That is talking about how it spreads to other systems. How does infection occur? Conflicker is a popular one but that was patched so long ago. It seems these can easily be blocked.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
That is talking about how it spreads to other systems. How does infection occur? Conflicker is a popular one but that was patched so long ago. It seems these can easily be blocked.
They still required the user to execute said executable that had the worm attached. Other than that they can only compromise vulnerable systems that are publicly addressable.... or, like I was saying, they self propagate over a LAN once one system has been infected by whatever means.
Here is an article outlining the rules to PWN2OWN which are basically the same every year.
http://www.securityfocus.com/archive/136/489994/30/0/threaded
Don't mean to chime in here, but you have had an anti-Apple stance for the few years I've been reading (and the past year I've been directly participating) in the MacRumors forums. I must admit you're very good at it, if anyone tries to call you out on it you twist your view around enough to convince others that you're impartial. Overall you tend to argue with a Windows OS bias, which is fine, I like Windows 7. In fact it is a big step up from the previous Windows OS's. However, you do tend to bait people on an Apple fan based site into defending why they like Apple products. In truth, I find it rather smug (no offense). While the other extreme with some users is just as smug, understand that they are on an Apple fan site and may be sick of being backed into corners by some people for having a preference for Apple products. Their anger may be exacerbated by the baiting. To be fair.
Otherwise, I welcome your comments, they certainly keep me (and others) on their toes.
Thank you for the feedback. In particular, the "I welcome your
comments, they certainly keep me (and others) on their toes"
comment is appreciated. Sometimes pure BS is posted here, and I
hope that I help eradicate it when it shows up. If people check
their "facts" before posting in fear that Aiden might catch them,
then I'm helping the community.
While I have a pro-Cutler-OS bias, it's not quite the same as
an anti-Apple bias. My bias is against people who promulgate false
or misleading statements about Windows, or who claim that Apple is
all good and Microsoft is all evil. For example, earlier today I
replied to a post that said that Windows touch always popped up
an annoying shadow cursor - I pointed out that the shadow cursor
was a preference option. No good/evil diatribe, just clarified
the situation. Same with the people who say that Apple invented
USB, that Apple invented multi-touch, ....
On the other hand, there are a handful of regular posters who
believe that Apple does no wrong, that MS is alway evil, and
anyone who disagrees with their personal ideology deserves personal
insults and ad hominem attacks. Sometimes my "smug checker"
isn't able to keep my posts completely objective when dealing with
these buffoons.
Again, thank you.
I didn't alter my system in any way shape or form. The only reason that I even have it installed is because I had a product key and NBA 2K10 was on sale for 13 bucks on Steam. I dread booting into it and if I am in it I'm sure as hell not messing with the horrible idea that is the registry or messing with group policy editor. I do enough of that crap at work.
That's good to know. Though i'm sure the crossover cable is not bypassing any security in the system. Otherwise it would provide an unfair advantage against one system. The entire contest would then be biased.
I'm sure they use it to bypass any router security so they can just focus directly on the OS's themselves with their own default security.
Good to know. Though that infects windows 2000 systems. Wouldn't that be like digging up viruses that affect OS9? Are there any modern day self executing worms? I'd really like to know.
Apparently there is a low rate of infection from worms on patched systems. They have to be zero day exploits. Though we all know most people don't update.
Can you cite any evidence that ASLR has a performance cost? I can
imagine a few milliseconds added to each system boot, but so what?
Where do you get the "permanent access to root" idea? For the current
version of Windows, UAC comes up much less frequently.
It comes up if
1. A program (e.g. an installer) wants admin access
2. The user launches a shell-like program requesting "run as administrator"
If a single-task app is launched by the user, it will run as admin
without a UAC prompt. (This means that various privileged system
utilities won't ask you for an [OK] prompt.)
When the program or shell exits, nothing that's been installed will
have "permanent" root access.
Most Ethernet ports automatically sense whether they're connected to
a switch or another computer port, and will automatically connect as
"crossover" ports when connected computer-to-computer. "Crossover
cables" are ancient history - the electronics detect whether it's an
"upstream" or "downstream" link and configure automatically.
You can connect two systems with a "regular" Ethernet cable, and
the NICs will automatically configure as a "crossover" connection
if needed.
You missed the point. Even worms which are able to be executed without user interaction and spread via LAN are targeting the fact that there are large networks of Windows based machines. And these still start somewhere on the LAN. If a worm were created for OSX, it would get absolutely no where based on the same facts I listed above. IF large networks of Macs made up the business and consumer industry someone would actually target that vulnerability. There is no base for OSX infections to spread. An infection of any kind has to spread somehow. These days, 99% of the time it's just because of user error (someone running something they shouldn't).
Windows also virtualizes privileges, so an account with Administrator
privileges cannot use them without a UAC dialog.
A "default admin" account does not run with administrator privileges.
It has the right (through UAC) to elevate a single app to admin
privs if the [OK] dialog is granted.
You really need to read up on the virtualized filesystems and the
virtualized registry on Windows before you continue. You seem to
be generalizing Windows 3.1 security onto Windows 7. That doesn't
work!
So here's a question.
In the Intego Blog interview, Charlie Miller talks about "dumb fuzzing" - which sounds like he is just sending lots and lots of corrupted PDF files to Preview to find which ones crash the application which is a hint that perhaps that particular corruption is exploitable. That is just a summary.... here is the link.
So my question is.... is this enough information that a bright cookie at Apple could duplicate Miller's technique and find the exploits themselves? If so, what are the rules at pwn2own about how up-to-date a system must be? Could Apple release a security update the night before, and close the exploits that Miller was expecting to use?
At some point Apple has got to think to themselves that having their system fall first for 3 or 4 years in a row is going to cost them enough sales that its worth their while to let someone else get the cream-pie in the face.
And for what its worth, I think OS X is just as safe as it has to be, and not much more. Apple is a business, and they won't spend any more money on security than they have to... but I think they will spend as much as they need to. In other words, at this point there is no profit to be made by spending more money on security. Spend more on security will not bring the rate of malware infections down since the rate is very nearly zero.
Only when the rate of malware infections starts to go up does it make any sense to spend much more on security. I'm sure that malware infections will start to increase in the next few years.... and I'm sure that Apple will start taking security more seriously. Much more seriously. They make a lot of sales based on the perception that Macs are "Safer" (and by "safer" I mean infected less often, I'm not going to get into the Save vs Secure debate).
It would be just like Apple to put out a security update at the last minute to prevent the PR hit. I don't think it will happen, but it would fit their pattern.
In the Intego Blog interview, Charlie Miller talks about "dumb fuzzing" - which sounds like he is just sending lots and lots of corrupted PDF files to Preview to find which ones crash the application which is a hint that perhaps that particular corruption is exploitable. That is just a summary.... here is the link.
So my question is.... is this enough information that a bright cookie at Apple could duplicate Miller's technique and find the exploits themselves? If so, what are the rules at pwn2own about how up-to-date a system must be? Could Apple release a security update the night before, and close the exploits that Miller was expecting to use?
At some point Apple has got to think to themselves that having their system fall first for 3 or 4 years in a row is going to cost them enough sales that its worth their while to let someone else get the cream-pie in the face.
And for what its worth, I think OS X is just as safe as it has to be, and not much more. Apple is a business, and they won't spend any more money on security than they have to... but I think they will spend as much as they need to. In other words, at this point there is no profit to be made by spending more money on security. Spend more on security will not bring the rate of malware infections down since the rate is very nearly zero.
Only when the rate of malware infections starts to go up does it make any sense to spend much more on security. I'm sure that malware infections will start to increase in the next few years.... and I'm sure that Apple will start taking security more seriously. Much more seriously. They make a lot of sales based on the perception that Macs are "Safer" (and by "safer" I mean infected less often, I'm not going to get into the Save vs Secure debate).
It would be just like Apple to put out a security update at the last minute to prevent the PR hit. I don't think it will happen, but it would fit their pattern.
There's a difference between "holes in Mac OS X" and "holes in the open-source projects that underlie Mac OS X".
It's really fun and gets lots of attention when you make a big loud pronouncement against Apple. Apple is this, that or the other. But there are plenty of cases where this is purely attention seeking. Particularly when they make a big announcement in advance of it. If they were truly, genuinely only concerned about security, they would have already submitted them to Apple as they were found, not collecting them into a batch then calling a press conference to get their photos and names online. No. I suspect this is being an attention seeking wh0re, with the actual security content being a side-show.
"Zero day" means there is exploit code out there now. However, it does not mean they are "critical" ones.
Whoever this person is, their list of holes needs to be provided and sorted for impact, urgency and underlying cause. Because if we're talking about a hole in CUPS or PHP or something else, then not only is the blame not with Apple, it isn't even unique to Apple. Yes, it's the world's most popular UNIX, but it's still not the only UNIX. And if it's something obscure, like for example, an exploit in QuickTime VR... well, what's the impact and urgency on that? Does anyone still use it? What is the real world concern?
And I can almost guarantee you, it will not be as massively scandalous as they're proposing, or that even this MR post is suggesting, once the actual facts are known. Besides which, what makes them think Apple don't know? They presume to know what one of the most secretive companies in the world is or is not aware of?
It's really fun and gets lots of attention when you make a big loud pronouncement against Apple. Apple is this, that or the other. But there are plenty of cases where this is purely attention seeking. Particularly when they make a big announcement in advance of it. If they were truly, genuinely only concerned about security, they would have already submitted them to Apple as they were found, not collecting them into a batch then calling a press conference to get their photos and names online. No. I suspect this is being an attention seeking wh0re, with the actual security content being a side-show.
"Zero day" means there is exploit code out there now. However, it does not mean they are "critical" ones.
Whoever this person is, their list of holes needs to be provided and sorted for impact, urgency and underlying cause. Because if we're talking about a hole in CUPS or PHP or something else, then not only is the blame not with Apple, it isn't even unique to Apple. Yes, it's the world's most popular UNIX, but it's still not the only UNIX. And if it's something obscure, like for example, an exploit in QuickTime VR... well, what's the impact and urgency on that? Does anyone still use it? What is the real world concern?
And I can almost guarantee you, it will not be as massively scandalous as they're proposing, or that even this MR post is suggesting, once the actual facts are known. Besides which, what makes them think Apple don't know? They presume to know what one of the most secretive companies in the world is or is not aware of?
Interesting, Windows 7 with user account control enabled still susceptible to 8 out of 10 viruses.
http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable-8-10-viruses/
The user still had to execute those trojans/viruses. They didn't run on their own.
And if someone is intent on running those then no type of UAC, password prompt, etc. is going to stop them. What this study shows is that UAC only said "are you really sure you want to do this", on two of the occasions. But once you start installing a file most people are just going to continue clicking yes or entering their password.
Really no different than OSX. If you are going to install something then you are also just going to enter your password.
Just goes to show you that the security problem isn't the OS, it's the user.
That article is also from a company selling security software so take it for what it's worth. It's been debated around the web.
This is interesting too.
"However, an attacker could use code injection and exploit several components in Windows 7 that auto-elevate to bypass UAC and get full access to the machine, experts have warned."
It's from this article:
http://news.cnet.com/8301-27080_3-10380749-245.html
I will admit I was wrong about much of how UAC works in Windows 7.
It implies nothing, and you're clearly misunderstanding the meaning of it. It does not imply that he's currently an Apple employee any more than my title of Windows/Virtualization Administrator implies that I work for Microsoft and VMWare. I also am the Linux admin; do I work for them too? If so, who would that be, Canonical? Novell? Red Hat?
Honestly your act here is tired. The moment someone has something significant but not glowing to say about Apple/OS X you deem them disgruntled, bitter, etc. It's ad hominem attack after ad hominem attack.
How many times does the guy have to say he like Apple and OS X for you to knock it off and be a friggin' grown-up about it? We're not critical about Apple because we want them to fail. On the contrary, we want them to improve and succeed, even more so than they already have been.
Quit taking any criticism as if someone is repeatedly kicking your dog. You're being every bit as obnoxious as the rabid Microsoft fanboys on here, just the opposite side of the fence.
Some objectivity would be splendid.
Wow, the antivirus people at Sophos say that you need to run
their product on Windows 7.
I'm surprised.
This just in; the same company will tell you to also run their product on OS X. Linux too, if they sell it.
What an impartial company an AV company is when it comes to security.
Hey check this out:
"Another issue with these default (UAC) settings is that malware could bypass the system by injecting itself into a trusted application and running from there. Indeed, some malware has been observed spoofing UAC-style prompts to obtain user permission to operate unimpeded."
From this article:
http://news.cnet.com/8301-27080_3-10380749-245.html
Are not trusted applications rooted? This is kinda what I was talking about earlier. A hole in a program is a hole in the system (at least in windows).
In reality, if you are sitting at home on a network with a hardware firewall running a software firewall on any reasonably modern operating system with your accounts properly configured as well as your network and your not a complete idiot, your computer is most likely fairly safe regardless of its OS.