Intego's "Year In Mac Security" Report 132
david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."
So, avoid pirated Mac software... (Score:5, Informative)
...and let Software Update do it's thing with Security Updates.
Don't go online as Root, and really try not to open email attachments that claim to be "Nude Photos of (insert female athlete name here)"
Really, how hard is that?
Re:Biggest Mac security threat... (Score:1, Informative)
The results of pwn2own indicate the contrary.
You can't handle the truth (Score:1, Informative)
As much as Intego wants to present the state of malware on the Mac, the truth is that even Intego works pretty much like any other AV engine which tries to detect malware based on its signature or heuristics (behavioral), that they receive either from someone sending them a sample or collected with their honeypots around the world.
The bots/trojans/RATs that are written for specific targets, do not have a signature, thus, are undetected. Then it becomes obvious that Antivirus solutions are not enough. You also need to control the apps that are reverse connecting (phone home), with products like (Little Snitch).
What they don't address are the vulnerabilities that exists in every day applications, which subject to a stack buffer overflow, will execute code in memory with the same level of permissions as the application/daemon that is running. Antivirus doesn't provide any protection for exploits in software.
On a side note, Intego mentions a "crack" for CS4 which is actually a Trojan, but doesn't mention that Adobe's own CS4 install tries to phone home.
Re:Biggest Mac security threat... (Score:3, Informative)
Oo you definitely don't want to be deplugging usb drives, you kind of need them to keep their plugs so you can plug them in.
As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time on it (a client of mine's stock has become somewhat disorganised and lost track of what's faulty and what they've used themselves, and as testing harddrives themself is much quicker 'n easier on Linux as you can just badblocks the drive, completely partition 'n filesystem independant, I volunteered. So I was production lining a load of drives, different sizes, using three usb interfaces) ... and yeah, all without problem, apart from when a drive actually did have bad sects, but it didn't affect the machine or anything.
Re:Biggest Mac security threat... (Score:3, Informative)
As for unplugging... what does that? Kernel panic sounds very linuxy, but I've never had that happen, and I've been plugging 'n unplugging up to three usb drives at a time
I think what he was trying to get at is what sometimes happens on a Mac if a user unplugs an external drive without un-mounting it first, a quirk that Macs have had since at least the System 7 days. I'm not sure why OS X will still occasionally have trouble handling that situation gracefully (although ninety-nine times out of one hundred the only "bad" result is a dialogue box that pops up advising you not to do that again) but it's not really a big deal as long as you remember to follow the proper procedure for disconnecting an external drive on any OS.
Re:Apple's DRM seems to be the main problem (Score:4, Informative)
Talking through their hat since 2004 (Score:4, Informative)
Back in 2004 Intego's big complaint about the Mac was that because it's based on UNIX, if you could get it to execute a shell script you could do anything on the computer, and that Applescript wasn't sandboxed. They never noticed that the same was true of CMD.EXE and VBscript on Windows, DCL on VMS, and every other native scripting environment on every OS, ever, anywhere.
Intego's business model appears to be FUD.
Re:With great freedom comes great resposibility (Score:3, Informative)
Re:So, avoid pirated Mac software... (Score:3, Informative)
Both Mail and Finder will warn you that what you are opening has been downloaded from the internet and ask you to confirm you want to execute it.
Each file you download is put into a quarantine and your answer to the question is recorded.
You generally don't have to worry about opening non-executable files like images, zip files, video files etc. But, you of course, do have to worry about shell scripts, apple scripts, applications and application documents that contain java script (like PDF if you use Adobe reader which almost no one on a Mac does, since Preview app is so much better and it's there on each Mac)
Any savvy user should already know all these things no matter what platform they use.
Re:'Pretty well' isn't good enough (Score:4, Informative)
The article you like to is talking apples and oranges literally. If the implication is that BSD bug is also a bug in OS X, then it's false. The bug is not present in OS X.
iPhone on the other hand is a completely different beast and yes it is locked down platform mostly for the benefit of the users, so we don't have to worry if an application is safe to install and use.
Yes, there may be security issues in iPhone apps, but even the security updates of applications go through the same review process, which may catch an omission in the review of the previous version (which is what happened in the case of the software discussed in the article).
The review process is not perfect nor ideal, but I for one am thankful that someone else is testing the applications for me and I don't have to waste the time and money on tools to check what each app does and it it is safe to use on my phone.
Re:So, avoid pirated Mac software... (Score:4, Informative)
The public exploits only affect IE6 users on XP.
Private exploits could affect IE7 users on Vista or even IE8 users on XP, but not if they activate DEP. If you activate DEP even XP users are protected. IE8 users on Vista and Win7 are effectively protected by DEP/ASLR.
So, in effect, if you update even just to year-old technology you're protected.
Re:With great freedom comes great resposibility (Score:3, Informative)
Re:WTF, people. (Score:3, Informative)
FWIW, this has changed about jailbreaking. What you said used to be true on the 1.x series of iPhone software, where everything always ran as root. Therefore, a hole in libTIFF lead to (remote) root code execution. Starting with the 2.x series, Apple finally forced the restricted user account named Mobile to be used instead of root. That made it so now a libTIFF exploit *also* would require a privilege escalation exploit rolled inside; made things much harder. Starting around the 2.x software, the new way to jailbreak is by exploiting Apple's software update mechanism built into each device (Google: iBoot). This means that to jailbreak newer software/devices, one is required to attach the device to the computer first; the exploit is then done via USB.
Re:So, avoid pirated Mac software... (Score:3, Informative)
I guess you missed the IE8 zero day exploit just last week? It's only the latest way in which PC users get owned through no fault of their own.
It's not like OS X never had glaring [zdnet.com] 0-day [zdnet.com] exploits [about.com] of its own, so what's your point?