller than a Unix based server..... Oh wait still more for M$ servers than the Unix based one.

Hmm the number agrument is just part of it. OSX is more securty and harder to hack than XP.

jhu
Feb 13, 2006, 05:02 PM
I have. A vaste majority of your agurment is based on market share and that alone. Which no one is saying it not one of the reason for security
But a good point to bring up is in 5 years you would think there would be 1 at LEAST 1 virus made for OSX.
And in 5 years there have been 0 virus, that right 0. It also just planily harder to hack. A vast majority of the big viruses out there entire point is not to make money but make a name for itself.

Lets see a virus for OSX would be huge. I sorry but your argument is all number based so it falls apart right there. Based on what you are saying it just as easy to write a virus for OSX as it is for XP.



you didn't even click on that link i posted, did you? people don't write malware for prestige, they do it for money. in the linked example, it was to gain money from adware clicks. in many other situations its to blackmail websites with the threat of ddosing them. in the past malware was all about prestige.

recently there has been very little in the way of malware for unix-like oses (ulo) because the numbers just aren't there. there have been numerous proof-of-concepts published, but no real actual malware. do you build your zombie network using 5% of the computing population or the 95%, many of which are unlikely to be patched? the only well-known software comparison would be apache vs. iis with apache running more than half of all webservers worldwide. properly patched they are actually both fairly secure.

if you think your ulo is so exploit-proof, i dare you to install sendmail and use it as your mailserver.

Mitthrawnuruodo
Feb 13, 2006, 05:50 PM
if you think your ulo is so exploit-proof, i dare you to install sendmail and use it as your mailserver.I can send you a couple of small apps that I dare you to install on your windows box, too... :rolleyes:

nagromme
Feb 13, 2006, 10:00 PM
people don't write malware for prestige, they do it for money.
People don't write malware for just one reason, they write it for multiple reasons. Money is the top reason, not the only reason.

Witness the recent Kama Sutra worm. Good old-fashioned vandalism.

Then ther's the ground where money and prestige meet: the cracking contests that offer cash prizes for a successful Mac virus.

You can say there's only ONE reason for Mac security--the target base. But in fact, that's one of MULTIPLE reasons. All of them good for us :)

jhu
Feb 13, 2006, 10:12 PM
People don't write malware for just one reason, they write it for multiple reasons. Money is the top reason, not the only reason.

Witness the recent Kama Sutra worm. Good old-fashioned vandalism.

Then ther's the ground where money and prestige meet: the cracking contests that offer cash prizes for a successful Mac virus.

You can say there's only ONE reason for Mac security--the target base. But in fact, that's one of MULTIPLE reasons. All of them good for us :)

you mean something like this? (http://software.silicon.com/malware/0,3800003100,39129049,00.htm) again, it's for money. and since it was cancelled, there is no monetary incentive. i'll admit some malware is just written to vandalise someone's computer, but money still reigns supreme.

Qunchuy
Feb 14, 2006, 10:10 AM
There's some sort of PNG handling error that allows the virus to run malicious code.
I think you've misunderstood the recently publicized WMF exploit. It only affects Windows (and slavishly reverse-engineered emulators) anyway.

Annette
Feb 14, 2006, 10:39 AM
Anyone feeling brave/bold?

In my web mail I have an IRC chat application I downloaded into two separate macs.

I believe it "told" them to hide or erase my Home folder.

I will send it to anyone; try it at your own risk ..

Applespider
Feb 14, 2006, 10:45 AM
Annette - no-one is denying that there can be malicious code although your application has two different scenarios. Hiding is a big difference from erasing. Both can be accomplished with simple Terminal commands although to erase you'd have to enter your password in order for it to complete.

There is no excuse for not following common sense. Don't download software/files unless they're from reputable sources - and make sure that their filesizes look appropriate.

Annette
Feb 14, 2006, 10:47 AM
did I ask you for all that?

It came from source forge.

I offer it for curiosity, please don't give me a lecture.