Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Cutting a deal with a hacker, if we can get one who's up high enough ...
This sounds like you're under the mistaken impression that hackers are members of some kind of organization or ranking.... they're not. They are, for the most part, quite independent. There's no such thing as "Hacker, Class 3" or "Hacker, Class 1". Also, not all hackers write malware and not all malware writers are hackers. The more you offer such statements, the more you reveal that you have no idea what you're talking about.
 
That's completely false. The current installed base of Macs is around 100 million, and it grows by over a million Macs per month. You don't need a certain percentage of market share for a useful botnet; you need numbers. You talking to a handful of hackers is hardly conclusive. I can interview a handful of people in my neighborhood and find a consensus on any number of falsehoods. Get some facts (rather than making stuff up) and then re-join the discussion.


trying to stick to facts...

OSX marketshare was just shy of 50 mill as announced by Tim Cook at his 'state of the mac address' in October last year...

will be higher now...but not massively so..

heres a link to help you..

http://www.bgr.com/2010/10/20/apple-cfo-tim-cook-details-state-of-the-mac/

apology by PM or in the thread is fine. :p;):rolleyes:
 
google...

'windows more secure than OSX'

check the results, you have people who are professional coders telling it how it is... and has been since 2007.

ignorance of facts doesn't equal knowledge, if no one is trying to break the door down you don't need a big lock.

Really? Find a source that makes the statements you suggest above that is unbiased. By unbiased, I mean a source that doesn't sell vulnerabilities to ZDI which then produces and markets specific hardware security appliances to generate revenue.

Man in the browser is now the biggest issue for all OS's, malware wise.

All the info. happens via the browser, there is no point attacking anything else.

Hooking the APIs to log protected passwords in Mac OS X requires privilege escalation.
 
This sounds like you're under the mistaken impression that hackers are members of some kind of organization or ranking.... they're not. They are, for the most part, quite independent. There's no such thing as "Hacker, Class 3" or "Hacker, Class 1". Also, not all hackers write malware and not all malware writers are hackers. The more you offer such statements, the more you reveal that you have no idea what you're talking about.



lol, sorry........I can't get into this but you are SO wrong its not true.

there are governments around the world employing people to do this kind of thing.
 
trying to stick to facts...

OSX marketshare was just shy of 50 mill
That's Mac OS X installed base, not the installed base of Macs, as I said. Mac OS X is not the only Mac OS out there. Reading comprehension is fun!
lol, sorry........I can't get into this but you are SO wrong its not true.
Which means, of course, that you can't back up your claims with facts.
there are governments around the world employing people to do this kind of thing.
So? That has nothing to do with your baseless claims about hackers.
 
google…
"OS X more secure than Windows"

There, fixed it for ya (and the "'s too) ;)

OS X and Windows have their pro's and con's, no OS is 100% secure. OS X based systems are generally more secure than Windows systems. I could google "OS X safer than Windows" and find as many claims as you suggest, but that would be bias. Google " 'OS X versus Windows' security' ", you will most likely discover articles/studies with no bias/agenda. If OS X wasn't more secure than Windows OS systems, why aren't more users running anti-virus/malware utilities?

However (and read my posts), working in the field I can assure you 75%+ of my clients have security/virus/malware issues with everything from XP-W7. Executable's are the equivalent to barfing into your system; they get everywhere and are difficult to remove.

If Windows followed Apple and developed hardware to utilize their OS instead of coding an OS for a myriad of profiles (and ditching antiquated BIOS for EFI) it would allow for a better end user experience and for MS to focus on better security. Yet this would mean millions to billions for businesses to reinvest in new hardware as well as MS producing a good product (based on their industrial design team and product history, I wouldn't bet on it).
 
There, fixed it for ya (and the "'s too) ;)

OS X and Windows have their pro's and con's, no OS is 100% secure. However (and read my posts), working in the field I can assure you 75%+ of my clients have security/virus/malware issues with everything from XP-W7. Executable's are the equivalent to barfing into your system; they get everywhere and are difficult to remove.

If Windows followed Apple and developed hardware to utilize their OS instead of coding an OS for a myriad of profiles (and ditching antiquated BIOS for EFI) it would allow for a better end user experience and for MS to focus on better security. Yet this would mean millions to billions for businesses to reinvest in new hardware as well as MS producing a good product (based on their industrial design team and product history, I wouldn't bet on it).

OS X based systems are generally more secure than Windows systems. I could google "OS X safer than Windows" and find as many claims as you suggest, but that would be bias. Google " 'OS X versus Windows' security' ", you will most likely discover articles/studies with no bias/agenda. If OS X wasn't more secure than Windows OS systems, why aren't more users running anti-virus/malware utilities?

Ah well, forget google-ing "windows is more secure than OS X",

just ask google; they know better I guess. ;)
 
Really? Find a source that makes the statements you suggest above that is unbiased. By unbiased, I mean a source that doesn't sell vulnerabilities to ZDI which then produces and markets specific hardware security appliances to generate revenue.



Hooking the APIs to log protected passwords in Mac OS X requires privilege escalation.


unbiased as opposed to a Mac site.... yeah right!


Mac users tend to be a better target for old fashioned phishing/vishing because...well, 'nothing bad happens on a Mac..' right?
 
That's Mac OS X installed base, not the installed base of Macs, as I said. Mac OS X is not the only Mac OS out there. Reading comprehension is fun!

Which means, of course, that you can't back up your claims with facts.

So? That has nothing to do with your baseless claims about hackers.

so theres 50 mill + users of OS 9 out there when its ten years old...?

really...?

hmm, hope its not too windy for straw clutching over there!


zero clue...
 
unbiased as opposed to a Mac site.... yeah right!


Mac users tend to be a better target for old fashioned phishing/vishing because...well, 'nothing bad happens on a Mac..' right?

Sure it can, but it's the percentage and the variables of these "bad" incidents that are key as you are generalizing without specifics.

How about unbiased studies, and percentages of viruses and malware between the two? Those would be facts (again, from an impartial party/experiment).

Also, you're on a Mac based website, so of course there are OS X defenders. Go to Engadget, et al if you don't wish to be here, you're free to decide :)
 
unbiased as opposed to a Mac site.... yeah right!


Mac users tend to be a better target for old fashioned phishing/vishing because...well, 'nothing bad happens on a Mac..' right?

Now from google pointing 'sources', you are consistently jumping on to mac users, eh?

Good going.

Yup nothing happens to my mac except for what I do it. It's that simple. Why don't you just ask Google why they decided to abandon Windows?
 
Sure it can, but it's the percentage and the variables of these "bad" incidents that are key as you are generalizing without specifics.

How about unbiased studies, and percentages of viruses and malware between the two? Those would be facts (again, from an impartial party/experiment).

Also, you're on a Mac based website, so of course there are OS X defenders. Go to Engadget, et al if you don't wish to be here, you're free to decide :)



Its hard to link to conversations.....

Studies on malware are pointless, there is so little effort being put into writing OSX malware, no ROI.

to be honest I didn't think it was a still a live argument (Mac OSX security myths) it certainly isn't in my circles.
 
Again, look, if you're not interested in the mechanics, that's fine. Stop replying to me.

My post is inquiring about the mechanics. For the past hour, I've been trying to find how this thing ticks by searching around for in-depth articles (none to find, everyone just points to Intego's brief overview that is seriously lacking in details) or for the archive itself.

If you don't want to take this discussion to the technical level I am trying to take it, just don't participate.

The Javascript exploit injected code into the Safari process to cause the download of a payload. That payload was the installer. (EDIT: the Javascript code did not exploit a vulnerability in Safari).

The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.

An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.

If you had any technical knowledge you could have figured that out yourself via the Intego article.

I don't know of any other Web browser (this is not a OS problem, it's a Safari problem) that automatically assumes executables are safe and thus should be auto-executed.

Installers being marked as safe really doesn't increase the likelihood of user level access as any client-side exploit provides user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just an exploit that provides user level access.

What does Webkit2 have anything to do with running an installer on the OS after downloading it ? That happens outside the rendering engine's sandbox. You're not quite understanding what this sandbox does if you think this protects you against these types of attacks.

Webkit2 will prevent user level access via an exploit. Preventing these types of attacks is the intended purpose of sandboxing.
 
Last edited:
The Javascript exploit injected code into the Safari process to cause the download of a payload. That payload was the installer.

The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.

An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.

If you had any technical knowledge you could have figured that out yourself via the Intego article.



Installers being marked as safe really doesn't increase the likelihood of user level access as the Javascript exploit already provided user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just the Javascript exploit.



Webkit2 will prevent user level access via an exploit, such as a Javascript exploit.


on the desktop/laptop side which browsers will use webkit2?

Chrome and Safari?

in which case its virtually pojntless (for the community) as the 2 biggest browsers won't have it...or will they have something similar??
 
What are you even talking about?

I simply commented on the fact that you must ask Google why they abandoned MS Windows for commercial use and that Google knows better.

You come with an insulting post claiming they know more than me.

Good if they know more than me and I don't have an issue but mind your own business sir.
 
Last edited by a moderator:
on the desktop/laptop side which browsers will use webkit2?

Chrome and Safari?

in which case its virtually pojntless (for the community) as the 2 biggest browsers won't have it...or will they have something similar??

Chrome already uses a Sandbox similar to Webkit2 but it is built on top of webkit rather than implemented within webkit. Supposedly, Webkit2's split in the process will be better placed than that of Chrome.

Safari will use Webkit2 as it is based off of Webkit. Safari based on Webkit2 will be released soon, with the release of OS X Lion.
 
What are you even talking about?

I simply commented on the fact that you must ask Google why they abandoned MS Windows for commercial use and that Google knows better.

You come with an insulting post claiming they know more than me.

Good if they know more than me and I don't have an issue but mind your own business sir.

Sorry, I find you hard to comprehend, maybe because English is my first language?

anyway...

Google employees must use Macs...?

probably tells you all you need to know about their internal IT team.

a nonsensical decision given that IE still has more than half the browser market and Macs can't run it.

security issues are staff issues...
 
I can't think of anywhere else on the internet where users are so pedantic about whether a piece of malware is a virus or not. It's completely missing the point. The amount of malware out there for Macs is very slowly increasing, which, in itself, is increasing the probability of infecting the user base and Macs can be remotely exploited just like any other operating system.

Instead of rebuffing the emergence of Mac malware with technicalities and pointing the finger at other products, it would be more useful to think about what it means to you, the user. Do you need to run out and buy an antivirus product? No, probably not. If you're someone who keeps on top of software updates and are generally sensible in how you use a computer then you're fine to carry on.

On the other hand, if you're someone who peruses file sharing services and questionable websites for dodgy content and pirated software then it's becoming increasingly more likely that one day you'll get burned. Highly likely? No, not yet, but it would be foolish to assume immunity to computer security issues based solely on the fact that something so far has not met the strict definition of "virus".

A few people need to stop being so short sighted in trying to meticulously defend the idea of "no viruses on Macs". Ultimately it's a rather hollow ideal to uphold because uninitiated users accept it as gospel and it doesn't encourage them to adopt safe computer practices.
 
Chrome already uses a Sandbox similar to Webkit2 but it is built on top of webkit rather than implemented within webkit. Supposedly, Webkit2's split in the process will be better placed than that of Chrome.

Safari will use Webkit2 as it is based off of Webkit. Safari based on Webkit2 will be released soon, with the release of OS X Lion.

so a very small percentage of the market will be using it (the better tech) then?

if IE or FF don't do something similar then it won't really matter from a cybercrime point of view as 'no one' uses Safari and only the foolish use Chrome.

sad really..

I can't think of anywhere else on the internet where users are so pedantic about whether a piece of malware is a virus or not. It's completely missing the point. The amount of malware out there for Macs is very slowly increasing, which, in itself, is increasing the probability of infecting the user base and Macs can be remotely exploited just like any other operating system.

Instead of rebuffing the emergence of Mac malware with technicalities and pointing the finger at other products, it would be more useful to think about what it means to you, the user. Do you need to run out and buy an antivirus product? No, probably not. If you're someone who keeps on top of software updates and are generally sensible in how you use a computer then you're fine to carry on.

On the other hand, if you're someone who peruses file sharing services and questionable websites for dodgy content and pirated software then it's becoming increasingly more likely that one day you'll get burned. Highly likely? No, not yet, but it would be foolish to assume immunity to computer security issues based solely on the fact that something so far has not met the strict definition of "virus".

A few people need to stop being so short sighted in trying to meticulously defend the idea of "no viruses on Macs". Ultimately it's a rather hollow ideal to uphold because uninitiated users accept it as gospel and it doesn't encourage them to adopt safe computer practices.


sorry, last post...

great post....

all sentiments apply equally to OSX and Windows users..
 
Last edited by a moderator:
A few people need to stop being so short sighted in trying to meticulously defend the idea of "no viruses on Macs". Ultimately it's a rather hollow ideal to uphold because uninitiated users accept it as gospel and it doesn't encourage them to adopt safe computer practices.

It's not. You don't defend against viruses the way you do against worms the way you do against trojans. The distinction is important as the infection vectors differs and the defense mechanism also differ.

To lump all malware together as some common entity is what doesn't encourage users to adopt safe computer practices, instead relying on the snake oil sold by Intego and other FUD spreaders to "keep them safe".

Know thy enemy.
 
A few people need to stop being so short sighted in trying to meticulously defend the idea of "no viruses on Macs". Ultimately it's a rather hollow ideal to uphold because uninitiated users accept it as gospel and it doesn't encourage them to adopt safe computer practices.
It's not an "idea" that there are no viruses in the wild that run on Mac OS X; it's a fact. Whether malware is a virus or trojan is important, because it determines what defense is required. Rather than lump everything together and erroneously call it a virus, it's more helpful to properly identify what kind of threat it is, so users know how best to handle it. Even in the absence of viruses, safe computer practices are always encouraged, such as not pirating software or downloading codecs or plug-ins from disreputable sites. In fact, it's more helpful to encourage safe computing practices than to recommend antivirus apps, which can give a user a false sense of security.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.