PDA

View Full Version : Another Major Mac Computer Security Flaw Discovered


MacBytes
Jul 30, 2009, 10:20 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Another Major Mac Computer Security Flaw Discovered (http://www.macbytes.com/link.php?sid=20090730232034)
Description:: none

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

thegoldenmackid
Jul 30, 2009, 10:23 PM
Same story, two years running...

DMann
Jul 30, 2009, 10:39 PM
Same story, two years running...

Time to break down and purchase Norton...... oh, no actual cases - keep on reportin'.

dwman
Jul 30, 2009, 11:51 PM
Whether or not we want to admit or not, it is essentially "security by obscurity" Not worth virus writers time or $$$ to go after 10% +/- market share. Yes, I realize the Unix underpinnings do make it better than Windows, but that's the reason I hope market share stays roughly where it is. Around the 15-20% mark is probably where Macs become a real target. Of course, 15-20% probably wont happen for at least another decade, so I think we're ok for now.:D

ChrisA
Jul 31, 2009, 12:17 AM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)


I read it and learned the name of the person who discovered "something". There were no other real hard facts in the article. You'd think they'd explain how the exploit works or what this guy found.

No one even claimed to have a sample of a self replicating virus.

I say "It does not exist" until you say how it works.

neonblue2
Jul 31, 2009, 02:21 AM
Odd, I wonder why they didn't report the method. Probably because we'd all crack up.

In order for this to work, your computer must first be infected (http://www.news.com.au/technology/story/0,28348,25856568-5018992,00.html) with the iWorkSerices trojan. That's that one that is installed with pirated versions of iWork and creates a botnet. The ultimate root of this hack is social engineering. If you don't install anything with your password, you can't get attacked in this way.

DMann
Jul 31, 2009, 03:33 AM
Odd, I wonder why they didn't report the method. Probably because we'd all crack up.

In order for this to work, your computer must first be infected (http://www.news.com.au/technology/story/0,28348,25856568-5018992,00.html) with the iWorkSerices trojan. That's that one that is installed with pirated versions of iWork and creates a botnet. The ultimate root of this hack is social engineering. If you don't install anything with your password, you can't get attacked in this way.
Drat, you blew the cover WIDE open..

BongoBanger
Jul 31, 2009, 05:14 AM
Odd, I wonder why they didn't report the method. Probably because we'd all crack up.

In order for this to work, your computer must first be infected (http://www.news.com.au/technology/story/0,28348,25856568-5018992,00.html) with the iWorkSerices trojan. That's that one that is installed with pirated versions of iWork and creates a botnet. The ultimate root of this hack is social engineering. If you don't install anything with your password, you can't get attacked in this way.

And of course, this kind of stuff works equally well with any trojan you installed - for example codecs to play videos of ESPN reporters ;) - in exactly the same way - by entering your password - as clicking 'Allow' on Vista's UAC does.

That's how malware works these days - it's becoming more and more OS independent because the latest OS iterations are harder and harder to crack directly.

MisterMe
Jul 31, 2009, 09:25 AM
... Not worth virus writers time or $$$ to go after 10% +/- market share. ... Around the 15-20% mark is probably where Macs become a real target. Of course, 15-20% probably wont happen for at least another decade, so I think we're ok for now.:DYou people have been saying this more than a decade and it still has not happened. Symantec releases a new set of malware definitions for Norton Antivirus everyday. How many of these are Mac viruses? Did I hear you say "Zero"?

When the Mac's marketshare reaches 20% with still not viruses, what will you say then? I'm waiting.

cohibadad
Jul 31, 2009, 10:12 AM
Whether or not we want to admit or not, it is essentially "security by obscurity"

It's not really a question of whether we want to admit it. It's a question of whether it's true or not. This concept has no basis and is repeated ad nauseum. It's false.

Shunnabunich
Jul 31, 2009, 11:11 AM
Whether or not we want to admit or not, it is essentially "security by obscurity" Not worth virus writers time or $$$ to go after 10% +/- market share. Yes, I realize the Unix underpinnings do make it better than Windows, but that's the reason I hope market share stays roughly where it is. Around the 15-20% mark is probably where Macs become a real target. Of course, 15-20% probably wont happen for at least another decade, so I think we're ok for now.:D
You people have been saying this more than a decade and it still has not happened. Symantec releases a new set of malware definitions for Norton Antivirus everyday. How many of these are Mac viruses? Did I hear you say "Zero"?

When the Mac's marketshare reaches 20% with still no viruses, what will you say then? I'm waiting.
Dwman must not have been around back when Macs ran the "Classic" operating systems (i.e. OS 9). There actually were malware threats back then, and yet, at the time, Macs had just a tiny fraction of the market share they have now. And now, Macs have no malware that doesn't need to be literally handheld through the installation process by the very person it's supposed to be screwing with.

Yeah, oops.

Security through obscurity was always a load of bull, even back then.

And don't forget that every time another copy of the same old social-engineering-dependent trojan gets so much as theorized about, let alone "released" into the "wild", tech journalists everywhere lunge, screaming, at their keyboards lest anyone go uninformed that the Mac platform is apparently teeming with viruses, trojans, security holes, hackers, imps, bad mojo and perhaps hidden kitten-annihilation subroutines — and oh by the way Windows has none of these problems and if it did Microsoft could certainly be excused because those poor dears have to deal with taking care of the entire market and they're really fine upstanding honest red-blooded Americans not like those goddamn dirty hippy communist Californians so we should cut them some slack. You can't tell me writing Mac malware wouldn't have, perhaps, some smidgen of prestige associated with it?

macFanDave
Jul 31, 2009, 11:39 AM
I just find these public revelations of theoretical security flaws in either Mac OS X or the iPhone OS to be inappropriate and counter-productive. They cause unnecessary panic among users and encourage malicious hackers to do real damage.

I think guys like Dino Dai Zovi and Charlie Miller are shameless publicity whores that are not significantly different from Lindsey Lohan, Paris Hilton and all of the other starlets that try to get into tabloids.

If they were honest computer scientists, they'd be quietly informing Apple of the problems. They would be helping Apple solve the problems without causing panic and anxiety among the Mac-using public. Of course, there would be no fame in that, so I can only guess what their motivation for behaving as they do is.

BongoBanger
Jul 31, 2009, 12:17 PM
It's not really a question of whether we want to admit it. It's a question of whether it's true or not. This concept has no basis and is repeated ad nauseum. It's false.

Except to a degree it actually is true.

Shunnabunich
Jul 31, 2009, 12:30 PM
I just find these public revelations of theoretical security flaws in either Mac OS X or the iPhone OS to be inappropriate and counter-productive. They cause unnecessary panic among users and encourage malicious hackers to do real damage.

I think guys like Dino Dai Zovi and Charlie Miller are shameless publicity whores that are not significantly different from Lindsey Lohan, Paris Hilton and all of the other starlets that try to get into tabloids.

If they were honest computer scientists, they'd be quietly informing Apple of the problems. They would be helping Apple solve the problems without causing panic and anxiety among the Mac-using public. Of course, there would be no fame in that, so I can only guess what their motivation for behaving as they do is.
Well, it depends on how you use "honest". If you mean honest as in actual, they are indeed honest-to-goodness computer security experts, or else they wouldn't have the experience and knowhow to find the exploits they have. Regardless of how well or badly they handled those discoveries, that can hardly be contested.

If you mean honest as in truthful, you're probably right in that they're acting like attention whores. On the other hand, the fact that the Mac platform does have security holes (especially considering how bloody long Apple takes to patch some of them) should not be covered up. Perhaps it shouldn't be paraded around like Paris Hilton's cooter, but in the same interest of honesty, Mac users shouldn't be subjected to misinformation in the interest of creating a false sense of security (or at least fostering that feeling to a false degree). They had enough of that when they were Windows users.

dejo
Jul 31, 2009, 12:54 PM
Except to a degree it actually is true.
And the basis for this "truth" is what again?

BongoBanger
Jul 31, 2009, 01:00 PM
And the basis for this "truth" is what again?

The fact that trojans and other malware exist for it.

dejo
Jul 31, 2009, 01:05 PM
The fact that trojans and other malware exist for it.
How does that prove "security through obscurity"?

Shunnabunich
Jul 31, 2009, 01:07 PM
And the basis for this "truth" is what again?

That, in theory, if the Mac had greater market share, more malware writers would be devoting their attention to the platform, which would somehow automagically make OS X be easier to exploit. That about right? :)

Honestly though, I do think that more eyes looking at OS X will very likely uncover some holes that presently have yet to be found, but not to a degree that could even remotely be compared to, say, Windows.

BongoBanger
Jul 31, 2009, 01:08 PM
How does that prove "security through obscurity"?

Because if OS X was fundamentally secure there would be no security threats at all.

EmperorDarius
Jul 31, 2009, 01:13 PM
Even if the number of trojans will increase, I doubt that they will beyond the current simple social engineering methods, and arrive at the Windows level, where simply visiting a webpage (or in some occasions simply connecting to the internet) could be fatal.

As long as us Mac users will be smart enough not to fall into stupid malware tricks, :cool:

Shunnabunich
Jul 31, 2009, 01:17 PM
Because if OS X was fundamentally secure there would be no security threats at all.

Funny how nobody aside from the occasional troll has claimed that OS X is 100% perfectly secure. What we're all agreeing on here is that it's more inherently secure than Windows, which, until such time as the platform balloons radically in market share and the "security through obscurity" theory can be seriously tested, serves as a pretty good explanation of the continuing scarcity of malware (again, relative to Windows).

BongoBanger
Jul 31, 2009, 01:20 PM
Funny how nobody aside from the occasional troll has claimed that OS X is 100% perfectly secure. What we're all agreeing on here is that it's more inherently secure than Windows, which, until such time as the platform balloons radically in market share and the "security through obscurity" theory can be seriously tested, serves as a pretty good explanation of the continuing scarcity of malware (again, relative to Windows).

Can you explain to me specifically why OS X is inherently more secure than Vista? I mean it's obviously more secure than XP (a leaky colander is more secure than XP) but I'm not convinced it's intrinsically any more secure than Vista or W7.

Not trolling, I'm genuinely curious.

dejo
Jul 31, 2009, 01:22 PM
Because if OS X was fundamentally secure there would be no security threats at all.
I think that proves just the opposite of "security through obscurity" then. Because even with a small market share, OS X is still the target of a malware.

BongoBanger
Jul 31, 2009, 01:24 PM
I think that proves just the opposite of "security through obscurity" then. Because even with a small market share, OS X is still the target of a malware.

Hardly. It suggests people can do it but don't really see the point.

dejo
Jul 31, 2009, 01:27 PM
I suggest people can do it but don't really see the point.
Fixed that for ya. ;)

BongoBanger
Jul 31, 2009, 01:33 PM
Fixed that for ya. ;)

Whatever.

When you have the time perhaps you can refer to my previous post and explain why OS X is inherently more secure than Vista or W7. I mean that should give us a fairly good idea of what really drives security in an OS, right?

dejo
Jul 31, 2009, 01:44 PM
When you have the time perhaps you can refer to my previous post and explain why OS X is inherently more secure than Vista or W7.
Define "inherently more secure". Please be specific. I see you use vague terms (e.g. "fundamentally secure") and then expect them to relate to absolutes (e.g. "no security threats at all").

nagromme
Jul 31, 2009, 01:52 PM
It's not really a question of whether we want to admit it. It's a question of whether it's true or not. This concept has no basis and is repeated ad nauseum. It's false.

Actually, it's true: "obscurity" DOES help. (Obscurity, of course, meaning a high-profile, high-prestige target which has lower numbers of users, and thus is a less useful target, although still a valuable one since we're talking millions of people who are a valuable demographic for spamming or theft.)

"Obscurity" does help. A little. It's good thing! But it's not the WHOLE story. Whether Windows tolerators and anti-virus vendors would like to admit that or not :)

No OS will ever be perfect, and even Windows has improved. Yet OS X still has certain security advantages by design.

Of course, for users, more important than the REASONS for our safety, is that year after year, through constant cries of doom and fear, our safety has continued. That's not pure luck and it's not due to factors that have completely gone away. It's real. And it's great!

Meanwhile my tech-savvy Windows-using friends are losing months of data backups to viruses, finding 30 viruses on their system they thought was safe, and getting their email passwords stolen by keyloggers.

How nice that I don't have to worry about that yet. Will I ever? Maybe--or maybe one day when the first successful, spreading Mac worm/virus arrives, it will get the attention of Apple and the world so fast that it's caught before it gets to me :) In any case, anti-virus probably software won't help me--not until AFTER its definitions are updated. I may as well download the anti-virus software AND the definitions at the same time.

So why bog down my Mac now with anti-virus software the way my Windows OS is bogged down? I'll wait until there IS a threat, with virus definitions, and THEN I'll download the protection software--if it's truly needed. Someday.

dmmcintyre3
Jul 31, 2009, 01:56 PM
I have written a Mac Trojan before. It made the computer unbootable. A Applescript exploit that gave anybody root access without password. Had been through 2 or 3 OS 10.x versions before fixing it. I just did not distribute it.

windywoo
Jul 31, 2009, 02:17 PM
At each of these conferences they find exploits in OSX, and the fanbois still refuse to believe in security through obscurity. Bringing up times before OSX is irrelevant, there was little money to be made, and the tools to make viruses were not downloadable by script kiddies.

Yes, Unix has some extra security by not making the whole system accessible to the default user, but keyloggers and trojans don't require access to the full system. There can never be protection from the stupid user.

EmperorDarius
Jul 31, 2009, 03:06 PM
http://www.itwire.com/content/view/4136/937/

DMann
Jul 31, 2009, 03:42 PM
http://www.itwire.com/content/view/4136/937/And it was the poor design and vulnerability of Windows which initially spurned the massive waves of viruses, spyware, and malware in the first place.

jive turkey
Jul 31, 2009, 03:49 PM
I have this bookmarked, so it must be good! Called the Mac Malware Myth:

http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

DMann
Jul 31, 2009, 04:03 PM
I have this bookmarked, so it must be good! Called the Mac Malware Myth:

http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

Good read. The distinction between "Black Death [Plague]" (viruses) and "stubbing one's toe" (trojan) is especially pertinent.


http://www.roughlydrafted.com/wp-content/uploads/2009/01/wp-content-uploads-2008-04-200804010234-1.jpg

BongoBanger
Jul 31, 2009, 05:20 PM
http://www.itwire.com/content/view/4136/937/

I asked you why OSX 10.5 was more secure than Vista or W7 and you link me to an article dated 3 May 2006, 6 months prior to Vista's RTM? That's awesome. Not quite as awesome as taking roughlydrafted seriously but it's getting there.

Now does anyone have anything meaningful or shall we all just move on?

dejo
Jul 31, 2009, 05:36 PM
Now does anyone have anything meaningful or shall we all just move on?
Speaking of meaningful, I'm still waiting for your definition of "inherently more secure"...

BongoBanger
Jul 31, 2009, 05:47 PM
Speaking of meaningful, I'm still waiting for your definition of "inherently more secure"...

Simply put: What qualities of OS X as an OS make it more secure than Windows Vista or W7 as an OS?

I'm not sure I can make it any simpler and, since it's such a focal point of the Mac vs PC campaigns, I'm assuming this information should be relatively easy to find.

Like I said, OS X is easily better than XP and all previous versions of Windows from a security point of view for obvious reasons. I'm not sure it's that more secure - if it's more secure at all - than Vista or W7 hence the question: is it or isn't it?

dejo
Jul 31, 2009, 06:31 PM
Simply put: What qualities of OS X as an OS make it more secure than Windows Vista or W7 as an OS?
And how do you define "more secure"? Number of security threats identified? Numbers of actual viruses? Number of malware threats? Some other quantifiable amount perhaps? Without some way to compare, "more" means very little and is too prone to opinionated-subjectivity.

willie45
Jul 31, 2009, 07:43 PM
Sorry to interrupt all this kicking and punching folks, but can someone explain what you mean by "simple social engineering methods" of spreading malware?

Please excuse my ignorance but if you could take the time to enlighten me I would be most grateful. :)

Willie

DMann
Jul 31, 2009, 08:40 PM
Like I said, OS X is easily better than XP and all previous versions of Windows from a security point of view for obvious reasons.One doesn't really need to look any further from the fact that, up until 2007, running a Windows OS was about as secure as the assured celibacy of a naked convict, soaped up and bent over, legs spread wide open, in an overcrowded shower room, within the confines of an overloaded, high security state penitentiary. The viral epidemic had been set into motion from the outset, and Windows, by sheer default, and consequence of maintaining such a vulnerable OS for the past two decades, shall remain a vulnerable OS for the foreseeable future, while the momentum of this viral epidemic continues in full force. Window's highly susceptible presence got the viral ball rolling, quite out of control, and no amount of bolted-on security will be able to alter the predicament of this self inflicted, adverse environment - a condition which, by itself, deems Windows a less secure OS than any other.

Rodimus Prime
Jul 31, 2009, 09:08 PM
Think I noticed about people here and a lot of people who say windows is so bad because of all the big security holes.

OSX has some big security holes in the past that have been past and there are others not yet discovered same with windows.

The big one that made the news in windows and lots of the worms that hit windows use a secerity flaw that was patch months before hand. They work off the fact that people are very poor at updating there computer.

I like to look at Zero day security holes and how long it takes the respective company to patch a Zero day security hole. Hate to say it but Apple has a pretty piss poor history dealing with Zero Days. For example the Java hole was a Zero day hole. It took them over a year to fix it. Microsoft tends to be a matter of days on any zero days holes.

MisterMe
Jul 31, 2009, 10:44 PM
Think I noticed about people here and a lot of people who say windows is so bad because of all the big security holes.

OSX has some big security holes in the past that have been past and there are others not yet discovered same with windows.

...No, that is a total misrepresentation of the security problem in Windows and a gross overstatement of impact of security holes on MacOS X. The problem in Windows in not just holes, but an entire infrastructure in which malware and other security problems flourish. The Stan Beer piece at Dmann's link and Daniel Eran Dilger's piece at EmperorDarius's link address different aspects of this problem.

As for security holes on the Mac, what you get is enormous publicity about the hole. What you don't get is anything actually passing through the hole.

gunraidan
Jul 31, 2009, 11:00 PM
"Rather than realizing that the relatively safety is afforded by Apple's still small market share"

http://i72.photobucket.com/albums/i172/Dolfro752/laughing-smiley-001.gif

DMann
Jul 31, 2009, 11:03 PM
As for security holes on the Mac, what you get is enormous publicity about the hole. What you don't get is anything actually passing through the hole.So very well stated!

DMann
Jul 31, 2009, 11:12 PM
"Rather than realizing that the relatively safety is afforded by Apple's still small market share"

http://i72.photobucket.com/albums/i172/Dolfro752/laughing-smiley-001.gifYet a fairly large number of attempts at trojans, malware, and viruses have been made, and all have been unsuccessful - imagine that. http://i72.photobucket.com/albums/i172/Dolfro752/laughing-smiley-001.gif

BongoBanger
Aug 1, 2009, 04:35 AM
One doesn't really need to look any further from the fact that, up until 2007, running a Windows OS was about as secure as the assured celibacy of a naked convict, soaped up and bent over, legs spread wide open, in an overcrowded shower room

I agree but I'm asking you about post 2007 with the release of Vista and W7 to come.

So can anyone actually answer this one or am I better off just going to Black Hat and asking them? Serious question.

MacsRgr8
Aug 1, 2009, 04:45 AM
Malware that needs a password to be executed is no malware.

With human engineering you can do far more damage....

DMann
Aug 1, 2009, 11:18 AM
I agree but I'm asking you about post 2007 with the release of Vista and W7 to come.

So can anyone actually answer this one or am I better off just going to Black Hat and asking them? Serious question.As stated previously, since the viral epidemic has been in full swing, by Window's own doing, Vista and W7 shall remain vulnerable to viral attacks, despite all of the efforts to make them more secure - simply try running either OS, Vista or W7, for 4 minutes without virus protection and/or firewall to come to the realization that it is the mere presence of the viral environment, in and of itself, which makes Vista, W7, and quite likely, W8 irremediably vulnerable to attacks - and vulnerable they most certainly are.

BongoBanger
Aug 1, 2009, 02:04 PM
As stated previously, since the viral epidemic has been in full swing, by Window's own doing, Vista and W7 shall remain vulnerable to viral attacks, despite all of the efforts to make them more secure - simply try running either OS, Vista or W7, for 4 minutes without virus protection and/or firewall to come to the realization that it is the mere presence of the viral environment, in and of itself, which makes Vista, W7, and quite likely, W8 irremediably vulnerable to attacks - and vulnerable they most certainly are.

So it is because of the market share then?

Since no-one here can give me concrete reasons I thin I'll try Black Hat. Thanks for the comments though, shame they didn't lead anywhere.

MisterMe
Aug 1, 2009, 02:14 PM
So it is because of the market share then?

Glad we've settled that.No, it is because it is poorly designed. Windows security measures are bolted on rather than designed in.

Dip a cracker in honey and a soak a loaf of bread in vinegar.
Place both on your windows sill.
See which one attracts more ants.

roach
Aug 1, 2009, 02:17 PM
As stated previously, since the viral epidemic has been in full swing, by Window's own doing, Vista and W7 shall remain vulnerable to viral attacks, despite all of the efforts to make them more secure - simply try running either OS, Vista or W7, for 4 minutes without virus protection and/or firewall to come to the realization that it is the mere presence of the viral environment, in and of itself, which makes Vista, W7, and quite likely, W8 irremediably vulnerable to attacks - and vulnerable they most certainly are.

Actually I got two Vista machines with no virus protection and not one virus since the beta days (3 years?). I use XP at work (I create games) we had at least an one attack a year...even with viurs protection installed. XP is a bag of Virus. Hate it or love it, UAC, firewall is what I been using and a little dose of Malicious Software Removal tool...which hasn't found anything, but it's a piece of mind. and I wouldn't turn off UAC in exchange for virus protection...less overhead. I don't remember the last UAC window window pop up. But of course some people who doesn't use Vista or used it in the early days will say otherwise...so old news.

Rodimus Prime
Aug 1, 2009, 03:02 PM
As stated previously, since the viral epidemic has been in full swing, by Window's own doing, Vista and W7 shall remain vulnerable to viral attacks, despite all of the efforts to make them more secure - simply try running either OS, Vista or W7, for 4 minutes without virus protection and/or firewall to come to the realization that it is the mere presence of the viral environment, in and of itself, which makes Vista, W7, and quite likely, W8 irremediably vulnerable to attacks - and vulnerable they most certainly are.

and people wonder why mac users are though very poorly of and full of miss information...........

BongoBanger
Aug 1, 2009, 03:58 PM
No, it is because it is poorly designed. Windows security measures are bolted on rather than designed in.

Dip a cracker in honey and a soak a loaf of bread in vinegar.
Place both on your windows sill.
See which one attracts more ants.


In other words you can't tell me either.

MisterMe
Aug 1, 2009, 09:05 PM
In other words you can't tell me either.No. You have been told numerous times. You have chosen to ignore what you have been told numerous times.

sushi
Aug 1, 2009, 09:51 PM
Personally, I am waiting to see the first Mac OS X virus. Of course I am not holding my breath. :)

BTW, the market share argument is bunk. The person who creates the first true virus for Mac OS X will be famous (perhaps infamous). The fact that there are none after 8-9 years should indicate something -- for example, Mac OS X is fairly safe against virus.

Back in the pre-Mac OS X days, there were a few virus for the Mac platform. However, the majority were macro type virus thanks to Microsoft's macro (VBA) system.

As for social engineering attempts. Nothing can stop them as long as the user is willing to allow access and enter a password. There is no system in the world that can stop social engineering attempts with today's technology. Might be in the future, but not now.

As I have informed many individuals over the years, the most dangerous form of malware in the world is between the chair and the computer -- meaning the user. For example, if the user surfs to a p0rn site and the p0rn site asks the user to DL and install software to view the video, if the little brain is in control the user is pawned. It's that simple.

DMann
Aug 1, 2009, 10:59 PM
and people wonder why mac users are though very poorly of and full of miss information...........The information is accurate - reality confirms this.

No. You have been told numerous times. You have chosen to ignore what you have been told numerous times.+10 Ignore-ance is bliss!

Personally, I am waiting to see the first Mac OS X virus. Of course I am not holding my breath. :)

BTW, the market share argument is bunk. The person who creates the first true virus for Mac OS X will be famous (perhaps infamous). The fact that there are none after 8-9 years should indicate something -- for example, Mac OS X is fairly safe against virus.

Back in the pre-Mac OS X days, there were a few virus for the Mac platform. However, the majority were macro type virus thanks to Microsoft's macro (VBA) system.I concur. The viral epidemic of the Windows world has been prompted, motivated, and fervently encouraged by the fact that it had been so easy to write them for the OS. The person who creates the first true virus for Mac OS X would likely become famous - until that time, it's an enormous relief to have dispensed of the need for firewall, UAC, Malicious Software Removal Tools, anti-viral scans, anti-viral protection, and several other impediments which compelled us to completely abandoned that recurring nightmare.

BongoBanger
Aug 2, 2009, 04:08 AM
No. You have been told numerous times. You have chosen to ignore what you have been told numerous times.

Well no actually, I haven't. What I've had is a series of terrible analogies, hyperbole, outdated information, unsupported statements that it's the build of Vista that is fundamentally broken and references to legacy versions of Windows.

What I absolutely haven't had is a clear explanation of precisely why OS X 10.5 is more secure - excluding the hypothesis that it's largely down to market share - than Vista or the forthcoming W7.

If this is one of Apple's main selling points for OS X then I would expect this information to be freely available and easily accessed. Unfortunately it isn't and I'm starting to suspect it's because OS X actually isn't fundamentally any more secure than Vista and it really is a case of safety by obscurity.

Which, of course, is not to say that OS X is insecure because it isn't. It just doesn't appear to be any better or worse than the current iterations of its competing operating systems.

The Man
Aug 2, 2009, 04:33 AM
Which hacker / virus writer doesn't want to write something for the Mac platform and scare the bleep out of the smug Apple users? Which self-respecting virus writer doesn't want to show off his talent and shut up those whiney Mac fans / Cult of Jobs? Oh, the small market share scares the pants out of them? Because the small market share gives them less respect and news coverage?

Back in the days of System 7 and Mac OS 8 and 9, at least we had some virus writers with balls that dared to show their talents.

DMann
Aug 2, 2009, 06:10 AM
Which hacker / virus writer doesn't want to write something for the Mac platform and scare the bleep out of the smug Apple users? Which self-respecting virus writer doesn't want to show off his talent and shut up those whiney Mac fans / Cult of Jobs? Oh, the small market share scares the pants out of them? Because the small market share gives them less respect and news coverage?

Back in the days of System 7 and Mac OS 8 and 9, at least we had some virus writers with balls that dared to show their talents. Quite correct! So much for "safety by obscurity." Furthermore, Windows servers only run about 30% of the web. The rest is Unix style Operating Systems. Market share is a factor, but has proven to be not an issue with *nix systems. If you wanted to take down Google, Yahoo, the NYSE, US Post Office, ect…, you would simply write a virus for Linux/Unix - it would do more damage, cause more chaos, and make you a legend.

For those who are interested in knowing why OS X is challenging to write viruses for, first let's consider the following:

Mac OS X is the 5th varient of BSD - BSD takes security seriously, with as I understand, over 200 custodians of the code
keeping it safe as best they can. All UNIX operating systems have always been designed to run securely in multi-user environments on wide area networks (WAN's) as well as local area networks (LAN's). AFAIK, no UNIX operating system has ever compromised the classical three tier architecture of good computer design. (the rigorous separation of hardware layer, operating system layer and application layer) It's that uncompromised three tier architecture, and the heritage of being designed to run securely in a multi-user environment on wide area networks, that makes UNIX operating systems so reliable. UNIX operating systems were designed, from the very beginning, so that no single user (without administrator privileges) could ever compromise the operating system. Every Mac user can see this heritage in action today when they are prompted to enter an Administrator password every time they make even a minor change to the operating system. Microsoft could easily have built in such safeguards into their newer operating systems and made their current operating systems equally secure. The huge difficulty for Microsoft, is working out how to do it without breaking every corporate legacy system, and every commercial application that has been written to run in an unsecured environment.

Windows built internet explorer into the O/S at a very deep level, and allowed code execution within the browser. In OS X the browser is a completely separate application, its not a integral part of the OS. IMHO, this is the fundamental screwup Microsoft made, as they created so many hooks into which someone can attack the OS. In earlier windows, everything ran as the system user, so the capability to compromise an entire system was easier. OS X asks for your password before allowing you to run new software or install something - not fool proof, but at least fool resistant. Also, OS X has no registry. IMHO, this is the second fundamental flaw Microsoft made. Microsoft's backward compatibility mantra doesn't do them any favors either, as to run old software, they need so many old APIs, all of which can have holes in them.

Where do viruses usually hang out in Windows?:


1. At the root.

2. In the user’s local settings temp folder.

3. In these folders: \windows, \system, \system32 — the most common places where I find viruses.

4. As registry entries.


None of those areas are exposed to the environment in OS X. You can’t see those folders. Virus writers can’t access them. Thus, viruses can’t exploit those areas. Vista’s UAC is MS’s attempt to prevent changes to those totally exposed folders without your being aware of the changes.

To quote Con Zymaris (http://www.itwire.com/content/view/4136/937/):

"Where do these things called viruses come from? In Windows there are a number of different vector approaches. One of them is that somebody sends you a word file and you open it up and get infected. In more recent generations they're blocking these things off by making Word not run macros automatically. So now it comes back and asks you: "Do you want to run this macro?" That's a big mistake. It should not ask you and it should not allow any macros to run at all ever without you specifying yes run this macro. This is neglect in design which is how many Microsoft viruses work."

"Other things that look at first glance to be a really cool idea can be a problem. For instance, we pop this CD-ROM in and Windows automatically recognises it and it runs the software that launches the program installer. That's really cool for Joe and Jane Average. Except when you get a disk with a virus on it and it goes ahead and runs it.

"If you allow the operating system to essentially launch code unbeknownst to the user then you're in deep dog doo-doo. This is essentially what Microsoft has done with Outlook. With Outlook you can send it an email with an attached script and it will go off and execute the script. What insanity is that? This is years after they had a spate of all the Word and Excel macro viruses."

"Now with the Macintosh, let's say Apple did the same thing. Then essentially Macs would be infected via the same approach that Windows is with Outlook, Word and whatever else. However, Apple are clever and they don't provide that kind of facility, so that greatly reduces the chances of their devices getting a virus.

"Second port of call is a system where if you put in a disk and run a program that the system will automatically be infected, including its core system components rather than just user data. On Windows, you can put in a disk and get a virus just by running an .exe file off it. That can do substantial damage to your system because the system internal components aren't substantially protected. Whereas on the Unix based Mac, not the old Macs, and on Linux the system components are protected.

"If you're Joe User, you could never do anything that damages your core operating system. Yes, you could run a program that brings up a virus which runs something that deletes your files - and that is a problem. However, you couldn't do something that damages the system. That's because both Mac and Linux are underpinned by a Unix-based system that has a particular view on who has rights and privileges to access and modify different things in different areas. Windows never really had that which is the other big reason why they get the kinds of viruses that Mac OSX and Linux class just don't get."

So do Mac computers need firewalls and anti-virus protection?

"Essentially no is the answer. Why do we need firewalls? We need them if and only if you have services which offer connectivity from the outside world into your box. So if you're running a standard workstation and it does not have a mail server or an FTP server or a file sharing server or a web server or none of these other things that offer the outside world the ability to come and connect to your box, you don't need a firewall. On the Windows machines by default it goes off and creates all these services that sit there and create these gaping holes. Having said that, firewalls are by default available on OSX and Linux and there is no reason not to run them if you're running a small office environment.

"As far as anti-virus software is concerned if you're running Mac OSX or Linux, you don't need it. How is a virus going to infect you? If you're a Mac or Linux someone has to send you a program and tell you to login as root and run this program as administrator - that's how you would get a virus. What are the odds of that happening? In the Windows environment, you don't have that kind of rights segmentation, so when you click on that fake greeting card that someone sent you by email, the program will happily infect your system because the system didn't have to ask you to login as administrator and give it permission to make changes to itself. Having said that, there are ways around the system but they take an immense amount of work and, to do real damage, other than deleting files, a virus writer would have to be lucky enough to deliver the payload to someone logged in as administrator."

BongoBanger
Aug 2, 2009, 07:18 AM
@DMann

Nice prose but you still fail to answer my question as all of that applies to pre-Vista Windows. You should know, for example, that IE ActiveX control was removed from the Windows Explorer process in Vista so that avenue has been shut down.

I like Zymaris' article but it refers to issues with XP - which obviously is the case since it was published in May 2006 - autorun and macro automation are disabled by default and user selectable for example and UAC stopped the automatic installation of malware too by asking the user if the file should be installed (in much the same way as OS X does).

The problem is that you're referring to issues that were resolved two years ago with the latest iteration of Windows. Once again, I think XP is a horribly insecure OS but that is not the case with Vista and, it seems, W7.

Now, for something more up to date, here's Tech.Blorge's thoughts on security in the latest OS iterations:

http://vista.blorge.com/2009/04/15/microsoft-vista-more-secure-than-linux-and-mac-os-x/

The interesting part is:

However, safer than Mac OS X and Linux? Maybe, maybe not. There’s really no way of knowing because the latter two don’t get challenged in the way Windows does. Microsoft has by far the largest market share of the three and therefore Windows operating systems are the ones almost-solely targeted by malware writers.

Also from Tom's Harware's interview with Charlie Miller (published 25 March 2009):

I'll leave Linux out of the equation since I know my grandma couldn't run it. Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.

Which seems to concur with my thoughts. The facts are that there is nothing out there to suggest that OS X is inherently more secure than Vista and that OS X is currently more safer because it isn't targeted by malware writers in the way Windows is.

Unless, of course, you have something that isn't three years old (and which pre-dates the launch of both Vista and OS X 10.5) which gives specifics as to why one is inherently more secure than the other?

DMann
Aug 2, 2009, 06:59 PM
@DMann

Nice prose but you still fail to answer my question as all of that applies to pre-Vista Windows. You should know, for example, that IE ActiveX control was removed from the Windows Explorer process in Vista so that avenue has been shut down. However, it does answer your question as to why OS X is highly secure and is not vulnerable to viruses.

The problem is that you're referring to issues that were resolved two years ago with the latest iteration of Windows. Once again, I think XP is a horribly insecure OS but that is not the case with Vista and, it seems, W7.And those issues are still pertinent today - they were not resolved, they were merely mitigated slightly by massive security efforts, all of which contribute to the user experience being more burdensome. Yet, still, there remain places for viruses to hide and propagate in Vista, despite MS's counter-insurgency measures:

1. At the root.

2. In the user’s local settings temp folder.

3. In these folders: \windows, \system, \system32 — the most common places where I find viruses.

4. As registry entries.

5. Microsoft's backward compatibility requires the use of many old APIs, all of which can have holes in them.

Again, none of those areas are exposed to the environment in OS X. You can’t see those folders. Virus writers can’t access them. Thus, viruses can’t exploit those areas. Vista’s UAC is MS’s attempt to prevent changes to those totally exposed folders without your being aware of the changes.

Now, for something more up to date, here's Tech.Blorge's thoughts on security in the latest OS iterations:

http://vista.blorge.com/2009/04/15/microsoft-vista-more-secure-than-linux-and-mac-os-x/How deceptive of you to have changed the site's name to Tech.Blorge, from its true name: VISTA.Blorge.com (http://vista.blorge.com/2009/04/15/microsoft-vista-more-secure-than-linux-and-mac-os-x/) - this is classic.

Sure, "Microsoft thinks so," that Vista is the most secure operating system available, however, regarding the circumstances, this is a genuine case of "too little, too late..." slapping on a condom (security shell) after having let the floodgates open for so long, allowing a plethora of multiple strains of viruses into your ecosystem, hardly makes you less vulnerable from malady and contamination.

How about something a bit more current, from an impartial source: Windows Could Use a Rush of Fresh Air (http://www.nytimes.com/2008/06/29/technology/29digi.html?ex=1215316800&en=3ee2a82dbd97932d&ei=5070&emc=eta1)

At the end of the day, one needs to consider the following: Security which is built on any principle except openness is always a double-edged sword. Security which is built around restrictions will always have a negative side: the restrictions themselves, which may make a system effectively unusable. Which is better - a 'maximum security' system which doesn't allow the user to do what he or she wants, or a 'fundamentally secure' and functional system which is innately less susceptible to those types of threat? Freedom itself creates threats, whereas restrictions reduce flexibility. The more restrictions (UAC), the less user friendly the system will be. In other words, if you are jealous of your partner, you may forbid her/him to go out alone, or you may even lock her/him up. Of course, the greater the restrictions, the less likelihood there is of someone else entering into a relationship with your partner. But the more restrictions, the less happy your partner will be. Ultimately, the question is, do you really want an unhappy partner? Even if an ideal balance can be found between restrictions and usability, the history of security shows that any protective barrier can eventually be overcome or evaded in some way, as long as someone, somewhere, is interested in doing so. When too much importance is placed on the role restrictions play within a security system, we get the following picture: a lot of headaches and alert windows for the 'good guys', such as users and developers, and a lot of malware related puzzles and relatively few headaches for the hackers and virus writers. This seems to be the case, for now.

windywoo
Aug 2, 2009, 07:34 PM
Bongo its worthless to waste your time on these fools. They will happily quote out of date articles and other people's opinions that they have read on these forums and don't actually want to learn anything about how Windows has progressed in security.

They will nitpick all day over minor points and ignore the fact that Apple doesn't have the balls to leave its enclosed platform to test properly their claims.

DMann
Aug 2, 2009, 07:53 PM
Bongo its worthless to waste your time on these fools. They will happily quote out of date articles and other people's opinions that they have read on these forums and don't actually want to learn anything about how Windows has progressed in security.

They will nitpick all day over minor points and ignore the fact that Apple doesn't have the balls to leave its enclosed platform to test properly their claims.You've just described the actions of BongoBanger quite effectively, thank you.

jive turkey
Aug 2, 2009, 09:27 PM
Windows fanboys.

windywoo
Aug 2, 2009, 10:41 PM
Windows fanboys.

Dumb as **** Apple fanbois. See, we don't worship at the alter of Balmer like you suck the cock of Jobs. If Linux did everything Windows does I would switch in a heartbeat. I just have to stick up for Windows because Apple is a stuck up, proprietary menace that is even worse than MS, but have better marketing.

Apple buyers are like the buyers of all other designer goods. They pay a high price for the name and then project qualities on to the goods to justify the purchase. Things like higher quality materials and longer lifespan, never mind that designer clothes are made in the same sweatshops as the ones in your local supermarket.

You like Apple's products better, that's your right, but this snooty elitism that comes with it stinks like the **** Steve Jobs talks.

DMann
Aug 3, 2009, 02:55 AM
Dumb as **** Apple fanbois. See, we don't worship at the alter of Balmer like you suck the cock of Jobs.Now, now..... is that really necessary?

If Linux did everything Windows does I would switch in a heartbeat. I just have to stick up for Windows because Apple is a stuck up, proprietary menace that is even worse than MS, but have better marketing.Perhaps Apple's marketing is perceived as better, since, for the most part, their products actually live up to it.

Apple buyers are like the buyers of all other designer goods. They pay a high price for the name and then project qualities on to the goods to justify the purchase. Things like higher quality materials and longer lifespan, never mind that designer clothes are made in the same sweatshops as the ones in your local supermarket.Any premium paid upfront is usually offset by actual hours gained in productivity - even down to the level of system installs: about 25 minutes total for OS X vs the Microsoft loadsets which actually take over 2.5 hours each, to install A/V and ’security’ programs, proper ‘drivers’.

You like Apple's products better, that's your right, but this snooty elitism that comes with it stinks like the **** Steve Jobs talks.In light of what you mentioned earlier: See, we don't worship at the alter of Balmer like you suck the cock of Jobs.One might suppose that if one were absolutely forced to commit such an act of vulgarity, and were granted the option of choosing between the two individuals, I am confident that most people would opt for the least sweaty of the two.