I have to agree with a lot of the people here who are concerned with security. Part of the reason OS X seemed so secure was because no one tested it. Now that we have Intel chips and a growing market share, vulnerabilities are being exploited. The day that I have to go out and buy virus protection for OS X is the day I consider going back to Windows. Vista looks like OS X so switching wouldn't be as big a pain.🙂
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'Month of Kernel Bugs' Ends, First Adware for Mac OS X?
- Thread starter MacRumors
- Start date
- Sort by reaction score
Seasought
macrumors 65816
Despite how depressing news or rumors related to security issues with OS X are I'm in agreement that attention to this issue is always a good thing. A little humility can go a long way.
longofest
Editor emeritus
Good call... I initially thought you did have to have AppleTalk enabled for AFP to work, and actually have always had AT enabled. I guess I can turn it off now 🙂
apfhex
macrumors 68030
I've been wanting them to do this for a while. There are already non-adware applications that do that (think "Smart Crash Reports"), which really bothers me.
spicyapple
macrumors 68000
For the 5 years or so of owning a Mac, I have not come across any breach of security by attacks from viruses from the Internet. Some safe guards to use firewall with a router, limiting ports, and so forth are pretty basic. I've had good luck using a very strong password with a combination of alphanumeric characters and underscores. Although one time, I connected onto an outside network and when I went to browse inside my secret porn folder, I found a pic that wasn't mine. Someone must've copied it into my hidden folder and labeled it myfav.jpg. Very odd, but that was the only time its ever happened.
Most of these Mac attacks seem to be more predominant with social engineering hacks and user error, than comprised code.
Most of these Mac attacks seem to be more predominant with social engineering hacks and user error, than comprised code.
yellow
Moderator emeritus
Of course, and I meant that in the 'general sense'. I have long since abandoned the use of Classic on any of my OS X Macs or any of the Macs I support. AppleTalk is so deprecated that I can hardly believe that anyone will be able to use it much longer. In fact, I wouldn't be shocked if it was completely absent from 10.5.
As for the AFP needing AppleTalk, I'm glad you linked the correction. As AppleTalk was an Apple prorietary networking protocol and more and more places were dropping support for AppleTalk routing between subnets/routers (it is PROHIBITIVELY expensive for routers that will pass AT traffic) AFP moved to AFPoverTCP.
Which makes it even MORE odd that it's enabled by default in MacTels, which don't run Classic. 😕
iMeowbot
macrumors G3
Sure you can. What you can't do is grab stuff and assume that it does the right thing without checking it for yourself. That's equally true for software developed in house, or developed by subcontractors or commercial partners. It has little at all to do with public vs. private source code.
Yeah I don't use classic on my OS X systems at all. I am actually referring to enabling it for network communication with my Quadra 840av, LC 575, and other older systems that I boot into system 7 or even OS 8. Granted the need for Appletalk in those situations can be substituted for TCP/IP, AT appears to be more stable with those older systems.
I just checked my MacBook, and found that it too is enabled! Strange indeed!
PtMD
macrumors member
Hmm. I'm running a 17" MacBook Pro with 10.4.8 and when I checked under both Ethernet and Airport Appletalk was not enabled. On this machine I have never set it one way or the other.
OK, relax people
Once someone 'proves' that installation into your System folder, NOT your user space, can be done without an Administrative account THAT will be newsworthy. Making Safari launch a certain web page can be done with preference/.plist files. These are in the USER space. I have yet to see or hear about a compromise of Mac OS X 10.4.8 that does Administrative tampering using a non-admin account (without physical access to the machine). Now I, and many others have submitted feedback to Apple that they have to include, in initial setup of a Mac system, the requirement of setting up a non-admin account. This is security 101 and something neither MS or Apple currently requires. Once you are an Admin all bets are off. We have all seen the installers that you double click and don't require a password to install. Scary. Apple needs to REMAIN diligent on security, but they are not totally lax like some suggest.
just my .02
Once someone 'proves' that installation into your System folder, NOT your user space, can be done without an Administrative account THAT will be newsworthy. Making Safari launch a certain web page can be done with preference/.plist files. These are in the USER space. I have yet to see or hear about a compromise of Mac OS X 10.4.8 that does Administrative tampering using a non-admin account (without physical access to the machine). Now I, and many others have submitted feedback to Apple that they have to include, in initial setup of a Mac system, the requirement of setting up a non-admin account. This is security 101 and something neither MS or Apple currently requires. Once you are an Admin all bets are off. We have all seen the installers that you double click and don't require a password to install. Scary. Apple needs to REMAIN diligent on security, but they are not totally lax like some suggest.
just my .02
hulugu
macrumors 68000
Yep, Artie MacStrawman, I hate that guy.
Apple's response is, I think, much more important than the MOKB finding a handful of vulnerabilities in OSX, if they address the problem quickly and respond accordingly with a good Security Update, than I think we can still be relatively assured that OSX is safe. We'll also have to see how quickly various black-hats respond to Vista.
gregdig
macrumors newbie
Switching to Windows because you have to use antivirus software on your Mac would just be like jumping out of the frying pan and into the fire.
During the 15 years or so that Macs were around before the advent of OS X, most Mac users had antivirus software running on their computers. It was necessary, it was no big deal, and it was certainly no reason to start using a Windows box.
yellow
Moderator emeritus
Except that getting a computer that will run Vista WELL (not just "run" it) will be a pain in your wallet, probably more expensive than a mac for a while (unless you just dual boot it 🙂 ). The other problem is that you would have to rebuy all of your software, mess with all of the incompatibilities with Vista and the constant performance and security updates, hope that WGA doesn't conk out on you, etc. Trust me, the bundle of fun that is Vista is just too much for most 😛.
Stridder44
macrumors 68040
iAdware-Blaw
iAdware is an ugly development to-be-sure, but not a big an scary one. As most Mac users know, proof of concept is not the same as actually having this kind of thing happen in the wild.
Still, Apple should take this seriously and anticipate similar developments in the coming months. If something like this does take off, it'll likely be through spoofing type sites and so on. For now I'm not going to loose any sleep over this and trust that Apple, as it angles itself-towards dominance in the marketplace, won't make the same blunders MS did with their buggy OS.
Apple knows that MS has them in their sights and any slip would be exploited. You can just see them shouting from the rooftops, "My Gawd, Apple has viruses, malware and adware!" as if that paralleled the umpteen thousands of virus developed to exploit their own sub-par software.
I suspect it's being looked into now by Apple's security team with an update to emerge long before this pup is found in the wild.
iAdware is an ugly development to-be-sure, but not a big an scary one. As most Mac users know, proof of concept is not the same as actually having this kind of thing happen in the wild.
Still, Apple should take this seriously and anticipate similar developments in the coming months. If something like this does take off, it'll likely be through spoofing type sites and so on. For now I'm not going to loose any sleep over this and trust that Apple, as it angles itself-towards dominance in the marketplace, won't make the same blunders MS did with their buggy OS.
Apple knows that MS has them in their sights and any slip would be exploited. You can just see them shouting from the rooftops, "My Gawd, Apple has viruses, malware and adware!" as if that paralleled the umpteen thousands of virus developed to exploit their own sub-par software.
I suspect it's being looked into now by Apple's security team with an update to emerge long before this pup is found in the wild.
Westside guy
macrumors 604
Hey, somewhat going off on a tangent here but...
Vista is just now coming out. Are you old enough to remember that, when XP came out, it was lauded as "the most secure Windows ever"? It's silly to pay any attention to what MS says - until Vista has a track record, we won't know how its security stacks up.
Love or hate Steve Gibson, but he's pointed out some extremely stupid holes in Vista's security during the beta process. Stuff that was fixed in Windows back in the days of 95/98. They've got a totally new network stack in Vista, and frankly Microsoft has very little experience writing core network code (remember much or most of their previous stack was shown to have been pulled from BSD).
Now back to the Mac side. I'm glad to see this thread isn't filled with Apple apologists. 🙂 Apple certainly has work ahead of them, but I think all in all they've been pretty responsive to most vulnerability reports over the past couple years. But Mac people need to shed this false air of invulnerability that's far too common on this forum and elsewhere. In the end, common sense will go far to protect you - don't run day to day as an admin account, use a strong password, don't use the same password everywhere. If you have a home network, use NAT (by default you probably will be). Don't try to download a "free" version of Microsoft Office off Gnutella. 😀
JoeG4
macrumors 68040
I know I'm going to get labeled as a mac zealot and linux apologist for asking this, but isn't it weird how the project spent ALMOST ALL OF ITS TIME looking for ways to crucify OS X/Linux, but they avoided MS like the plague, as if they were afraid to make them look bad?
"I didn't have much time left for working on Microsoft Windows but I've received the most helpful feedback from the MSRC"
Riiiight. 😛
"I didn't have much time left for working on Microsoft Windows but I've received the most helpful feedback from the MSRC"
Riiiight. 😛
PtMD
macrumors member
Couldn't that be just because Windows security (or lack thereof) has already been thoroughly examined by the industry at large and therefore wasn't as high a priority?
bankshot
macrumors 65816
I believe it's primarily to thwart piracy. Here's a really good in-depth technical article on the subject:
http://osxbook.com/book/bonus/chapter7/binaryprotection/index.html