Symantec: Mac OS X Becoming a Malware Target 779
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
Security through obscurity? (Score:4, Interesting)
Safari runs like crap (Score:1, Interesting)
Of course, figuring out how to fix it is no fun, because macs "just work" and suggesting otherwise makes one a troll.
I suspect the problems stem from installing Konfabulator and a bunch of widgets (one of which would cause the coputer to hang whenever it was started), but I haven't had the time or motivation to figure it out. I don't shit about administering Mac OS X - I only bought it because I was sick of playing sysadmin for every windows box in my extended family.
bring it on. i think. (Score:2, Interesting)
Virex, not Norton (Score:2, Interesting)
Re:As an IT person who is deploying OS X (Score:1, Interesting)
If Apple does its part, which it has, any critical holes found are patched with in a week. This is the benifiet of using a system that has a very tight software to hardware integration. I've read on Maccentral that some companies are now using OSX machines as the front for their PC networks, since it creates a truly secure front lilne.
Users are not root; data more important (Score:2, Interesting)
Re:Infidel! (Score:2, Interesting)
Ever see how Stephen King uses that word in his stories? Luna does too glisten!
Re:Infidel! (Score:3, Interesting)
The default shell is Bash
The terminal app's fonts and antialiasing is really nice.
Re:As an IT person who is deploying OS X (Score:2, Interesting)
Re:As an IT person who is deploying OS X (Score:3, Interesting)
Also, /etc/sudoers seems to allow a user to "sudo passwd root" upon default install...I'm not sure if this is limited to administrators, but uh, that's not very cool. Easy to fix, but I wonder why they even included that?
Counter PR (Score:2, Interesting)
Um...yeah. Can you say "Oops"? Now they've responded with some vague fears, but that's just to stir up some sales, as everyone has already guessed.
Next anti-virus companies will start writing their own viruses in order to drive up sales. Sheesh.
Re:As an IT person who is deploying OS X (Score:3, Interesting)
Yes, Mac OSX has historically had very few problems with viruses or exploits. However it only takes one
Here is a decent summary of OSX historical vulnerabilities (there are still a couple unfixed ones out there).
http://secunia.com/product/96/
Mac Os9 has never once been exploited remotely ! (Score:3, Interesting)
Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.
The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.
http://uptime.netcraft.com/up/graph/?host=www.ar my
http://www.google.com/search?q=army+webstar+"os- 9"
Check it out yourself. This entire post is full of factual citations and 100% facts.
No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.
Why?
Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.
In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.
That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers
This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.
Why is is hack proof? These reasons
1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"
2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.
3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.
4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.
5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing, nor are there lame single 'x' executable bits! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with dat
"But it's a Mac..." (Score:2, Interesting)
What did he do?
He hooked up an Airport wireless station to the network so he could use his "invulnerable Mac" from anywhere in his roomy office. But didn't encrypt anything. So he opened up the whole office network to a wireless node that anyone could log into.
In a shipyard.
Near a military base.
Surrounded by vacant lots in a bad part of town.
So... when we got to the office, every Windows machine was compromised, the DSL router had been reconfigured to DNS in Taiwan (because it had the default password), servers had all their root passwords changed, and there was steady traffic from who knows what back and forth. It was a mess. We ended up having to do a full DnR on all the servers and workstations (luckily, it was a small office, so it was only 6 machines).
Yes, his iBook was FINE. His "invulnerable Mac" was just GREAT! I doubt there was a single compromised thing on his creamy white laptop.
And he kept saying, "My Mac can't be hacked into, you Windows folks don't know a damn thing about how great the Mac is."
"Good thing I use Linux, then," I said, trying to capture and trace packets from my Knoppix-STD Live CD. "Care to tell me how to explain to your boss why you exposed the corporate network to an unsecured wireless connection?"
"But... you don't understand, it's a Mac! It doesn't do those things..."
When I finally sat him down and explained what the Airport does, he turned real pale. And quit a week later. He assumed because it was "an invulnerable Mac," that meant he didn't have to understand security.
Man, what a mess that was.
Re:Vested Interest up the Wazoo (Score:3, Interesting)
Re:As an IT person who is deploying OS X (Score:3, Interesting)
Re:As an IT person who is deploying OS X (Score:2, Interesting)
Re:Style over function? (Score:5, Interesting)
Try this experiment: install OS X and connect to the Internet. Leave it connected for a week. Now install Windows and connect to the Internet. Leave it connected for 30 minutes. Which one will be hacked? My point is that Windows needs special steps to be _protected_; Mac OS X requires special hacking and other circumstances to become _vulnerable_. The QuickTime ruse you refer to no doubt requires some social engineering to make work... that's just a guess on my part. Am I right?
Furthermore, the buffer overflows in quicktime do not afford an attacker root priviledges, do they? And when vulnerabilities are found, Apple, unlike Microsoft, so far anyway, has a great record of fixing them immediately. Apple has a great record on security in OS X. You are not going to see a flood of crippling, disabling OS X attacks like you see every couple of months with Windows viruses that take out our whole email system at work from time to time. Hacking an OS X box is HARD.
Re:Style over function? (Score:2, Interesting)
I do agree that its growing popularity will encourage virus and malware authors to find exploits in the OS. But Mac OS X is pretty analogous to Linux, security-wise. I'm sure occasional exploits will be found, and some have already been discovered. But they are rare, and relatively hard to use. I haven't seen any that enable a script kiddy with a shell script to hack into 50 OS X machines and turn them into zombies like you can with Windows.
The fact is that OS X is, inherently and by design, more secure than Windows. Even if it had 90% user base and was made for use by monkeys, I daresay there would be more Windows viruses going around than OS X viruses (of which I have yet to hear even of the possibility, much less any real attacks).
Jesus Fucking Christ to you, too. :-)
The only thing????? (Score:2, Interesting)
Re:Mac Os9 has never once been exploited remotely (Score:5, Interesting)
It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.
I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.
The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.
~Philly
.mac bundles Virex. (Score:1, Interesting)
Re:As an IT person who is deploying OS X (Score:2, Interesting)
The current version of Mail is 1.3.9. I don't know offhand if it runs with 10.2.8, since I'm running 10.3.8.
I wouldn't be completely surprised if there was a vulnerability in the older versions of Mail that allowed this to happen. I'm not aware of any such vulnerability, I'm just saying that it could possibly exist.
Camino's fairly beta software - I guess it's theoretically possible that there's a hole in it somewhere that allowed the attacker (who one has to presume got remote access) to find his eBay account name and password.
But, honestly, I'm much more inclined to guess user incompetence and/or deceit. Did anyone actually witness these events besides him, or is it all just on his word? I've known people to do stupider things than bid on expensive items while they're drunk, and this seems as likely an excuse as any to get back out of it.
Most likely scenario might be something like:
He acidentally did click on a link inside the email, and didn't realize it. Once activated, the link did it's job, and his account info was snagged in some nefarious way involving autofill, if Camino even supports that (I don't know, I use Safari, and cannot for the life of me fathom why a Mac user runs anything else, unless they're doing Web development).
I still bet he was drunk...
Windows software dying art? (Score:5, Interesting)
From a cracker's/hacker's perspective (Score:3, Interesting)
Also chances are the PC User already has a virus scanner, and knows enough about his/her PC to protect it. The Mac User, on the other hand, thinks he/she is safe from viruses and does not even have a virus scanner installed. Usually the typical OSX user uses default OSX settings, thinking that they are good enough. The OSX user is also more likely to click on attachments than the Windows user in email, thinking that no file infection exploits exist for OSX. The OSX user is also more likely to use the default email and web programs that come with OSX, and the Windows user is switching to Opera, Firefox, Thunderbird, Eudora, after the ton of exploits that exist for IE and Outlook and Outlook Express.
Best tactic of a cracker/hacker is to hit someone who does not expect to be hit.
Infect the typical PC, and you are more likely to discover someone's porn collection. Infect the typical OSX and you are more likely to find Intellectual Property and other goodies. Therefore, should you go for the swampland (PC) or the gold mine (MAC)?
I'd rather have a virus than symantec on my mac. (Score:1, Interesting)
The autostart 9805 worm and homer on OS X combined don't even touch the amount of problems Norton causes. Hell, the Homer Simpson virus installed fewer kernel extensions, and it was easier to remove.
Practice safe computing: turn on the firewall, only install software you trust (and keep it up to date), use network client apps that don't suck, don't open any email attatchments you weren't expecting. Do these things and you will have very few problems. And the ones you do get will be tiny compared to what Norton will do to your mac.
Re:More scared people -- more sales (Score:3, Interesting)
My Mac users are mostly faculty at a small college. They range all the way from the CompSci prof who just started installing Macs in his lab (wife got a Mac for Xmas and he liked it) to a fine art professor who has difficulty sending
The biggest problem I see is that a lot of people have been switching to Macs, believing that they are totally secure. They don't follow basic secure practices, clicking on anything they receive in email. I've seen proof of concept Applescript apps that, while asking for a user's password, go and wipe out their user directory and a html link that would fire up the terminal app and then list the user's directory (could have done much worse in user land, of course).
Until people stop walking around thinking they have a titanium dick and sticking it into every hole they see, there will be vulnerabilities.
I hate my users. Won't someone give me a job for surfing the web, watching movies and drinking beer?