security help (Mac Newbie)

[yellow]

altho apple thinks trojans and worms and spywares are "viruses", but you don't agree with that. Glad to know.

Correct.

I guess you also agree, when most users (especially newbie as OP mentioned) talk about security, they mostly, actually follow the definition of virus from "apple", not "you".

I guess you agree that all Microsoft user that have been hit with a "virus" actually follow the definition of "apple", not "me".

As I wrote before, most people's definition of 'virus' is as a catch-all for what actually should be termed 'malware'. When then becomes difficult for people who actually realize that there is a difference when speaking to those that don't. Again, as I've pointed out twice already, Apple's MARKETING machine is pandering to the lowest common denominator. People that don't understand that there is a difference.

Let me make this really easy for you to finally grasp:

Yes, by the classic (correct) definition of an internet 'virus', Mac OS X has been 'virus-free'. There have been no successful, self-propagating, self-replicating, spreadable infections that have moved from Mac to Mac. So, when Apple's MARKETING machines says "Virus Free!", they are technically correct. Of course, Apple's MARKETING machine incorrectly uses proof from Sophos, who DOES understand the difference.

Unfortunately, most people who read this, don't understand that there is a difference between types of malware. And they fall victim to Apple's obfuscation campaign over malware that effects Macs.

II guess you also agree, that the Anti-Virus softwares on the market also follow the general definition of virus from apple, since their anti-"virus" apps actually also anti-"spywares, worms, and trojans".

Would you rather that they sell "Anti-virus", "Anti-Trojan", "Anti-Worm" apps separately? Of course not. They too pander to the lowest common denominator of user's understanding.

How many threads have appeared here with the first post being, "X doesn't do Y, I have a virus!". It happens CONSTANTLY, and yet, it's only been true once.

It seems to me that we have convergent points to make. I just want to dispel some of the mythos surrounding malware, Macs, and "anti-virus". The lowest common denominator needs education.

I also hate it when people refer to it as a MAC.

 

[GimmeSlack12]

The idea is use use a privilege escalation (like MOAB 15) in conjunction with opener.

Oh, thats how it works. Regardless I am not even sure how to get that operating much rather have it infect my computer. As defined this is a "Proof of Concept" idea, and does not prove to be a threat to anyone.

Mac's don't need Anti-Virus software, anyone afraid of moving infected files to a PC should let the PC owner worry about it with their own Anti-Virus software. I know it's kind of a dicked philosophy, but seriously, it isn't my (Mac users) problem. Unless of course the PC is your own .

As for those arguing over the definitions of Viruses, Trojans, and Spyware, why not just refer to it as Malware and move on. I really don't see anyone winning that discussion.

 

[SC68Cal]

Oh, thats how it works. Regardless I am not even sure how to get that operating much rather have it infect my computer. As defined this is a "Proof of Concept" idea, and does not prove to be a threat to anyone.

I don't understand what you mean when you say "I am not even sure how to get that operating much rather have it infect my computer"

Are you suggesting that a hacker sends you an e-mail with MOAB 15 and Opener and kindly asks you to read an instruction manual to assemble these two into a virus, and then run it for him?

Also, you don't get the meaning of a "Proof of Concept" when it comes to an exploit. Just because the "Poof of Concept" doesn't do any damage doesn't mean that it can't be modified in short order to do damage.

 

[clevin]

Yes, by the classic (correct) definition of an internet 'virus', Mac OS X has been 'virus-free'. There have been no successful, self-propagating, self-replicating, spreadable infections that have moved from Mac to Mac. So, when Apple's MARKETING machines says "Virus Free!", they are technically correct. Of course, Apple's MARKETING machine incorrectly uses proof from Sophos, who DOES understand the difference.

Unfortunately, most people who read this, don't understand that there is a difference between types of malware. And they fall victim to Apple's obfuscation campaign over malware that effects Macs.

how nice, seems like apple always take both ways,

on one side, use the number of 114000 to scare people, ignore the fact that more than 70% of that number is malware, probably another 20~30% are trojans and worms. just called them all "viruses".

on the other hand, use a different definition, say "mac is virus free"

technically right? LMAO, these type of cheap tricks eventually only hurt users, rather than help them, what is exactly the position of users value in some people's mind?

if you already know apple is making a cheap low level campaign and most users got deceived, how about thinking for them in a practical way. Tell them they still need to be cautious of attacks, tell them be careful about the security updates, tell them get some sort of AV (they include A-Trojan, A-worm, A-spy) installed. rather than making technical defense for apple and tell users don't worry about "virus" (which, they probably already being confused by apple into thinking there is no other threats, since all trojans worms, spywares etc are "viruses)".

and for expert, if we exclude trojans, worms, spywares, adwares, malwares, how many viruses exactly does windows XP have now (unpatched), and how about vista? such an interesting question, too bad nobody discuss it.

 

[GimmeSlack12]

Are you suggesting that a hacker sends you an e-mail with MOAB 15 and Opener and kindly asks you to read an instruction manual to assemble these two into a virus, and then run it for him?

It is actually, which probably means I don't really get it. Or does it have to be an inside job? Explain.

Also, you don't get the meaning of a "Proof of Concept" when it comes to an exploit. Just because the "Poof of Concept" doesn't do any damage doesn't mean that it can't be modified in short order to do damage.

I think the idea that a Concept can be modified makes perfect sense to me. Perhaps the fact that it hasn't been is what led to me saying it poses no threat.

Are you saying that Macs do require extra security measures? And if so, what do you recommend?

 

[SC68Cal]

It is actually, which probably means I don't really get it. Or does it have to be an inside job? Explain.

If you feel up to it, I can show you code, as well as a link to a detailed guide to writing an exploit for OS X.

http://www.seanmcollins.com/blog/?p=16

That goes through what MOAB 15 does. If you want to know more, follow the link to Rixstep's series, "The Hacker's Handbook"

I think the idea that a Concept can be modified makes perfect sense to me. Perhaps the fact that it hasn't been is what led to me saying it poses no threat.

The problem is that we cannot know for sure that nobody has rewritten the proof of concept and used it. Clearly, it hasn't been used in mass attacks since OS X only is about 7 percent of the market tops, but if someone knew a company was an OS X centric platform, they could use a weaponized version in a targeted attack.

Are you saying that Macs do require extra security measures? And if so, what do you recommend?

The first thing that needs to change is the attitude. Yes, we're millions of times better off than the Windows platform because of the UNIX heritage that we possess. But no system is invulnerable. We also cannot attack security researchers who attempt to tell us about problems with out system, and then have Apple PR and Daring Fireball attempt to deep six them.

Then we need to tell Apple to stop playing around with UNIX. The problem is that Apple has a tendency to do things that override the UNIX security. Like Disk Utility. Repairing permissions is a dangerous, dangerous, dangerous thing. That's how MOAB 15 works. It uses Disk Utility to gain root access.

They also need to pick up the pace when it comes to including updates to open source packages that they use. The safari vulnerabilities on the iPhone and OS X are because Apple is using an outdated library that was fixed over a year ago. Same thing with their SMB (Windows file sharing). They stayed on an old version for over a year, and the problem was that the version that they had stuck to while everyone else updated had a serious flaw that could lead to a exploit.

 

[clevin]

They also need to pick up the pace when it comes to including updates to open source packages that they use. The safari vulnerabilities on the iPhone and OS X are because Apple is using an outdated library that was fixed over a year ago. Same thing with their SMB (Windows file sharing). They stayed on an old version for over a year, and the problem was that the version that they had stuck to while everyone else updated had a serious flaw that could lead to a exploit.

is there no copyright issue involved? can apple sell it for profit with these codes?

 

[SC68Cal]

is there no copyright issue involved?

I don't think there is. They have outdated versions already in the OS, so I don't think that's an issue, barring any radical license changes with the projects since.

can apple sell it for profit with these codes?

GPL doesn't bar you from selling for profit. GPL only says that you have to provide a written statement that the source code can be given upon request.

Apple's difficulty with open source software and versioning has more to do with what Apple has to do to make it work on their platform. I talked a little about it when the iPhone security stuff came to light.

http://www.seanmcollins.com/blog/?p=10