Apple Invites Kaspersky Lab to Consult on OS X Security Issues [Updated: No]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Apple Gate
macrumors newbie
FYI. Sophos is a known vector for malware on Apple Mac OS X. That garbage is so poorly written Adobe could improve their software security. If you must use Anti-Virus with Mac OS X then I recommend you choose something else.
Sophos Filter Driver NtQueryAttributesFile Vulnerability
08/11/10
CVE 2010-2308
Sophos Antivirus versions earlier than 7.6.20 allow a local attacker to use the savonaccessfilter.sys library to exploit a vulnerability in the NtQueryAttributesFile function, which may allow the attacker to execute arbitrary code.
Sophos Engine CAB Bypass
07/23/09
Attackers can bypass Sophos Anti-Virus scan engine by creating specially crafted CAB files.
Affected Sophos products and version numbers:
Sophos Anti-Virus for Windows 2000+ (version 7.6.7 and earlier)
Sophos Anti-Virus for Windows NT/95/98 (version 4.7.22 and earlier)
Sophos Anti-Virus for OS X (version 4.9.22/7.01 and earlier)
Sophos Anti-Virus for UNIX (versions 7.0.9 and earlier/4.41.9 and earlier)
Sophos Anti-Virus for Linux (version 6.6.2 and earlier)
Sophos Anti-Virus for Netware (version 4.41.9 and earlier)
Sophos Email Appliance (version 3.1.3.1 and earlier)
Sophos Web Appliance (version 2.1.18 and earlier)
PureMessage for UNIX (version 5.5.4 and earlier)
Denial of service through handcrafted CAB archive files
12/30/08
CVE 2008-6903
CVE 2008-6904
Sophos Antivirus versions earlier than 4.34 allow attackers to use a handcrafted CAB archive file to cause a denial of service. This may permit the remote execution of arbitrary code.
Denial of service through zero length MIME attachments
07/31/08
CVE 2008-3177
Sophos Anti-Virus for linux and unix operating systems using virus detection engine 2.75 with virus data version 4.31 can cause a denial of service via zero length MIME attachments.
Anti-Virus cross-site scripting
09/18/07
CVE 2007-4512
Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 has a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML through the use of an archive which contains a file with a crafted filename and whose content matches a virus signature.
Sophos Engine CAB, LZH, and RAR Bypass
09/18/07
CVE 2007-4787
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
Sophos Antivirus SIT File Crafted Filename Format String Vulnerability
12/12/06
12/20/06
CVE 2006-5645
CVE 2006-5646
CVE 2006-5647
CVE 2006-6335
Sophos Anti-Virus has a format string vulnerability in it. The vulnerability is caused due to a format string error in the processing of StuffIt archive (SIT) files. A remote unauthenticated attacker may leverage the vulnerability to inject and execute arbitrary code in the context of the target host with system-level privileges.
In addition, there are vulnerabilities in the processing of CPIO, RAR and CHM files. files. These additional vulnerabilities can also lead to execution of arbitrary code with system-level privileges.
Vulnerable versions are SAV for Linux prior to 5.1.1, SAV for Mac OS prior to 4.8.6, SAV for UNIX prior to 4.12, and SAV for Windows prior to 6.5.0.
Windows CAB File Handling Heap Overflow
05/15/06
CVE 2006-0994
A heap overflow when handling Windows Cabinet (CAB) files containing invalid folder counts could lead to command execution. Exploitation of this vulnerability is only possible if inspection of CAB files is enabled. Sophos Antivirus, PureMessage, and MailMonitor containing Sophos Antivirus versions prior to 5.2.1, 4.7.2, 4.5.12, or 4.05 are affected by this vulnerability.
Visio File Parsing Heap Overflow
08/30/05
CVE 2005-2768
Sophos Antivirus is affected by a heap overflow vulnerability when processing Visio files. An integer overflow in the comparison used to check the data length could cause an excessively large amount of data to be copied into a heap buffer. This could allow a specially crafted Visio file to execute arbitrary commands. Sophos Anti-Virus, MailMonitor, and PureMessage are affected by this vulnerability.
bzip2 Denial of Service
08/01/05
CVE 2005-1530
Sophos Antivirus is affected by a denial-of-service vulnerability when scanning files compressed using the bzip2 algorithm. A file containing an abnormally large value for the Extra Field Length parameter could cause Sophos Antivirus to enter an infinite loop, leading to CPU exhaustion. An attacker could exploit this vulnerability by sending the user a malicious file in an e-mail message or HTTP session.
Sophos Antivirus 3.x prior to 3.95.0, 4.x prior to 4.5.3, and 5.x prior to 5.0.4 are affected by this vulnerability. The vulnerability is exploitable only if the Scan Inside Archive Files configuration option is enabled, which is not the case by default.
http://www.saintcorporation.com/cgi...tivirus_vulnerabilities.html&fact_color=&tag=
Porco
macrumors 68040
There's no excuse for (the all-too common) complacency on any system with regards to security, but I do think things have been exaggerated lately by some (in terms of the mac). There is a difference between being secure (i.e. from potential threats) and being safe (i.e. in practical terms in the present) and I think the two get confused too much. I can happily accept that OS X is not any more secure than other Operating Systems, but I really don't think it's all that credible to say it isn't as safe, if not safer - at least in this moment when I'm typing this post. There just aren't as many (what Microsoft would describe as...) critical vulnerabilities being exploited in the wild.
Having said that, I think this is a good move overall - consulting doesn't mean Apple have to do what Kaspersky say, it might just give them some idea about areas they've overlooked, or some ways they might close existing vulnerabilities that they hadn't thought of a way to close as elegantly as they would like to.
Having said that, I think this is a good move overall - consulting doesn't mean Apple have to do what Kaspersky say, it might just give them some idea about areas they've overlooked, or some ways they might close existing vulnerabilities that they hadn't thought of a way to close as elegantly as they would like to.
You know, invite us is business talk for pay us a ****load of money
notjustjay
macrumors 603
I thought Macs couldn't get viruses.
Gotta be careful with the terminology used here.
Macs have never been "immune" to viruses. There is nothing magical about Mac OS X that makes it so that it "can't get" viruses.
There are certain aspects of OS X that have made it more difficult to write viruses for OS X. The Unix security model is inherently more secure than, say, Windows. iOS's walled-garden approach makes it more difficult to get malware into the App Store. The lower market share of OS X may or may not have discouraged virus writers from bothering to try to figure it out.
But that doesn't mean that OS X was immune. It just means it hasn't happened... yet.
And then, of course, there's that whole discussion about viruses versus trojans...
jclardy
macrumors 601
Their prediction on iOS malware is just plain wrong.
The reason why Mac malware works is because people are used to installing things from the internet because you do it all the time.
On iOS though, the only way for malware to become widespread would be if they could create a popular app. And a majority of PC malware comes through crappy software or cracked software.
Basically what I am saying is that if someone makes a killer app, they can make money off of it legitimately. And most people don't waste time with garbage on the app store, meaning that if malware got into the app store in the first place it would be far from widespread.
Now someone could probably find vulnerabilities through mail or safari, but that is a different story.
The reason why Mac malware works is because people are used to installing things from the internet because you do it all the time.
On iOS though, the only way for malware to become widespread would be if they could create a popular app. And a majority of PC malware comes through crappy software or cracked software.
Basically what I am saying is that if someone makes a killer app, they can make money off of it legitimately. And most people don't waste time with garbage on the app store, meaning that if malware got into the app store in the first place it would be far from widespread.
Now someone could probably find vulnerabilities through mail or safari, but that is a different story.
I just hope this is Kaspersky taking a consultancy role rather than writing software.
I hope they're working with apple to find the flaws and stop them being exposed rather than trying to write some half baked security software for the Mac OS X.
Or maybe they're working on an in-house system controlled and made by apple with the help of them.
I hope they're working with apple to find the flaws and stop them being exposed rather than trying to write some half baked security software for the Mac OS X.
Or maybe they're working on an in-house system controlled and made by apple with the help of them.
Apple Gate
macrumors newbie
Securing your Mac (or PC using equivalent steps) is as simple as:
* Ensure you have your system set to automatically perform Software Updates
* Disable automatic Log in
* Use long (minimum of 8 characters), complex (combinations of caps, numbers and special characters), unique passwords for each application or website (1Password for password management)
* Do not use an Administrator account as your default account
* If you use your Mac in a public location (your worksite) ensure you lock your computer when stepping away from your computer
* Use FileVault to encrypt your data on your computer
* Activate the Firewall (You may use a third party application to configure such as NoobProof)
* Use a third party Firewall such as Little Snitch for very fine grain control
* Disable Java in Safari
* Disable or remove Adobe Acrobat Reader
* Disable Adobe Flash or use a Flash block plugin (Click to Flash)
* Deactivate the Safari setting "Open safes files after downloading"
* Change the default SSID in your Wi-Fi settings and disable SSID broadcasting
* Use WPA encryption for Wi-Fi rather than WEP
* If you are concerned about privacy on the Internet use tracker blockers (AdBlock, Ghostery, Safari's Do Not Track option, Do Not Track Safari extension)
* Activate "warn me when visiting fraudulent websites" in Safari (TrafficLight provides a third party option as a Safari extension)
* If you are seriously concerned about privacy on the Internet then use an advanced proxy server for anonymous browsing (NetShade)
* If you are concerned about DNS spying, spoofing or man-in-the-middle attack use DNS encryption with OpenDNS (DNSCrypt)
* Ensure you have your system set to automatically perform Software Updates
* Disable automatic Log in
* Use long (minimum of 8 characters), complex (combinations of caps, numbers and special characters), unique passwords for each application or website (1Password for password management)
* Do not use an Administrator account as your default account
* If you use your Mac in a public location (your worksite) ensure you lock your computer when stepping away from your computer
* Use FileVault to encrypt your data on your computer
* Activate the Firewall (You may use a third party application to configure such as NoobProof)
* Use a third party Firewall such as Little Snitch for very fine grain control
* Disable Java in Safari
* Disable or remove Adobe Acrobat Reader
* Disable Adobe Flash or use a Flash block plugin (Click to Flash)
* Deactivate the Safari setting "Open safes files after downloading"
* Change the default SSID in your Wi-Fi settings and disable SSID broadcasting
* Use WPA encryption for Wi-Fi rather than WEP
* If you are concerned about privacy on the Internet use tracker blockers (AdBlock, Ghostery, Safari's Do Not Track option, Do Not Track Safari extension)
* Activate "warn me when visiting fraudulent websites" in Safari (TrafficLight provides a third party option as a Safari extension)
* If you are seriously concerned about privacy on the Internet then use an advanced proxy server for anonymous browsing (NetShade)
* If you are concerned about DNS spying, spoofing or man-in-the-middle attack use DNS encryption with OpenDNS (DNSCrypt)
seamuskrat
macrumors 6502a
Seems Fishy
I have a hard time believe that Apple would hire an outside foreign firm to consult on security as an outsider.
In addition I would imagine any outside firm would sign about 4 dozen NDA forms and papers. I know when I did some consulting for Apple a decade ago I signed many non disclosure clauses and forms.
If Apple is giving source code level access, which I would presume is required to assess deep OS X vulnerability, then an NDA is required.
As others have pointed out, it certainly is poor form to bash the new client which happens to be one of the most valuable firms on the planet. Seems not only poor taste, but very contrary to Apple's standards and generally creates ill will.
Seems more like marketing BS and hype spreading FUD for the purpose of a new productor service or a veiled threat in hopes of making Apple on the defensive. They they can take credit when Apple suddenly fixes all sorts of vulnerabilities.
Apple hires some of the best talent around. Some even came from the hacking world- I recall they hired a former engineer who made some of the common jailbreaks for iOS. So I am confident apple has a capable team assessing security and plugging holes as needed.
I have a hard time believe that Apple would hire an outside foreign firm to consult on security as an outsider.
In addition I would imagine any outside firm would sign about 4 dozen NDA forms and papers. I know when I did some consulting for Apple a decade ago I signed many non disclosure clauses and forms.
If Apple is giving source code level access, which I would presume is required to assess deep OS X vulnerability, then an NDA is required.
As others have pointed out, it certainly is poor form to bash the new client which happens to be one of the most valuable firms on the planet. Seems not only poor taste, but very contrary to Apple's standards and generally creates ill will.
Seems more like marketing BS and hype spreading FUD for the purpose of a new productor service or a veiled threat in hopes of making Apple on the defensive. They they can take credit when Apple suddenly fixes all sorts of vulnerabilities.
Apple hires some of the best talent around. Some even came from the hacking world- I recall they hired a former engineer who made some of the common jailbreaks for iOS. So I am confident apple has a capable team assessing security and plugging holes as needed.
Eh....
Kaspersky is owned by a "Cold War era" Soviet ex-military guy. I have no doubt they're serious about their focus on detection and removal of malware.
We even purchased their business virus protection suite at my workplace, at my recommendation, after becoming fed up with too many issues with McAfee Corporate edition.
It seems to do the job fairly well, but their central "control panel" to manage all of the installations across the network needs some work. It has a lot of problems, especially when you swap up someone's PC on the network with a replacement machine, and re-assign it the same network name their previous PC had.
Apple could do worse than working with Kaspersky, IMO ... but ultimately? Sure, there's a lot of hype and bagging going on with the commercial anti-virus community. (One big concern most vendors have, but won't talk much about right now, is the fact that Microsoft is building their own anti-virus package into Windows 8. That will put a BIG dent in 3rd. party AV sales -- meaning they'd love to generate new business over on the Mac side to compensate.)
Kaspersky is owned by a "Cold War era" Soviet ex-military guy. I have no doubt they're serious about their focus on detection and removal of malware.
We even purchased their business virus protection suite at my workplace, at my recommendation, after becoming fed up with too many issues with McAfee Corporate edition.
It seems to do the job fairly well, but their central "control panel" to manage all of the installations across the network needs some work. It has a lot of problems, especially when you swap up someone's PC on the network with a replacement machine, and re-assign it the same network name their previous PC had.
Apple could do worse than working with Kaspersky, IMO ... but ultimately? Sure, there's a lot of hype and bagging going on with the commercial anti-virus community. (One big concern most vendors have, but won't talk much about right now, is the fact that Microsoft is building their own anti-virus package into Windows 8. That will put a BIG dent in 3rd. party AV sales -- meaning they'd love to generate new business over on the Mac side to compensate.)
Westyfield2
macrumors 6502a
What's the best AV for Mac?
I was just reading http://arstechnica.com/apple/2012/05/hands-on-with-five-antivirus-apps-for-the-mac/ ,but the one I used to use before I reformatted isn't on there (ClamXav), and the one from the same makers as I use on my PC (ESET) isn't on there either.
I was just reading http://arstechnica.com/apple/2012/05/hands-on-with-five-antivirus-apps-for-the-mac/ ,but the one I used to use before I reformatted isn't on there (ClamXav), and the one from the same makers as I use on my PC (ESET) isn't on there either
.Really vulnerable with less than 5 known threats?
I think in every "cracking test" OSX is exploited quicker than Linux or Windows.
The primary reason there are few viruses on OSX is down to market share. OSX has what, 5% of the desktop market?
If you were writing a virus would you write for the platform with 90% of the market or the platform with 5% of the market?
To be honest it's all down to user education, before moving to the mac platform I was a PC user for over 15 or so years. In this time I've never had one virus or malware on any of my machines. The key to is this, you install some thing from a site say pirate bay or the user net then your just asking for it. Same goes for emails opening that strange attachment from a bit of junk mail thats just landed in your inbox.
ralphdaily
macrumors regular
Self-serving
Nikolai seems more focused on promoting himself than making OSX more secure.
Nikolai seems more focused on promoting himself than making OSX more secure.
Great advice. Knew most of it, but never knew about the "Do Not Track Plus" Safari Extension. Installed it.
Apple Gate
macrumors newbie
Major overhaul makes OS X Lion king of security
Major overhaul makes OS X Lion king of security
With Wednesday's release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.
Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.
“It's a significant improvement, and the best way that I've described the level of security in Lion is that it's Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker's Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”
“When they went from Leopard to Snow Leopard, as far as I'm concerned, there really wasn't any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker's Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn't any difference. Now, they've made significant changes and it's going to be harder to exploit.”
With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser.
“Now, you end up inside this restricted process that only does the web parsing, and you can't do other things you might want to do as an attacker, such as write files or read a person's documents,” Miller explained. “Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.”
Charlie Miller is perhaps best known for repeated hacks of Apple's Safari Web browser at the annual Pwn2Own hacking competition. Miller researches hacks well in advance of the competition and has won the competition several times by exploiting previously unreleased vulnerabilities.
http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/
Major overhaul makes OS X Lion king of security
With Wednesday's release of Mac OS X Lion, Apple has definitively leapfrogged its rivals by offering an operating system with state-of-the-art security protections that make it more resistant to malware exploits and other hack attacks, two researchers say.
Unlike the introduction of Snow Leopard in 2009, which offered mostly incremental security enhancements, OS X 10.7 represents a major overhaul, said the researchers, who spent the past few months analyzing the OS.
“It's a significant improvement, and the best way that I've described the level of security in Lion is that it's Windows 7, plus, plus,” said Dino Dai Zovi, principal of security consultancy Trail of Bits and the coauthor of The Mac Hacker's Handbook. “I generally tell Mac users that if they care about security, they should upgrade to Lion sooner rather than later, and the same goes for Windows users, too.”
“When they went from Leopard to Snow Leopard, as far as I'm concerned, there really wasn't any change,” said Charlie Miller, principal research consultant at security firm Accuvant and the other coauthor of The Mac Hacker's Handbook. “They might have said there was more security and it was better, but at a low functionality level there really wasn't any difference. Now, they've made significant changes and it's going to be harder to exploit.”
With virtually all browser exploits targeting the way the program parses web content, Apple engineers have tightly locked down the new process, called Safari Web Content. The design is intended to limit the damage that can be done in the event an attacker is able to exploit a buffer overflow or other bug in the browser.
“Now, you end up inside this restricted process that only does the web parsing, and you can't do other things you might want to do as an attacker, such as write files or read a person's documents,” Miller explained. “Even when you get code execution, you no longer have free rein to do whatever you want. You can do only what the sandbox allows you to do.”
Charlie Miller is perhaps best known for repeated hacks of Apple's Safari Web browser at the annual Pwn2Own hacking competition. Miller researches hacks well in advance of the competition and has won the competition several times by exploiting previously unreleased vulnerabilities.
http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/
Last edited:
How many people do you know that have purchased something from Kaspersky Lab to secure their Mac? Like every business, they need paying customers.
----------
Really vulnerable with less than 5 known threats?
As Apple becomes the computer of choice, hackers will start making the same choices as the buyers.
Apple Gate
macrumors newbie
I explain the Pwn2Own hacking competition results in another post somewhat obliquely. The oft times winner of Pwn2Own, Charlie Miller, researches exploits for months before Pwn2Own. Charlie Miller is a well established Mac fanatic and uses the vulnerabilities he finds to win the competition which includes granting ownership of the system hacked as the reward.
Essentially, no one cares for Microsoft Windows enough to spend months preparing for a competition to win a new Microsoft Windows system.
Renzatic
Suspended
Guys! Guys! Guys!
...it's all a conspiracy! They want to get the sales so they can stay in business, so they make the viruses that infect the computers so they can sell you their antivirus software. Don't you see? It's all perfect! I find it amazing no one has noticed this before now!
This is the truth "they" (being the pandimensional lizard people who make up 99% of the leadership of the AV cartels) don't want you to know about! WAKE UP, PEOPLE! You're being screwed by the govern...er...KAPSERSKY! Take a stand against tyranny, and DON'T BUY THEIR SOFTWARE!
...it's all a conspiracy! They want to get the sales so they can stay in business, so they make the viruses that infect the computers so they can sell you their antivirus software. Don't you see? It's all perfect! I find it amazing no one has noticed this before now!
This is the truth "they" (being the pandimensional lizard people who make up 99% of the leadership of the AV cartels) don't want you to know about! WAKE UP, PEOPLE! You're being screwed by the govern...er...KAPSERSKY! Take a stand against tyranny, and DON'T BUY THEIR SOFTWARE!
soundguyami
macrumors member
Not so fast
Macs can get viruses...but it is VERY rare. Apple pays people to try and hack their systems in competitions...where as Microsoft charges vendors licensing fees.
I thought Macs couldn't get viruses.
Macs can get viruses...but it is VERY rare. Apple pays people to try and hack their systems in competitions...where as Microsoft charges vendors licensing fees.
Apple Gate
macrumors newbie
Wow - is that "all"? LOL So simple
Actually, considering the alternatives (Beach Ball of Doom, Blue Screen of Death or possibly reformatting your drive and reinstalling your software) it is incredibly easy.
Furthermore, some of the steps relate to network security rather than OS security while other steps relate to privacy more than security. I endeavored to create a relatively comprehensive guide.
Renzatic
Suspended
I love antivirus threads on Mac sites. They really do bring out the best in people.