Microsoft: Macs 'Not Safe From Malware, Attacks Will Increase' 290
Posted
by
timothy
from the what-a-huge-surprise dept.
from the what-a-huge-surprise dept.
An anonymous reader writes "Microsoft researchers have analyzed a new piece of Mac malware that uses a multi-stage attack similar to typical Windows malware infection routines. In a post titled 'An interesting case of Mac OSX malware' the Microsoft Malware Protection Center closed with this statement: 'In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.'"
Re:Oh well. (Score:4, Informative)
No.
http://en.wikipedia.org/wiki/Irony [wikipedia.org]
Security vulnerabilities by vendor (Score:5, Informative)
Re:Not really surprising (Score:3, Informative)
The OS X kernel is a massive amount of C and embedded C++ code.
Except the kernel isn't the problem. I haven't heard a single word about this recent malware crap that indicates it exploits the kernel or somehow achieves supervisor mode. Nor have I heard a single word about user-less exploits, as opposed to how you could simply install Windows, connect to the network, and have it owned within an hour, if not minutes.
All this has been user land exploits, which require a user to do something. Some of them haven't even required the user to do something stupid, other than to go to "bad" web sites. But stop babbling about the kernel when it's not involved.
Re:The voice of experience (Score:5, Informative)
How to use an apostrophe [theoatmeal.com]
Re:Did anyone else notice... (Score:4, Informative)
Re:Did anyone else notice... (Score:4, Informative)
And, it doesn't work if you've applied any of the Office patches in the past 3 years. Patches that Office (by default) notifies you about weekly.
Very opportunistic.
Still, they are correct that attacks will increase, and anyone who has refused to install security patches in a needs to change their habits, or they will eventually be infected.
Want some cheese with your whine? (Score:4, Informative)
Sour grapes, much? Jeez. The only malware A) is a Java problem and B) uses Office as the transmission medium.
Re:user-friendly software deemed insecure, news at (Score:2, Informative)
I've been a professional software developer for a few decades now, and done my fair share of running Linux, including Ubuntu. And, Ubuntu sucks.
Last year, I installed Ubuntu via wubi. It worked great, for a while. At some point, an update caused some kind of grub/kernel incompatibility. Ubuntu never managed to boot again.
So then I decided to install Ubuntu in its own partition and dual boot instead. Surely that would work. And it did, for a while. I foolishly allowed Ubuntu to try to update itself to the latest release. The update failed, and once again, Ubuntu never managed to boot again.
In disgust, I wiped Ubuntu from my system, and I'm back to Windows 7 full time. Linux has some real and serious advantages, but I'm tired of the bullshit. I will happily pay for something that is more reliable on the desktop.
And don't even get me started on Unity...
Re:"Get the Facts" (Score:2, Informative)
The days of being able to jailbreak by visiting a website are long gone. You have to physically connect the phone to a computer in order that it can be re-flashed.
It's not relevant to what downloaded software/websites/document malware could do.
Re:"Get the Facts" (Score:3, Informative)
What I mean by long gone is that it last worked on 4.3.3, which was superseded in July 2011. (We're on 5.1 now, and there has been several point releases in between). And it's never worked in any way, on any version, on latest hardware (iPhone 4S or new iPad).
Un-thethered exploits reportedly still exist
The use of the term "Untethered" is unintuitive and not quite what you think it is. "Tethered" means you need to connect to a computer every time the phone is rebooted. Untethered means it will reboot with the jailbreak still operative even if you're not connected to a computer.
Either way, you still need to be connected with a cable to a computer to do the actual jailbreaking. The jailbreaking software runs on the computer.
Re:MS Bullshit, Part 3 (Score:5, Informative)
Apple now requires all new MacOS X applications to create a proper sandboxing profile,
Apple now requires all new Mac App Store applications to create a proper sandboxing profile. Non-App Store apps need not do so.