Symantec: Mac OS X Becoming a Malware Target

tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.

Call me anal..

[Paska]

..but I already use an Antivirus for my Mac. Mind you I switched over from Windows a little under 1 year ago and since I use these machines for work I really didn't want to risk, even if it's 0.0001% of getting my work machine infected by a virus. All it could take is one sneaky website I visit to infect me, record information and I honestly wouldn't really know - mind you I doubt the Antivirus updaters would know about any Mac virus within 1 week of being lanched.

And no, I use McAfee [mcafeehttp]. And it's not too bad, but then again I am biased as we bundle McAfee with systems.

long time listener... first time caller

[wahsapa]

I have been using Mac's for 8+ years now, I even orderd my Cube on a Dreamcast, and have never had a virus or malware... so you can put me in the "believe it when i see it" catagory.

Just like Linux?

[tquinlan]

If I'm not mistaken, doesn't OS X log you in as a non-root user? And if that's the case, isn't the regular user (as in Linux and other Unixen) unlikely to do major damage to the system?

Vested Interest up the Wazoo

[Skippy_kangaroo]

Yes, Symantec have a vested interest up the wazoo for that press release. The interesting thing is, the only virus definitions I have ever seen in their Mac OS X updates are MS Word macro viruses and the like. If there really was a threat it doesn't look like Symantec will be providing the protection.

Maybe Symantec is trying to draw attention to generate more business for themselves because there certainly haven't been any viruses released yet on OS X that Symantec provides any real protection for - so I wonder, what information could they be basing their statement on? Secret contacts with the hacker community? Certainly nothing public...

The protection will come from such sexily named files as Security Update 2005-002 and Security Update 2005-003 distributed courtesy of Apple Inc.

Re:As an IT person who is deploying OS X

[SmoothriderSean]

In my experience (as support staff for the Humanities Div of a university), far and away the most common virus issue with Macs is that they can be a carrier for Word macro viruses. Beyond that, you just have to keep an eye on users turning on services without knowing what they're doing (or using decent passwords). On the one hand, it's better to be safe than sorry, and just install an anti-virus package, but frankly, the need has been so slight that mac AV packages tend to be a mess.

Re:As an IT person who is deploying OS X

[littlerubberfeet]

I admin a sound studio with 10 macs and two windows machines. Nine run X.3 and one runs 9.2.2. The two windows machines run GigaStudio and are never, and will never be connected to the internet. I run antivirus software on the macs connected to the internet, and nothing has ever come up in a scan. Ever. I have run every single single version of X since 10.2.1 and they all stayed clean.

As for patching, I patch manually, because of quirks in all the audio software we run, but OS X will patch automatically if you set it up to. you will be manually installing patches for any apps not distributed by apple, but all of Apple's stuff will update automatically.

Norton AV is worse than malware

[zecg]

From what experience I've had with Norton antivirus for the PC, it does more damage to performance (network latency and throughput, memory and processor usage) than most malware. I've never installed it myself, just seen it on other people's PCs. I might just have wrong/incomplete experiences, but I think that their software is bloated crap with a horribly confusing UI. If I had a Mac OS X, I would prefer to have a command-line controlled utility which I never have to see, which runs as a service, updates transparently and can be fully controlled using plaintext configuration files. NOT anything remotely like Norton for the PC. Virex might not be good, but unleashing the pestilence of Norton upon the Mac is... cruel. Isn't there something like a chkrootkit in Darwin ports or Fink?

Re:Safari runs like crap

[Anonymous Coward]

Look at drivers you have installed. Lexmark in particular is notorious for releasing crap that will not only put itself into startup without asking, but consistantly use 20% cpu whether you're printing or not.

Also, check dns for whatever that konfabulator widget is accessing... if your server is slow, add it to hosts... if it's just the target that is slow.. try changing targets... just a guess...

FUD.

[sakusha]

There may have been 37 alleged vulnerabilities identified in MacOS X, but there have been ZERO exploits of those vulnerabilities. Apple has often released patches within 48 hours of discovery of a vulnerability.

At the current time, there are NO known exploits for MacOS X. NONE.

What a crock of Shit!

[ravenspear]

Anyone who has been a Mac user for any length of time and has used Symantec products can testify to the horrid filthy mutilated piece of code that is a Symantec product on the Mac.

This is NOT A TROLL.

I have seen (and experienced myself) Symantec products CAUSE more problems than they fix (if they are even successful at fixing any) on the Mac platform.

I pity the poor soul who has no experience with Symantec on the Mac and falls for this pathetic ad piece.

Re:Safari runs like crap

[chromaphobic]

First off, check and make sure popup blocking is enabled. I only see MAYBE one popunder a week, if that (and add the offending site to my mental blacklist, never to be visited again.) Go to the Safari menu and make sure there's a check next to the "Block Pop-Up Windows" item.

Secondly, yes, Konfabulator can really bog down a system if you have too many widgets running. They eat up memory and CPU power, even sitting idle. I have seven I keep open with little peformance imapct, but that's on a Dual 2Ghz G5. If you haven't discovered it yet, Activity Monitor (in Applications/Utilities/) can be very useful in tracking down where your CPU cycles and memory are going. It even lists all the Konfab widgets seperately, though it doesn't tell you which one is which. So if there's a widget that's being a hog, it'll let you know!

I'd bet that it's a low memory issue, Apple has a tendency to shortchange the memory in their systems, especially consumer level stuff like the iBook & iMac. Running OS X on less that 512MB will bring things to a snail's pace frequently, so a simple memory upgrade might help greatly.

Re:As an IT person who is deploying OS X

[Skippy_kangaroo]

I have been running my home computer on OS X hooked up to broadband for a fair while. So it's always on and always there to get infected. Thing is, it hasn't been. Its protection consists of the default firewall that comes with OS X. I turned NAT on in my DSL modem but that was just so I could hook up my mother-in-law's Windows computer when she was visiting.

The only virus definitions I have ever seen in Symantec products for Mac OS X are Word macro viruses and the like. That would suggest that there are no viruses in the wild that can cause any damage that Symantec will protect you against. There have been a few proof of concept stories going around which are usually fixed by Apple at the next security update. Sometimes they relate to open source software (I think Apache had one a while ago) and some relate to Apple software. As far as I know they have all been patched. And, as I said, I'm still not infected.

Re:Just like Linux?

[johnbeat]

Yes and no. The default user is an "administrative" user. They must type their username and password to gain root access. However, there have been some exploits that allow someone gaining control of an administrative user account to parley that into root access. Some of this has to do with what parts of the file system the administrative user has write access to.

For example, up until at least 10.2, the admin user could write files to /Library/StartupItems/; if they get the startup format correct, then on reboot those files would be run as root.

I always recommend that people set up a non-admin user as their normal account. But of course, few people are going to go to the trouble of going beyond the default settings.

That said, even if security on that front were perfect, all it would do is keep malware from gaining root access. For the average user, malware that only has write access to their own files is going to be just as catastrophic.

The system does now warn you if this is the first time you've run an app.

Jerry

Re:As an IT person who is deploying OS X

[jericho4.0]

The reality is, this article is FUD.

Update reguarly/automaticly, and keep an eye on an OS X site or two to stay abreast of things, and you'll be fine.

The real statistics for Symantec

[PepeGSay]

10 years on the Internet, 24x7 for eight of those years. No antivirus. Not a single infection....

I do install one copy every few years to verify this personal protest against virus company scare tactics

Re:Style over function?

[wealthychef]

I agree this will be a good test of the out-of-the-box security of Apple. Actually, I believe that out of the box, Apples are ironclad secure. They start with no services turned on by default. There are no Microsoft-like ActiveX analogous components that allow viruses to replicate if you do something innocuous-sounding like read email or run a word-processor. About the only service that is password-free is Software Update, but that is a client, not a server. If users turn on sshd and choose a poor password, they may well be attacked. This will probably rarely happen, since most people enabling ssh will be aware of the risks of poor passwords, and not really complain if attacked. I think this is just FUD for marketing.

Macs are secure but not invulnerable

[goombah99]

for the past 20 years, having a virus checker was useless on a mac and only served to avoid passing along pc viruses. At one brief point you could get word macro viruses.

If someone can get root on a mac you can install a root kit. But youhave to get root first. It's not good enough just to get user level or even admin user level. You have to get the admin user to enter their password to elevate to root.

The ppc played role too as I have read that until last year there was no widely know compact way to exploit a buffer overflow to execute arbitrary code. I beleive that is now solved and published so one might see these cropping up. :-(

Since the security model is better you dont have problems like active-X waiting to ruin your day, or auto execute on mous-over e-mail subject lines, or registry changes needed to install applications. Or other bonkers stuff.

But despite all the default security, nothing will stop a determined used from trojaning themselves good and hard. And if they are admin and enter their password your rooted. Nothing will withstand unrestricted physical access either. You can at least ward off limited physical access by using the firmware password but this can be overridden by a determined user.

and of course there have been security holes and always will be. SSH, quick time, and even JAVA had had security holes. Fortunately no one has manged to exploit these before apple fixed them and given apples default services-off settings and lack of root access, its going to be harder for these things to spread like wild fire.

on the other hand Macs are very homogenous so once a virus does finally break loose, if it can get in without requiring any services its going to spread quickly.

Re:Security through obscurity?

[Trillan]

No, it isn't true.

It may be true that obscurity helps, but (for instance) you can't infect a Macintosh by sending the right kind of packet to it, surfing the wrong web site, opening the wrong email, or clicking Yes at the wrong moment to some confusingly worried alert.

The blame for earlier versions of Windows being completely insecure lies firmly on Microsoft, just as the blame for System 6.0.5 being easily infected fell on Apple.

Decent security is neither hard nor complicated, it's just fusswork. But you need to plan for it right from the start.

use ClamXav (free virii scanner for OSX)

[bad_outlook]

Use Clam, I run ClamAV [clamav.net] on my linux server, but they have a OS X client (GUI) out now: ClamXav is a free virus checker for Mac OS X. It uses a slightly modified version of the tried, tested, and very popular clamav open source antivirus engine as a back-end.

http://mac.softpedia.com/get/Antivirus/ClamXav.sht ml [softpedia.com]

bo

it's not market share!

[Anonymous Coward]

This whole market share angle is mostly bogus. There is what, about 10 million OS X users? Why hasn't there been a worm (or trojan, anything!) attacking them? Witty has a very successful worm: it hit all 12,000 [schneier.com] vulnerable hosts.

How can you say 10 million is too small? The population of Canada (where I live) is about 33 million. The installed OS X based is then (about) 1/3 the population of Canada. That's not far from the population of New York city (~15M).

If a worm [caida.org] can hit only 12,000 hosts like Witty did and be called "successful" (it was basically a 100% infection rate), then surely the OS X population is vulnerable.

John Gruber has some [daringfireball.net] articles [daringfireball.net] on this.

Re:As an IT person ... www.ARMY.mil uses mac

[Anonymous Coward]

Mac OS9 has not ever been rooted or defeaced remotely ONCE and is used on countless secure servers. For years the US Army used it on www.army.mil until recently evaluating osx instead.

The reason? The us army was embarrassed by being routinely defaced using unix and Windows NT.

http://uptime.netcraft.com/up/graph?site=www.arm y. mil

Why is Mac OS9 hack proof?

Why is is hack proof? These reasons :

1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.

4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.

5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.

4> Stack return address positioned in safer location than some intel OSes. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac compilers usually place return address in front or out of context of where the buffer would overrun. Much safer.

7> There are less macs, though there are huge cash prizes for cracking into a MacOS based WebStar server (typically over $10,000 US). Less macs means less hacker interest, but there are MILLIONS of macs sold, and some of the most skilled programmers are well versed in systems level mac engineering and know of the cash prizes, so its a moot point, but perhaps macs are never kracked because there appear to be less of them. (many macs pretend they are unix and give false headers to requests to keep up the illusion, ftp http, finger, etc). But some huge high performance sites use load-balancing webstar. Regardless, no mac

Re:What a crock of Shit!

[Mr Bubble]

I have been tempted to respond to this thread and you have drawn me in with a spirited "hear hear!".

I used to use Norton products before I knew better. Now, I have to talk people out of installing anti-virus, FileSaver and all that other crud. I have spent a lot of time on problems caused by these programs, but no time on viruses.

I say run a hardware firewall if you can, software firewall if you can't, choose a good password, don't turn shit on for no reason, apply Apple and 3rd party security updates, and read the Mac news regularly for anything that comes up like the Quicktime Autoplay vulnerability.

I have had zero problems with viruses and the like on the Mac, buut I feel like I need a shower after surfing the Net on Windows.

Re:Style over function?

[Anonymous Coward]

Nope, merely visiting a website with a malformed quicktime file will do it. At least with OS X and most modern Linux distributions you can connect a newly installed system the internet without a firewall and download patches. It used to be that in Windows 2000 you could set required services (servers) like DCOM and RPC to listen on localhost only but that feature was removed from XP so the only way to prevent DCOM or RPC from binding to interfaces connected to the internet is a software firewall. Completely disabling bind_interfaces_only functionality in XP was dumb even by Microsoft standards.

Re:As an IT person who is deploying OS X

[wealthychef]

I think it will be interesting, because I think OS X will be shown to be highly secure. I agree, though, as market share increases, the proof will be forthcoming. Apple has made some MS-like security mistakes, such as the Help vulnerability that was discovered last year. But in general you are not going to see a Mac box with no MS Word and no MS Access installed spreading viruses like the PC's around my office seem to. I cannot believe what people put up with on their Windows machines. They are such pieces of crap, security-wise. :-) I don't mean to troll, it's just that I have yet to see a virus forwarded from an OS X machine... yet have seen hundreds from PC's. It's not just market-share, people. There is actually a difference in operating systems. Why is the idea that OS X might be inherently more secure than Windows such a shocking one to some people?

Re:Macs are secure but not invulnerable

[phillymjs]

for the past 20 years, having a virus checker was useless on a mac and only served to avoid passing along pc viruses.

Not true. In the olden days, there were a handful of Mac (Classic Mac OS) viruses. Some of them were even malicious, though those were extremely rare. The only ones I ever personally saw were benign, and easily eradicated by simply rebuilding the desktop file on the infected floppy.

From 1989 and well into the 90s (possibly even until 1998 when it was discontinued), the most popular Mac antivirus software was Disinfectant, [icsalabs.com] a free utility written and maintained by one guy-- so that should tell you the non-severity of the Mac virus problem even then. The developer threw in the towel when cross-platform Word macro viruses hit the scene and quickly became too numerous to keep up with.

Since the time of Mac OS 8 or 9 until the present, however, I would agree with your sentiment that the only reason to use Mac antivirus software is as a courtesy to Windows users with whom you exchange files.

~Philly

Re:What a crock of Shit!

[Bones3D_mac]

Agreed. Anyone who has ever been a victim of Norton Utilities trashing their hard drive knows this all too well.

As for viruses, I got by using the freeware software "Disinfectant" ever since system 7... arguably one of the best virus blocking/removal solutions ever made.

Re:Style over function?

[pyrrhonist]

Try this experiment: install OS X and connect to the Internet. Leave it connected for a week. Now install Windows and connect to the Internet. Leave it connected for 30 minutes. Which one will be hacked?

Neither [techweb.com] (except if you're dumb enough to not have installed Windows XP SP2)

Windows XP SP1 with the for-free ZoneAlarm firewall, however,

as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

My point is that Windows needs special steps to be _protected_;

Actually, in SP2 it doesn't. The XP firewall is turned on by default in XP2. In SP1, all you needed to do was turn on the firewall for a connection in the Network Connections control panel.

Now as far as local security goes, I agree with you; there are some nasty local security exploits. Microsoft is to blame for much of the security issues, but also a major part of the problem is third-party developers! It would help if application developers would realize that Windows is a multi-user system and actually follow Microsoft's reference guides for how to program in this environment instead of forcing the user to be an Administrator to actually use their program. Windows has been multi-user for years, and application developers still haven't caught up. Why do I have to be an Administrator to run a game? Bad programming, that's why! Not even Norton AV gets this right (scheduled scans do not run for non-administrators and a non-administrators are told that Live Update is off even if it is actually turned on). The only program that I've see actually try to do something about this is Nero, which has a program to set up a group to enable burning by non-administrator accounts, but even this is a special download that is not part of the regular install. This needs to change; developers need to start using the Windows multi-user environment correctly.

In summary, Microsoft provided the ability to make the system more secure using non-privileged accounts and groups like every other major OS, but application developers are not taking advantage of it. I always run as a non-privileged user, and I am getting sick of applications that have no reason to need administrator privileges not running correctly.

Re:uh oh

[aichpvee]

This [mff.cuni.cz] should help.

Well that's cool if you've installed SP2 already

[SuperKendall]

SP2 is a lot more secure. But even now lots of people are installing from copies of SP1. Yes Windows can be made secure, but it takes that little bit of extra effort - and if the firewall is ever compromised (like malware turning it off) you are quite screwed. OS X needs no firewall to stay quite happily connected without security issues because it does not ned any services running to function.

Re:Malware Schmalware

[Sebastopol]

Windows because Apple, like all the other UNIX vendors, ships their systems in a (reasonably) secure state by default.

Really?

I just installed XP Pro and ActiveX was off by default and the firewall was turned on by default. And it yelled at me for not having AV software installed. (F-prot all the way!)

Which virus in the last five years targets data

[SuperKendall]

Viruses do not target data for destruction any longer. Data is only seen as a vector for further infection, or possibly information valuable to the attacker. But viruses simply don't destroy things anymore because using your computer as a zombie is far more valuable to them.

Re:Style over function?

[Spectra72]

I just bought a new computer that had WinXP. SP2 was already installed.

Re:Style over function?

[pyrrhonist]

I'd say installing SP2 is a special step on it's own.

Nope, it comes pre-installed. Owners of older machines can get it automatically through Windows Update or download it from Windows Update.

And who wants to use Symantec anyway

[JonahLee]

I mean I gave up on their Norton Products with OS X because all they did was screw up my computer. Then my .Mac account gave me Virex for free, but all it did was screw up my computer, so I decided to try clamAV and for a front end their is the excellent ClamXav which lets you schedule Virus scans and updates. And best of all it is shareware based on open sourced virus protection software.

I picked up about 12 PC viruses that I had, and could have sent to a PC user, though they don't affect me at all.

Re:As an IT person who is deploying OS X

[wealthychef]

I see your point, but my point is that yes, you can *make* Windows secure if you are knowledgable, but last time I checked, an out-of-the-box Windows box is owned minutes after connecting to the network unless the user takes steps to prevent attack, such as putting the machine behind a firewall and blocking all incoming traffic. Our Windows machines here spread email viruses like, er, the plague? I think our security here is taken very seriously, yet somehow we cannot stop the PC viruses from literally crippling our mail server occasionally. I think there is something fundamental going on here, and I think it is the notorious habit of Microsoft to start out with unnecessary services enabled, and allowing their email client to automatically run scripts under the instruction of an arbitrary email message. This makes Windows more insecure. I guess we'll just have to agree to disagree there. I'm not trying to troll.

Re:Malware Schmalware

[jimfrost]

So, can you modify files in c:\windows in that XP installation? Yes? Then the system is an open book to anything that can get even a toehold.

Re:In teh case of malware?

[arminw]

...Yes, obsucrity is absolutly he only reason it hasn't been targeted...

I don't believe that even for one CPU cycle time. There are millions of Macs and hackers love challenges. A hacker who could penetrate a Mac would and could feel very proud, but aside from some clever social engineering, tricking the user into giving some sort of OK, it is not likely to happen. If a user downloads some file onto a Mac, and if that file is a program that has never run before on that system, a dialog comes up warning the user not to click OK unless he/she KNOWS that it is a safe program. If there is any doubt, the user is advised to click cancel.

Re:Style over function?

[chaoaretasty]

I'd say installing SP2 is a special step on it's own.

New instalations have SP2 by default.

Re:Infidel!

[Baricom]

Excuse me, but isn't tcsh OS X's default shell [google.com]?

Re:As an IT person who is deploying OS X

[MightyMartian]

Plenty of better scanners. ClamAV and F-Prot both are far better than Symantec. Symantec's stuff is trash. I spend at least a couple of hours a week dealing with that piece of crap Internet Security program of theirs. If you want to use Norton/Symantec garbage, be my guest. Do you really have that much faith in it?

Re:As an IT person who is deploying OS X

[davidstrauss]

but last time I checked, an out-of-the-box Windows box is owned minutes after connecting to the network

Last I checked, out of the box machines come with SP2, which fixes most such vulnerabilities, and have a firewall enabled by default. In addition, the latest desktop and server versions of Windows come with very few services enabled by default. It's also been a LONG time since any Microsoft email program ran worms without user interaction. And finally, if you take security so seriously, why don't you filter viruses in messages on your mail server, patch your mail clients, install client-side virus scanners, or TRAIN your users?

IE sucks for security, but that doesn't seem to be part of your argument. Please play again later.

Re:Infidel!

[Jord]

Not any more. It was changed in Panther I believe. The default is now bash

Re:As an IT person ... www.ARMY.mil uses mac

[flonker]

Really old post. A quick bit of googling reveals:

http://books.slashdot.org/comments.pl?sid=75257&ci d=6734660 [slashdot.org] from Aug 19, 2003
http://slashdot.org/comments.pl?sid=67477&cid=6188 308 [slashdot.org] from Jun 12, 2003
http://groups-beta.google.com/group/comp.sys.mac.a dvocacy/msg/7a80fe09794d6331 [google.com] from Jan 12, 2003
http://slashdot.org/comments.pl?sid=45793&cid=4761 155 [slashdot.org] from Nov 26, 2002
http://slashdot.org/comments.pl?sid=37389&cid=4009 006 [slashdot.org] from Aug 4, 2002

And I seem to recall seeing it floating around long before then. If anyone knows of the original, please respond. Also, if the original troll could please fix the numbering? 4 isn't supposed to repeat again after 5 and before 7, I'd greatly appreciate it.

Re:Style over function?

[MntlChaos]

Tell me this, though.

How do you build a windows service (that's a daemon for you unix folks but it needs to be specifically built and installed to work properly), have it run as an unprivileged user (i.e. *not* the system account) and have it start when the system boots *without* the user it is supposed to run as logging in at the console?

If it's possible, then it is *very* fucking new.

Administrative Tools->Services. Select the service. properties, Log on tab, this account, fill in the account's details. general tab, startup type, automatic.

Not that complex actually. And it's been in since at least XP's release (maybe 2000, but I haven't used that much).

Ugh. I've defended Microsoft. I feel dirty now.

Re:Style over function?

[pyrrhonist]

How do you build a windows service (that's a daemon for you unix folks but it needs to be specifically built and installed to work properly), have it run as an unprivileged user (i.e. *not* the system account) and have it start when the system boots *without* the user it is supposed to run as logging in at the console?

1. Open "Computer Management".
2. Double-click on "Users".
3. Select "New User..." from the "Action" menu.
4. Type in the user's information.
5. Select the "Password never expires" checkbox.
6. Click "Create" and then click "Close".
7. Right-click on the user.
8. Click on the "Member Of" tab.
9. Click on the "Add" button.
10. Enter a name of a group you need to run the service.
11. Click "OK".
12. Repeat 9-11 for each group you need to add.
13. Click "OK".
14. Open "Local Security Settings".
15. Double-click on "Local Policies".
16. Double-click on "User Rights Assignment".
17. Right-click on a right that you need to run your service and select "Properties".
18. Click on "Add User or Group".
19. Enter the name of your new user and click "OK".
20. Repeat 17-19 for each right you need.
21. Repeat 17-19 for the "Log on as a service" right.
22. Open "Computer Management" again.
23. Double-click on "Services"
24. Right-click on the service and select "Properties".
25. Click the "Log On" tab.
26. Select the "This account" radio button.
27. Enter the username and password.
28. Click on the "General" tab.
29. In the "Startup type" select box, select "Automatic".
30. Click the "Start" button.
31. Click "OK".
32. ???
33. Profit!

If it's possible, then it is *very* fucking new.

It's been there since Windows NT, although the configuration was different in NT.

Re:Style over function?

[i wanted another nam]

Installing software from a non-administrator account.

In Windows, you have to either log in as an administrator, or use "Run as..." that 95% of the world doesn't know about but wouldn't use anyways becuase it's easier to just run an admin account. If already on an admin account, it just installs.

In Mac OS X, the installer simply asks you for the administrator user name and password. If on an admin account, it still asks for the password. They even ask for the password while root. If root is even enabled, which is superfluous with sudo.

Per-user preferences for all user apps

This isn't the case with Windows. Certain apps write to the global registry and save preferences in sytem folders. Bad coders, bad. This probably has something to do with the fact that there's no one single spot for preferences to go in Windows. It could be %HOMEPATH%\Local Settings, it could be in the app's folder, it could be %HOMEPATH%\Application Data. It could even be stored in the fucking Windows system folder. You just never know. The problem with the Windows model is that you never really know if you have to be an administrator to even run certain apps. Example: Until recently, the minimum group to run Yahoo! Messenger was Power User. Running an IM client as an administrator? Baaad. It's also just a general pain to run as a non-admin in Windows.

In OSX, it's ~/Library/Preferences. /Library/Preferences is read-only to normal accounts, and only used for system-wide preferences (display resolution, network config, etc). Sure, there will be the odd app that uses an ini file, but those are always apps ported from Windows, bad behaviors and all. One that comes to mind is Unreal Tournament. In OSX, running as a non-admin is practically transparent.

And now a message for those of you that had the mental, ocular, and intestinal fortitude to read this entire comment, "What is wrong with you?"

Re:Style over function?

[iamacat]

Windows has been multi-user for years, and application developers still haven't caught up.

Actually it's not, unless you count malware as an extra "user", and neither is OSX. Unlike UNIX, they don't allow multiple concurrent users connecting via network or terminals and using the system's standard UI. As such, local file security is less important, because the machine will likely be only used by people with physical access. VMWare and other solutions that actually allow concurrent access have decent security (not sure about terminal server).

On the other hand, Win and OSX should have serious sandboxes for browsers and email to avoid becoming multi-user systems!

Re:Infidel!

[Jord]

Previous versions did come with bash btw, it is a simple change in the NetInfo Manager to go from tsch to bash.

Anti-virus software harmful to Macs

[sjonke]

Until one of these anti-virus software vendors can prove that their software is less harmful to Macs than the alleged/pending viruses, I'll continue to leave Virex 7.2 installed just to make the admin's happy, but sure as hell won't upgrade (again) to version 7.5.x, which causes innumerable and far-reaching problems. It has always been the case and continues to be the case, that on Macs, virus protection software is far more harmful than the alleged viruses they allegedly protect against.

Re:Style over function?

[daviddennis]

Frankly, this annoys the heck out of me.

Give me a proof of concept virus that actually spreads via email, instant messenger or something similar, and I'll start worrying.

The problem is that the email client in MacOS X isn't scriptable, and so you can't use it to read the address book and automatically send out messages.

If malware comes for the Mac, it will probably come through something like Kazaa. The simple fix, of course, is not to install whatever program introduces the spyware.

D

hogwash

[Anonymous Coward]

Look, I'll make this short: I'm a non-grunt Symantec employee. NAV is crap, and I can't figure out what NAV on OSX is actually looking for. It's just scare-ware. We're dealers to people with a predisposition for addiction, and your discounted copy of NAV is a dime-bag.

Imagine that Windows is a house with the roof shingles installed upside down creating pockets for rain, and UN*X including OSX has a properly-installed roof. NAV is a subscription service for a new bucket of Henry's roof patch every week. (SP2 is a nice tarp in this analogy, but it's still just a mask for terrible security arcitecture.) On windows, the "roof patching" quickly becomes the main activity of the system. On OSX, not so much. The threats/vulns just arent there (yet), and the underlying architecture is basically sound. NAV-OSX just wastes cycles IMHO. Shit, a tripwire-for-dummies install would be a lot more useful.

Personal note: I'm provided a fully-Symanticised WinXP system to use for corporate email etc. And when I'm out of the office, I have to use Symantec's own amaturish VPN to connect to Notes ( of all godforsaken things...) sorry guys, four passwords to get into the main information repository of the company is four iterations of a single factor... This really shows how little Symantec collectively understands information security (as opposed to system security).

Yeah, I use a mac for personal stuff, and run my production (non-day-job) systems on Linux. Working for Symantec has taught me that the solution to endless repairs on a broken system is to get another system.

Re:In teh case of malware?

[krunchyfrog]

Hell some people don't even care about spyware, they want their dumb little free screensaver or whatever and don't care if it spys on them. You can tell them it's bad and they'll just ignore you.

True. I know at least three persons that like to have smilies in their emails and just reinstall the spywares I removed about a day ago. I explain what the bad and evil spywares do, but hey, it's got smilies.

Re:Malware Schmalware

[jimfrost]

My point is that normal users typically have write permissions to that directory, one way or another.

I just checked the box I'm on (a generic WinXP Pro install) and found that c:\windows is writable by "administrators" and "power users". The former is appropriate, the latter isn't, but the whole thing is rendered moot by the fact that the accounts are, by default, created with administrator privileges.

That's largely of necessity, I realize. On one of my home XP boxes I decided that my 2 year old daughter's account really shouldn't be privileged, so I didn't make it so. The result? Nearly all of her children's games failed to operate. When I called vendors about that, I was told that I'd just have to give the account the necessary privileges. (Can't return the software, of course, nobody allows software returns.)

So: We have a system that, if configured securely, doesn't work very well -- and if configured so it works, is so wide open that any little application error can lead to a compromised system.

It's a disaster and the only solution to it is going to be to have Microsoft turn the security way up by default so the software vendors are forced to write their code accordingly. Like, say, every other major OS out there.

The transition is going to suck, but until it's made Windows is going to remain a really easy target.

Re:Infidel!

[OECD]

it is a simple change in the NetInfo Manager to go from tsch to bash.

Yes, and you'll have to change it yourself if you've upgrade to Panther from a previous version of OS X. (Unless you prefer tcsh, of course.)

1. Launch NetInfo Manager (in Applications/Utilities)
2. Click on "Users"
3. Click on your username (it'll be the short username)
4. Click the lock (to be able to make changes)
5. Double-click on the "shell" item in the bottom pane
6. Change the value to "/bin/bash"
7. Quit NetInfo (to set new values)

You can also change it via the terminal, as someone else has pointed out.

"Your computer may already be infected."

[Anonymous Coward]

Yeah...with a Symantec product. Damn near as bad as HP printer software.
So now they're trying to scare mac users into buying their garbage? "Is your computer running too fast? Try our new and improved NAV for the mac."

Re:Style over function?

[Slur]

"but by now you have a codebase you don't want to have to go back and rewrite"

Of course, forward-thinking OS developers make sure that in order to write files into a preferences location (for example) you have to call "GetPreferencesFolder" and you are discouraged from using absolute paths, assuming there is such a thing as "C:" and so forth. So when the OS gets revised you don't have to rewrite anything at all. Your code does the right thing.

This is the marvelous thing about Mac OS X and its legacy Carbon APIs. I have a fairly large shareware music program that I originally wrote for Mac OS classic, and it took me about two days to get it running on Mac OS X. And I didn't have to do anything specifically for the multi-user elements of the new OS because the system environment is so well abstracted. (And it was very helpful that Apple provided the "Carbon Dater" utility which told me all the changes I needed to make, and where.)

Of course, just getting it running wasn't enough. I felt the need to redesign the appearance and to take advantage of the modernized music and sound technologies that Mac OS X provides. Now I have a program with an entirely new codebase, but one which I can now use to build future music applications. And I wrote it entirely in C++ with strong separation between TheirAPIs and MyData so I can consider faster cross-platform migration in the future.

I think if you install the developer tools and study the Apple headers you'll be pretty impressed with their forward vision and the intelligent choices their technology developers have made. (There are also very few LONG_UNWIELDY_UPPERCASE_LABELS to deal with, so code tends to be more readable.) Who knows, you might even decide to field some Mac projects in the future...?