Nope - half that - 5.02%. Windows 7 alone has twice as many users as all Apple OSX users (over 12% yesterday for Windows 7).
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
Nope - half that - 5.02%. Windows 7 alone has twice as many users as all Apple OSX users (over 12% yesterday for Windows 7).
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8
Wow, Aiden, you're getting even more perverse. Why don't you acknowledge that marketshare is now reporting skewed statistics? If they simply reported raw statistics as they did a year ago, Apple would have an 11% share. But, that was before the big infusion of money from M$.
Aiden, why don't you just say, you would fall to your knees if you saw Bill Gates, or even Steve Balmer. Well, probably for anybody.
I am so right, anybody, click the link that Aiden gave us, and you'll see a wonderful ad for M$ SharePoint. Love being right about marketshare and Aiden, oops.
They're reporting the percentage of users in the field - their "marketshare" is not a sales percentage, it's a percentage of the users actually hitting web sites. (Even the "sales percentages" that are quoted elsewhere are often skewed - since B&M, direct and net sales are not reported equally.)
In the context of this thread, the *fact* that they show that 5% of computer users are running Apple OSX is significant. For hackers, Apple OSX isn't 10% of the users - it's just barely over 5%.
But wsite hits r also biasd n not fair stats wise. It al depnds on da targt mrkt being recordd. I culd tak a survey of linux ppl and culd deduce dat 99% of comp user r linux! ^_^
I'd say a whole lotta folks bought the wrong computer.
In other news: there are more cockroaches than humans.
I am asking these as legitimate questions because you seem to be able to provide information that I can follow to learn more:
1. Is Miller dealing with true exploits or vulnerabilities by your definition?
2. What sort of damage can be done with a remote shell if you can't gain root?
3. What conditions are required to use a remote shell across a network? Across the internet?
4. Can you open a remote shell then use the ARDagent exploit to gain root in 10.6? In 10.5? If so, is this what Miller is doing?
I believe the ARDagent exploit has already been patched.
This question relates to this article.
http://www.h-online.com/security/news/item/Root-exploit-for-Mac-OS-X-736263.html
5. Are remote shell attacks as defined in previous questions more work per target then exploiting systems via viruses, trojans, and worms? If so, is it easier (in terms of amount of work per target) and more productive ($) to attack Windows over Mac OS X.
If it is easier to exploit Windows (albiet via viruses, trojans, and malware), doesn't that make security in relation to viruses, trojans, and worms more relevant in terms of real world measures of security given that hacking is now about money/organized crime and not about glory/geekery.
6. Why are few ports open by default in Mac OSX without the firewall enabled? (this is off topic but I want to understand)
I wouldn't mind knowing how many of those Mac OSX machines are hackintoshes. And the piracy issue is a MEH point IMHO. I don't think Apple even thinks of tracking how many copies of Mac OS X are pirated.
Don't mean to chime in here, but you have had an anti-Apple stance for the few years I've been reading (and the past year I've been directly participating) in the MacRumors forums. I must admit you're very good at it, if anyone tries to call you out on it you twist your view around enough to convince others that you're impartial. Overall you tend to argue with a Windows OS bias, which is fine, I like Windows 7. In fact it is a big step up from the previous Windows OS's. However, you do tend to bait people on an Apple fan based site into defending why they like Apple products. In truth, I find it rather smug (no offense). While the other extreme with some users is just as smug, understand that they are on an Apple fan site and may be sick of being backed into corners by some people for having a preference for Apple products. Their anger may be exacerbated by the baiting. To be fair.
Otherwise, I welcome your comments, they certainly keep me (and others) on their toes.
I think the real issue is one that lots other impartial users have been finding. I can go onto the video forums and defend FCP, or the photo forums and defend Aperture, but I head over to the iPhone forum and say something negative about the iPhone and get flamed.
Aiden Shaw's been spewing out more viable information with every post he makes for years and at times has been corrected. The bigger issue I see is that there doesn't seem to be much room for REAL impartiality on the forums.
It's nothing to do with userbase
Thats an excuse.
There are more than enough mac users to try and create a virus
Thats an excuse.
There are more than enough mac users to try and create a virus
He didn't say, but its a safe bet they are vulnerabilities -- not exploits. Why? Because writing each exploit can be pretty time consuming.
You can modify or delete any files owned by that user. Example, if you compromise a web server and trick it into giving you a remote shell, that shell will be running as the web server user, so you can't modify most system settings (in /etc) but you might be able to delete or modify the website (in /var/www).
You could also tie up resources (aka denial of service) by running an obnoxious number of programs or writing a bunch of really large files to disk.
You probably wouldn't be able to modify or delete any files owned by other users, but you would probably be able to read them.
On my Mac, the umask is 0022:
/Users/mehaase $ umask
0022
This means that by default, all files I create when using my account will be readable (but not writeable) by any other user on my computer.
Umm. None really. This is not my area of expertise, but I believe that the remote shell connects from the target computer back to the attacker. In that case, most firewalls are going to let that type of traffic pass through.
I found a wiki article that covers it in more detail: http://en.wikipedia.org/wiki/Shellcode#Remote_shellcode
I'm not familiar with that exploit, but based on the link you posted, it sure looks like you could escalate privileges using this attack.
As a side note, I should point out that a lot of security researches now are focusing on these multi-staged attacks. One vulnerability or another in isolation have low risk, but if combined could turn into a very high risk.
"Remote shell" isn't an attack by itself. The attack consists of finding a way to trick an application into executing some code that you provide. That code can do pretty much anything that any normal program can do. It could make the computer beep, or create a new file, etc. But the most useful thing for an attacker is to create a new shell. That's why it's called "shellcode" -- because that's the most common purpose.
You can mix and match shellcodes with different exploits. So if you have written one good remote shellcode, you can reuse it with multiple exploits. You can also write several different shellcodes (local, remote, secure remote, etc.) and use them like a swiss army knife -- pull out the one that's most useful for each particular job. This is exactly what Metasploit is for.
The last part of your question is opinion based. So, disclaimer, OPINION:
I think its easier right now to exploit Mac OS X.
This isn't based on personal experience, though. I'm neither a vulnerability researcher nor a criminal -- just a computer security geek who likes to read along. But from what I've read of people who are vulnerability researchers, Vista and Win7 both really upped the ante and have taken the anti-exploit technology further along than Apple has done in Mac OS X.
But as you point out, cyber attacks are really based on money. I can't pretend to know what their motivations are, but so far it seems the vast majority of attacks are still directed at Windows users. Although Mac users are obviously a small percentage of all users, they are also typically wealthier individuals. If I was a criminal or terrorist I think I'd want to focus on that demographic.
On the other hand, Macs are rarely found in the type of high-value target environments that criminals or foreign governments would be interested in: financial businesses, US government, medical institutions all run predominantly Windows on the desktop and Windows or Linux on the servers.
I don't know what Mac OS's default is. My guess is that a few ports are opened up automatically to enable some of the magic services Mac OS X uses, like bonjour/rendezvous, which requires hosts to be able to discover each other on the network.
Hopefully everything else is closed. But those open ports do create attack surface area.
It's nothing to do with userbase
Thats an excuse.
There are more than enough mac users to try and create a virus
You're simply wrong. Why have 5-10% of the pie when you van have 85-90% of it.
What's wrong with aiming for the whole pie?
Exactly, and don't forget about the clout you'd have for making the Apple Community eat crow.
Even the lamest virus/hack would be enough to bring the Apple world to it's knees . . . that is . . . if one could actually hack a Mac without any user intervention.
What's wrong with aiming for the whole pie?
Resources. Most developers in that realm have extensive knowledge of PC's.
Aren't Macs nowadays pretty much PCs anyways?
P.S. You call malware writers developers? Ugh!
Oh don't be so modest. Thanks to its powerful filesystem attributes, Windows can proudly claim much closer to 100% of the world's pwnage.
Why call it Windows though? Wouldn't "Backdoor" have been more appropriate moniker?
Aren't Macs nowadays pretty much PCs anyways?
P.S. You call malware writers developers? Ugh!
Sure, I would. When a piece of software can so handily decimate a machine with it's crap I would definitely give that person creating it the title of developer.
According to the contest rules, the attacker must prove remote code execution. Remote code execution is clearly an exploit.
http://en.wikipedia.org/wiki/Vulnerability_(computer_science)
"A vulnerability with one or more known instances of working and fully-implemented attacks is classified as an exploit."
http://en.wikipedia.org/wiki/Exploit_(computer_science)
"An exploit ... is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerised)."
See my earlier post, with links to contest rules, and quotes that hilite what is necessary to win.
https://forums.macrumors.com/showthread.php?p=9472933&#post9472933
The 2008 rules clearly state that the remote attacker must obtain a designated file from a specific location on the compromised machine in order to prove that remote code execution occurred. This requires transmitting the contents of the file to the attacker's computer. It establishes the minimum required task to be performed by the exploit in order to win the contest.
The 2008 rules are cited in the 2009 rules as the basis for the 2009 contest. The 2010 rules cite the 2009 rules. I see no reason to think that the requirements for winning the 2010 contest are any different.
For example, if an attacker caused remote code execution that printed "Ha ha" to the system console, this would demonstrate remote code execution. However, under the contest rules, this would not be enough to win the contest, since it didn't meet the minimum requirement of obtaining the designated file and transferring it to the attacker's computer.
How critical was the file. Specifically, if the attacker did not have root, was it writeable or read only. I know that unauthorized remote access to any file is not a good thing but there are levels of "bad" in relation to the type. This is relevant to all OSes.
The ARDagent exploit was patched for 10.4 and 10.5. It was never an issue for 10.6 AFAIK. Is there another unknown root escalation exploit that hasn't been patched. I think if someone in the security field found one they would take the acknowledgement for doing so. If bad guys had one you would think they would use it because why not.
Windows 7 still seems to be having problems with preventing root escalation as indicated by security issues released to the media despite being more difficult to "hack" yet these issues hardly get much attention when compared to security issues released for OSX.
Root escalation is meaningfully because it allows for the installation of viruses that decrease the amount of work per target to gain from your exploit; therefore, making OSes with root escalation issues more "critically" less secure eventhough maybe not less secure in general. An exploit with virus install vs an exploit without virus install.
Aren't Macs nowadays pretty much PCs anyways?
Hardware wise yes. Software wise only an idiot would say that.
Why do you think any of that matters? That's not a rhetorical question.
If the contestant attacker can demonstrate remote code execution that obtains a designated file, then surely the contestant can obtain any other accessible file with relative ease. When one has the source code for an exploit, changing the pathname of the desired file is a very small matter of programming.
You don't seem to understand why the contest requires winners to obtain a specific file. Here are two salient facts: 1) thousands of dollars worth of cash and equipment is at stake, 2) neither the judges nor their computers are keeping any logs (tip: read and understand the contest rules). Write a brief but cogent security analysis that explains why a specific file is required.
I already know the reason, so you write your security analysis and I'll write mine. Post the descriptions here and we'll see who's right.
If there were such a vulnerability, it would (by definition) have to be unknown at this point, wouldn't it?
If it were known but undisclosed, then who except the discoverer would know? And how would anyone except the discoverer be able to prove or disprove its existence?
If it were known but disclosed to the vendor, it would be disqualified under the contest rules. Whether the vendor had patched it or not is irrelevant to the contest.
It's not necessary to have root privileges in order to install viruses, bots, etc. Read 'man launchd' and TN2083 to see how per-user agents can be automatically launched on incoming connection requests:
http://developer.apple.com/mac/library/technotes/tn2005/tn2083.html
I am not talking about the contest rules. I am interested in real world threats.
So, if you remove a read only file from Mac OS X that is protected by the OS's permission architecture, what can the attacker who receives it do with it? Can they move it into their system and then access its content in a meaningful way? Provide an example of a real world damage causing (system damage or $) from accessing a read only or any other file in Mac OS X.
I can't really write a report about this topic because I don't know much about it. I am not going to spend the time.
I do think there is a lot of sophistry going on in this thread and to entertain myself I am going keep prompting responses until I get a satisfactory answer.
Give an example of a virus that was a real threat that didn't require root even for windows? That is much of the point of UAC in Windows 7.
"Is there another unknown root escalation exploit that hasn't been patched."
This was rhetorical. The expected response was "We will have to wait until after PWN2OWN." I wonder why I would say something that would quiesce this thread?
I agree with you, but what does that have to do with my post? I was talking about the thread topic, which is about Charlie Miller's planned presentation at CanSecWest.
The original topic of this thread wasn't about pwn2own; maybe you were talking about that with somebody else, but that's not what I was talking about.
Anyway, from the original linked article, "Miller discovered the new vulnerabilities by fuzzing..."
I think that puts it to rest. Miller has 20 vulnerabilities, not 20 working exploits. And he's not revealing the vulnerabilities at CanSecWest either. He's just giving a presentation about how he used fuzzing as a technique to find them.
Given his past success in pwn2own, I assume he has brought at least one exploit with him in order to win. But I will wager a million bucks that he didn't write exploits for each of the 20 vulnerabilities mentioned in that article.
Takers?
More fuel for the fire:
And:
You're not trying to pwn me are you??? Have you ever heard the saying about the cobbler's kids not having shoes? That's me, I'm afraid. I use Safari on OSX with no special settings. This isn't the most secure combination, by any stretch of the imagination, but I like it. It's designed by Apple engineers to be easy to use and 'just work' and it does. The risk of malware is low, and hey, I'm a security expert right
Get serious. At the very least, any successful exploit grants the intruder all the same privileges that the current Safari user has. This is obvious... both in the real-world and as per the contest rules.
Let's see... do these files contain any credit card info? PIN numbers? mother's maiden name? or password hashes perhaps? You don't mind if someone can read your personal files?
And what's with all the "read-only" characterizations? Where did you get that from? Once again, the intruder gets the same rights as you (rwx or whatever it may be on any given item).
Some of your questions are embarrassingly naive though (especially considering earlier claims about "crossover cables" which accompanied your entrance into this thread).
Anyway... today is the 24th, so much of this will be academic soon.
-
But how is separating those two useful? The Pwn2Own contest is held at the CanSecWest event... and the contest is what proves (or fails to prove) anything he might "present" in some verbal lecture.