1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

Another Major Mac Computer Security Flaw Discovered

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Jul 30, 2009.

  1. macrumors bot

  2. macrumors 604


    Same story, two years running...
  3. macrumors 601


    Time to break down and purchase Norton...... oh, no actual cases - keep on reportin'.
  4. macrumors 6502


    Whether or not we want to admit or not, it is essentially "security by obscurity" Not worth virus writers time or $$$ to go after 10% +/- market share. Yes, I realize the Unix underpinnings do make it better than Windows, but that's the reason I hope market share stays roughly where it is. Around the 15-20% mark is probably where Macs become a real target. Of course, 15-20% probably wont happen for at least another decade, so I think we're ok for now.:D
  5. macrumors G4

    I read it and learned the name of the person who discovered "something". There were no other real hard facts in the article. You'd think they'd explain how the exploit works or what this guy found.

    No one even claimed to have a sample of a self replicating virus.

    I say "It does not exist" until you say how it works.
  6. macrumors 6502a

    Odd, I wonder why they didn't report the method. Probably because we'd all crack up.

    In order for this to work, your computer must first be infected with the iWorkSerices trojan. That's that one that is installed with pirated versions of iWork and creates a botnet. The ultimate root of this hack is social engineering. If you don't install anything with your password, you can't get attacked in this way.
  7. macrumors 601


    Drat, you blew the cover WIDE open..
  8. macrumors 68000


    And of course, this kind of stuff works equally well with any trojan you installed - for example codecs to play videos of ESPN reporters ;) - in exactly the same way - by entering your password - as clicking 'Allow' on Vista's UAC does.

    That's how malware works these days - it's becoming more and more OS independent because the latest OS iterations are harder and harder to crack directly.
  9. macrumors G4

    You people have been saying this more than a decade and it still has not happened. Symantec releases a new set of malware definitions for Norton Antivirus everyday. How many of these are Mac viruses? Did I hear you say "Zero"?

    When the Mac's marketshare reaches 20% with still not viruses, what will you say then? I'm waiting.
  10. macrumors 6502a


    It's not really a question of whether we want to admit it. It's a question of whether it's true or not. This concept has no basis and is repeated ad nauseum. It's false.
  11. macrumors regular

    Dwman must not have been around back when Macs ran the "Classic" operating systems (i.e. OS 9). There actually were malware threats back then, and yet, at the time, Macs had just a tiny fraction of the market share they have now. And now, Macs have no malware that doesn't need to be literally handheld through the installation process by the very person it's supposed to be screwing with.

    Yeah, oops.

    Security through obscurity was always a load of bull, even back then.

    And don't forget that every time another copy of the same old social-engineering-dependent trojan gets so much as theorized about, let alone "released" into the "wild", tech journalists everywhere lunge, screaming, at their keyboards lest anyone go uninformed that the Mac platform is apparently teeming with viruses, trojans, security holes, hackers, imps, bad mojo and perhaps hidden kitten-annihilation subroutines — and oh by the way Windows has none of these problems and if it did Microsoft could certainly be excused because those poor dears have to deal with taking care of the entire market and they're really fine upstanding honest red-blooded Americans not like those goddamn dirty hippy communist Californians so we should cut them some slack. You can't tell me writing Mac malware wouldn't have, perhaps, some smidgen of prestige associated with it?
  12. macrumors 6502a

    What these guys really are.

    I just find these public revelations of theoretical security flaws in either Mac OS X or the iPhone OS to be inappropriate and counter-productive. They cause unnecessary panic among users and encourage malicious hackers to do real damage.

    I think guys like Dino Dai Zovi and Charlie Miller are shameless publicity whores that are not significantly different from Lindsey Lohan, Paris Hilton and all of the other starlets that try to get into tabloids.

    If they were honest computer scientists, they'd be quietly informing Apple of the problems. They would be helping Apple solve the problems without causing panic and anxiety among the Mac-using public. Of course, there would be no fame in that, so I can only guess what their motivation for behaving as they do is.
  13. macrumors 68000


    Except to a degree it actually is true.
  14. macrumors regular

    Well, it depends on how you use "honest". If you mean honest as in actual, they are indeed honest-to-goodness computer security experts, or else they wouldn't have the experience and knowhow to find the exploits they have. Regardless of how well or badly they handled those discoveries, that can hardly be contested.

    If you mean honest as in truthful, you're probably right in that they're acting like attention whores. On the other hand, the fact that the Mac platform does have security holes (especially considering how bloody long Apple takes to patch some of them) should not be covered up. Perhaps it shouldn't be paraded around like Paris Hilton's cooter, but in the same interest of honesty, Mac users shouldn't be subjected to misinformation in the interest of creating a false sense of security (or at least fostering that feeling to a false degree). They had enough of that when they were Windows users.
  15. Moderator


    Staff Member

    And the basis for this "truth" is what again?
  16. macrumors 68000


    The fact that trojans and other malware exist for it.
  17. Moderator


    Staff Member

    How does that prove "security through obscurity"?
  18. macrumors regular

    That, in theory, if the Mac had greater market share, more malware writers would be devoting their attention to the platform, which would somehow automagically make OS X be easier to exploit. That about right? :)

    Honestly though, I do think that more eyes looking at OS X will very likely uncover some holes that presently have yet to be found, but not to a degree that could even remotely be compared to, say, Windows.
  19. macrumors 68000


    Because if OS X was fundamentally secure there would be no security threats at all.
  20. macrumors 6502a

    Even if the number of trojans will increase, I doubt that they will beyond the current simple social engineering methods, and arrive at the Windows level, where simply visiting a webpage (or in some occasions simply connecting to the internet) could be fatal.

    As long as us Mac users will be smart enough not to fall into stupid malware tricks, :cool:
  21. macrumors regular

    Funny how nobody aside from the occasional troll has claimed that OS X is 100% perfectly secure. What we're all agreeing on here is that it's more inherently secure than Windows, which, until such time as the platform balloons radically in market share and the "security through obscurity" theory can be seriously tested, serves as a pretty good explanation of the continuing scarcity of malware (again, relative to Windows).
  22. macrumors 68000


    Can you explain to me specifically why OS X is inherently more secure than Vista? I mean it's obviously more secure than XP (a leaky colander is more secure than XP) but I'm not convinced it's intrinsically any more secure than Vista or W7.

    Not trolling, I'm genuinely curious.
  23. Moderator


    Staff Member

    I think that proves just the opposite of "security through obscurity" then. Because even with a small market share, OS X is still the target of a malware.
  24. macrumors 68000


    Hardly. It suggests people can do it but don't really see the point.
  25. Moderator


    Staff Member

    Fixed that for ya. ;)

Share This Page