Do Macs Have an Edge Against APTs? 210
itwbennett writes "Macs aren't being hit with advanced persistent threat (APT) attacks, but that doesn't mean they're invulnerable, say researchers at iSec Partners. Speaking at the Black Hat conference in Las Vegas Wednesday, iSec founder Alex Stamos and his team of researchers took a look at the typical stages of an APT attack — and compared how the Mac would do versus Windows 7. Their conclusion: Macs provide good protection against the initial phases of the attack, but once the bad guys are on the network, it's a whole different story. 'They're pretty good for [protecting from] remote exploitation,' Stamos said. '[But] once you install OS X server you're toast.'"
Re:Here We Go Again ... (Score:3, Interesting)
Apparently you've never read about James Plamondon and his "Technical Evangelists" [groklaw.net]. The Combs-3096.pdf is a collection of his training manuals and describes "The Slog", and a real jewel you'll love called "The Stacked Panel". Then, I suppose, you've forgotten about the stuffed ISO committees, or the scam which gave expensive laptops to journalists in exchange for favorable stories about VISTA?
When his "work" was revealed in the Combs vs Microsoft trial Plamondon did a Mea Culpa, and now decries the tactics he used to help Microsoft establish market dominance. Too little, too late.
Re:Here We Go Again ... (Score:3, Interesting)
I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago - there was plenty of malware for Amigas and Ataris, even though their numbers were measured in thousands rather than millions.
So you reason that malware writers would do something because 20 years ago in a very different environment for different reasons people did something? The comparison is absurd.
Firstly 20 years ago malware looked different and had completely different goals. The vast majority of them were written for comical / destructive purposes not to make money. These days malware is a business and the ultimate goal is not to have malware which affects the user experience but rather is invisible to the user meanwhile exploiting system resources for profits (botnets). Some are still destructive such as the malware which encrypts portions of your harddisk and demands a ransom, and others just exist to serve you ads. One thing in common is profit, and that wasn't the game 20 years ago.
Secondly 20 years ago malware travelled differently. The vast majority of it spread via physical media and relied people moving it from one machine to the other. The majority of malware today spreads via infection over the network whether automated or via social engineering.
Thirdly and critical to your understanding of why OSX isn't a target, modeling of virus spread has shown that only a small percentage of possible targets need to be immune to stop a spreading virus in its tracks, not 100% as you may think. If by chance your carefully written virus manages to infect one of the only 10.9% of total users who run OSX, there is a very good chance it won't spread further as the computer may be isolated from others by a horde of windows machines preventing the spread of malware. Why risk that when 85% of the remaining users run Windows and thanks to Microsoft's brilliant backwards compatibility you can exploit holes in nearly all of the target market at the same time?
It is simply uneconomical for the modern malware author to target OSX. If you think otherwise I'm sure you'll eat your words if OSX becomes even remotely popular among the general internet population.
Oh and Safari users were smarter than IE users a few days ago and thus don't fall for social engineering attacks, remember ;-)
Re:Here We Go Again ... (Score:5, Interesting)
Until a non-Windows OS is installed on a plurality of machines, Windows will be the primary target and have the most hackers going after it. The Pwn2Own contests have shown that Macs are plenty vulnerable when people are willing to put in the effort to go after them.
The guy who won all those Pwn2Own contest says that OSX Lion's security [nytimes.com] is now better than Windows 7.