Forgot your password?
typodupeerror
China Desktops (Apple) OS X Security Apple

Do Macs Have an Edge Against APTs? 210

Posted by timothy
from the not-the-debian-variety-of-apt dept.
itwbennett writes "Macs aren't being hit with advanced persistent threat (APT) attacks, but that doesn't mean they're invulnerable, say researchers at iSec Partners. Speaking at the Black Hat conference in Las Vegas Wednesday, iSec founder Alex Stamos and his team of researchers took a look at the typical stages of an APT attack — and compared how the Mac would do versus Windows 7. Their conclusion: Macs provide good protection against the initial phases of the attack, but once the bad guys are on the network, it's a whole different story. 'They're pretty good for [protecting from] remote exploitation,' Stamos said. '[But] once you install OS X server you're toast.'"
This discussion has been archived. No new comments can be posted.

Do Macs Have an Edge Against APTs?

Comments Filter:
  • by WrongSizeGlass (838941) on Thursday August 04, 2011 @07:41PM (#36992364)
    Wash. Rinse Repeat.

    Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable.

    How many times are we going to get the same stories? If the user is willing to do anything the app or websites tells them to, well, you can't protect them.
    • Re: (Score:2, Insightful)

      by russotto (537200)

      Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable.

      How many times are we going to get the same stories?

      Until the Microsoft propaganda machine stops pumping them out, I suppose.

      • by jc42 (318812) on Thursday August 04, 2011 @10:19PM (#36993378) Homepage Journal

        The article seems unlikely to be MS propaganda. Note that the writer quotes that one investigator (Rob Lee) as saying that he's never seen a compromised Mac, and he advises his clients to replace their compromised MS-Windows machines with Macs to prevent re-infection. Would a MS-paid writer be likely to put such suggestions in their article?

        This does bring up a curious aspect of the "logic" behind all the claims that poor little MS is being picked on because it's so popular. If this were true, you'd think that a sensible person would simply refuse to buy anything with a MS logo. True, if you buy a Mac or Ubuntu or whatever rather than Windows, you machine might be attacked sometime in the remote future. But, since we "know" that no commercial systems are totally secure, it would make sense to choose a system that might be attacked in the far future over one that you know will be attacked repeatedly on the first day and probably compromised in the near future. You don't need to know the technical reason for this; you just need to be sensible enough to trade likely near-future failures for possible far-future failures.

        So I'm puzzled about who might be behind all this "MS is only attacked because it's so popular" propaganda. I wouldn't think MS's marketers would be so stupid as to tell everyone such a good reason to avoid their brand. I wouldn't think a Windows fanboy would say this either, because it would amount to admitting that they intentionally bought a machine because it was highly likely to be compromised. But there doesn't seem to be any good reason for other vendors to make this suggestion, either, since it amounts to saying that their security isn't any better than Microsoft's. So who is really behind this bizarre bit of logic? Who profits from it?

        • by Daniel Dvorkin (106857) on Thursday August 04, 2011 @11:18PM (#36993652) Homepage Journal

          I think russotto wasn't calling TFA Microsoft propaganda, but rather calling WrongSizeGlass' "Macs are only secure because they're less popular" comment Microsoft propaganda. Which it is, of course. Any argument that relies on security-through-obscurity is wrong, no matter how you try to dress it up. WrongSizeGlass and the zillion other posters who repeat this tired canard may not realize they're propagandizing for Microsoft, but that's what they're doing, sure enough. They should at least demand payment for their services.

          • by Rockoon (1252108)
            We know for certain that OS/X is not secure, that there are in fact (A) unpatched local privilege escalation vulnerabilities, and (B) Safari is vulnerable to drive by code execution initiated by simply loading a web page.

            Combine these two, and the conclusion that "Macs are only secure because they are less popular" is most certainly true.

            Going further, Apple is also incapable of protecting iOS in spite of their extensive efforts to lock it down, that it too is vulnerable to drive-byes that will entirely
        • by dave562 (969951)

          Microsoft gets attacked because the Line of Business applications run on Windows. How many large accounting systems, ERP systems, etc. run on OSX? Know anyone running a factory on OSX? How about a firm doing R&D and drafting blueprints and other technical documents on OSX?

          OSX is not a target because there are very few people running OSX who have access to the systems with information that dedicated, skilled attackers want to get to. With Apple's incessant focus on the consumer space, little is likel

          • by 1729 (581437) <slashdot1729@NOsPam.gmail.com> on Friday August 05, 2011 @01:01AM (#36994072)

            OSX is not a target because there are very few people running OSX who have access to the systems with information that dedicated, skilled attackers want to get to.

            That's simply not true. For example, OS X is very popular among scientists and engineers at many of the national labs.

          • by LO0G (606364)

            To be fair, Lockheed-Martin was hacked because they depended on a 3rd party (RSA) for a critical part of their security infrastructure.

            When RSA subsequently had a massive data compromise, instead of letting their customers know what happened, they downplayed the ramifications of the breach. And RSA just won a pwnie [pwnies.com] for their efforts.

            Not that that changes your response in any significant way.

        • by dbIII (701233)

          "MS is only attacked because it's so popular"

          It's a fanboy response that goes right back to the early MSDOS days. It is of course currently irrelevant considering the number of other devices on the internet now. All those routers, modems, webservers etc out there are also popular and available 24/7 in hundreds of thousands per model or OS version to provide a potential botnet beyond the wildest dreams of a cracker - yet malware is currently only a Microsoft platform problem.

          • by tgd (2822)

            The numbers don't work out as well as you think. If you've got a pool of, say, a half million Linksys routers to target, some percentage of which are vulnerable, or a pool of 500m installed XP systems, some percentage of which are vulnerable, you're a lot better off focusing on XP than a Linksys router. (And the numbers for any given model of a router aren't anywhere near that when you count firmware and hardware revision changes.)

            Plus, if you target a router (a $50 device with a slow CPU) you have high odd

          • by Rockoon (1252108)
            Apparently there is a Router/Modem Botnet [lmgtfy.com] that you are fucking clueless about.

            Clueless people should not open their mouths about the very subjects that they are clueless about.
          • Routers, webservers, etc don't have a human driving them. Think about it.

        • by tgd (2822)

          You're puzzled who might be behind the propoganda because, perhaps, its not propoganda.

          The fact of the matter is, if you are creating a targeted attack on a system, you don't care in the slightest what platform its on -- you are going to hand craft the attack for your specific target using no matter what vectors you have to. Look at Stuxnet as an example.

          If you are creating a generic attack, where the value is in numbers, not in a specific target (stealing people's financial information, creating a spambot

      • by oztiks (921504)

        I don't know whats worse. Microsoft's propaganda machine or Apple's "sweep it under the carpet" regime.

      • by hairyfeet (841228)

        Uhhh...tell me how EXACTLY telling the equivalent of "water is wet" a MSFT propaganda piece? You sir might want to read this article on OSNews by the title of OS X - Safe, Yet Horribly Insecure [osnews.com] or is OSNews MSFT propaganda? it points out the Apple implementations of serveral technologies, when it has them, simply aren't up to snuff. Technologies such as DEP and ASLR either are not implemented or are implemented poorly.

        Now Apple was able to get away with that with relative impunity simple because they weren'

        • by mikael_j (106439)

          Yeah, sure, MacDefender was a big nasty thing that required you to install it yourself, ooooh scary...

          And yes, it required several "ok" clicks as well as the user inputting his/her admin password for the machine. Classic trojan behavior.

          I actually stumbled upon a MacDefender "downloader site", do you know what it did? It showed a website that looked vaguely like a Finder window with a small "ZOMG VIRUSESSES!!!!11one" popup in the middle while it forced a download of the installer. Had I then actually run

    • Re: (Score:3, Insightful)

      by EreIamJH (180023)

      Wash. Rinse Repeat. Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly.

      I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago - there was plenty of malware for Amigas and Ataris, even though their numbers were measured in thousands rather than millions.

      • maybe because at the time, these thousands were a very large slice of a much smaller pie ?

      • Re: (Score:3, Interesting)

        by thegarbz (1787294)

        I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago - there was plenty of malware for Amigas and Ataris, even though their numbers were measured in thousands rather than millions.

        So you reason that malware writers would do something because 20 years ago in a very different environment for different reasons people did something? The comparison is absurd.

        Firstly 20 years ago malware looked different and had completely different goals. The vast majority of them were written for comical / destructive purposes not to make money. These days malware is a business and the ultimate goal is not to have malware which affects the user experience but rather is invisible to the user meanwhile exp

      • Malware writers would quite happily release malware for OSX if they could make it work

        History disagrees.

        In the first [Pwn2Own] contest [wikipedia.org], Dino A. Dai Zovi and Shane Macaulay worked together to take down the first MacBook Pro.[5] On the second day of the conference Macauley sent an email which redirected the user to a malicious site. The site was able to infect the machine with a client-side Javascript vulnerability which allowed arbitrary command execution.[6]

        Each subsequent year isnt much better.

        And why so smug anyways, Safari is already exploited on windows, as are Firefox, Quicktime, Java, Acrobat reader, and Flash-- all of which are usually installed and vulnerable on Macs (unless you think that PDFs somehow arent as dangerous on OSX).

        Wasnt there a story some months back about a PDF that could launch arbitrary code on all 3 common platforms (OSX, Linux, Windows)? Yea, enjoy your smugness while it lasts.

        • Talking of Mr. Zovi, here's what he says about Lion [nytimes.com] :

          "[...] now, they are also more secure than PCs, thanks to several crucial security improvements in the operating system itself, Mac OS X 10.7 So says Dino A. Dai Zovi, an independent security consultant. Those operating system features now put Lion ahead of Windows 7, the latest version Microsoft’s operating system, whose leadership was forged from the fire of relentless attacks by hackers and malware writers, he says."

        • by mehemiah (971799)
          do mac users use adobe reader instead of preview? I'd like to see that data out of pure curiosity
          • by dkf (304284)

            do mac users use adobe reader instead of preview?

            I've never seen one who does; preview's a decent PDF viewer (and does other things too such as image viewing). I don't know if it supports all the features of Acrobat Reader, but being without the "run arbitrary javascript without any attempt at safety" feature is Just Fine With Me.

        • Wasnt there a story some months back about a PDF that could launch arbitrary code on all 3 common platforms (OSX, Linux, Windows)?

          Only if you used Adobe's PDF reader. Given its security track record, you'd have to be crazy to do so. On OS X, the default PDF reader is Preview, which ships with the OS. On *NIX, there's typically some xpdf derivative like Evince. Windows is the only platform where the majority of users put up with Adobe Reader for PDFs.

          It's like saying that a vulnerability in bash works on Windows, Linux, and OS X. Sure, you can run bash on Windows - I did for a while - but it's not something that most users do.

          • Only if you used Adobe's PDF reader. Given its security track record, you'd have to be crazy to do so. On OS X, the default PDF reader is Preview, which ships with the OS. On *NIX, there's typically some xpdf derivative like Evince. Windows is the only platform where the majority of users put up with Adobe Reader for PDFs.

            ...and here's where the "monopoly" card bites Microsoft. They can't include a (different) PDF reader with the OS, because if they did, Adobe would sue them for anti-competitive behavior.

            Hell, the threat of anti-competitive lawsuits from Symantec keep Microsoft from shipping their own (already written) anti-virus with the OS!

      • by mysidia (191772) *

        I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago

        Invisible/deceptive malware is directly against the Apple Human Interface design Guidelines. And developers targetting OS X are extremely respectful of Apple's application design rules.

      • by chthon (580889)

        And malware for Mac, I had to remove some in 1990 and 1991.

      • by AmiMoJo (196126)

        You are implying that Macs must be more secure then, but that doesn't stack up either. Most viruses for Windows are trojans because Windows 7 is well protected against drive-by infections, and there are several browsers to contend with (IE7/8/9, Firefox 3/4, Chrome, Safari).

        If they can trick a Windows user into clicking through all the warnings and entering their password to install some malware then they can trick a Mac user too. Your argument about Amiga and Atari viruses misses an important point: Back t

    • Re: (Score:3, Insightful)

      by Jerry (6400)

      Two points:

      1) That old saw about Microsoft being vulnerable because of its market share is hog wash. There were over 3 million viruses and Trojans released last year. Were it a simple matter of market share percentages than about 12% of those would be Linux [osnews.com] viruses and another 10-15% would be Mac viruses. But, they are not. Well over 99% of them are Windows viruses. Only 19% of Internet web servers are running Windows but they are the source of essentially all malware.

      2) Blaming Windows users f

      • by artor3 (1344997) on Thursday August 04, 2011 @10:20PM (#36993384)

        While I agree with your conclusion (that Windows is a less safe OS than Linux), your first point is completely illogical. The number of viruses released in a given year can be a function of market share without being a 1:1 function of market share. Criminals will always target the OS with the largest numbers of technically unsavvy users. Why double your efforts to increase your pool of potential victims by only ~10%?

        Until a non-Windows OS is installed on a plurality of machines, Windows will be the primary target and have the most hackers going after it. The Pwn2Own contests have shown that Macs are plenty vulnerable when people are willing to put in the effort to go after them.

        • by CharlyFoxtrot (1607527) on Friday August 05, 2011 @01:00AM (#36994062)

          Until a non-Windows OS is installed on a plurality of machines, Windows will be the primary target and have the most hackers going after it. The Pwn2Own contests have shown that Macs are plenty vulnerable when people are willing to put in the effort to go after them.

          The guy who won all those Pwn2Own contest says that OSX Lion's security [nytimes.com] is now better than Windows 7.

        • Competition. If you put a Windows machine in a botnet, then it will be being attacked by those other 3 million malwares, and you may lose it. Insecure machines are probably already compromised, so you have a harder job because whatever malware is installed will be fighting you. In contrast, if you write a successful Mac worm, then that gives you a botnet comprising almost 10% of the total computers online with no competition.
        • by AmiMoJo (196126)

          The work needed to target MacOS is probably more than 2x because there are still plenty of XP machines out there which are an easy target compared to Vista and 7. IE9 doesn't support XP either, but is a critical update for Vista and 7 users.

          One other point people seem to be missing is that the majority of Windows viruses are trojans, i.e. they trick the user into installing them. There is no reason why that would be less effective on Mac users.

          • One other point people seem to be missing is that the majority of Windows viruses are trojans, i.e. they trick the user into installing them. There is no reason why that would be less effective on Mac users.

            To be honest, I believe THIS is the whole truth here: more-or-less all current viruses and malware are installed because the user does something to install them. Like e.g. planting a payload inside a pirated game or application is quite popular, works well, and it's totally and completely the user who is at fault. Not the OS. There is NO OS to date that can protect against that. No Linux, no OSX, no Windows.

      • That old saw about Microsoft being vulnerable because of its market share is hog wash. There were over 3 million viruses and Trojans released last year. Were it a simple matter of market share percentages than about 12% of those would be Linux [osnews.com] viruses and another 10-15% would be Mac viruses. But, they are not. Well over 99% of them are Windows viruses. Only 19% of Internet web servers are running Windows but they are the source of essentially all malware.

        Logic fail. If there is an 80% chance that you will make $100 by wearing blue on mondays, and this is public knowledge, what percentage of people do you think will wear blue on mondays? 80%, or all of them?

        Blaming Windows users for security holes that Microsoft keeps secret from them is worse than obscene.

        And trying to pretend that most exploits arent through cross platform browser plugins is just ignorant.

        Those inflated virus numbers probably also include the fact that viruses are recompiled and repacked daily-- and thus need a different virus definition to detect. How, you might ask, can they afford

      • by farrellj (563) *

        I don't care how many pieces of malware are created aimed at Windows, Linux, MacOS or other flavours of Unix...the result that speaks for itself is that every year that they have had a hacker competition to see who can compromise and root a system where they compared Windows, Linux and MacOS, each of which has been secured by native experts...Windows has *always* been compromised, and I think it was always the *first* one compromised. MacOS, when it was compromised was second, and Linux was either the last

      • by Cato (8296)

        "Only 19% of Internet web servers are running Windows but they are the source of essentially all malware."

        Absolute rubbish - JavaScript and iframe infections (often used to serve drive-by downloads of malware) affect all web servers, and often only require a stolen FTP password to work, or a PHP app with a security hole. The majority of web servers are still Linux, and that's where the the majority of web app served malware is.

        This is often not Linux's fault - if the user has an FTP password saved on thei

    • by ka9dgx (72702)

      As long as the user has no way to quickly and safely run something in a sandbox, this will continue happening.

      IMHO, Once you give them the ability to run programs in a default deny environment, users can manage things fairly well.

      See also: http://www.ranum.com/security/computer_security/editorials/dumb/ [ranum.com]

    • Wash. Rinse Repeat. Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable. How many times are we going to get the same stories? If the user is willing to do anything the app or websites tells them to, well, you can't protect them.

      You appear to have missed the bit where TFA was almost the exact opposite of the usual:

      According to the security researchers quoted, OSX was essentially never the initial foothold/desktop attack; but was judged to be as weak, or weaker, than alternatives when it came to the post-foothold internal attack phase.

      Most Mac/Security stories are an argument between the "It's just obscure" camp and the "superior by design" camp. This article asserts "Obscure(enough to rarely/never be the social engineering in

    • If the user is willing to do anything the app or websites tells them to, well, you can't protect them.

      Reading up on Pwn2Own results, and reading the security update notes on major browsers / flash / acrobat would prove really informative. Most of the viruses Ive seen are not from incompetent users.

      • Reading up on Pwn2Own results, and reading the security update notes on major browsers / flash / acrobat would prove really informative. Most of the viruses Ive seen are not from incompetent users.

        In Lion all those are now separated into independent processes and sandboxed. Should make things a lot more secure.

        • by dkf (304284)

          Reading up on Pwn2Own results, and reading the security update notes on major browsers / flash / acrobat would prove really informative. Most of the viruses Ive seen are not from incompetent users.

          In Lion all those are now separated into independent processes and sandboxed. Should make things a lot more secure.

          Ought to make Safari more stable too, since the suck that is flash will be less coupled to the rest of the browser. Even without the improvement in security, that's still a Good Thing.

  • Article is crap (Score:5, Insightful)

    by topham (32406) on Thursday August 04, 2011 @09:06PM (#36992946) Homepage

    "For example, Mac's Keychain software is vulnerable to what's known as a brute-force attack, he said."

    Idiot alert, article is crap.

    • Re:Article is crap (Score:5, Informative)

      by gumbi west (610122) on Thursday August 04, 2011 @09:23PM (#36993048) Journal

      The NSA's guide to security Apples talks about how to make the keychain reasonably secure here [nsa.gov]. They notably, do not recommend turning it off or using third party software.

      • by 517714 (762276)
        "They" notably is Apple, not the NSA.
        • Re:Article is crap (Score:4, Informative)

          by gumbi west (610122) on Thursday August 04, 2011 @10:19PM (#36993380) Journal

          Yep, that one is copyright Apple. Here [nsa.gov] is NSA's guide to hardening OS X. It does not recommend turning off keychain (though there are several other items it does recommend turning off).

          • by 517714 (762276)
            It does not mention keychain. I see that as an oversight - not a recommendation of its security. If you assume otherwise, I hope you are not a system administrator.
            • by Shag (3737)

              It does not mention keychain. I see that as an oversight - not a recommendation of its security.

              Did you just imply that the National Security Agency is so bad at its job that when it examines an operating system for vulnerabilities, and writes up instructions on hardening it (which will presumably be used by other government agencies), key things are overlooked?

              • ....it is an anonymous coward. consider the source.
              • by 517714 (762276)
                It does not mention putting one's password on a Post-it note on the keyboard, but I hardly conclude that the omission should be considered an endorsement of such an act.
    • by Jerry (6400)

      Totally.

    • by dgatwood (11270)

      Idiot alert, article is crap.

      Agreed. If they're talking about an authentication model in the context of mDNS, that's prima facie evidence that they don't know the first thing about Mac OS X... or mDNS. mDNS is:

      • Not authenticated at all; it's a multicast service advertisement protocol. The service has security, not the advertisement.
      • On Windows, too.
      • And on most Linux distros.

      And they seem to think Kerberos is insecure. Kerberos is, of course:

      • An open, published standard.
      • On Windows, too.
      • And on Linux.

      An

    • Not sure if it's fixed now, but there was a report a few years ago that Apple was doing silly things with the Keychain. It used 128-bit AES, but the way that it used it meant that the effective key length was much shorter. This meant that it was feasible to brute-force the encryption.
    • Seriously. I got to that line and closed the tab. If 'it can be brute-force attacked' is the vulnerability then I guess the security is shot on anything that doesn't self destruct after 3 wrong password attempts. This story is my cue to get back to work....
  • Sysadmin decides. (Score:5, Insightful)

    by mjwx (966435) on Thursday August 04, 2011 @09:10PM (#36992966)
    Windows server looked after by a good sysadmin == secure.
    Mac server looked after by bad sysadmin == insecure.

    As always, it's up to the people running it. Is any OS inherently secure, no, definitely not when there is a complete idiot looking after it.
    • Windows server looked after by a good sysadmin == secure.
      Mac server looked after by bad sysadmin == insecure.

      As always, it's up to the people running it. Is any OS inherently secure, no, definitely not when there is a complete idiot looking after it.

      Yes, of course. But the relevant question for businesses deciding what kind of server setup to use is, "If this system is looked after by an average sysadmin, how secure will it be relative to our other choices?" Because in real life, no matter how much you tell yourself you only hire top-notch people (or, if you're the sysadmin, tell yourself you're top-notch) most servers and networks are going to have admins who are neither the best nor the worst, but somewhere in the middle.

      • by mjwx (966435)

        Yes, of course. But the relevant question for businesses deciding what kind of server setup to use is,

        Security is a conscious process, it doesn't matter what OS you use as long as that process is kept conscious. Contrary to what Apple and the Security Industry say, no software is inherently secure or more secure then the others, security is entirely dependent on your (the sysadmins) procedures and awareness.

        As for which OS for business, that's a decision to be made according to the needs of the business.

        "If this system is looked after by an average sysadmin, how secure will it be relative to our other choices?"

        There is no such thing as an average sysadmin.

        Everyone has different strengths and weaknesses, the

        • There is no such thing as an average sysadmin.

          Right. Every sysadmin is a special snowflake. [rolls eyes]

          Everyone has different strengths and weaknesses, the good sysadmins identify their own weaknesses. The poor syadmins ignore them. Good sysadmins adapt to changing environments, poor sysadmins change environments to suit them.

          All of which is true, none of which changes the fact that in every job, there a few people who are very good at the job, a few who are very bad, and a whole bunch in the middle. Sysadmin work isn't so different from any other technical job as to change this.

          • by mjwx (966435)

            Right. Every sysadmin is a special snowflake. [rolls eyes]

            You're very good at missing the point.

            There are no average sysadmins because you cannot define an average due to the huge number of variables involved.

            I'm sorry for not pointing that out, I thought you'd be able to figure it out on your own from the other parts of my post.

            All of which is true, none of which changes the fact that in every job, there a few people who are very good at the job, a few who are very bad, and a whole bunch in the mid

            • I get your point fine; I just disagree with it. Yes, sysadmin work is a very large field with specialized skillsets. So are programming, and medicine, and all kinds of other technical fields. Does this mean there's no such thing as an average programmer, or average physician, or what-have-you? I maintain that the traits which make a good X are to be found in a broad range among people who choose any of these careers, with most X's falling in the middle of that range. Yeah, in your example, if you decid

    • by julesh (229690)

      Yes. Of course, stastically, the good sysadmin is more likely than market share would suggest to be running the mac server, because good sysadmins have a tendency to avoid windows wherever possible...

      • by mjwx (966435)

        Yes. Of course, stastically, the good sysadmin is more likely than market share would suggest to be running the mac server, because good sysadmins have a tendency to avoid windows wherever possible...

        A good sysadmin can make anything secure and usable. They literally turn lead into gold (server iron into revenue).

        But a good syadmin will avoid Mac because they make it so difficult to do anything useful with them. Want to avoid Windows, he deploys Linux, want an expensive proprietary solution, he'll have the IBM Rep on speed dial, "only another $40K for a system P processor card, a bargain sir".

        Only a bad sysadmins are fanboys and make things harder on themselves.

    • by mcrbids (148650)

      Windows server looked after by a good sysadmin == secure.
      Mac server looked after by bad sysadmin == insecure.

      The sad part is that much (most?) of being a good sysadmin consists of ensuring that you install security updates regularly. I've been close enough to embarrassing hacks on several servers to know what happened, and all (but one!) have been hacked as a result of a poor update policy. (The last one was due to a weak root password + passwordAuthentication enabled on ssh)

      For all my own systems, I deman

  • Metasploit only has a couple dozen exploits for OSX. On the windows side, it has a search field for Microsoft Security Bulletin ID [metasploit.com]. Metasploit is the lazy-man's way to hack, if you don't want to go through the trouble of finding your own exploits. That could partly explain the issue.
  • Not quite sure on the definition of an APT. Wikipeida says its generally a foreign state.
    I would think that due to core system generally having less holes in it, getting in without user execution would be harder. I don't think it matters in the end as you would still execute something, but .dmg are not instantly ran like exe.

    I would also think getting the user to execute malicious code would be significantly harder. Base apple software is generally usable so you don't need to find replacements. People who b

    • by dgatwood (11270)

      And Mac OS X explicitly warns you if you are about to open an application downloaded from the Internet. This means that getting someone to run your code requires tricking them (through social engineering) into knowingly launching an application that they've never launched before, as opposed to tricking them into running your code by making it look like a JPEG file of Lindsay Lohan naked or whatever. Maybe Windows 7 does the same thing (I'm not sure), but that was at least historically a big problem on Win

      • And Mac OS X explicitly warns you if you are about to open an application downloaded from the Internet. This means that getting someone to run your code requires tricking them (through social engineering) into knowingly launching an application that they've never launched before, as opposed to tricking them into running your code by making it look like a JPEG file of Lindsay Lohan naked or whatever. Maybe Windows 7 does the same thing (I'm not sure), but that was at least historically a big problem on Windows.

        In Windows, files downloaded from the internet has the origin written in an alternate datastream. If you execute such a file you get a warning (like in OS X), but then even if you choose to run the executable, it will run with low integrity. Low integrity is part of UAC and sandboxes the process so that it by default has only read access as the current user. Write access (safe a few cache locations) is completely blocked, safe a few safe cache locations. This is a major obstacle for anyone wanting to use a

  • by Culture20 (968837) on Thursday August 04, 2011 @11:00PM (#36993562)
    Good News! Apple is taking steps to making that impossible!
  • And one that is already occupied by another term in the realm of IT.

    Advanced Persistent Threat, eh?

    says that it's often easy to trick someone in any company into installing software that they shouldn't -- the first step in an APT attack.

    In many APT attacks, the hackers first break into social media accounts belonging to friends of their victims.

    Ugh... really? You couldn't just say "targeted attack"? What about spear-phishing? Too hard to spell? Dipshits.

The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it. -- E. Hubbard

Working...