PowerPC Security Risk

Discussion in 'PowerPC Macs' started by Dronecatcher, Sep 17, 2015.

  1. Dronecatcher macrumors 68000

    Dronecatcher

    Joined:
    Jun 17, 2014
    Location:
    Lincolnshire, UK
    #1
    As online security seems to be a bit of an obsession nowadays - rightly so in most circumstances - and using PowerPC Macs in that regard is an uphill struggle, I just wondered if anyone has actually ever had a real crisis using a Mac ie a virus infection, back door, trojan, keylogger, ID theft etc etc
    Personally, in the 15 years I've been online, I've only had one virus - that was on a PC running without AV and it took about 15 minutes to clean up.

    Of course, never say never - I'm not advocating no security, it's just the case that most times I'll sacrifice security for speed and convenience on older hardware.
     
  2. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #2
    If you just use it on your home network behind a firewall, in most cases it just comes down to the browser's security and not being dumb. There are obviously more things that can go wrong than that, but they would take an attacker who is more determined than average.

    On a large corporate or university network, things are much different. When I'm on my university network, just for fun I like to run tcpdump on the pflog0 interface so I can watch what is hitting my firewall. It gets hit with all kinds of probing attempts, often for commonly used SCADA ports, but many others as well. My authlog is also routinely full of failed SSH root login attempts. Someone even tried the FREAK attack on my browser a couple weeks after it had been made public.
     
  3. Dronecatcher thread starter macrumors 68000

    Dronecatcher

    Joined:
    Jun 17, 2014
    Location:
    Lincolnshire, UK
    #3
    Yes, I'm only referring to personal/home use - corporate is a different matter and I've seen plenty of "Defcon 1" calamities at work.
     
  4. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #4
    Yeah it's really a much different threat model. At home, I'd be significantly more concerned about the router than anything behind it.
     
  5. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #5
    I have never experienced anything on a PowerPC Mac. Either at home or work.

    I have had some things I've downloaded on the Intel Mac at work contain a virus (AV software caught it) designed to affect PCs but have not experienced anything there either.

    At work, due to certain actions by employees, several PCs have been compromised at some point. Depending on my amount of time available it's either a wipe or a cleanup. The last major incident was a wipe by our outside IT guy. The employee had managed to get one of those data hostage trojans where the bastards encrypt your data and demand money for the key to get it back.

    You have to be careful. But I find more danger in relation to the Intel Macs than Power PC.
     
  6. Gamer9430 macrumors 68020

    Gamer9430

    Joined:
    Apr 22, 2014
    Location:
    Central New Jersey, USA
    #6
    I've never had an issue with both my PPC and Intel Macs, on both Home and School. As far as I'm concerned, I'm going to keep going without AV and just play it safe. A few years back I had Sophos on my MacBook Pro, and like @eyoungren, I picked up some windows viruses on bogus software. I cleaned it up and deleted the software. I've become a bit more careful when it comes to downloading stuff as well as my sources, so as far I know I haven't picked up anything else.
     
  7. Dronecatcher thread starter macrumors 68000

    Dronecatcher

    Joined:
    Jun 17, 2014
    Location:
    Lincolnshire, UK
    #7
    Sounds familiar - every instance I came across was because staff still couldn't grasp the idea of infected attachments from unknown recipients.
     
  8. Dronecatcher thread starter macrumors 68000

    Dronecatcher

    Joined:
    Jun 17, 2014
    Location:
    Lincolnshire, UK
    #8
    Yes, on PPC, AV is not such an issue - I'm more leaning towards the notion of latest OS and web browser for the sake of security. An example being my PB 12, it only has 768Mb RAM so I run 10.4.11 and Tiger Webkit for best speed - the security conscious would go Leopard/TFF and live with the performance hit.
     
  9. flyrod macrumors 6502

    flyrod

    Joined:
    Jan 12, 2015
    #9
    Only problem I've seen personally was on a work computer that didn't have a password. In general, I think PPC is a small target for the miscreants.
     
  10. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #10
    It is kind of like how the dirtbags go after cars in a parking lot. Are you going to rob my 1987 GMC Suburban or the shiny new black Audi parked next to me? Most hackers and dirtbags do not care one bit about us PowerPC users as we offer little gains for them, same as would be breaking into my truck.
     
  11. Xandros macrumors regular

    Joined:
    Sep 19, 2010
    #11
    I have, but I'm pretty sure it was a Java based trojan. Note this is going to be rather long winded as I'm bored and feel like going into great detail but the long and short of it is I got infected by a trojan through Java on my Powerbook which, isn't technically the Mac's fault but it's worth taking heed of given how out of dat ethe standard Apple installs of Java are on PPC OS X. As far as I'm aware you could get infected with one of those on any system running affected Java versions, just by visiting infected websites. I know the intrusion was on my Mac too, and not my PC, since I used a credit card to buy a pizza online with my Mac which I hadn't used for months anywhere else and low and behold about a week later someone tried to send money through Western Union with it for 400 quid. I suppose it's possible I lost the card info somewhere else, months prior, but my experience of these intrusions is they don't hang around once they get things like bank details or credit card info in case the intrusion is detected and the account details changed so I'm fairly "confident" it was the Mac that had the infection as a result.

    I didn't lose any money incidentally since as with most credit cards I was protected against fraud but even so, I immediately wiped the Powerbook's HDD and reinstalled everything on it once I found out. I also now disable Java in the control panel and also in Safari on all three of my PPC Macs, since I don't need or use it anyway and quite frankly it's a security risk as far as I'm concerned. I don't know how effective turning it off in OS X actually is mind you, I'd much rather uninstall it but I don't think you can with OS X what with it coming essentially built-in with the OS (if I'm wrong about that I'd love to know how to get rid of it completely).

    Oddly enough in the time I've used computers that was only the second time I've ever been infected by a trojan (well I presume it was a trojan). And while I'm not 100% sure if Java was the culprit, given this was actually in the days since Intel Macs came out I'd be surprised if it wasn't what with Java in 10.5.8 being outdated by several years at that point (think this happened around 2007/2008 maybe later).

    The first time I was a victim of an infection was... Surprise surprise, a java incursion. On my PC. Now that really was a trojan. And yet again, I'd lost a credit card info to the bastards before I found out. This was in the days when Vista was still the main Windows OS and I didn't want to touch that with a bargepole, but I found XP to be too outdated, so I obtained myself a lovely copy of Windows Server 2003 R2 which, for all intents and purposes once you'd tweaked the hell out of it, was basically an updated and somewhat more secure version of XP Pro (and again onces tweaked to kingdom come it functions less like the server OS it was and more like it's consumer OS counterpart).

    Believe it or not, I didn't run antivirus on that machine in the many years I used it. I didn't feel like I needed to. I didn't tend to surf dodgy wbesites and I felt I was pretty savvy when it came to downloading things. What I wasn't savvy about though was Java. I had it installed simply because I thought it was one of those things you needed to get a good experience out of web browsing, and maybe back in those days it was, but one day, I got the fraud alert on my credit card and suspicious I ran a free virus check on my computer and low and behold it found at least two Java files hidden away that it identified as trojans. I seem to recall at the time what was going on was some smart dick had found a flaw in Java that allowed to it automatically and in the background download these trojans, install them and let them run, but I think they only worked on your browser. Effectively spied on your browser use. Infected sites could otherwise be perfectly legitimate but if attacked could have code injected into them via SQL flaws or something, that's how legitimate sites could be infected.

    Aannnnnyway, I cleaned the system and after that I installed Eset Smart Security on it and ever since then I've used either smart security of Nod32 on my PCs but I've never had an infection since (to my knowledge anyway) since like the Macs, I uninstalled Java and no longer touch it. if you want a laugh though get this for credit card fraud. So, the people that dump the infections don't tend to be th eones that use the cards, they're smart enough to know better (in most cases). What they do is sell the details on "black market" websites, and these days on the dark web most likely. Anyway clearly whoever bought my credit card details was not smart.

    I found out about the fraud myself, not through my card company. I got a statement through and discovered I had had a payment sent to my account (not debited but credited, liek I'd had a refund or something) from an online casino. Turns out the idiot used my card to play online bingo or something, spent 50 quid, then won 100 quid. However what he didn't realise was winnings got paid back to the card you used to buy play time with, so I won 50 quid and my credit card company let me keep it.

    It's probably one of the rare instances where a victim of credit card fraud actually benefited from it.
     
  12. Dronecatcher thread starter macrumors 68000

    Dronecatcher

    Joined:
    Jun 17, 2014
    Location:
    Lincolnshire, UK
    #12
    That's fascinating and unsettling reading Xandros.
    Does anyone know whether those kind of vulnerabilities were patched in Java - as there were a few updates after 2008 before PPC got abandoned?
    Doesn't Java have to request permission to activate/install plugins online - I've come across lots of browser audio players that request first and running ClickToPlugin certainly blocks them until they're authorised.
     
  13. Dronecatcher thread starter macrumors 68000

    Dronecatcher

    Joined:
    Jun 17, 2014
    Location:
    Lincolnshire, UK
    #13
    Don't forget they're not always the most astute individuals though - I had a convertible Mitsubishi Pajero jeep that was broken into, they smashed out the door lock with a screwdriver. However, being a convertible jeep, the vinyl "roof" was attached with zips and press studs - they could have undone 2 poppers and reached through to open the door in seconds.
     
  14. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #14
    Do people even make trojans/malware compatible for PPC OS X anymore? Will the security holes found in PPC OS X (probably lots now) even be exploited with the PPC userbase being so small? I just assumed 'security' through obscurity with these things since Intel OS X seems to be able to *mostly* get away with it too.
     
  15. Xandros macrumors regular

    Joined:
    Sep 19, 2010
    #15
    I don't think it was related to plugins. Googling it I think it was the "Trojan Downloader" type of thing. Flashback was one of them but I don't think that was what I was infected with since that popped up in 2011. Perhaps an early variant. https://en.wikipedia.org/wiki/Trojan_BackDoor.Flashback. Though if the exploit existed in 2011 it existed in the years prior so, who knows.

    I can't remember exactly when the intrusion occurred on my computer, but indeed Apple have issued security updates since then that may have fixed some issues, though there hasn't been another update for a while now - I think the last PPC 10.5.8 security update was released in 2010 (the last Intel 10.5.8 security update was released in 2012). No idea when th elast Java 1.5 update was. Think it might have been around 2010 or 2011 so that flashback trojan might still be a problem for PPC Macs?

    Either way like I said I don't ever seem to need Java so I don't have it enabled on my Macs and don't even have it installed on my PCs and I feel better for it, but again as I say, I don't know how far merely turning it off in the control panel on OS X actually goes to disabling it completely. I'd much rather uninstall the damn thing altogether.
     
  16. 128keaton macrumors 68020

    128keaton

    Joined:
    Jan 13, 2013
    #16
    Hahah, I leave my truck unlocked. They can take my OEM radio with a bad ground and broken LCD. Or my $5 Auxiliary tuner. Or my change. Just don't break my window.
     
  17. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #17
    Some dirtbags are very stupid indeed!
     
  18. happyfrappy macrumors 6502

    Joined:
    Oct 14, 2007
    Location:
    Location eh?
    #18
    Someone once broke into a friends' car, instead of taking a SLR camera or ASUS netbook the thief took pocket change & CDs instead. On another forum pre-Apple iPod era, someone broke into an apartment taking their PC & Macs laptops but tossed the iBook G3 & PowerBook G4 into the garbage bin. When I was a student someone broke into a friends' apartment, they didn't take my 12" PowerBook G4 but took other less expensive stuff(CDs & DVDs) and my AMD Geode wear-able PC(it was equipped with a USB GPS & modified lithium ion powered Wacom LCD) used for topographic map research as in hardened for mountain treks :eek: I never built another wear-able PC afterwards, stuck to modifying cheaper Windows Mobile PDAs via serial-port mods as the OS supported built-in handwriting/drawing on maps.


    Apple scrapped Java updates for PowerPC after Lion was released so the best shift of safety is disable Java completely. Pre-HTML5 there was a need of Java like Flash but the amount of holes make it too much of a risk to deploy.

    If I'm using Linux on PPC security is no different than a modern OS, for OS X Tiger or Leopard it'll be too risky as there are still trojans which target Adobe Flash/Reader/Java and those scumbags will use hijack schemes which involve running a background AppleScript to change your browser/OS DNS settings.

    Hazard of using a still common OS is what makes OS X on PPC still an active target than say 68k/PPC stuck on OS 9, 99% of the browser plug-ins aren't supported and browsers back then didn't auto-open PDFs/MP3/QT if a website tried to redirect to a trojan file. Funny thing is OS/2 Warp(aka eComStation) remains the most secure OS still used for banking, integrated devices from medical to CNC machines as the kernel rarely if ever crashes as IBM based it on a hardened server OS for desktop environments. Sadly OS/2 was axed after Windows ME/Win2k hit the market, IBM stupidly kept trying to pull an Apple hardware lock-in system yet wanted retail consumers to use their OS... CEO scrapped it as they felt driver support on the scale of MS WHQL certification was too expensive and an old IBM solutions provider bought ownership to maintain it as eComStation. Several local universities still use OS/2 Warp/eComStation in areas where Linux isn't ideal.
     
  19. Cox Orange, Sep 18, 2015
    Last edited: Sep 18, 2015

    Cox Orange macrumors 68000

    Joined:
    Jan 1, 2010
    #19
    You guys probably know all that, over at the TFFx blog wwere two articles about webkit in a browser and webkit as interveaved in OS X itself and what risks it brings and also one article that listed every potential hole that comes with OS X software. All both PowerPC and Intel.

    webkit and SSL http://tenfourfox.blogspot.de/2014/02/ssafari-ssl-ssucks.html
    webkit and crossplatform apps http://tenfourfox.blogspot.de/2012/05/security-blanket-blues.html
    Java and Flash (I know not really anything new) http://tenfourfox.blogspot.de/2012/04/poisoned-coffee.html

    Bash problems (shell shock) under PPC and Intel
    http://tenfourfox.blogspot.dk/2014/09/bashing-bash-one-more-time-updated.html
    fix for older OSes http://resale.headgap.com/bobsmactips.html (search the site for "bash problems")
    Though as I read it from some posts this seems to be more a problem of people running servers.

    Then there was an article, where someone explained the steps and what huge amount of work it involves to get into Mac OS X (quiet old article though) and he said that this probably turns off people that want to do evil stuff. I can't find it at the moment, what a pitty.
    Edit: found it! Double pitty, it's German, too Edit: hab es gefunden. :D:freu::bedjump::freu:
    http://www.macmark.de/osx_security.php
    Hm, I will keep that in the very back region of my brain, maybe if I once get time for it, I will translate it (but not to soon).

    This here is nice, it lists 51 threats to Mac OS X from the 1990s till today, unfortunately German, but for those who can read it, I'll put it here http://www.apfelwerk.de/2014/11/51-viren-fuer-mac-os-x/

    Last but not least, one more regarded to wrong behaviour of the user https://discussions.apple.com/docs/DOC-2435
    On my Mac Mini OS 10.9 I installed both Apple and oracle Java stuff, because I had to to use certain stuff, unfortunately. It is quiet interesting though that for some stuff you have to download the latest Java from oracle itself.

    Oh and my personal story... :) I never had an attack, but I once out of curiosity and you know there are sometimes times, where you think I must be to good to be true, so I installed ClamXav (and I think I tried one other I don't remember right now), in the end I remember it showed me about three files that the system was using somewhere and were no risk, but called them "suspicious". While one site of downloading security apps, is that you might download crap-/malware, the other thing is, when it is working, but shows you stuff that is useful and you don't have the knowledge at hand to decide, if this is a real thread.
     
  20. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #20
    At least they got their iBook and PowerBook back then!
     
  21. flyrod macrumors 6502

    flyrod

    Joined:
    Jan 12, 2015
    #21
    Where is this setting? I don't see it for some reason...
     
  22. Xandros macrumors regular

    Joined:
    Sep 19, 2010
    #22
    Sorry I should have made that more clear, it's not in the system control panel. I don't have my Powerbook to hand at the moment so can't say exactly where it is as I can't remember but I *think* it's in Applications > Utilities > Java. Disabling Java is as simple as unchecking a tick box in there (Java 1.4 should already be disabled if you have 1.5 installed and updated I believe,).
     
  23. happyfrappy macrumors 6502

    Joined:
    Oct 14, 2007
    Location:
    Location eh?
    #23
    The Java settings/configuration sits in the Utilities folder, however on Leopard/Snow Leopard there is two control panels one for Java 1.4/1.5 and other for the newer Java 2.0. On Intel Macs(10.4/10.5) the older Java is optional, you can remove Java 1.4/1.5 completely if you're paranoid.

    Besides disabling Java, make sure the storage cache is set to zero as "local disk" Java programs(ex: Limewire/P2P programs, malware programs renamed to PDF/mp3/mp4 that will run as a program if double-clicked) can still use Java and its networking functions.
     
  24. Xandros macrumors regular

    Joined:
    Sep 19, 2010
    #24
    Well I wouldn't know about what's on Intel Leopard or Snow Leopard since I don't have an Intel Mac.
     

Share This Page