Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How do you know you haven't been hacked?

D

Darvari

macrumors newbie
Original poster
Jul 28, 2009
5
0
I've been reading on these Adobe introduced vulnerabilities (see http://it.slashdot.org/story/09/07/28/1412255/92-of-Windows-PCs-Vulnerable-To-Zero-Day-Attacks-On-Flash) which can be exploited on OS X as well.

I've been using flash with Firefox, how do I know my system is not compromised? How do *you* know yours is not? Is there any way to find this out? Does Apple provide any tools of detection (think rootkit revealer provided by Microsoft), or any 3rd party tools?

Especially troubling is the fact expressed by some security experts that OS X is by definition more hackable than other OS's. See http://blogs.zdnet.com/security/?p=2941 for example:

Why Safari? Why didn’t you go after IE or Safari?

It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.
[...]

With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have.

It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.

[...]
For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There’s nothing in the Mac operating system that will stop you.
Click to expand...

Also think about the apps we download from the Internet. How do I (or you) know the app I've downloaded and installed/run hasn't been compromised by somebody (if not the author then a 3rd party)? So few of their authors offer an md5 checksum to verify its integrity.

Thanks.
 
Signal, no need to get defensive :) I make no arguments, I'm simply asking; I'm not interested on "partisan/holy wars/fan wars/OS X is better" type of discussions.

Thanks

I don't know if this is related or not to this topic (I hope it isn't), after the mishap described by me here, I log-in, and the first thing I do is run netstat to look at my connections. Unfortunately there was one I cannot explain, to a remote address of 12.120.2.205.http, which it looks like it's owned by AT&T (and I'm not in the US).

My browser was not running. What gives?
 
 
Um..ya. Sorry but saying Mac OS is easy to hack and you can do whatever you want is completely false.


Theres a reason people use unix based OS's and it has to do with security.

EDIT: OP my comments are directed towards the article not to you :)
 
Consultant, thanks for the MacWorld article. It is funny though how the first two articles speak of a "malware myth", and the 3rd one reveals there's no myth, Mac malware exists :)
 
Darvari said:
Consultant, thanks for the MacWorld article. It is funny though how the first two articles speak of a "malware myth", and the 3rd one reveals there's no myth, Mac malware exists :)
Click to expand...
So you did start this thread to start a flame war?
 
Consultant said:
Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/...-apple-wont-inherit-microsofts-malware-crown/

How to check for Trojans
http://www.macworld.com/article/60823/2007/10/trojanhorse.html

Market Share Myth
http://blogs.bellinghamherald.com/i...uter_virus_record_straig&more=1&c=1&tb=1&pb=1
Click to expand...

I can't decide what this canned response from is worth. On the whole, I give it a thumbs up.

On this thread, I give it a thumbs down. Of those five articles, only one addresses a point the TS brought up - the marketshare issue.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back