Can a Mac get "hijacked"

[MacSA]

I just found out my PC had been "hijacked". I was reading this article at BBC News online:

http://news.bbc.co.uk/1/hi/technology/3666978.stm
http://www.bbc.co.uk/webwise/askbruce/articles/security/viruses_1.shtml

..and decided to dig a llitle deeper and see if mine might be, it had been acting a little odd lalely - tuns out it was.

Are Macs capable of being hijacked in a similar way? I already have 2 spyware checkers on my PC computer, it was suggested I download two more - four in total lol - alongside virus scanners and checkers. Too be honest i'm on the vege of taking my PC out into the garden, pouring petrol over it and setting fire to it.

 

[thomasp]

Macs generally don't get affected by spyware and viruses in the same way PC's do, mainly because people cannot be bothered to code something that will affect such a small percentage of computers.

 

[yellow]

Yes and no.


Many of these PCs that get "hijacked" for use in spam and denial of service zombie groups, are infected with trojans and viruses. They contract them over the internet when they are unpactched, via email, and via downloads.

There are currently no known viruses or trojans in the wild that effect Mac OS X. However, there are vulnerabilities for UNIX OSes and they could be compromised by a hacker/cracker that knows his business and then used for nefarious purposes, like as a launching pad for attacks on other networks. But this takes a certain amount of skill, and is less likely to happen then your PC getting infected with something.

So yes, it can happen, but it's highly unlikely and harder to accomplish.

 

[mischief]

Any machine that exchanges Packets with a publicly accessable network can be hijacked. THe question is more a matter of degree-of-difficulty and the old law-of-diminishing returns.

On the M$ side of things you have a bloated, hole-filled OS with many features designed in to allow M$ and software companies to update their products, verify their regisration, gather marketing data from the content of your HD, etc. These unscrupulous design methods make for most of the exploitable holes in Wintel machines.

Macs have 2 things working for them:

1: Small market. It's a waste of time to write a Cocoa virus.

2: It's Unix. The unwritten law of the 'net is "thou shalt not **** with Unix." As the backbone of the internet runs on some version of 'nix and the most powerful Hackers in the world often end up running those systems and have more than enough experience to make a Virus-author's life HELL it's just not done. It'd be like pissing in the town well in the middle of the day.

There's also the fact that with so many folks looking for ways to "prove" that Macs are inferior the few holes in Mac OS's armor are found (and patched) pretty damn fast by comparisson.

By and large Macs are FAR less succeptible to this kind of Zombieware but it's still out there.

I play around with freeware every now and then and have found a few things that want a 'net connection when there otherwise shouldn't be one. I'll tell you this: killing these little buggers is a whole lot easier on the Mac than it is in Windoze.

The real danger lurking in the background is someone writing a virus that is hosted on a "spoofed" served that mimics M$'s that's designed to install as a Service Pack. THis method could be used to DOA a lot of drives.

Other truly disgusting ideas include a similar virus selling itself as a firmware update to either the HD driver or an ASIC on the motherboard. THese could be used to irreperably destroy computers using their own built-in WindowsXP update features.

There's one method (as yet unused) worth mentioning:

Set up a simple but addictive little game, say a clean little Chess game. The game itself could be dumped almost entirely to the graphics card. The game would have a clunky but useable network interface that automatically logs on and is difficult to disconnect so most people would leave it connected.

This hypothetical "game" would have an important back-end... It would process small chunks of data, similar to the Folding clients... This data distribution network could be used to hack extremely large keys (Gvt level encryption) covertly on Windows-only freeware. Thousands of unwitting PC users would be participating in a Capital felony.

 

[MacSA]

WOW......thats all scary stuff.

...but are you aware of any case where Macs have been hijacked in the way described in the news articles? 30,000 PC's per day?

 

[yellow]

but are you aware of any case where Macs have been hijacked in the way described in the news articles? 30,000 PC's per day?

No. I seriously doubt there are more then "hundreds" of Macs being compromised every day.

 

[aswitcher]

I am still looking at getting a commercial firewall/IDS. I have my mac firewall up and the .Mac virex, but would like a little more security for my broadband.

I am playing with HenWen (Snort GUI) but its not as user freindly as I have time for. So maybe Symantec...

Anyone got any advice?

 

[CrackedButter]

This thing about macs having a smaller marketshare and is thus not worth it is total tripe. I've heard of specific single tasking windows machines numbering in the thousands (in the whole of the US) getting owned by viruses written exclusivly for said platform.

Somebody is writing them for this minority.

But then again, on the flipside, this makes the mac look better because hackers and virus writers have written software for smaller markets than the mac market.

Think about it.

 

[yellow]

Anyone got any advice?

Get yourself a router with a built-in firewall. Run snort on your Mac, and you're pretty well protected. If you're using ipfw through the Apple GUI in the Sharing prefpane, cease and disist. Use SunShield or Brickhouse (or better yet, learn to control/config it via the command line) as a control for it. The Apple control renders the ipfw less then useless.

 

[aswitcher]

Get yourself a router with a built-in firewall. Run snort on your Mac, and you're pretty well protected. If you're using ipfw through the Apple GUI in the Sharing prefpane, cease and disist. Use SunShield or Brickhouse (or better yet, learn to control/config it via the command line) as a control for it. The Apple control renders the ipfw less then useless.

I am already going through a router...no built-in firewall though.

So Henwen runs Snort on my Mac. Still figuring out the alert system that works for me best.

SunShield looks interesting - and free. I have heard good things about Brickhouse buts its $26 US. For a little more I can get Norton's and have easy access to new profiles and tracing, without wating time using command line and other software...at least thats what I am thinking...

 

[yellow]

IMO, Norton's time with the Mac OS passed into legend the second that OS X was introduced. They're no longer developing software for the Mac platform, which is OK, because it's all junk anyway. A router with a firewall is key. A router without a firewall has no impact on security what-so-ever.

 

[Timelessblur]

as a general rule if you have broadband internet you should have a firewall up. a vast majority of the computers that are hijack do not run a firewall. Yeah they can be gotten aroud but for the same reason that there that the Macs dont general have virses and not hijack they are not normal by pasted. It trouble some to get around them and there are plenty of other computer out there they are wide open to the world.

Also OSX has security holes in the OS (as patches coming out prove) so data can be confidelal data can be stolen and copied off the computer. A firewall general keeps those people out. More trouble than it is worth to get around since every firewall set up is slightly diffent a generic way will not get you in

 

[solvs]

No. I seriously doubt there are more then "hundreds" of Macs being compromised every day.

I doubt it's even that high. If you are talking OS X systems, you pretty much have to be at the computer to cause it harm. Maybe if you installed some kind of remote controlling program, but even then it's be hard to hack. There are vulnerablities, but as long as you have a firewall you are pretty safe with a Mac (10.3 has a built-in firewall that works fine BTW). Macs are pretty secure right out of the box. At least more so than with a PC. There are no viruses (proof of concepts don't count if no one has actually made a virus or trojan out of it) and no spyware for OS X.

While it's true that the smaller marketshare does help, that's not the whole story. OS X is more secure than Windows, as are all UNIX based systems. How many "script kiddies" out there wouldn't just love to knock Mac users down a peg? How much fame would they get for making the first, "real" OS X virus? But that just hasn't happened yet.

 

[aswitcher]

IMO, Norton's time with the Mac OS passed into legend the second that OS X was introduced. They're no longer developing software for the Mac platform, which is OK, because it's all junk anyway. A router with a firewall is key. A router without a firewall has no impact on security what-so-ever.

I thought any router was a help because of the NAT.

Now I am leaning towards Net Barrier. It hasn't been updated for a year and I'll get wacked again when Tiger comes out, but it looks pretty easy to use and pretty powerful

[EDIT] Actual the licence is for a year for all updates, upgrades etc so Tiger update should be covered ASSUMING they get it out before end of Sept - given Tiger is offically due by end June 05...

 

[yellow]

I thought any router was a help because of the NAT.

NAT is, in effect, a firewall. It's akin to stateful packet filtering. A good start.

I give the thumbs down on Intego and their software. Screw them. And in this case, IMO, there's no reason to pay for software that your computer is already running. ipfw is always running. Why not just spend the time to learn how to use it? Throw Little Snitch into the mix and you're doing pretty well.

 

[aswitcher]

NAT is, in effect, a firewall. It's akin to stateful packet filtering. A good start.

I give the thumbs down on Intego and their software. Screw them. And in this case, IMO, there's no reason to pay for software that your computer is already running. ipfw is always running. Why not just spend the time to learn how to use it? Throw Little Snitch into the mix and you're doing pretty well.

Well its all a matter of time...and the reason I dont bother with linux anymore. Computers for me should do things for me, and should be less an arcane art that requires constant maintenance. So a package that runs my firewall and ids, and allows me quickly to see alerts and summaries of net traffic issues is what I want. Sure I could spent many hours refreshing and honing up my understanding of net traffick issues and save a few bucks but its not my day job so money to save time seems right for me.

Why are you so down on Intego? I have just set up their demo software and so far its doing its job...although a few things I have yet to work out...traceroot from it and my console doesn't work...maybe my router? I dont know...

 

[yellow]

Why are you so down on Intego?

They secretly manufactured the "proof of concept" trojan and then claimed to have "discovered" it wild on a news group. First to update their AV software. Tooting of own horn. Media hype. 3 cheers for Intego. Patting of the back. Media hype. Real story comes out. Backlash of Mac professionals. Intego sucks. A-hats, all.

 

[aswitcher]

They secretly manufactured the "proof of concept" trojan and then claimed to have "discovered" it wild on a news group. First to update their AV software. Tooting of own horn. Media hype. 3 cheers for Intego. Patting of the back. Media hype. Real story comes out. Backlash of Mac professionals. Intego sucks. A-hats, all.

Oh. I can see why they are disliked. Mmm. Not sure if I want to support a company like that.