Macs May No Longer Be Immune to Viruses 391
Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"
Heh. (Score:5, Interesting)
Re:Heh. (Score:5, Informative)
Most, if not all, of these just amount to DoS attacks and it's not actually possible to get them to run arbitrary executable code. But now days any kind of reproducible crash is incorrectly regarded as a massively massive security issue. It's people like Tom Ferris that make real computer security jobs into a joke.
Re:Heh. (Score:3, Interesting)
Yeah but don't worry - did MSNBC just report that Macs were gaining market share? Whoops.
Re:Heh. (Score:3, Funny)
while (generating_crappy_systems())
{
- char* company = pick_yet_another_company();
// with generating_crappy_systems();
}int percentrisk = assess_risk_from(company);
int percentgrowthrate = assess_growth_of(company);
if (percentrisk > 10 || percentgrowthrate > 10) launch_FUD_against(company);
continue;
Re:Heh. (Score:3, Informative)
MSNBC is a member of the Associated Press [ap.org]. They're probably hoping that the FUD will spread via other news agencies picking up the story from AP feeds. Since it's Monday morning, I'm sure at least one groggy editor has picked it up. From the looks of a Google News Search [google.com], MSNBC actually picked the story up from April 24 (The San Jose Mercury News and the Daily Breeze).
Immune? (Score:4, Insightful)
Re:Immune? (Score:5, Interesting)
And the fact that Macs never had Outlook, the PC version of Internet Explorer, Active X, ports and services open all over the place, or piss poor priveledge seperation. That is why Macs don't have viruses (Linux as well, for that matter), not because of market share.
Re:Immune? (Score:5, Insightful)
Burglars break in houses with the most vulnerable alarm system, not because of the popularity of the alarm system.
Re: (Score:3, Insightful)
Re:Immune? (Score:3, Interesting)
Virus writers, malware and adware writers are not that different from burglars.
Nobody claims Mac OS X or Linux to be super secure. Especially not Apple or any engineer for that matter. Hence the number of security updates. But the process is very transparent for everybody, user, engineer, hacker or cracker.
Of course social engineering works regardles of platform.
I agree that the number of infections has to do with the popularity of the platform.
But the speed and the ease of infection has to
Re:Immune? (Score:3)
[Glances at article title]
Riiiiiight. No-one would ever dream of suggesting that Macs were previously "immune to viruses". :-)
Re:Immune? (Score:5, Informative)
You make several good points, and it is clear a lot of people who are not in the security field overestimate the security of an OS X system. It is somewhere on par with the average Linux workstation, which is to say people out there can hack it if they are targeting you specifically. Worms might, but probably won't be an issue for an average user. Notifications and restrictions on users are middle of the road for security versus ease of use. I think, however, you are slightly incorrect on several points and are basing your opinion on several incorrect facts.
If you write a virus, you most certainly DO aim it at the most popular platform amongst those it has to contact to spread, especially if all the other platforms combined don't even reach 10% of the market, unless there are serious mitigating circumstances.
This is true in some cases, but not all. A good number of worm authors are for-profit these days they want to make money. Windows is the biggest market segment and the easiest target. It is not, however, necessarily the most profitable. Half the Windows machines out there are sitting in a business office and have no data easily exploitable for profit. Another 25% or so are home machines owned by people in the third world who have pirated the copy and don't even have credit cards.
Mac users, on the other hand, are people who shelled out big bucks for a high-end machine. Some Windows users are too, but by no means a large percentage of them. What percentage of Macs do you suppose have valuable, credit card and personal info for someone with a high credit rating?
Macs are not so rare that dumping one on Comcast's network would not net you a pile of machines. Further a cross-platform virus that hit both macs and Windows machines would solve the propagation issues. No, the reason worms don't hit Macs is not propagation or lack of a target. Nor is it lack of motivation. While many worm authors are working for profit, a large number are also just showing off and being malicious for its own sake. A lot of them would love to take "those mac users" down a peg.
The reasons we don't have mac worms spreading are:
And the truth is that Darwin's lack of fine grained security means it has a limit to how secure it'll ever be.
It is true that OS X has not implemented jails or Man
Re:Immune? (Score:3, Insightful)
A 'commercial' worm author doesn't give a shit about what you have on your PC, how much money the PC's owners have. Generally, all it cares about is that your PC is connected to the internet and that it can use the connection to send spam. That's it. They aren't trying to steal your secret family recipes or wedding photos.
I'm afraid you're woefully out of date. Worms can and do harvest CC numbers and other personal info and that trend is increasing. You can buy "identities" right now on underground Web s
So "security" doesn't exist? (Score:3, Insightful)
So ... if I drive a Honda Accord, then there is nothing I can do to prevent it from being stolen by any kid who wants to take it?
Fascinating.
So ... if there were more Macs than Windows boxes ... the Macs would have a higher percentage of in
Re:Car thieves steal Accords because they are comm (Score:3, Insightful)
So. Not Accords. But get the picture? Nine year old Civics? The most common cars stolen are those which are owned by people living in the neighborhoods where thieves operate.
What really matters is no the most common car stolen but the car with the highest rate of theft. And for that, the top
Re:Immune? (Score:2, Insightful)
Re:Immune? (Score:5, Insightful)
There aren't any. That fact alone would be a challenge to a malicious hacker. The first successful writer of Mac viruses would earn enormous respect.
And it hasn't happened. Either the virus writers are idiots, or it can't be done.
This story is FUD based on the evidence. The article is spreading -- the article is the true virus. Microsoft and its little family of corps are at it again.
Switch to Intel (Score:5, Interesting)
Maybe we'll be seeing x86 and PPC virus fat binaries?
Re:Switch to Intel (Score:3, Interesting)
The ability to run Mac OS X in virtual machine lowers the barriers to entry to test exploit code from $2000 to (effectively if you allready own a PC) $0.
The intel transition makes it cheaper & easier for crackers, phishers, etc to develop for OS X. (As well as making assembly easier to port).
Its about making it easier to port exploits rather then having fat binary viruses.
Re:Switch to Intel (Score:5, Interesting)
The Harvard architecture that the PowerPC uses is inherently more secure than x86. A remote exploit on running code has a very low chance of working on the PPC, but nearly a 100% chance on the x86 (which is why all these IE exploits work all the time). When they fail to execute code, the PPC application just crashes. I'd think if someone went to a place that causes their browser to crash 10 times in a row, they'd stop trying to go there.
Then again, Apple has taken massive steps on the x86 side to prevent these kinds of attacks. Such as enforcing the NX/XD bit and enforcing a non-executable stack. The former goes a long way, it was even able to prevent the WMF exploit from working on Windows, if it was available in hardware. Luckily, all ICBMs ship with the hardware support.
Comment removed (Score:4, Insightful)
Re:Switch to Intel (Score:3, Funny)
Yet somehow, MySpace still has visitors...
Re:Switch to Intel (Score:3, Informative)
"The term Harvard architecture originally referred to computer architectures that used physically separate storage and signal pathways for their instructions and data (in contrast to the von Neumann architecture)."
"Modern high performance CPU chip designs incorporate aspects of both Harvard and von Neumann architecture."
(my emphasis added)
Googling for "Harvard architecture" PowerPC [google.com] also seems to suggest that PowerPC chips may use some aspect of the Harvard architec
Re:Switch to Intel (Score:3, Insightful)
Re:Switch to Intel (Score:2)
Let me tell you how: most hackers and virus writers just don't buy Macs. Many of them have machines enough to run games and their favorite Linux distribution and many of them don't have the money to pay for shiny overpriced (in their view) boxes with eye candy OS...
What happens now, however? OSX runs on Intel, it was leaked on the Internet, the naturally curious hakcers install i
Re:Switch to Intel (Score:2)
That's true of the viruses today. But it might not be far off where a virus attacks a particular chipset. I remember when I first heard of DRM in bios in the future being able to access the internet, I thought of the possibility of a virus attacking the bios. Guess we'll need norton antivirus 2007 for Phoenix.
Re:Switch to Intel (Score:2)
Re:Switch to Intel (Score:2)
The trend in viruses is to exploit the latest weakness. It might be difficult to do (programming assembly sucks), but I think it's theoretically possible
Re:Switch to Intel (Score:4, Informative)
Re:Switch to Intel (Score:3, Insightful)
How does everybody figure this? As a results-oriented person, I have to say Apple's track record is better than Microsoft's at the moment.
Re:Switch to Intel (Score:2)
Re:Switch to Intel (Score:3, Informative)
So, like an IE hole hitting you no matter if you use IE or not, a WebKit hole can be opened from a lot of places. On the other hand, patches generally get ro
Re:Switch to Intel (Score:3, Insightful)
Re:Switch to Intel (Score:3, Insightful)
Re:Switch to Intel (Score:5, Informative)
Well, this gets my vote for "Most Uninformed Statement of the Year".
Every OS is buggy. Every OS is vunerable. Windows has a dominating market share, so Windows is targeted. UNIX systems, Linux systems, OSX systems, Windows systems - all have been hacked, cracked, broken, virused up, exploited, and brought to its knees.
I'm a happy OSX home user and Windows programmer (work). I don't like Windows as much as OSX, but I've never seen such uninformed, sheep-like MS hating. It's really a shame.
Article is a troll (Score:4, Informative)
Re:Article is a troll (Score:2, Insightful)
I don't think you've thought this through.
1) Consider how long it took for the hacking community to make OS X to run in a virtual machine on an Intel Box.
2) Now consider how long it took for the hacking community to make windows run on a macbook.
Which one of these tasks was harder (I would say the first, as Apple was actively hindering this activity, but 'n
Re:Article is a troll (Score:5, Interesting)
I suppose you haven't actually checked the Apple Store the last few years. The barrier of entry has been around $500-600 the last few years. Unless haxors absolutely need l33t 15" Powerbooks instead of a mac mini.
And on that point, wouldn't some haxors love to also be one of the few to make a sucessful virus/trojan/etc OS X or Linux (where's the barrier of entry here?) instead of one of the few thousand for Windows? I thought prestige was some sort of motivation. Pff.
Re:Article is a troll (Score:2, Insightful)
Re:Article is a troll (Score:3, Insightful)
Good point - you're quite right. But, while virus writing has become a multi-million dollar industry recently, many of the people writing exploits are not the ones directly making money off them.
To these people, lowering the barrier to entry from $500 to $0 will make a tremendous difference.
And on
Re:Article is a troll (Score:2)
1) Consider how long it took for the hacking community to make OS X to run in a virtual machine on an Intel Box.
2) Now consider how long it took for the hacking community to make windows run on a macbook.
Which one of these tasks was harder (I would say the first, as Apple was actively hindering this activity, but 'not precluding' the second).
People in glass houses....
Which one of these tasks is harder:
1) For the hacking community to make OS X to ru
Re:Article is a troll (Score:4, Informative)
After all, if you've been writing windows exploits for x number of years in x86 assembly, which will be easier:
a) Writing OSX exploits in x86 assembly
b) Writing OSX exploits in PPC assembly
Of course I'd still be surprised if OSX had anywhere near as many security flaws as Windows, but it only takes one...
Re:Article is a troll (Score:2)
I'm thinking it would take two flaws...
1) The flaw you want to exploit.
2) A flaw in the OS to allow exploit #1's installation without throwing up the "Enter your administrator password" dialog so the user isn't tipped off something bad is happening.
This is a big barrier--not impossible, but a big one to get past. The Apple "limited-Administrator" model is vastly preferable to the "Everybo
Re:Article is a troll (Score:2)
It helps of 99% of the hackers out there run on a compatible chipset though.
Re:Article is a troll (Score:5, Insightful)
No, the article points out what I thought was obvious.
To write a worm/virus you actually need to know how to assemble on the target architecture for at least two reasons:
1 - The first thing you do before attempting to exploit a crash is to debug it, now how do you debug on an architecture which you don't know? Trying to debug low level code (remember it's precompiled binaries we're talking about here, not scripts) without knowing how to assemble on the target architecture is like running the marathon without a leg.
2 - If you find a way to inject code you'll need, well... code to inject..., and this code has to be written in the lowest possible level so that you can interrupt to system calls without depending on operating system libraries and avoid specific opcode patterns that would have a meaning to the high level application and prevent your injected code from running as expected.
Taking in account that every geek in the universe knows x86 assembly, if you think for a while you'll realize that the architecture switch makes OSX much easier to debug for the majority of people, and inherently much easier to exploit.
Leap of Faith (Score:5, Informative)
Re:Leap of Faith (Score:3, Informative)
Something will rip through OSX. It may not harm much, but the news to a lot of users is that it could happen at all.
The real shocker will be when most Linux users get some nasty virus. It won't have to damage much.
Simply put, viruses happen. That's life. Don't protect yourself, it's like sex without a condom. It's not that its usually unsafe, it's just that the one time it gets you, you end up with some terrible disease (and, if any future girlfriends read this, I'd just like to note that thi
Re:Leap of Faith (Score:5, Informative)
Something will rip through OSX.
Something may well do so one day. This wasn't it though. This article was nothing more than hype about a three month old worm that failed to infect more than a few machines and doing little damage once it did. The worm used as an example had nothing to do with the architecture change purported to be trhe reason for the exploit. The whole thing was a puff-piece of self promotion by Tom Ferris, nothing more.
If you want to hear about damage done in *ix, ask someone about sendmail or NFS exploits, or httpd, or telnet, or xdmcp.)
I'm old enough to remember them. I'll start to be concerned about my Linux installs when there's an actual exploit that's happened less than a decade ago.
Again, a total non-story (Score:3, Insightful)
This MSNBC(!) story contains no facts whatsoever. No piece of significant OS X malware has been discovered so far, and I believe it's highly likely that there won't be any in the immediate future. WTF does the Intel switch have to do with that?
re: Why? One good reason.... (Score:3, Interesting)
I, for one, am happy when Slashdot finds these stories with ridiculous claims or patently false information and brings them to our collective attention. Otherwise, as an I.T. professional, it can become really frustrating when a client drags one of them out as ammunition to back up a potentially bad business decision. If you're previously unaware of such an article and it suddenly gets thrown i
Re:Steve Jobs farted? (Score:2)
No point: Steve's farts don't stink.
X86 myth - tool chain aspects (Score:2, Informative)
The funny part is what x86 would have to do with it? The x86 ABI of Mac OS X (which is SYSV like) preclude the usage of ordinary Windows tools, and getting a OSX/x86 targeting toolchain based on GCC is (slightly) harder than getting a PPC one has been.
Sensasionalist piece. Hanging is too good for them
Forbidden Fruit (Score:3, Insightful)
Viruses for all different operating systems exist.
There are holes and exploits for practically everything known to man.
Now, if I walk into the dodgiest parts of town (with my turtle neck sweater on) and ask the shady guy at the street corner for a forbidden secret preview of the next big thing do you really think I will survive with the same number (and size) orifices as I started with?
Once you leave the beaten track, you cannot be sure what lurks in the shadows.
How about the virus name? (Score:2, Informative)
Re:How about the virus name? (Score:2)
This incident happened in Feburary, when the guy got tricked into downloading something by thinking it was "Leopard" screenshots, and wound up with the trojan. All the trojan did was ask for a password to run some script in Terminal. Then a couple of other people downloaded it to work on it and rip it apart. This was on Apple Insider forums I think.
Basically, it's a 10-week-old non-story that's confused in its technical details
Manage user expectations (Score:2)
If your running OS X then I'd say your risk is just that bit lower, its a less flawed OS. My last check showed 4 viruses aimed at OS X; (Symantec) OSX.Leap.A; OSX.Inqtana.A; OSX.Inqtana.B; MacOS.MW2004.Trojan; Which is a few orders of
mixed article (Score:5, Insightful)
The article was mixed in accuracy. Many Mac users believe themselves to be invulnerable - the truth is they are currently
Nothing in IT or anywhere else is 100%. Currently OS X is more secure in many areas than its competitors. To maintain or improve on this, constant vigilence and innovation are required by Apple, ISVs and most importantly users.
cha-ching (Score:4, Insightful)
I'm in denial about invisible pink unicorns too. Put up or shut-up.
Which will come first? (Score:5, Funny)
or
The Year of The OS X Viruses
Inquiring minds want to know.
Re:Which will come first? (Score:2)
or
The Year of The OS X Viruses
For me and millions of other Windows users who're on the edge of their patience, it's:
The Year Vista Didn't Come Out *Again*
MSNBCFUD (Score:2)
I mean with Vista being such a slam-dunk, why would they need to engage in FUD?
Granted - Apple has warnings of running windows on their boot-camp page and what fun awaits the end user so the reported denial is obviously massive from Cuppertino and that would create a massive pile of denial from the Apple-user community no doubt.
God bless the press for keeping everyone info
In other news, Chicken Little still is (Score:2)
I know as well as anybody the Mac OS was never immune from viruses, that's impossible.
But how many times do I have to read articles where the alarmists are warning us that the big one is finally coming and we're all going to die horrible deaths.
Yeah, I expect a virus or three may come one day. But Windows and it's users has survived thousands without the apocolypse on a world-wide. Hell, many of my friends run windows without anti-virus and mostly don't have infections (can't
Countdown ... (Score:2, Insightful)
Re:Countdown ... (Score:2, Funny)
New viruses? Maybe (Score:2)
Experts eh? (Score:5, Interesting)
Typos... (Score:2)
Shenannigans! (Score:2)
Pfft.
The Tech Punditocracy has been banging the drum on Mac OS X's insecurity pretty heavy these past few months. I'm beginning to believe it's just a scam to sell AV software to gullible IT managers, and to protect windows
This is a no brainer (Score:2)
Can you say "FUD"? (Score:2)
Uh, yeah. Sure. Two guys get hit by something, the articles are not even clear about exactly what, and it's, "Oh noes! The sky is falling!"
Yeah, viruses are really catching up to the Mac. One down (maybe), a few tens of thousands more to go to catch up to the quantity available for Windows. Look at all the crap you need to do properly secure an XP box. [comcast.net] Even if this alleged Mac virus is the real thing, you can stay s
Does the Author own Symantec stock? (Score:2)
Anti-virus company campaign propaganda (Score:5, Interesting)
Seriously, it's way too easy to have a go at this MSNBC BS. What is more worthy to note is the frequency and desperation with which these articles keep appearing, claiming sleeping beauty mac-users are in imminent danger if they continue to refuse to take part in the virus paranoia of the Windows world.
I have been using W2K with no anti-virus software for years with no side effects. Sadly and with amusement do I follow the antics of my fellow XP users with their shiny anti-virus crapware popping up redundant warnings and notifications and slowing the machine to a crawl. And to top the irony they have to turn off anti-virus whenever they install anything or run certain software. And when you go to your workplace or school the machines there have been made almost entirely useless by over zealous protection software.
Having a go at Macs for security is either stupidity or plain propaganda. Security doesn't come from anti-virus programs. It comes from the underlying architecture of the OS and the third-party software having to comply with the security principles of the underlying architecture. Anti-virus software only protects the computer against clueless users and thus it can be claimed that any computer/OS architecture requires some.
And as for the age old user base threshold argument I'm still waiting. OSX has been for some time the most common UNIX based OS. It is remarkable how little vulnerabilities have been found considering the amount of software and services running on OSX by default. Thus, comparatively, statements involving OSX and poor security continue to be plain ludicrous.
As for me I'll merrily continue running my apparently 'immune' W2K box (behind two tailor made firewalls) and wave my greetings and encouragement to my fellow mac users.
Macs can get viruses? (Score:5, Funny)
well duh! (Score:3, Interesting)
people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.)
ignorance is the problem. education is the solution. it may be easier to avoid getting worms and viruses in linux than windows but educating a user might be able to avoid the same with windows as well.
Re:well duh! (Score:3, Insightful)
people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.) ignorance is the problem. education is the solution.
I agree with you, but I think most of the ignorance is in the other direction. Talking to the average Windows user, most assume
well oh well (Score:3, Interesting)
Apart from all the other "usual crap", I wonder how this type of articles make it to mainstream news outlets. Even Steve Jobs' brand of underwear would be more newsworthy than this kind of FUD.
There is - like in most of this type of journalism - no real defense against it. Whatever argument you use against "two guys encountering something weird" in "serious news outlets", you must be a mac zealot in denial. Right?
That is very similar to cell phone viruses hype (Score:3, Interesting)
What increasing marketshare? (Score:2)
Re:What increasing marketshare? (Score:3, Informative)
This article [slashdot.org] claims 16% according to the SPA. Personally I'd estimate it is somewhat lower, maybe 7%. Sales figures alone place it at about 4% for the year, but the average in use lifespan of a mac tends to be 1-2 years longer than that of the average PC (although close to that of other high-end machines). Also sales of macs were up 32% year over year from 2004 to 2005. The industry as a whole went up 18%. That means 14% of roughly 4% of all computers old would put Apple ahead by a little more than half a
We never were Immune (Score:3, Informative)
Nothing to see here. Move along. (Score:4, Informative)
What's the Difference Between Me and You? (Score:3, Insightful)
Still, I WOULD like to see Apple try to do more to keep OSX secure. The system should only allow its system directories to be modified in single user mode -- I'm pretty sure BSD has a flag for that. I'd also like to see downloaded applications run as some other user that isn't allowed administrative access to the system at all, password or no. They'd probably have to make some changes so that the user could be restricted from changing its user ID to minimize the damage of people providing their passwords blindly when the dialog comes up. Allow the user to take explicit action if they want the application to be able to run as the regular user.
It still wouldn't be a perfect defense, but nothing can help you if the user's going to bend over backwards to give an application access to the system. Operating system companies really should err on the side of paranoia whenever possible.
User-base fallacy (Score:3, Insightful)
Take care,
brad
Re:Macs have never been "immune" to viruses (Score:5, Insightful)
Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.
Re:Macs have never been "immune" to viruses (Score:2)
Re:Macs have never been "immune" to viruses (Score:5, Insightful)
Nonsense. Microsoft is the target of viruses and spyware because of Microsoft's moronic design decisions and security policies AND because of marketshare.
Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.
The fact that it's so trivial to exploit Microsoft software is purely because of the moronic design decisions and security policies, not because of marketshare. But the fact that Microsoft is so frequently the target of virus writers is a function of marketshare as well.
Re:Macs have never been "immune" to viruses (Score:5, Insightful)
You're right that they have never been "immune" to viruses. I don't expect you to say something stupid like that *nothing* is immune to viruses unless you can successfully hack my hello world program, but macs definitely aren't. That doesn't mean they're as bad as Windows though, so if you say something like "Nor even markedly more resistant" how about you back up that comment...
Re:Macs have never been "immune" to viruses (Score:2)
Your choice of fruit for the analogy helps make your point quite nicely.
Re:Macs have never been "immune" to viruses (Score:2)
From a technical perspective, they have a *worse* security model.
(Note to standard responders: default configuration of user accounts for a certain subset of installations has *nothing* to do with the security *model*. It's a configuration semantics issue, nothing more.)
That doesn't mean they're as bad as Windows though, so if you say somethi
Re:Macs have never been "immune" to viruses (Score:5, Informative)
By your logic, because Apple now has a much higer visibility, it is a more likely target for viruses.
This is true, and I'm not going to argue with it. However, your reasoning behind it is faulty. Just because it is now being targeted more, does not mean that we are going to see huge numbers of viruses cropping up for OS X.
Heck, the "virus" described in the article isn't a virus at all. It's a trojan, and a shitty one at that. The guy downloaded an executable from an unknown source, and willingly ran it. "strange commands ran as if the machine was under the control of someone -- or something -- else."
Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.
What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password. It is impossible to run OS X as root. If a program's trying to screw with your settings and files, you're going to know about it! Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).
By your logic, because approximately 70% of the internet's web servers run Apache, we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, and because administrators are generally not stupid enough to run unmarked executables.
OS X and unix are inherently more secure by design than Windows is. This is a known fact that has been proven by time. I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case. 95% of Windows viruses, trojans, and spyware would not be possible on OS X or unix simply due to the design of the OS.
Likewise, the article points out seven new vulnerabilities that were discovered two months ago that have yet to be patched, and draws the conclusion that "They didn't know how to deal with security", but later admits that the vulnerabilities wouldn't actually allow someone to execute malicious code on your machine, and that they're being rolled up into the next OS X security update. (Coincidentally, I've got to praise apple for their cumulative and bundled security updates. It makes it TONS easier for end users and administrators to install the updates, avoids confusion, and makes it significantly more likely for these people to install the updates to begin with, compared to the many crypticly-titled windows security fixes and the ActiveX horror that is Windows Update)
In short, the entire article is a piece of crap. Sure, OS X isn't perfectly safe, and it's a given that any system is vulnurable to a stupid user. However, it's damn better than anything else out there. Shame on slashdot for posting such a poorly-researched piece like this.
PS. Do not blame MSNBC for the content of the article. The article came through via the Associated Press, and appears on Cnn.com in addition to a plethora of other sites.
Re:Macs have never been "immune" to viruses (Score:4, Informative)
That also describes the majority of Windows "viruses".
Don't bother with silly semantic games that only Slashbots care about. In the media when they say virus, they're talking about malware in general. Most Windows malware falls into the "trojan" category and requires varying levels of user interaction to get started.
Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.
I do, because it's by far the most common vector for malware and, indeed, all security breaches.
It's also damn near impossible to defend against programmatically.
What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password.
Bollocks. For a start, any user can delete files they own - ie: the most important data on the machine.
Secondly, any user's account can turn the machine into just about anything an attacker might want, include allowing a remote login for further attempts at privilege escalation (because the OS X firewall is disabled by default).
Finally, any user in the Admin group (the default for most users) can delete (or modify !) not only just about everything in /Applications, but also other "system" files in /Library and /System.
It is impossible to run OS X as root.
Actually it's trivial. Running code as root is marginally easier than actually logging in to the GUI as root, but neither are particularly difficult to do.
If a program's trying to screw with your settings and files, you're going to know about it!
Highly doubtful. Most users have no ideas what processes run on the systems and even fewer actually monitor them.
Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).
Windows's file permissions - indeed its security capabilities in general - are vastly more capable that OS X's.
In short the whole "but root is disabled" argument (and variants) is largely irrelevant. Elevated privileges are simply not required for the vast majority of things malware wants to do.
By your logic, because approximately 70% of the internet's web servers run Apache, [..]
(Wow, the good old Apache argument, what a surprise.)
Websites != Servers.
Also People Running Apache != People Running IIS. The bar for running an Apache server is set higher.
[...] we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, [...]
Actually we do. For the last few years, Apache has had a worse security record than IIS.
[...] and because administrators are generally not stupid enough to run unmarked executables.
Users are not administrators. Users have *extreme* difficulty identifying malicious code before running it.
OS X and unix are inherently more secure by design than Windows is.
False. There are many aspects of traditional UNIX "design" - including that in OS X - what are inherently less secure than Windows. For example, the concept of 'root'.
I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case.
Firstly, the product OS X was is actually a touch older than NT. Secondly, it was basically yet another reimplementation of the flawed unix "design".
Re:Macs have never been "immune" to viruses (Score:2)
Especially when there an army of 'security researchers' out there, with a story to tell, and a public who can't tell the difference between 'immune' and 'robust'.
Say 9/11 and Saddam in the same sentence enough times and people will start believing there is a link - even if your sentence is 'There is no known link between 9/11 and
Re:Macs have never been "immune" to viruses (Score:3, Interesting)
OS X is substantially more resistant to virus attack than all prior Mac operating systems, and most default Windows installations.
That doesn't mean it's 'immune'. Equally an increase in popular
Re:But...but..but.. (Score:2)
BTW. RE your sig. I think it's amusing to quote from religious texts. My favorite is where the bible says to kill adulterers, homosexuals, people who have sex with their daughter in laws (and their daughter in law), all three people in a manage a trois if the manage trois involves a daughter and a mother, and of course all parties in any kind of beastality.
That last one kind of makes m
Re:But...but..but.. (Score:2)
Re:But...but..but.. (Score:2, Informative)
Re:Gosh, it does sounds like MS. (Score:5, Interesting)
Or, even present me with a URL where I can observe the alleged flaws in the wild.
Your handle, Whiney Mac Fanboy (963289), should be a tip-off that you are not posting about this matter in good faith.
Re:Gosh, it does sounds like MS. (Score:2)
Errr, you'll actually have to provide me with an IP address to do that.
Furthermore, your handle, (Anonymous coward), should be a tip-off that you are not posting about this matter in good faith.
Re:Gosh, it does sounds like MS. (Score:2)
172.25.123.154
No, I'm not the AC from above.
Re:Gosh, it does sounds like MS. (Score:5, Insightful)