Forgot your password?
typodupeerror
Security Businesses Apple

Symantec: Mac OS X Becoming a Malware Target 779

Posted by timothy
from the how-could-it-be-otherwise? dept.
tb3 writes "According to ZDNet 'Security vendor Symantec is warning that Apple's OS X operating system is increasingly becoming a target for hackers and malware authors.' They go on to warn that the only thing that's protected Apple users from exploits so far has been the small number of Macs on the net. Now that people are buying Apple products for 'style over function,' according to one analyst, Apple computer has become a target for new attacks. More coverage on Australian IT and Silicon.com. I guess sales of Norton Anti-Virus for Mac needed a boost." Symantec may well be right about this, but note that they also have the world's biggest vested interest in making Mac owners nervous enough to buy their anti-virus products.
This discussion has been archived. No new comments can be posted.

Symantec: Mac OS X Becoming a Malware Target

Comments Filter:
  • by sgant (178166) on Monday March 21, 2005 @08:59PM (#12006630) Homepage Journal
    Why does it have to be one or the other? From what I've found in OSX is that it can have style AND function.

    Is that so wrong?
    • Infidel! (Score:4, Funny)

      by Faust7 (314817) on Monday March 21, 2005 @09:03PM (#12006675) Homepage
      Is that so wrong?

      Yes. Now, back to the bash prompt with you, heathen, and may the glistening tentacles of Aqua and Luna never intrude upon your conscience again!

      (I kid, I kid. Luna doesn't glisten.)
    • I think he meant "style over malfunction."
    • by gitana (756955)
      Of course not.

      The OS X platform is built on solid unix programing. The eye candy is just the sparkly coating. Properly implemented OS X can be quite secure. Although, you might be able to say the same thing about any modern os(yes even windows.)
    • Yes it is... (Score:3, Insightful)

      by Anonymous Coward
      It will upset the frothing Linux zealots who keep insisting you cant have both - thats their excuse for liking a GUI (doesnt matter which - Gnome / KDE - take your pick) that is less intuitive to use than even Win95
    • Why does it have to be one or the other?

      It does not have to, but inevitably it will for some people.

      The by-product is that people are buying these products for form over function. They say it looks pretty and then buy it but don't secure it.

      Familiar, eh? it's the typical user buying a machine from Fry's, CompUSA and, now, Apple stores. Meaning Apple is also netting clueless users with its 'switch' campaign. Simply because they were largely confined to Windows so far won't magically change their ways

      • by wealthychef (584778) on Monday March 21, 2005 @09:27PM (#12006938)
        I agree this will be a good test of the out-of-the-box security of Apple. Actually, I believe that out of the box, Apples are ironclad secure. They start with no services turned on by default. There are no Microsoft-like ActiveX analogous components that allow viruses to replicate if you do something innocuous-sounding like read email or run a word-processor. About the only service that is password-free is Software Update, but that is a client, not a server. If users turn on sshd and choose a poor password, they may well be attacked. This will probably rarely happen, since most people enabling ssh will be aware of the risks of poor passwords, and not really complain if attacked. I think this is just FUD for marketing.
        • by prockcore (543967) on Monday March 21, 2005 @09:37PM (#12007012)
          There are no Microsoft-like ActiveX analogous components that allow viruses to replicate if you do something innocuous-sounding like read email or run a word-processor.

          You mean *besides* the buffer overflows found in quicktime?
          • by wealthychef (584778) on Monday March 21, 2005 @09:46PM (#12007096)
            I didn't say there were no _potential_ bugs or vulnerabilities in the system. I just think (and this is not a contradiction) that the system is very secure out of the box.

            Try this experiment: install OS X and connect to the Internet. Leave it connected for a week. Now install Windows and connect to the Internet. Leave it connected for 30 minutes. Which one will be hacked? My point is that Windows needs special steps to be _protected_; Mac OS X requires special hacking and other circumstances to become _vulnerable_. The QuickTime ruse you refer to no doubt requires some social engineering to make work... that's just a guess on my part. Am I right?

            Furthermore, the buffer overflows in quicktime do not afford an attacker root priviledges, do they? And when vulnerabilities are found, Apple, unlike Microsoft, so far anyway, has a great record of fixing them immediately. Apple has a great record on security in OS X. You are not going to see a flood of crippling, disabling OS X attacks like you see every couple of months with Windows viruses that take out our whole email system at work from time to time. Hacking an OS X box is HARD.

            • by Anonymous Coward on Monday March 21, 2005 @09:54PM (#12007160)
              Nope, merely visiting a website with a malformed quicktime file will do it. At least with OS X and most modern Linux distributions you can connect a newly installed system the internet without a firewall and download patches. It used to be that in Windows 2000 you could set required services (servers) like DCOM and RPC to listen on localhost only but that feature was removed from XP so the only way to prevent DCOM or RPC from binding to interfaces connected to the internet is a software firewall. Completely disabling bind_interfaces_only functionality in XP was dumb even by Microsoft standards.
            • by pyrrhonist (701154) on Monday March 21, 2005 @10:35PM (#12007558)
              Try this experiment: install OS X and connect to the Internet. Leave it connected for a week. Now install Windows and connect to the Internet. Leave it connected for 30 minutes. Which one will be hacked?

              Neither [techweb.com] (except if you're dumb enough to not have installed Windows XP SP2)

              Windows XP SP1 with the for-free ZoneAlarm firewall, however,
              as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.

              My point is that Windows needs special steps to be _protected_;

              Actually, in SP2 it doesn't. The XP firewall is turned on by default in XP2. In SP1, all you needed to do was turn on the firewall for a connection in the Network Connections control panel.

              Now as far as local security goes, I agree with you; there are some nasty local security exploits. Microsoft is to blame for much of the security issues, but also a major part of the problem is third-party developers! It would help if application developers would realize that Windows is a multi-user system and actually follow Microsoft's reference guides for how to program in this environment instead of forcing the user to be an Administrator to actually use their program. Windows has been multi-user for years, and application developers still haven't caught up. Why do I have to be an Administrator to run a game? Bad programming, that's why! Not even Norton AV gets this right (scheduled scans do not run for non-administrators and a non-administrators are told that Live Update is off even if it is actually turned on). The only program that I've see actually try to do something about this is Nero, which has a program to set up a group to enable burning by non-administrator accounts, but even this is a special download that is not part of the regular install. This needs to change; developers need to start using the Windows multi-user environment correctly.

              In summary, Microsoft provided the ability to make the system more secure using non-privileged accounts and groups like every other major OS, but application developers are not taking advantage of it. I always run as a non-privileged user, and I am getting sick of applications that have no reason to need administrator privileges not running correctly.

              • by SuperKendall (25149) * on Monday March 21, 2005 @10:54PM (#12007710)
                SP2 is a lot more secure. But even now lots of people are installing from copies of SP1. Yes Windows can be made secure, but it takes that little bit of extra effort - and if the firewall is ever compromised (like malware turning it off) you are quite screwed. OS X needs no firewall to stay quite happily connected without security issues because it does not ned any services running to function.
              • by TMacPhail (519256) on Monday March 21, 2005 @11:01PM (#12007772)
                My point is that Windows needs special steps to be _protected_;
                Actually, in SP2 it doesn't.
                I'd say installing SP2 is a special step on it's own.
              • by Urgoll (364)
                In summary, Microsoft provided the ability to make the system more secure using non-privileged accounts and groups like every other major OS, but application developers are not taking advantage of it

                You do realize that Microsoft, if they were serious about security, could have fixed that with the release of Windows XP. For some reason, most application publishers want the 'designed for Windows XP' sticker, logo or whatever. To get this, they're supposed to follow the guidelines of the program setup by Mic

              • by Darby (84953) on Tuesday March 22, 2005 @12:36AM (#12008545)
                Windows has been multi-user for years,

                Well, they have advertized themselves as such for years.
                Tell me this, though.
                How do you build a windows service (that's a daemon for you unix folks but it needs to be specifically built and installed to work properly), have it run as an unprivileged user (i.e. *not* the system account) and have it start when the system boots *without* the user it is supposed to run as logging in at the console?

                If it's possible, then it is *very* fucking new.

                • by pyrrhonist (701154) on Tuesday March 22, 2005 @02:44AM (#12009331)
                  How do you build a windows service (that's a daemon for you unix folks but it needs to be specifically built and installed to work properly), have it run as an unprivileged user (i.e. *not* the system account) and have it start when the system boots *without* the user it is supposed to run as logging in at the console?

                  1. Open "Computer Management".
                  2. Double-click on "Users".
                  3. Select "New User..." from the "Action" menu.
                  4. Type in the user's information.
                  5. Select the "Password never expires" checkbox.
                  6. Click "Create" and then click "Close".
                  7. Right-click on the user.
                  8. Click on the "Member Of" tab.
                  9. Click on the "Add" button.
                  10. Enter a name of a group you need to run the service.
                  11. Click "OK".
                  12. Repeat 9-11 for each group you need to add.
                  13. Click "OK".
                  14. Open "Local Security Settings".
                  15. Double-click on "Local Policies".
                  16. Double-click on "User Rights Assignment".
                  17. Right-click on a right that you need to run your service and select "Properties".
                  18. Click on "Add User or Group".
                  19. Enter the name of your new user and click "OK".
                  20. Repeat 17-19 for each right you need.
                  21. Repeat 17-19 for the "Log on as a service" right.
                  22. Open "Computer Management" again.
                  23. Double-click on "Services"
                  24. Right-click on the service and select "Properties".
                  25. Click the "Log On" tab.
                  26. Select the "This account" radio button.
                  27. Enter the username and password.
                  28. Click on the "General" tab.
                  29. In the "Startup type" select box, select "Automatic".
                  30. Click the "Start" button.
                  31. Click "OK".
                  32. ???
                  33. Profit!

                  If it's possible, then it is *very* fucking new.

                  It's been there since Windows NT, although the configuration was different in NT.

              • by CodeBuster (516420) on Tuesday March 22, 2005 @01:43AM (#12008963)
                I manage a group of offshore foreign software engineers and they will use VBScript to run FTP with the shared directory mapped to the root of the C drive using the domain administrator account over the Internet. I have tried to explain to them why this is not a good idea, but their argument is always, "We haven't had any [security] problems yet...if you don't like it then rewrite it [the software] yourself." One step that Microsoft is taking is to require Certified Partners to adhere to the best practices, which include not requiring root privileges to run the software (unless of course the program is an OS service or other administrative related application that requires root by definition). You are right though, plenty of developers are ignoring these best practices. However, there will come a day, and the day is fast approaching, when no serious company will be able to sell their Windows software if they do not get it certified and signed with a code-signing certificate. So at least in that regard the trusted computing initiative may be a good thing.
              • by Sparks23 (412116) * on Tuesday March 22, 2005 @03:44AM (#12009593)
                In summary, Microsoft provided the ability to make the system more secure using non-privileged accounts and groups like every other major OS, but application developers are not taking advantage of it. I always run as a non-privileged user, and I am getting sick of applications that have no reason to need administrator privileges not running correctly.

                Good assessment. I'd elaborate by adding that the /reason/ people don't program things to do non-administrator (or multi-user) stuff properly is because of legacy stuff, alas.

                Let's say you're writing a program. You write it under Win95. Time goes on, Win98 comes out, then WinME, and finally XP. Now, with XP, you can do multi-user stuff... but by now you have a codebase you don't want to have to go back and rewrite all of. Or even with more recent programs, people complain that they want it to run on Win95, or 98, because they don't want to upgrade to XP.

                It's really a pain to write something to do everything properly NT-ish/XP-ish multi-user /and/ run on single-user Win9x as well.

                Whether or not Mac OS X is inherently 'better,' they picked up a bit of a benefit by the 'throw out the old system and start over with OS X' tactic. By basically creating an entirely different operating system, people really had to redesign their apps for it. Huge investment in time and energy... but as long as they're rewriting their apps anyway, they can rewrite them properly for a multi-user environment.

                (Disclaimer: While I write Windows software for a living, Mac OS X software for a hobby, and use both, the Mac is my machine of choice for casual browsing and productivity.)
        • by maxspivak (856575) on Monday March 21, 2005 @10:40PM (#12007595) Homepage
          There are at least two ways of getting a system infected: automatically and with user intervention.

          A system may become infected 'automatically' when an external attack exploits a hole in the box's current configuration.

          I got hit with a script-kiddy's sendmail exploit in an underpatched Linux box back in '97. Yes, it was my fault for not patching the system correctly. However, a properly locked down system, one with all necessary patches installed, is going to be *fairly* impervious to this type of attack.

          Mac OS X gets kudos for being secure out of the box (though Apple should enable firewall by default). Linux has generally been there for a while now. Windows is slowly getting there.

          Part 2 of avoiding 'automatic' exploits is being able to keep a system up to date. This is important and requires some user intervention on *all* OS's. The user *must* allow the OS to keep itself up to date. If not, newly-found holes will be left unplugged and potentially exploited in the future.

          <aside> How many of these holes will be found depends on the underlying design of the OS. The worse its initial design with respect to security the more holes will be found. In its current state, Linux and OS X are more *inherently* secure than Windows. This is akin to Java being more secure than Active X -- Java was designed with security in mind, and very few security vulnerabilities were ever found. Active X has a security model of a sieve, and its terrible security history speaks for itself. </aside>

          The second way a system can become infected is via user intervention. This is commonly called 'Social Engineering' and goes something like this: "Hey user, install this cool piece of software for neat feature X, Y, Z". So user installs the package, which includes malware, adware, opens a port from inside the system and communicates with it's mothership, etc. I don't see whey the Mac is inherently more secure to this type of an attack. In my one week's using a new Mini, I think this kind of an attack can succeed -- the user would even type the admin password to install the bad piece of software. Now, the malware on OS X & Linux wouldn't be able to overwrite critical system files (wouldn't have filesystem permissions) as it would on XP, but it could still cause enough havoc.

          What worries me more is that Mac users, thinking that they're impervious to any attacks, wouldn't think twice about installing some random software on their invulnerable mac. They're not paranoid enough, and some paranoia is not a bad thing. :)

          All in all, I welcome additional users into the Mac camp, even if it brings more risk with it.

    • by Anonymous Coward
      Reading all the comments below, this story is getting flooded with fanboys trying to dismiss an article which has a genuine point, by using any dirty means necessary - kind of like what happened here [slashdot.org].

      Sorry kids, but don't you think that there's a possibility that an OS which is designed to be easy to use (ie for the computer illiterate) AND is growing in popularity is going to be a target for malware/viruses?

      Jesus Fucking Christ.
    • by Elwood P Dowd (16933) <judgmentalist@gmail.com> on Monday March 21, 2005 @09:27PM (#12006936) Journal
      "Don't hate me because I'm beautiful."

      &c.
    • by GFLPraxis (745118) on Monday March 21, 2005 @09:46PM (#12007101) Homepage Journal
      You know what I find amusing? "Mac OS X is becoming a malware target! There are no viruses yet, but there will be some!"
  • by snuf23 (182335) on Monday March 21, 2005 @09:01PM (#12006654)
    Can someone out there tell me what the reality of the situation is? Do you really need anti-virus for OS X? In the research I've done I can't seem to find any references to real (as in active in the wild) OS X viruses.
    We will be transitioning about 8 production Macs to OS X later this year, and I am wondering whether I need to concerned at this point. It doesn't seem like I do.
    I also understand the possibility of exploits in some of the open source code used in OS X. I assume you deal with this the same as on any other OSes and patch it when the fix comes out.
    • by mekkab (133181) on Monday March 21, 2005 @09:07PM (#12006719) Homepage Journal
      You can "rootkit" BSD boxes. Though from here [kernelthread.com] its a bit more than just BSD... sort of a mix.

      Poorly administered servers can get trashed. If your root password is "r00t", it won't take long for someone to figure it out.

      You need to be concerened only insofar as you need to have a network admin (or something to that affect). How do you know when your network is being attacked? How do you know what attacks are being tried? If you aren't analyzing your network thats the worst mistake anyone can make.

      That being said, there is this virus, its called "rm -rf *", its really bad.
      • My girlfriend bought a Powerbook G4, so I've played around with it a little bit. The root account seems disabled by default. Well...I'm damn sure that a lot of processes run root level (so compromising a process and obtaining a root shell should still be ideally possible if there is a hole right?), but the actual logging into root seems to be disabled by default; which, at least locally, is a good idea for your average computer user.

        Also, /etc/sudoers seems to allow a user to "sudo passwd root" upon defaul

        • by Anonymous Coward on Monday March 21, 2005 @09:30PM (#12006964)
          It's limited to administrators. If you have administrator rights on OS X, you effectively have root anyway; it's just that it's shielded power: you need to take deliberate action to access it, rather than it being at your fingertips. Sort of the difference between an empty pistol with ammo in your pocket, and a loaded and cocked pistol.
        • Its possible to set up a root password using the NetInfo config utility, which unlocks 'su' on a OS X Client machine, OS X Server comes with 'su' unlocked by default. Log in as root from the log in screen is still disabled after unlocking 'su' though I believe.

          As for sudo, its this simple, don't let people log in as admin if you're worried about security. If you are the type that knows how to use sudo, odds are you know enough to keep yourself from fubaring the system anyways, and even if you do, reinstall isn't that hard.

          Besides, you're perfectly capable of doing most things you need to from a regular account. The point of admin level access isn't to make the machine 100% secure, its to have cursory security from the users to make sure that they can't easily delete their system folder, or anything of the sort.
    • by SmoothriderSean (657482) on Monday March 21, 2005 @09:08PM (#12006731) Homepage
      In my experience (as support staff for the Humanities Div of a university), far and away the most common virus issue with Macs is that they can be a carrier for Word macro viruses. Beyond that, you just have to keep an eye on users turning on services without knowing what they're doing (or using decent passwords). On the one hand, it's better to be safe than sorry, and just install an anti-virus package, but frankly, the need has been so slight that mac AV packages tend to be a mess.
      • That's the whole crux of the article, if you read it.

        It never was much of a problem, but Symantec are saying that because of increasing numbers of Macs connected to the 'net, there's an increase in sighted Malware/viruses/adware/spyware.

        Although you should take the words of a vendor trying to sell you something with a bag of salt, it is inevitable that incidence of external threat to an OS will be proportionate to the market share of that OS.

        Perhaps the era of security through obscurity for Apple is draw
        • I think it will be interesting, because I think OS X will be shown to be highly secure. I agree, though, as market share increases, the proof will be forthcoming. Apple has made some MS-like security mistakes, such as the Help vulnerability that was discovered last year. But in general you are not going to see a Mac box with no MS Word and no MS Access installed spreading viruses like the PC's around my office seem to. I cannot believe what people put up with on their Windows machines. They are such pi
    • by littlerubberfeet (453565) on Monday March 21, 2005 @09:10PM (#12006750)
      I admin a sound studio with 10 macs and two windows machines. Nine run X.3 and one runs 9.2.2. The two windows machines run GigaStudio and are never, and will never be connected to the internet. I run antivirus software on the macs connected to the internet, and nothing has ever come up in a scan. Ever. I have run every single single version of X since 10.2.1 and they all stayed clean.

      As for patching, I patch manually, because of quirks in all the audio software we run, but OS X will patch automatically if you set it up to. you will be manually installing patches for any apps not distributed by apple, but all of Apple's stuff will update automatically.
    • by jericho4.0 (565125) on Monday March 21, 2005 @09:20PM (#12006868)
      The reality is, this article is FUD.

      Update reguarly/automaticly, and keep an eye on an OS X site or two to stay abreast of things, and you'll be fine.

    • As an IT person, you should already know the answer to this ;-)

      Yes, Mac OSX has historically had very few problems with viruses or exploits. However it only takes one ;-) And in my experience when that one hits users/bosses aren't very understanding to "I didn't even realize there was anything to worry about." as an answer from IT about why they weren't protected. If there is a SUPER tight budget, yes you can probably get away without it, but I NEVER would. If for no other reason than to CYA. We only
    • by goombah99 (560566) on Monday March 21, 2005 @09:28PM (#12006945)
      for the past 20 years, having a virus checker was useless on a mac and only served to avoid passing along pc viruses. At one brief point you could get word macro viruses.

      If someone can get root on a mac you can install a root kit. But youhave to get root first. It's not good enough just to get user level or even admin user level. You have to get the admin user to enter their password to elevate to root.

      The ppc played role too as I have read that until last year there was no widely know compact way to exploit a buffer overflow to execute arbitrary code. I beleive that is now solved and published so one might see these cropping up. :-(

      Since the security model is better you dont have problems like active-X waiting to ruin your day, or auto execute on mous-over e-mail subject lines, or registry changes needed to install applications. Or other bonkers stuff.

      But despite all the default security, nothing will stop a determined used from trojaning themselves good and hard. And if they are admin and enter their password your rooted. Nothing will withstand unrestricted physical access either. You can at least ward off limited physical access by using the firmware password but this can be overridden by a determined user.

      and of course there have been security holes and always will be. SSH, quick time, and even JAVA had had security holes. Fortunately no one has manged to exploit these before apple fixed them and given apples default services-off settings and lack of root access, its going to be harder for these things to spread like wild fire.

      on the other hand Macs are very homogenous so once a virus does finally break loose, if it can get in without requiring any services its going to spread quickly.

      • for the past 20 years, having a virus checker was useless on a mac and only served to avoid passing along pc viruses.

        Not true. In the olden days, there were a handful of Mac (Classic Mac OS) viruses. Some of them were even malicious, though those were extremely rare. The only ones I ever personally saw were benign, and easily eradicated by simply rebuilding the desktop file on the infected floppy.

        From 1989 and well into the 90s (possibly even until 1998 when it was discontinued), the most popular Mac antivirus software was Disinfectant, [icsalabs.com] a free utility written and maintained by one guy-- so that should tell you the non-severity of the Mac virus problem even then. The developer threw in the towel when cross-platform Word macro viruses hit the scene and quickly became too numerous to keep up with.

        Since the time of Mac OS 8 or 9 until the present, however, I would agree with your sentiment that the only reason to use Mac antivirus software is as a courtesy to Windows users with whom you exchange files.

        ~Philly
    • by Sycraft-fu (314770) on Monday March 21, 2005 @09:39PM (#12007030)
      At this point I'd say not to worry, there doesn't seem to be much in the way of viruses. The only real function would be to catch Windows viruses so you are an unwitting carrier, but then that can just be done on the Windows systems.

      It sounds like spyware is the problem that is going to be the more immediate concern. Initally, there should be little enough of it that you can just shitlist it, but once the door is open I expect they'll be a flood of it since scammers just never seem to give up.

      The real solution for that is just user education. Teach them not to install crap (I know, easier said than done). Make sure they don't think they are invincible just because they are now on a Mac. A distrubing trend I see with many Mac converts is they believe themselves to be invincible to malware/viruses/exploits/etc. Well that mindset will lead to crap getting on the systems when it comes out.

      So while I'd keep an eye on the OS-X virus situation, I wouldn't worry about software at this point. Worry more about malware and teaching users to stay away from it.
  • by Anonymous Coward on Monday March 21, 2005 @09:02PM (#12006657)
    Mac products out the door again. I guess with Apple projected to take 5% of the market share they decided maybe it would a good idea if they actually started pushing Mac products.
  • by LukaFox (765323) on Monday March 21, 2005 @09:02PM (#12006658)
    Is it really true that the only thing protecting Macs thus far has been their smaller by comparison presence on the Internet? Is there nothing to be said for the inherent security or insecurity of a particular platform? This is the kind of argument that free operating systems get against their security all the time. It'll be interesting to see whether the Mac platform can stand up to increased attacks. If it does, this might help convince people that some platforms really are more secure than others.
    • by Sycraft-fu (314770) on Monday March 21, 2005 @09:44PM (#12007075)
      Yes, obsucrity is absolutly he only reason it hasn't been targeted. Remember malware comes in the front door, not the back one. It either piggybacks on an app you want, or simply is an app you want. Well you can't secure against that, OSes don't know by magic which apps are good and which are bad. If you have permissions to install apps, you can install ones that fuck the system up.

      That's different than exploits, which rely on finding bugs in code. If the code has less bugs and/or less services where one could try to find them, it is more secure.

      However, there's basically nothing you can do about malware other than make scanners for it and try to educate users. Without some kind of trusted computing, signed application deal, there's no way you can make an OS that only allows users to install safe apps, since there's no way to know what is and isn't safe.

      Hell some people don't even care about spyware, they want their dumb little free screensaver or whatever and don't care if it spys on them. You can tell them it's bad and they'll just ignore you.
  • Call me anal.. (Score:3, Informative)

    by Paska (801395) * on Monday March 21, 2005 @09:02PM (#12006663) Homepage
    ..but I already use an Antivirus for my Mac. Mind you I switched over from Windows a little under 1 year ago and since I use these machines for work I really didn't want to risk, even if it's 0.0001% of getting my work machine infected by a virus. All it could take is one sneaky website I visit to infect me, record information and I honestly wouldn't really know - mind you I doubt the Antivirus updaters would know about any Mac virus within 1 week of being lanched.

    And no, I use McAfee [mcafeehttp]. And it's not too bad, but then again I am biased as we bundle McAfee with systems.
    • Hey, I have a product I have developed that stops all known chartreuse buzzards from stealing your cheese if you send me 50 bucks I will letr you use it. (I mean since you are using a product that detects all known viruses on OS X you must be interested in using my product too right?)
  • Portability (Score:5, Funny)

    by khromatikos (839805) on Monday March 21, 2005 @09:02PM (#12006664) Homepage
    That's great!

    Once they have it for OSX it must be fairly easy to port it to FreeBSD. I guess they might have to add a new category in the ports: /usr/ports/malware
  • by wahsapa (767922) on Monday March 21, 2005 @09:03PM (#12006674)
    I have been using Mac's for 8+ years now, I even orderd my Cube on a Dreamcast, and have never had a virus or malware... so you can put me in the "believe it when i see it" catagory.
  • by hereschenes (813329) on Monday March 21, 2005 @09:03PM (#12006679)
    From the article:

    "The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks."

    It's a reason for sure, but the only reason? I think not!
  • How useful (Score:5, Funny)

    by Anonymous Coward on Monday March 21, 2005 @09:05PM (#12006692)
    Symantec Anti-Virus OSX Version 1.0:

    Please upgrade to signature file 032105.sgn, your current version only detects 3 viruses, however the new signature file finds and cleans 5 different viruses.
    • ...finds and cleans 5 different viruses which exploit vulnerabilities that were all patched in the latest point release of OS X 10.2 and 10.3.
  • by Skippy_kangaroo (850507) on Monday March 21, 2005 @09:05PM (#12006699)
    Yes, Symantec have a vested interest up the wazoo for that press release. The interesting thing is, the only virus definitions I have ever seen in their Mac OS X updates are MS Word macro viruses and the like. If there really was a threat it doesn't look like Symantec will be providing the protection.

    Maybe Symantec is trying to draw attention to generate more business for themselves because there certainly haven't been any viruses released yet on OS X that Symantec provides any real protection for - so I wonder, what information could they be basing their statement on? Secret contacts with the hacker community? Certainly nothing public...

    The protection will come from such sexily named files as Security Update 2005-002 and Security Update 2005-003 distributed courtesy of Apple Inc.

  • by Philippe (3665) on Monday March 21, 2005 @09:07PM (#12006721) Homepage
    On MacOSX, most (all?) network services such as ftp, sshd, httpd... are turned off by default. And automatic software update (prompting the user) is on by default. That, coupled with a better security model from the ground up will ensure that the MacOS never becomes the trojan-infected mess that Windows has become.

    Methinks that Symantec is propagating FUD to drum up sales...
  • let's see!!! (Score:4, Insightful)

    by netdur (816698) on Monday March 21, 2005 @09:12PM (#12006773) Homepage
    a small program that
    1) fool web browser to download without user notice
    2) chmod itself ---x--x--x
    3) excute itself!!!

    I don't think that is possible at *nix systems
  • Viruses and Word (Score:4, Insightful)

    by mr.dreadful (758768) on Monday March 21, 2005 @09:13PM (#12006789)
    The only real issue I have with OS X and viruses is with MCSFT Word macro viruses. Its worth having something that can sort those bad boys out because they can be spread to other users. I have one user who is constantly propagating macro-viruses, but I think I found the solution.

    I'm moving him to Apple's Pages software.

    Seems to handle doc files just fine, and no macro issues.
  • FUD. (Score:5, Informative)

    by sakusha (441986) on Monday March 21, 2005 @09:15PM (#12006807)
    There may have been 37 alleged vulnerabilities identified in MacOS X, but there have been ZERO exploits of those vulnerabilities. Apple has often released patches within 48 hours of discovery of a vulnerability.

    At the current time, there are NO known exploits for MacOS X. NONE.
  • by ravenspear (756059) on Monday March 21, 2005 @09:15PM (#12006813)
    Anyone who has been a Mac user for any length of time and has used Symantec products can testify to the horrid filthy mutilated piece of code that is a Symantec product on the Mac.

    This is NOT A TROLL.

    I have seen (and experienced myself) Symantec products CAUSE more problems than they fix (if they are even successful at fixing any) on the Mac platform.

    I pity the poor soul who has no experience with Symantec on the Mac and falls for this pathetic ad piece.
  • Windows is unique (Score:5, Insightful)

    by Sloppy (14984) * on Monday March 21, 2005 @09:20PM (#12006869) Homepage Journal
    The only reason Windows has had mass exploits written for it is the sheer number of connected devices that are present on most networks.
    I gotta call bullshit on that.

    Quite simply, Microsoft's operating systems and applications are unique within the industry -- no, not just the industry, but almost unique in post-1989 history itself -- in the careless way they treat data as code. Nobody else would have deployed ActiveX, or deliberately made executing a mail attachment as easy as clicking on it.

    I can believe MacOS (or any other platform) has its share of bugs that can be exploited, but you just can't find anything as dangerous-by-design as Windows. Windows will always (even as its marketshare fades) be a comparatively unsafe platform, relative to what is normal. It's not just about code quality, it's about amazingly dumb ideas, combined with business practices that resulted in a situation where users' happiness is not a significant market force.

    And of course, there's the obvious counter-example: where are all the BIND and Apache worms? Talk about "sheer number of devices"!

    • code and data (Score:4, Insightful)

      by jesterzog (189797) on Tuesday March 22, 2005 @12:53AM (#12008658) Homepage Journal

      no, not just the industry, but almost unique in post-1989 history itself -- in the careless way they treat data as code.

      I don't disagree with you in general, but could you please clarify what you mean about this more specifically? I realise that separating data and code is a big security thing, but I'm not particularly a security enthusiast beyond what I need to know.

      As far as I'm aware, any system that supports scripting languages, Linux included (consider the number of scripts in your typical /usr/bin directory that'll be executed as root one day) is treating code as data and data as code. Things that are definitely executables can easily be kept protected in memory by an operating system, but not everything's obviously an executable.

      Is the main difference here just that most scripting interpreters don't offer default access to volatile things like pointers, that might let a script get direct memory access?

  • by PepeGSay (847429) on Monday March 21, 2005 @09:20PM (#12006871)
    10 years on the Internet, 24x7 for eight of those years. No antivirus. Not a single infection....

    I do install one copy every few years to verify this personal protest against virus company scare tactics
  • by Anonymous Coward on Monday March 21, 2005 @09:28PM (#12006946)
    Despite many high profile web sites and servers using OS9 for many years, not one database entry in the large BugTraq database documents a remote explloit for Mac OS in the history of the internet.

    Even the US Army used macs exclusively (mostly MacOS 9 until recently) after being rooted rouitinely using unix and MS Windows NT. For many many years www.army.mil has been run on macintoshes exclusively.

    The same is true of many colleges that were rooted and defaced too often on Linux. They installed WebStar and OS 9 and never had to worry again.

    http://uptime.netcraft.com/up/graph/?host=www.ar my .mil

    http://www.google.com/search?q=army+webstar+"os- 9"

    Check it out yourself. This entire post is full of factual citations and 100% facts.

    No mac in the history of the internet hosting a web server has ever been rooted or defaced remotely.

    Why?

    Because not one version of Mac OS has ever had a single exploitable hole ever discovered. (classic mac os now up to version 9.2.2 on currenlty sold g4 towers). OpenBSD has had no less than 5 holes (not one) in the default install in the last two years. Mac OS has had ZERO in over 8 years, even when paired up with its preferred web server app.

    In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac exploited over the internet remotely. Scan it yourself.

    That is why the US Army gave up on MS IIS and got a Mac for a web serve. Currently it is a honeypot for OSX testing, and US Army use regular Mac OS on other internal servers

    This post is not talking about FreeBSD derived MacOS X (which already had a more than a 50 exploits and potential exploits in BugTraq database, and in the news yesterday with Symantec claiming in March 2005 of OSX having remote exploits) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.

    Why is is hack proof? These reasons :

    1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

    2> No Root user. All mac developers know their code is always running at root. Nothing is higher (except undocumented microkernel stufff where you pass Gary Davidian's birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

    3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator. Additionally certain types of compilers can check range on assignments to prevent out of bounds. Furthermore many good programmers ensure that the bounds are not overwritten.

    4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.

    5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing, nor are there lame single 'x' executable bits! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with dat
    • Actually, there was an exploit, once.

      It was some time ago, and I believe it was the result of a "hack the server, get a prize" type contest.

      I'm too lazy to Google it right now but IIRC, the server that was hacked was running the classic Mac OS, WebSTAR, and Lasso, a tool that lets you webify FileMaker databases. There was a vulnerability in Lasso that was used to, per the contest rules, successfully alter the contents of a certain page on the WebSTAR-hosted site.

      The prize was awarded, the vulnerability was quickly fixed, and that's the first, last and only time I have ever heard of any server on a classic Mac OS based machine getting hacked.

      ~Philly
  • by WindBourne (631190) on Monday March 21, 2005 @09:35PM (#12007005) Journal

    and now, Norton and all the rest are looking to Apple and Linux to be insecure.

    While Apple, Linux, BSD, etc. have their security issues, it does not really start to compare with MS. In addition, it is safe to say that an anit-virus is NOT the solution to a Non-MS problem. All of the *nix have various issues, but in the end, the single biggest one is getting an auto updater running for security issues. IOW, the largest threat to MS (Unknowledgable, lazy, or incompatent admins) is also the largest threat to all other systems.

  • by bad_outlook (868902) on Monday March 21, 2005 @09:39PM (#12007033) Homepage
    Use Clam, I run ClamAV [clamav.net] on my linux server, but they have a OS X client (GUI) out now: ClamXav is a free virus checker for Mac OS X. It uses a slightly modified version of the tried, tested, and very popular clamav open source antivirus engine as a back-end.

    http://mac.softpedia.com/get/Antivirus/ClamXav.sht ml [softpedia.com]

    bo

  • by Anonymous Coward on Monday March 21, 2005 @09:40PM (#12007040)
    This whole market share angle is mostly bogus. There is what, about 10 million OS X users? Why hasn't there been a worm (or trojan, anything!) attacking them? Witty has a very successful worm: it hit all 12,000 [schneier.com] vulnerable hosts.

    How can you say 10 million is too small? The population of Canada (where I live) is about 33 million. The installed OS X based is then (about) 1/3 the population of Canada. That's not far from the population of New York city (~15M).

    If a worm [caida.org] can hit only 12,000 hosts like Witty did and be called "successful" (it was basically a 100% infection rate), then surely the OS X population is vulnerable.

    John Gruber has some [daringfireball.net] articles [daringfireball.net] on this.
  • by argent (18001) <peterNO@SPAMslashdot.2006.taronga.com> on Monday March 21, 2005 @09:48PM (#12007111) Homepage Journal
    The only exploit they point to is a rootkit... which is something you install *after* you've exploited the box... there are no active threats that any antivirus software will work aaginst.

    This is like their attempt to talk up a manually-installed program that deleted all your files on the Palm as an exploit, to push their useless PalmOS antivirus. And then their Pocket PC antivirus actually caused people data loss from false alarms.

    Until there's an active threat in the wild, AND it's been analysed and an identifying signature discovered, antivirus software's only result is to make your computer less stable and less reliable because of its deep hooks in the OS.

    This is not to say that the OS is magically perfectly secure, but anything any AV company tells you about ANY platform but Windows, at the moment, should be taken with a sackful of salt.
  • and it kinda sucks. Every now and again (and not when it is scanning) it just takes over all the CPUs attention. So you kill it and then it comes back. So you kill it and then it comes back. So you disable it and this story comes out.

    Looks like this is my fault. Sorry.
  • Malware Schmalware (Score:5, Insightful)

    by jimfrost (58153) * <jimf@frostbytes.com> on Monday March 21, 2005 @10:09PM (#12007316) Homepage
    This is kind of ridiculous. Oh, sure, malware on OS X is possible and perhaps even really growing in numbers. But the problem is not and cannot be anywhere near as severe as Windows because Apple, like all the other UNIX vendors, ships their systems in a (reasonably) secure state by default.

    The malware problem on Windows is not primarily the result of the system's popularity, no matter how many times Microsoft claims that is so. Early attacks on the Internet did not target the most popular system; rather, the most attacks have always targetted the easiest systems to crack. That started out with SunOS and, by the mid-90s, was Linux. (If you think Windows has much better penetration that Linux today, just think how much more lopsided the numbers were in 1995-2000 when Linux was the most popular target.) These days Windows systems are easiest by far because at this point they are the only systems which ship without basic filesystem protections (now that it finally has a halfway decent firewall, a mere five years after everyone else).

    If Windows had basic filesystem protection enabled by default on all critical filesystem areas, mandated nonprivileged user accounts, and an installer that required a password, suddenly Windows wouldn't get infected every time you sneezed in its general direction.

    Maybe the future will prove me wrong but I will be very surprised to find OS X malware become a serious problem no matter how popular the OS gets. I don't suspect that its users are any smarter, but the barriers are a lot higher.

  • WOW (Score:4, Funny)

    by electricdream (413007) <altjeringa.gmail@com> on Monday March 21, 2005 @10:13PM (#12007361) Homepage
    This is such a deep insightful article! Do I understand it correctly? Here's what I think it says:

    A virus proctection and half-ass security company says that as the marketshare of one of the platforms it supports increases so should sales for the products it creates for that platform.

    Did I get that correct?
  • by jht (5006) on Monday March 21, 2005 @10:47PM (#12007647) Homepage Journal
    Yes, a major reason it's safer is because OS X isn't targeted often due to the low market presence. But it's also a matter of effort versus payoff. By default, MacOS X has a much smaller attack surface than Windows, and even compared to most "stock" Linux distros. Virtually all server services are turned off by default on the Mac. Root is disabled. So to find a vulnerability and attack it takes a lot of effort, and then if you do so there are fewer Macs to take advantage of. So why not target Windows - it's easier!

    I do know of people who've had their MacOS X systems compromised - but only among MacOS X Server users who've turned on services without knowing the implications, and then running them without the benefit of a firewall (because "everyone knows Macs are secure". Through bad setup and misconfiguration it's pretty easy to turn a server into "just another Unix box" that's just as vulnerable as any unpatched Linux server.

    But that's not the default, and that's not how the client works. Hence at this time, Symantec is just blowing smoke and wondering why they don't sell any copies of NAV and Systemworks for Mac anymore.

The universe does not have laws -- it has habits, and habits can be broken.

Working...