Forgot your password?
typodupeerror
Security OS X Apple

Intego's "Year In Mac Security" Report 132

Posted by kdawson
from the almost-popular-enough dept.
david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."
This discussion has been archived. No new comments can be posted.

Intego's "Year In Mac Security" Report

Comments Filter:
  • by Chris Tucker (302549) on Tuesday January 26, 2010 @03:35AM (#30901222) Homepage

    ...and let Software Update do it's thing with Security Updates.

    Don't go online as Root, and really try not to open email attachments that claim to be "Nude Photos of (insert female athlete name here)"

    Really, how hard is that?

  • by Anonymous Coward on Tuesday January 26, 2010 @04:18AM (#30901438)

    The results of pwn2own indicate the contrary.

  • by kindnation (1712166) on Tuesday January 26, 2010 @04:30AM (#30901478)

    As much as Intego wants to present the state of malware on the Mac, the truth is that even Intego works pretty much like any other AV engine which tries to detect malware based on its signature or heuristics (behavioral), that they receive either from someone sending them a sample or collected with their honeypots around the world.

    The bots/trojans/RATs that are written for specific targets, do not have a signature, thus, are undetected. Then it becomes obvious that Antivirus solutions are not enough. You also need to control the apps that are reverse connecting (phone home), with products like (Little Snitch).

    What they don't address are the vulnerabilities that exists in every day applications, which subject to a stack buffer overflow, will execute code in memory with the same level of permissions as the application/daemon that is running. Antivirus doesn't provide any protection for exploits in software.

    On a side note, Intego mentions a "crack" for CS4 which is actually a Trojan, but doesn't mention that Adobe's own CS4 install tries to phone home.

  • by x2A (858210) on Tuesday January 26, 2010 @06:10AM (#30901876)

    Oo you definitely don't want to be deplugging usb drives, you kind of need them to keep their plugs so you can plug them in.

    As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time on it (a client of mine's stock has become somewhat disorganised and lost track of what's faulty and what they've used themselves, and as testing harddrives themself is much quicker 'n easier on Linux as you can just badblocks the drive, completely partition 'n filesystem independant, I volunteered. So I was production lining a load of drives, different sizes, using three usb interfaces) ... and yeah, all without problem, apart from when a drive actually did have bad sects, but it didn't affect the machine or anything.

  • by gyrogeerloose (849181) on Tuesday January 26, 2010 @06:29AM (#30901948) Journal

    As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time

    I think what he was trying to get at is what sometimes happens on a Mac if a user unplugs an external drive without un-mounting it first, a quirk that Macs have had since at least the System 7 days. I'm not sure why OS X will still occasionally have trouble handling that situation gracefully (although ninety-nine times out of one hundred the only "bad" result is a dialogue box that pops up advising you not to do that again) but it's not really a big deal as long as you remember to follow the proper procedure for disconnecting an external drive on any OS.

  • by RMH101 (636144) on Tuesday January 26, 2010 @06:53AM (#30902086)
    THis is missing the point. The reason jailbreaking is allegedly unsafe is because once jailbroken, you can install SSH, and if you're dumb enough to not change the default root password, you can get owned. You get warned about this specifically when you install SSH anyway. If the phone were sold "open" and you installed SSH, you'd have the same issue. The point is that if someone goes out of their way to install SSH on their phone (which is a pretty hardcore geek activity anyway) and doesn't change the root password, then they're kind of asking for trouble.
  • Back in 2004 Intego's big complaint about the Mac was that because it's based on UNIX, if you could get it to execute a shell script you could do anything on the computer, and that Applescript wasn't sandboxed. They never noticed that the same was true of CMD.EXE and VBscript on Windows, DCL on VMS, and every other native scripting environment on every OS, ever, anywhere.

    Intego's business model appears to be FUD.

  • by uglyduckling (103926) on Tuesday January 26, 2010 @09:28AM (#30903050) Homepage
    Actually, the 'single sheet aluminium case' being a non-user serviceable part thing is a myth. My MacBook Pro came with printed instructions in a little booklet telling my how to open the back panel and replace the hard drive. It did have strict instructions not to attempt to replace the battery, but when I opened the case the battery was right there next to the hard drive so I'm not really sure why they say that.
  • by mario_grgic (515333) on Tuesday January 26, 2010 @09:50AM (#30903338)

    Both Mail and Finder will warn you that what you are opening has been downloaded from the internet and ask you to confirm you want to execute it.

    Each file you download is put into a quarantine and your answer to the question is recorded.

    You generally don't have to worry about opening non-executable files like images, zip files, video files etc. But, you of course, do have to worry about shell scripts, apple scripts, applications and application documents that contain java script (like PDF if you use Adobe reader which almost no one on a Mac does, since Preview app is so much better and it's there on each Mac)

    Any savvy user should already know all these things no matter what platform they use.

  • by mario_grgic (515333) on Tuesday January 26, 2010 @10:05AM (#30903526)

    The article you like to is talking apples and oranges literally. If the implication is that BSD bug is also a bug in OS X, then it's false. The bug is not present in OS X.

    iPhone on the other hand is a completely different beast and yes it is locked down platform mostly for the benefit of the users, so we don't have to worry if an application is safe to install and use.

    Yes, there may be security issues in iPhone apps, but even the security updates of applications go through the same review process, which may catch an omission in the review of the previous version (which is what happened in the case of the software discussed in the article).

    The review process is not perfect nor ideal, but I for one am thankful that someone else is testing the applications for me and I don't have to waste the time and money on tools to check what each app does and it it is safe to use on my phone.

  • by lseltzer (311306) on Tuesday January 26, 2010 @10:17AM (#30903700)

    The public exploits only affect IE6 users on XP.

    Private exploits could affect IE7 users on Vista or even IE8 users on XP, but not if they activate DEP. If you activate DEP even XP users are protected. IE8 users on Vista and Win7 are effectively protected by DEP/ASLR.

    So, in effect, if you update even just to year-old technology you're protected.

  • by UnknowingFool (672806) on Tuesday January 26, 2010 @10:48AM (#30904180)
    What? The jailbreak exploit has nothing to do with jailbreaking itself but the fact that most people that used the process installed SSH onto their iPhones and didn't change the default password on SSH. It had nothing to do with what Apple supplied on the phone but what 3rd parties modified the phone.
  • Re:WTF, people. (Score:3, Informative)

    by TJamieson (218336) on Tuesday January 26, 2010 @11:03AM (#30904460)

    FWIW, this has changed about jailbreaking. What you said used to be true on the 1.x series of iPhone software, where everything always ran as root. Therefore, a hole in libTIFF lead to (remote) root code execution. Starting with the 2.x series, Apple finally forced the restricted user account named Mobile to be used instead of root. That made it so now a libTIFF exploit *also* would require a privilege escalation exploit rolled inside; made things much harder. Starting around the 2.x software, the new way to jailbreak is by exploiting Apple's software update mechanism built into each device (Google: iBoot). This means that to jailbreak newer software/devices, one is required to attach the device to the computer first; the exploit is then done via USB.

  • by shutdown -p now (807394) on Tuesday January 26, 2010 @12:07PM (#30905476) Journal

    I guess you missed the IE8 zero day exploit just last week? It's only the latest way in which PC users get owned through no fault of their own.

    It's not like OS X never had glaring [zdnet.com] 0-day [zdnet.com] exploits [about.com] of its own, so what's your point?

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Working...