Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

NAG

macrumors 68030
Aug 6, 2003
2,821
0
/usr/local/apps/nag
actually this is something you brought up not me... it never entered my mind that apple may or may not revoke anything....

It's misses the issue.

Gatekeeper remains a solution looking for a problem.

You keep saying that. I don't think it means what you think it means.

Seriously, read the blog post.

If OSX is so safe, I'd like to know how Facebook gets access to all my gmail records.

I have a junk mail gmail account for receiving newsletters etc - and there's a Facebook account connected to that junkmail gmail account. Facebook then sends, to my junkmail account, suggestions for people I know based on the emails I receive to the junkmail account. Facebook thinks they're people I know - whereas they're just people/companies that send me newsletters and advertising email.

How on earth does Facebook get access to my gmail records? Can't OSX and its browser security stop that sort of thing?

There are several ways Facebook could have got ahold of the gmail address book. The most common one is when you first make a Facebook account they offer to upload your address book to look for people. That is probably when that happened.
 

polaris20

macrumors 68020
Jul 13, 2008
2,491
753
There are two big problems in security today. Users and companies.

Apple users often think that Macs are so secure that they can click on everything and nothing will hurt their machine. Obviously not true. However Lion is more secure than any previous version of OS X, and very on par with Windows 7 in terms of security. I wouldn't say better than Win7 though. I think Gatekeeper will go a long ways to keeping more basic users safe.

Windows users make absurd claim that as long as you're careful where you go, and you're not stupid, you won't get infected. First, thousands of CMS-based websites get hacked and loaded with malware every day. Its not just seedy porn and wares sites. Second, how would you know if you got infected? Can you pick apart code? I run AV on Windows and Mac. You never can be too careful.

Second problem are the companies. Apple moved FAR too slow in response to Flashback. They need to patch faster. The same can be said for MS and Adobe, the latter of which is a constant security problem.

Google, as much as I love a lot of their products, needs to stop with their carelessness in their app market, because mobile is the next big malware target, and there's already more malware on Android than there is OS X.
 

ioinc

macrumors regular
Jan 7, 2004
151
0
Clearwater, Florida
You keep saying that. I don't think it means what you think it means.

Seriously, read the blog post.

I have no concerns or fear about what apple will or will not revoke regarding signatures... honestly... it's not a concern of mine.

All I ask from apple is a message giving me information "Hey... pay attention, you're about to install something from the internet.... be careful"

This is what they have now...

After that I own it.

If they want to get real fancy, they can skip the message if its a registered developer (and no message is needed if it's from the mac store)

My post has nothing to do with revoking of signatures.
 

NAG

macrumors 68030
Aug 6, 2003
2,821
0
/usr/local/apps/nag
I have no concerns or fear about what apple will or will not revoke regarding signatures... honestly... it's not a concern of mine.

All I ask from apple is a message giving me information "Hey... pay attention, you're about to install something from the internet.... be careful"

This is what they have now...

After that I own it.

If they want to get real fancy, they can skip the message if its a registered developer (and no message is needed if it's from the mac store)

My post has nothing to do with revoking of signatures.

And my last post acknowledged that. I suggested you read it because you seemed to remain confused about the potential benefits of dev signatures and how it is not in search of a problem but addresses a very real problem in a thoughtful way (i.e. it lets you keep the current way OS X handles apps from the net).
 

polaris20

macrumors 68020
Jul 13, 2008
2,491
753
actually this is something you brought up not me... it never entered my mind that apple may or may not revoke anything....

It's misses the issue.

Gatekeeper remains a solution looking for a problem.

If you think that, you have no idea what Gatekeeper is for. It already exists in another form on Linux. As an admin I can let employees install from repositories that I approve and nothing else. Or I can let them install whatever they want. It's fantastic that we'll have it in OS X.
 

ioinc

macrumors regular
Jan 7, 2004
151
0
Clearwater, Florida
If you think that, you have no idea what Gatekeeper is for. It already exists in another form on Linux. As an admin I can let employees install from repositories that I approve and nothing else. Or I can let them install whatever they want. It's fantastic that we'll have it in OS X.

Yeah that's great if you're an admin at a company.
Does not apply to personally owned computers.... unless you're suggesting that I can only install applications that apple approves and nothing else.
 

polaris20

macrumors 68020
Jul 13, 2008
2,491
753
Yeah that's great if you're an admin at a company.
Does not apply to personally owned computers.... unless you're suggesting that I can only install applications that apple approves and nothing else.

It's also great if you are a home user and want to be more careful with what you install.

Once ML comes out, I'll keep it on the middle setting. There's no reason for me to install anything not in the App Store or Apple signed. Any vendor I deal with would most certainly have a cert.
 

NAG

macrumors 68030
Aug 6, 2003
2,821
0
/usr/local/apps/nag
Yeah that's great if you're an admin at a company.
Does not apply to personally owned computers.... unless you're suggesting that I can only install applications that apple approves and nothing else.

And again, there are three levels. One is Apple approval (MAS only). Another one is what we have now. The middle option is Apple approval or dev signature (which requires no Apple approval other than the ability for Apple to revoke it if the developer is found to be malicious).

And again, there are nag windows that pop up with information (we already covered this blah blah blah).
 

ioinc

macrumors regular
Jan 7, 2004
151
0
Clearwater, Florida
And again, there are nag windows that pop up with information (we already covered this blah blah blah).

Putting "blah blah blah" after a valid point does not invalidate it.

Make the nag window go away if its from the mac store or a registered developer.

Show the nag window for unregistered developers (to include developers that have lost their privileges)

it seems you can actually accomplish the same levels as gatekeeper by removing the nag alert in certain situations.

What does gatekeeper give you additional to that?
 

haruhiko

macrumors 604
Sep 29, 2009
6,529
5,874
You keep saying that. I don't think it means what you think it means.

Seriously, read the blog post.



There are several ways Facebook could have got ahold of the gmail address book. The most common one is when you first make a Facebook account they offer to upload your address book to look for people. That is probably when that happened.

I remember a version of the Facebook app on the iPhone just steals (uploads) your phonebook to their server and if you don't want this "feature" you have to delete the contacts on facebook's page manually.
 

ioinc

macrumors regular
Jan 7, 2004
151
0
Clearwater, Florida
here's no reason for me to install anything not in the App Store or Apple signed.

It's quite the prediction to not only dismiss every historic application ever written by a non-registered developer but to extend that to all future ones.

Again, this is a solution looking for a problem.

Based on your assumption the gatekeeper functionality will never come into play.

On the rare instance you actually do find an app you want... you will change the gatekeeper settings to allow installation.

This sounds shockingly similar to clicking 'ok' when a nag window comes up... functionality you already have.
 

betatest

macrumors member
May 17, 2012
45
0
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


Computerworld Australia reports on a blog post from Sophos security expert Graham Cluley published earlier this month detailing changes to Apple's "Why you'll love a Mac" OS X marketing pages on the topic of security. The changes, which come after a significant malware attack from Flashback earlier this year, focus more of the text of OS X's built-in security features rather than implying Macs are immune to viruses and suggesting that users do not need to take any action to protect themselves.Image


Beyond the increased security features such as Gatekeeper making their way into OS X Mountain Lion, Apple is also working to reduce vulnerabilities in third-party platforms such as Java that are frequently exploited by malware authors. Apple has been working to shift responsibility for Java updates to the OpenJDK in order to make them more timely and has also been pushing out software updates to disable Java by default if it goes unused for a period of time.

Article Link: Apple Scales Back Marketing Language on OS X Security Following Flashback

Yeah right! Apple have no virus.

Most of the Security Companies and Computer Security Experts bombard them with facts findings.

They whacked them hard this time round. So that Apple goes mellow with what they have to say.

The competition for hacking a Mac, Windows, Linux conducted in Canada tells everything!

It's going to be "Another exploits for Mac OS X".

Follow the guide in Macrumors will never go wrong!

http://nakedsecurity.sophos.com/2012/06/21/mac-app-store-gatekeeper-security/
http://nakedsecurity.sophos.com/2012/06/14/mac-malware-apple-marketing-message/
 
Last edited:

haravikk

macrumors 65816
May 1, 2005
1,499
21
What? This article is about Apple changing some marketing copy.
I know, but it's part of the overall trend as they're clearly beefing up security still further in Mountain Lion, which is something that has been long overdue. Claiming that Macs were virus free however has done nothing to help the situation, as it's been a lie for a long time; Macs have had malware for a while, though none of them really managed to be a serious threat.

nagromme said:
At the end of the day, users are SO MUCH safer on a Mac that it’s not even close
Seriously? This is exactly the kind of mentality that makes many users more vulnerable, not less. All it takes is for malware to find any weakness on a user's system, which doesn't even need to be an OS component by the way, just something that most users have installed, and they can exploit it to get in.

This is why Apple's finally getting a move on with sandboxing; not desperately well mind you since the balance is far from perfect in terms of what sandboxed apps can do, but without sandboxing any app you install is potentially another attack vector for malware, especially anything that requires root-privileges or can reasonably be expected to be on all the time, this is why Flash has been such a popular target.
 

Wiesi24

macrumors newbie
Oct 10, 2011
8
0
Ah, the good old Marketshare Myth™. Too bad it doesn't hold up to the simplest of logic. After all, can you tell me why OS 8-9, with a fraction of the marketshare, had orders of magnitude more malware (including actual viruses and worms)? After all, it should have been even more protected because there were fewer of them and would have been even less targeted.

jW

Maybe because OS8-9 was so weak security wise, that it was an easy target and worth the effort despite it's small market share. Your counter argument only proves that it is wrong just to look purely at marketshare and nothing more. It depends on the goal of the malware developer.
For example malware like Stuxnet was clearly targeted at a specific Siemens software (running on Windows).
But if a malware developer wants to reach the masses with some malware/scareware/... Marketshare clearly becomes a factor. And OSX much smaller one, clearly saved it from being target number one in that cases.

The number of malware for a system is no indicator of a system's security at all.
 

polaris20

macrumors 68020
Jul 13, 2008
2,491
753
It's quite the prediction to not only dismiss every historic application ever written by a non-registered developer but to extend that to all future ones.

Again, this is a solution looking for a problem.

Based on your assumption the gatekeeper functionality will never come into play.

On the rare instance you actually do find an app you want... you will change the gatekeeper settings to allow installation.

This sounds shockingly similar to clicking 'ok' when a nag window comes up... functionality you already have.

Jesus, you sure have a severe reading comprehension problem, and apparently you also assume you know my computing habits. If you're seriously going to sit there, having read everything about Gatekeeper that's been explained to you, and still say it's a solution looking for a problem, there's simply no help for you. Why you can't wrap your head around an OS only allowing the installation of signed apps (thereby largely reducing drive-by malware installs) is baffling.

Sure, if you're that much of a moron (speaking hypothetically now) that as a user you visit an infested Wordpress site, for example, and there's a drive-by malware install that can't install the malware because the code isn't signed, but then you go ahead and allow it anyway, then yes, Gatekeeper can't save you.
 
Last edited:

Mal

macrumors 603
Jan 6, 2002
6,252
18
Orlando
Maybe because OS8-9 was so weak security wise, that it was an easy target and worth the effort despite it's small market share. Your counter argument only proves that it is wrong just to look purely at marketshare and nothing more. It depends on the goal of the malware developer.
For example malware like Stuxnet was clearly targeted at a specific Siemens software (running on Windows).
But if a malware developer wants to reach the masses with some malware/scareware/... Marketshare clearly becomes a factor. And OSX much smaller one, clearly saved it from being target number one in that cases.

The number of malware for a system is no indicator of a system's security at all.

Sorry, but you just horribly contradicted yourself. OS 9 was targeted despite it's small marketshare, but OS X has not been targeted because of it's small marketshare?

Regardless, if you still believe the myth that marketshare has anything to do with OS X remaining secure, I can't help you. There's been bodies of evidence piling up for 10+ years against your theory, and it's been shot down countless times on these very forums without ever once having a convincing argument made in it's favor, but some poor souls still cling to it despite all the evidence.

If you want to know why OS X has never had a virus or worm and has remained mostly malware-free for the entire last decade since it was introduced, look no further than it's original introduction and the way the system was designed. It's virtually impossible to spread any type of malware outside of social engineering, and it's more difficult to achieve that than on Windows due to the more effective authentication and authorization schemes in OS X.

jW
 

JAT

macrumors 603
Dec 31, 2001
6,473
124
Mpls, MN
I know, but it's part of the overall trend as they're clearly beefing up security still further in Mountain Lion, which is something that has been long overdue. Claiming that Macs were virus free however has done nothing to help the situation, as it's been a lie for a long time; Macs have had malware for a while, though none of them really managed to be a serious threat.
Security has been worked on and improved in every version of every OS since the 80s. And in countless security updates in .x updates. Don't hyperbolize as if Apple just heard about malware in January and said "oh, maybe we should think about that".

Your last sentence should weigh more heavily in your thought processes than it does, IMO.
 

Azathoth

macrumors 6502a
Sep 16, 2009
659
0
Mac OS 8 and 9 where jokes as far as OSes are concerned, lacking basic memory protection etc (nor pre-emptive multitasking), so the fact that they were easy to write malware for doesn't mean much.

Windows XP (released 2001) was not secure(able) until SP2 and the introduction of the firewall. After that it remained insecure mainly due to lack of user education / UAC enforcement. And even today Windows has a huge attack surface due to legacy code compatibility. MS's job is an unenviable one.

OS X, coming from the Unix side of things had UAC built-in and with Apple's relatively rapid obsolescence (of OSes) means that vulnerabilities are much harder to exploit.

Mandriva 2010 probably also doesn't have much malware either. Is it immune? No - market share is definately an issue for all flavours of Linux, and by extension, Unix.

Apple also releases security fixes (sometimes with a large delay) - they wouldn't do so if they didn't see the holes as threats, ergo Macs cannot be assumed to be immune.

However, finding an exploit is hard, and the motivation varies (money, fame, espionage, idealism), so sometimes the quantity of machines out there does play a role, in other cases, not.
 

Asia8

macrumors regular
Jun 27, 2011
111
3
Many people mentioned that technically "It doesn't get PC viruses" does not need to change, as as Mac is not a PC. However, distasteful as it may seem to some, regardless of how much many of us try to change the definitions, a Mac computer is a PC.

PC: Personal Computer

Unless Apple could prove that a Mac can not be defined as a personal computer and that the advertising was not deceptive, they would be legally liable for that statement. It was a wise change that could have saved them millions in potential future legal fees.
 

thekeyring

macrumors 68040
Jan 5, 2012
3,485
2,147
London
Still, it's way more secure than a Windows PC. I don't think Macs need virus scanners running 24/7 yet, just common sense is needed.

When we go over to OS 11 and Apple kill off all the old apps, the older viruses will die, too. ;)

----------

Many people mentioned that technically "It doesn't get PC viruses" does not need to change, as as Mac is not a PC. However, distasteful as it may seem to some, regardless of how much many of us try to change the definitions, a Mac computer is a PC.

PC: Personal Computer

Unless Apple could prove that a Mac can not be defined as a personal computer and that the advertising was not deceptive, they would be legally liable for that statement. It was a wise change that could have saved them millions in potential future legal fees.

Yes, but by PC they mean Windows-PC. Either that, or they think all Mac users are part of the Post-PC era.
 

KnightWRX

macrumors Pentium
Jan 28, 2009
15,046
4
Quebec, Canada
Windows XP (released 2001) was not secure(able) until SP2 and the introduction of the firewall. After that it remained insecure mainly due to lack of user education / UAC enforcement. And even today Windows has a huge attack surface due to legacy code compatibility. MS's job is an unenviable one.

Windows XP was securable without a firewall. A port filter does little if no ports are open and as used by most users (deny all for port, allow all for port) is no better than just stop the listening process.

Now, it did require a few hardening steps, the same found on any default install of a Unix system or any multi-user operating system really :

- shutting down unneeded system services
- locking down the account and changing the administrator password.
- creating unprivileged users and forcings users to use those to perform their daily tasks.
- Enforcing proper permission schemes accross the filesystem (making most filesystems read-only to unprivileged users).
OS X, coming from the Unix side of things had UAC built-in and with Apple's relatively rapid obsolescence (of OSes) means that vulnerabilities are much harder to exploit.

There is no such thing as UAC in Unix (the SUS). UAC is not sudo (that would be runas, available since... well... Windows NT really and the true multi-user version of Windows).

It's quite a big misunderstanding of what UAC actually is to think it's just some vulgar sudo implementation. It actually has to do with Windows XP and onwards use of RDP to render the local desktop and very little to do with privileged execution (which is what runas is for on a Windows system).

As for other "security profile" applications like sudo, RBAC, AppArmor, etc.., well, they aren't part of Unix either. They're used in the Unix world (HP-UX and Solaris using RBAC, the BSDs using sudo, etc..) but they are not part of Unix as far as the SUS goes iirc. Your system can be branded Unix '03 compatible without implementing these kind of privilege escalation mecanisms.

----------

Yes, but by PC they mean Windows-PC. Either that, or they think all Mac users are part of the Post-PC era.

Actually they mean IBM Compatible PC, which is where the term designating a x86 computer with a BIOS running Microsoft software originates from. This morphed into the Wintel machines in the 90s, but the PC acronym stuck to them. To this day, PC means Wintel, a throw back to the roots of the IBM PC 5150 model and the subsequent clone market launched by Compaq's reverse engineering of the BIOS.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.