Does this mean OSX isn't secure? :(

[Macmel]

Macmel - in that case we are in accord - OS X is no more inherently secure or safer than any other OS connected to the Internet.

The fact Windows is more widely deployed does in my opinion make it less safe, but certainly no less secure than OS X.

I don't use Macs because they don't have viruses, I use Macs because in my personal opinion they deliver a better user experience than Windows. In fact I would go further and suggest that lack of viruses for Mac wasn't even on my list of reasons to move away from Windows - in 20 years of using Windows I never actually got a virus and so I suppose blindly hoped my track record of safe and sensible surfing and good eMail control would mean this would continue with Macs. It has so far.

The various techniques to avoid buffer overflows and such currently employed in later versions of Windows *should* assist in the fight against exploits, but the fact is vulnerabilities are still emerging even with these techniques.

The threat landscape now is no longer the OS - the threats are almost always client application based and not just web browsers. In recent months Adobe Acrobat, Windows Media Player, and many others have all been the subject of major vulnerabilities - its not the OS that is the issue now so much as the poor coding that has and does exist in apps that we use.

Of course an OS without apps might as well be a teapot made of chocolate - so until developers start coding securely the underlying OS will always be deemed to be vulnerable, its fashionable to point the finger at the OS and its creator rather than the code that is actually compromised.

Stu

I am a Mac user. And as you are, I am because I like the performance and stability of Mac versus PC. It is also true that a similarly priced PC with Windows 7 is going to be tough to beat with Snow Leopard, but still I like Mac.
I am also a Vista user and I have to say several things about it:

- I have never ever been infected by any virus (except if you consider spyware in form of cookies, etc., which probably affect Macs anyway and do little harm). In the past 5 years I have never heard of anyone infected by a virus, with or without antivirus.

- I don't now how first versions of vista were, but SP1 and SP2 have been working without a glitch for over a year now on a $600 ASUS computer. If I had spent $2000 like I did on my MBP, I guess it would be even better.

 

[jive turkey]

95% and yes, it can be that. Why take the time to learn the vulnerabilities of an OS that is only on 5% of machines worldwide when you can write a virus and hit a potential 95%? E-peen counts for less than Mac users like to believe in the virus writing community. After all, when the hackers come together at conferences the machines they break fastest are Macs.

If that is true, hackers and criminals are idiots who are too stupid to pour pee out of a boot. After all, 5% of the computer market still equals hundreds of millions of Macs in use, almost all of which aren't running any extra security in the way of scanners and so forth. So if Macs are easy to hack into, there would be hundreds of millions of people worldwide who could easily be hacked and never know it.

This is why the market share argument is just plain dumb, with all due respect.

 

[Macmel]

You've pointed out some of the holes, good for you! As said much earlier in the thread, no OS is totally infallible. So how do these cracks make OSX vulnerable exactly? No one has been able to show this yet. As a testament of this there is a complete lack of OSX specific malicious software gaining entry through these cracks IN THE REAL WORLD. Yet in this same REAL WORLD windows (and its appalling track record) is a superior system?

Dude, read the posts before you speak. These are exactly the arguments that the unknown guy you mention in your previous posts uses. Exactly, these are the holes, that make Windows safer then OSX. If they have viruses or not, is irrelevant. One of the reasons Windows has improved their security mechanisms is because is always exposed to attacks.

 

[Macmel]

If that is true, hackers and criminals are idiots who are too stupid to pour pee out of a boot. After all, 5% of the computer market still equals hundreds of millions of Macs in use, almost all of which aren't running any extra security in the way of scanners and so forth. So if Macs are easy to hack into, there would be hundreds of millions of people worldwide who could easily be hacked and never know it.

This is why the market share argument is just plain dumb, with all due respect.

And yet that's not being discussed here. The discussion is about design: is OSX more secure by design than Windows?. The number of attacks is irrelevant.
Maybe it has to do with the number of Macs, their absense from big companies where its presence is testimonial, the fact that hackers come from the PC world and have little to no interest in learning advanced Mac programming, that fact that getting a significant number of botnets in the PC world is difficult even though they are 95% of the market, so it would be close to impossible in the Mac world, the fact that OS vulnerabilities have to be combined (in both systems) with user stupidity and you can find a larger number of possible targets if the number you start from is already bigger...
Many reasons to make it not so simple and dumb, you know.

 

[MythicFrost]

Hmmm, I have some questions

On either Mac/OSX:

#1 by just leaving my computer on, can someone hack into it?
And what is the likeliness of that happening?

#2 In a real world scenario, can anyone list attacks that each OS would handle differently?

Like what could you do?

#3 Is it harder for OSX to be infected by a virus, trojan, any malware, spyware or whatever else than it is Windows, if we assumed the viruses/other stuff were the same for both OSX & Windows.

#4 What's the most damage you can do to OSX / Windows?
Is it harder to do a lot of damage to OSX than it is with Windows?

Any answers would be appreciated

Kind Regards

 

[TommyCo]

Dude, read the posts before you speak. These are exactly the arguments that the unknown guy you mention in your previous posts uses. Exactly, these are the holes, that make Windows safer then OSX. If they have viruses or not, is irrelevant. One of the reasons Windows has improved their security mechanisms is because is always exposed to attacks.

I did! My problem wasn't with all of the content, just a lot of it. I've yet to see anything that suggests OSX is seriously open to attacks. Unless someone can demonstrate that I have a hard time accepting speculation as fact. Thats my stance on the matter.

 

[TommyCo]

I refer to my previous post. I've highlighted the important bits.

Heres my (rather blunt and possibly unfair) summary of the thread. The chronology isn't especially accurate:

Page 1: OSX is dangerously vulnerable! This guy on the net said so!
Page 2: How is it?
Page 3: Its really insecure look at the vulnerabilities!
Page 4: Without human error (typing in your password) How exactly will that damage OSX?
Page 5: 'Cos its SOOOO vulnerable! *Claims of being proven many times* Windows is soooo much more secure. Microsoft is evil! Conspiracy theories! Back Doors! NSA!!!! Vague theory about fruit.
Page 6: I can't see any recent problems with malicious software on OSX. I can't say the same for windows. Provide the evidence. This thread is stupid. Dogs, Trees, Hitler and Aliens.
Page 7: This guy on the net said so! And there aren't enough macs for a hacker to bother with, which explains why there is no malicious software on osx.
Page 8: OK - so hackers ignore these supposedly GAPING holes because there are only tens of millions of macs around?!?!? And the article you provide as evidence finishes with "I still think you're pretty safe, I wouldn't recommend antivirus on the Mac."
Page 9: Windows is sooo secure, ANOTHER guy on the net DESTROYS the argument against him!
Page 10: So a clueless anonymous guy makes an argument and another anonymous guy argues the semantics of the proposed argument and posts some questionable links, so it must be right?
Page 11: I don't know enough about computers to know either way! Apart from the total lack of malicious software on macs and the contrary for Windows, Windows is more secure than OSX!
Page 12: Where's your proof?

AD INFINITUM.

 

[bydandie]

A very amusing thread, here are some facts:

• Market share makes a difference - Apache gets hit more than IIS and Windows gets hit more than Mac
• None of the above is more secure than the other, it's just the economics of the cybercriminal industry and how you get the best bang for buck as the price of the commodity (The 0wned systems in this case) increases with the size of it
• Application vulnerabilities (As detailed in the OWASP top ten) are the cause of most vulnerabilities. Poor software practices abound in the windows world (Client side vulns and developers coding with local admin access - the real reason you have to have an admin account for some popular apps)
• UAC in Vista/Win7 works great as it allows the use of least privilege, but the implementation at install means that most users will run as local admin and getting no more than a "yes/no" box where you'd be asked to enter a password in Mac

Simple fact is that I do this for a living, and have recently come to Mac. People love to hack the shiny iPhone or Mac, but when you look at the real-world implementation of the issues there's nothing to see here....

I'd rather give my Mac to my missus not because it's any more secure, but because it's more useful out of the box and I can back it up easier (Although the latter argument is less now I use a Windows Home Server).

 

[Macmel]

I did! My problem wasn't with all of the content, just a lot of it. I've yet to see anything that suggests OSX is seriously open to attacks. Unless someone can demonstrate that I have a hard time accepting speculation as fact. Thats my stance on the matter.

Nobody is saying that. What we say is that Windows is more secure than OSX by design. We're not saying there are open doors, etc.
A castle is more secure than my apartment, but in case 2 million people attack the castle an nobody attacks my apartment, who do you think is going to be defeated first?.

 

[maflynn]

#1 by just leaving my computer on, can someone hack into it?
And what is the likeliness of that happening?

from a remote location - pretty hard, especially if you have the firewall on and make sure you turn off the various services like ssh.

If you're in an office or a fairly public location, you need to password protect the computer and make sure that when you enter the screen saver it has the ability to prompt for the password also.

#2 In a real world scenario, can anyone list attacks that each OS would handle differently?

I don't think such a list exists, I've read reports/new stories how an unprotected (no security software/antivirus software) PC can be compromised with 20 minutes of connecting to the internet - not sure if this hyperbole but I think there's some truth to that.

#3 Is it harder for OSX to be infected by a virus, trojan, any malware, spyware or whatever else than it is Windows, if we assumed the viruses/other stuff were the same for both OSX & Windows.

Yes only because they don't exist for OSX. Doesn't mean OSX is more secure just that there's nothing to catch. You (or anyone) can pass on via email infected emails/word documents. Macs just won't be affected by the malware.

#4 What's the most damage you can do to OSX / Windows?
Is it harder to do a lot of damage to OSX than it is with Windows?

malware on windows can potential compromise the system completely, steal your information if key loggers were installed - there's no limit to what malware can do on windows.

OSX, the system potentially can be more protected thanks to its unix roots, but until we start seeing actual malware in the wild for OSX any potential damage that can be wrought is pure speculation.

 

[belvdr]

Yes only because they don't exist for OSX. Doesn't mean OSX is more secure just that there's nothing to catch. You (or anyone) can pass on via email infected emails/word documents. Macs just won't be affected by the malware.

Not true. It appears there are only trojans out there (remember the ones in pirated versions of iWorks?). And many proof of concepts have been delivered, so it is possible. It appears that nobody ever goes beyond the POC though.

 

[coolbits]

Not true. It appears there are only trojans out there (remember the ones in pirated versions of iWorks?). And many proof of concepts have been delivered, so it is possible. It appears that nobody ever goes beyond the POC though.

And those TWO trojans are detected by snow leopard and user gets a warning that it contains a trojan.
No proof of concept is delivered anywhere... link maybe?

 

[belvdr]

And those TWO trojans are detected by snow leopard and user gets a warning that it contains a trojan.
No proof of concept is delivered anywhere... link maybe?

There have been several proof of concepts discussed over the past year or so.

Two trojans? It sounds like you have been disconnected for a bit:

http://www.symantec.com/norton/security_response/threatexplorer/azlisting.jsp?azid=O

The "real" trojans: 3 in 2009 and 3 in 2008. Granted, it's not much, but they do exist.

 

[coolbits]

There have been several proof of concepts discussed over the past year or so.

Two trojans? It sounds like you have been disconnected for a bit:

http://www.symantec.com/norton/security_response/threatexplorer/azlisting.jsp?azid=O

The "real" trojans: 3 in 2009 and 3 in 2008. Granted, it's not much, but they do exist.

Symantec? LOL they would like OSX to have millions of trojans

https://www.macrumors.com/2009/08/26/snow-leopard-antimalware-feature-gaining-publicity/

 

[belvdr]

Symantec? LOL they would like OSX to have millions of trojans

https://www.macrumors.com/2009/08/26/snow-leopard-antimalware-feature-gaining-publicity/

Roll your eyes all you want. It doesn't help your argument, and I'm not entirely sure why Symantec would want millions of OS X trojans but only list a few.

It's obvious you believe only what you want to, as now you're referring one MacRumors article as to an exhaustive list of OS X trojans.

 

[coolbits]

Yes and i certanly DONT belive antivirus companies, with symantec on first place.
Antivirus companies would tell you anything just to sell you their software, they probably even made some of the viruses...

 

[belvdr]

Yes and i certanly DONT belive antivirus companies, with symantec on first place.
Antivirus companies would tell you anything just to sell you their software, they probably even made some of the viruses...

The fact that you are using the word 'probably' indicates you have no factual information and are just guessing. Once again, you are choosing to believe whatever you make up in your mind without research.

Why can you not accept that no operating system is fully secure?

 

[coolbits]

Why can you not accept that no operating system is fully secure?

Where did i say it is fully secure?
I just said there are only two trojans for now and both being detected by snow leopard.

 

[belvdr]

Where did i say it is fully secure?
I just said there are only two trojans for now and both being detected by snow leopard.

My bad, you didn't say that. I sensed you were implying that.

Two trojans, still? That is wrong, as I posted a link above, and you have no factual information to back it up, except a news article, which you pretend to be an exhaustive list.

Here's another link:

http://macscan.securemac.com/spyware-list/

 

[coolbits]

Here's another link:

http://macscan.securemac.com/spyware-list/

Thats old and does not work anymore... only latest TWO do work still on SL.
Like i said before... two trojans and those two detected by SL...

 

[belvdr]

Thats old and does not work anymore... only latest TWO do work still.
Like i said before... two trojans and those two detected by SL...

Prove it. Back up your claims that any of those trojans no longer work.

You can't. One of the news items has a date of June 2009, so I would hardly call it old.

 

[coolbits]

Prove it. Back up your claims that any of those trojans no longer work.

You can't. One of the news items has a date of June 2009, so I would hardly call it old.

No you prove more than two trojans... i cant prove something that doesnt exist...

 

[belvdr]

No you prove more than two trojans... i cant prove something that doesnt exist...

I provided two links, and you refuse to accept either. And neither site is a news article, which you cited in defense.

 

[coolbits]

I provided two links, and you refuse to accept either. And neither site is a news article, which you cited in defense.

If you could just read your last link properly...

 

[belvdr]

If you could just read your last link properly...

So now you're down to ignoring the content of the site, and now inspecting the URL. Finding yourself at a loss for backing up your claims? I'm still waiting for that.

You still need to provide proof these trojans no longer work.

I don't care if the link says /there_are_only_TWs_x_trojans. The trojan list is located at that URL. If you're not mature enough to realize that your statement is incorrect based on the facts presented, then this debate is useless.

And since you seem to have little knowledge on the subject, trojans can contain spyware. This isn't my first time in information security.