this is a long post, but I won't apologise for writing intelligently about an impossibly important issue. I understand many people would rather read many small unintelligent posts, and I respect that. But I think you should make an exception here. You won't be doing me any favours by reading to the end of this one; unless I've got stuff wrong then I thank you in advance for correcting me.
You should read it and disagree or agree intelligently, because that would be in your best interests.
Hackers aren't interested in the average person's computer. It's too much work with too little reward. If your passwords have been compromised, the most likely scenario is someone hacked an email account (a far more common occurrence) and used that to gain access to your passwords.
Whilst I obviously agree the more likely scenario is email passwords being brute forced, I think it's kind of queer how everyone in this industry will state the obvious (that a hacker wouldn't be interested in Joe Moran's lurid personal emails and pictures of him standing in front of objects, along with some pics where he's in front of some objects - they probably wouldn't even be tempted by the pics where he places himself in the same frame as some objects either) - this is all very unremarkable and not remotely worth noting.
But it's funny how someone who believes he or she may have been the victim of someone poking around their filesystems, will instantly be ridiculed by those who - quite frankly - simply know a great deal more about the exploits possible (so why they rush to 'assuage' the concerns is queer, on some level). More to the point, they rush to ridicule the OP's concern without having a clue about whether the OP is important or not.
To the OP or anyone who's ever concerned someone has been poking around,
you should be. And if you're wrong? What harm is there in being concerned? You should ask yourself this because those who know even half the full extent of the exploits will scorn your concern, attempt to patronise you, demand to see evidence if they believe you cannot verify, etc. Then you can post evidence, and every time I see evidence posted by someone this is what happens:
They all go silent. They're disinterested. Conversation over. Thread dead. This is fact, and I can verify everything when I assert something like this - it's just that no one requests / demands verification from me. But I live in hope...
The exploits are there. It's not even disputable. Whether or not you have anything to worry about, only you might know. I just think it's quite inappropriate - even rude - to tell someone they're as unimportant as you when the truth could be, they might be important? They might be why the exploits exist in the first place.
I don't think there's anything to hide, but I'm interested in learning why they believe there is. Everyone reacts as if there is something to hide, but the reality isn't remotely disputable: Apple is impossibly creepy. Microsoft is impossibly creepy. Linux is more creepy than anything you can imagine (but then, they just love to give you free stuff). None of this is even - news! 20 years ago people were saying this and being ignored. 10 years I guess for Apple? I don't know why everyone feels the Obvious should be hidden. The only people you could even hope to hide it from aren't going to be - relevant.
The simple truth is there's like - one - kernel. I could be stupid, but then if I am it's only because no one has been able to make a coherent counter-argument. There's one kernel. All the commercial operating systems run on Unix subsystems. Your subsystems aren't in the 'protection' of OEMs - that would be bad enough. It's a little more - open - than that. Your subsystems and the EFI boot partition are open to literally anyone with the intelligence to follow INTEL's (rather brilliant, and unbelievably comprehensive) free tutorials. They need like the smallest piece of information, and the rest is all there for them - on a platter - served to them for free, for reasons outside my imagination but then they're brighter than I am. And they're giving the world (trust me, it's all for free and you can verify this) the ability to remotely access your system, via iSCSI, PXE, FcoE or (quite literally) endless other hacker - sorry! did I say hacker? I meant System Admin - controls from remote command lines. They override your Builtin Admin account. The hackers are domain admins, so...in your face. Lion is very similar but a lot more complicated because Lion is the finest and slickest Linux distribution produced yet. And permissions in Linux is chaotic. But then I see people complaining about Disk Utility being unable to 'fix' their permissions. They're asking the wrong question/s.
Permissions don't change themselves.
A lot more people than you'd be comfortable with, can help themselves to your EFI bootloader and OS drivers.
[URL="http://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-homepage-general-technology.html" said:
http://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-homepage-general-technology.html[/URL]]Specifications
UEFI Specifications
The latest version of the UEFI Specification is available from the UEFI web site.
Intel® Platform Innovation Framework for UEFI and EFI Specifications
Learn more and download specification documents.
Tools and utilities
Intel® C Compiler for EFI Byte Code
Application Toolkit Project
EFI Development Kit
EFI Development Kit II
Intel® UEFI Development Kit Debugger Tool
UEFI Disk Utilities*
UEFI tools, resources, drivers and training
Training
Please contact your UEFI Firmware provider for local training in your geography. If you need to set up your own training, contact us for material.
Download presentations from recent Intel Developer Forums
Get updates by joining the EFI mailing List
Helpful resources
Independent Hardware Vendor UEFI Enabling Center
Find the latest tools resources and training to get started developing drivers and applications.
UEFI and framework history
For information on the history of UEFI and the framework, please contact us.
Secure Boot? Would you like to see what's in my EFI partition? It's not like yours. I'm not 100% because whenever I try to do "I'll show you mine, show me yours" - no one wants to. But I'd be willing to put $10,000 on a wager. We could both have identical MBA's and your EFI partition won't be like mine. And if it is, you'll have my commiserations.
It's fine, really. You just have to get used to endless crashing systems and you wouldn't want to be averse to being forced to clean install an OS once or twice a day. These people have no reason to dislike me. I just have a habit of saying pro-American statements in a way that make powerful companies unimpressed. I'd be dead if I was impressive, but I'm not. I think I'm barely a nuisance, but red tape is a bitch and Apple seems to think they're not allowed to help me...yet. I think maybe I annoyed someone a year ago. And scripts you know, they'll just go for ever. If you script them to.
Your operating systems have been scripted by genius minds who believe - and I disagree it's in their interests, but it's debatable - they need / want universal access into...every device on which their code finds it way onto. They go to such lengths to ensure they retain their infinite pathways into the world's personal / home systems - you'll simply never find all the pathways, and you could spend years being overwhelmed by "Creepiness in Depth". I firmly believe Windows, MacOS and every single Linux distribution have been structured in ways that make 'securing' them an exercise in silliness. You'll just shiver at the endless creepy, after 3 months of horror at the endless stupidity of 'expert' advice. Which goes something like this:
FORMAT. REINSTALL. MAKE SURE YOU BACK UP YOUR IMPORTANT PERSONAL DATA.
I'm a retard, but in March, I asked "What's the point of zero-filling my hard drive when new ones are corrupted instantly? I think we should be looking at the controllers, no? And this PCI stuff - whatever that is. I need to get an expert to look at that."
That Immunet thread went silent at that point. I've been treading water since then. I still need someone to look at my "PCI stuff". I'm got $$. My money is not good in this industry. I've spent over $100,000 this year. They have cash. They're doing alright, for money. My money is no good. I've been really frightened whenever that happens.
But if you're going to use them, you simply have to accept whatever level of creepy you're prepared to put up with - or stop using computers? But I don't think we need to insult people and tell them they're safe when they're using an X Window System for crying out loud - lolz.
It's almost queer on a number of levels to even have this conversation when the X Window System was designed for - quite literally - only one reason, and if end users had brains, they'd be irrationally furious (because like you said, who wants their dumb impossibly important "personal data").
------------
But of course, not everyone is Joe Moran.
Read the link I posted in the 4th post of this thread. No there is not one instance of malware in the wild that installs itself on Mac OS X without the user installing it. If you disagree, name one. Just one.
I will read it, I promise - I apologise for not having read it before posting. But in answer to your challenge, pretty sure I named 260,000.
Malware is code that is placed on your machine to afford another party unauthorised access or to 'afford' you no access. I been DDoS'ed for most of this year and it's quite breathtaking - and horrifying. Without even going 'online', my systems were crashing in 3-4 hours with 50 million files - every single one of them 'legitimate' as in "verified-by-Microsoft" (which all have legitimate uses, but not for you and definitely not for me) - but every corrupt 'anti'-virus 'solution' will give your crashing systems the Green thumbs up. And some Russian root-kit hunting utilities scream "rootkit detected" until you try and use them for more than detection. BSOD. zero-fill. reinstall. Before you say anything, I'm talking about Kaspersky, not the crooks who make rootkit-installing utilities widely promoted in AV forums around the globe.
Verified by Microsoft. These files have hashes that match the official releases. So Secunia's useless PSI will give GREEN to systems which are BSOD'ing whilst they're telling you your system is fine. But you don't want to politely point that out on Secunia's forum, by the way. They don't think it's cute when you refer Secunia to Secunia's ethics.
You can't firewall Microsoft's Windows 'firewall' defaults until it's too late to make it worth the bother, and it's all a joke because there's another 5000 defaults stacked behind; making any frantic efforts to 'secure' Windows an exercise in nausea - don't get me started on DCOM, WMI and component 'Services' 98% of which you'd be mad - mad as in insane - to leave live and active on their default settings.
But I understand, we all need to remote access our registry from the Bahamas. Trust me, I get it. 5000 examples much like that. Oh I really do appreciate what's going on. Trust me.
"What does Windows have to do with anything?"
I just don't want to bag Apple. But if you think operating systems are distinct from each other, you have a better imagination than I do. Or you need to stop getting distracted by the abstraction layers (30% chance that doesn't even make sense).
Everything in EVERY operating system that I'm aware of is almost exclusively setup to be anti-user and pro-enterprise, which I can understand (if I owned a 5000-console call centre, I'd like to control my employees' use of them as well - but the problem with functionality is that it doesn't jump up and say "now hang on, I'm only supposed to be used legitimately").
Windows (all variants), Lion, every Linux distribution on the planet, Xen and even Symbian and Android's OS for phones; are designed from top to bottom to ENSURE - they can be instantly controlled by remote admins. Even when 'offline'. It might interest you to read the FCC 'fine' print on the back of any piece of technology large enough to print it. Your technology must accept interference from the government, even if you'd prefer they interfered more with doing their jobs. They can and will interfere with you if they believe it's in their best interests; and sure, maybe some terrorists get bamboozled and that's tight. Less tight is a corrupt government using every creepy breach of your personal liberty they only managed to con from decent people who were made to be terrified - by them. They ramp up irrational fears, to shut down and silence people who - hypothetically - have a thing for quoting JFK and stuff. Seems like he had only fear to fear, himself. Look on the back of your wireless router for the FCC's informative warning! They're not hiding this from you.
So why are you hiding it from others? Seems strange to me, is all.
I still can't understand a single thing from your post. This in particular baffles me. I'm guessing you can't even provide a coherent definition of malware? After all, your post exposes a gross misunderstanding of the entire concept. As GGJStudios challenged, produce even one example of a virus for the Mac, or any type of malware that does not require direct installation by the user (there's only a handful of those, as well).
Go to your terminal.
sudo su - cd to root.
type
du or
lsof or
ls -alrG or whatever. You will be so bored you might want to scream by the time du is finished enumerating every file installed as Default when you clean install Lion. But you shouldn't scream, because you need to look at them all.
260,000 are installed onto my MBA. 400,000 - one time - I'd be fascinated to hear why MBAs with the same specs could produce non-identical comparisons.
I'm sorry to have to stipulate that you must look at all 260,000. That means open them and try and make sense of the code / function of the dubious - more outrageous - of the 260,000. 90% of them are in a language you don't speak and sure, it's really nice that Mandarin and Korean and 30 other dialects are catered for; but it's not very considerate of me and my ignorance, is it? When I only speak English? That's a question you can get banned for asking. I've never gotten an answer to it.
When you have completed this task (or when you are 1/10000th of the way through), you will have a more complete appreciation of...exactly what, obfuscation means. And I will tell you Well Done. Now go learn Mandarin and do it again. And you know, we're going to do this 30 times with each new language.
Maybe it's best just to trust Apple? I think so. But then that doesn't mean you need to insult yourself either...?