Interesting report on Mac OSX Leopard trojan.
http://www.wired.com/politics/security/news/2007/11/mac_trojan
Let the fun begin!
Ewen 
Well one must consider, Apple only advertised that there were less malwares out there for OS X, they never said it was immune to it 
Anyways this was predictable and unavoidable as Appleâs market share grew
Iâd like to see their new âIâm a Mac, and Iâm a PCâ ad now
and on the iPhone (while not a trojan, itâs a doozy of a vulnerability!!)
http://www.wired.com/politics/security/news/2007/10/iphone_windows
Yep, just what I need, somebody listening in on my phone conversations ;D
Great job Apple (:CLP)
the article about a Mac being a new WinME says malware does not target any OS vulnerability, but the dumb user it canât install itself silently, and that proves mac is still far more secure than Windows :BNC
Iâd back a dumb user against a smart OS any day!
To find out if something is fool-proof, add a fool. They will do things that you or I couldnât even contemplate.
well thatâs bullsh-t! if i use Windows/Mac/Linux, download something i shouldnât, launch it, press allow everywhere, enter an administrator password and get myself infected - is it OS to blame? or maybe flawed firewall, that allowed me to do something I told it to allow? or maybe inefficient Anti-Virus/Anti-Spyware software, which i accidentally forgot to install? i do NOT think so firewall is not an AV software, it cannot determine whether pending action is safe. Itâs like heuristics - it checks SUSPICIOUS actions, but the decision is left to the user. And if the computer is full of security software (properly configured of course) or simply runs Mac/Linux (UNIX-like, therefore based on something developed with network and security in mind) and still gets infected - 99% to the user being an ass (1% goes to software vulnerabilities).
LOL. You missed my point entrirely. The Mac OS is inherently secure - far more so that Windows - you wonât get an argument from me on that one. All I was saying was that a dumb user can trash the smartest system and dumb users can and do trash smart Macs and smart Lunix boxes and smart Sun boxes and ultra smart SGI boxes and trying-to-be-smart Windows boxes.
Systems are designed from a logical viewpoint. Security operates from a worst case perspective. Dumb users live in left field and drag everything out there with them. They do things that sane designers couldnât dream of, and therefore couldnât cater for. The designers and engineers try, but there is no limit on the extent of human stupidity.
Cheers,
Ewen
I know that, iâm just frustrated about the article and all that âIâm a Mac, Iâm a PCâ ironic stuff :-)) as if Mac OS X finally has a major security breach
A friend and i were debating about this awhile ago and i remember him making an excellent point about why windows seems so âvulnerableâ and Macs and Linux machines are so much âsaferâ⌠But the point he had was Windows OS is the #1 OS itâs sold on the Majority of computers so of course hackers and everyone else is going to attack it to affect more people. And like the article says âThe next two years will be interestingâ Looks like MACS will need comodo soon
the real reason is rights management :-)) almost everyone runs Windows within the administrator account, but only a complete idiot can do everyday work under root :-))) therefore a virus gets inside the system - and what can it do? :-)) change wallpaper? :-))) it doesnât have required priveleges to do some harm :-))
Mac may be inherently more secure than Windows but the IPhone is not:
It wasn't long after Apple released the iPhone in June that researchers discovered that every application on the device -- from the calculator on up -- runs as "root," i.e., with full system privileges. [...]âAs long as everything runs as root, there are going to be bugs and people are going to find them (to take over the device),â says Charlie Miller, principal security analyst for Independent Security Evaluators, who, with colleagues, discovered the first reported bug with the iPhone earlier this year. The bug, found in its Safari browser, would have allowed hackers to take control of a phone. The researchers criticized Apple in their paper (.pdf) for designing iPhone applications to run as root.
Although Apple issued a fix for the Safari vulnerability in July, the company never responded to criticism about the root problem with its phones. Apple also didnât respond to calls from Wired News for this story. [âŚ]
Computer security professionals call the iPhone design flaw a fundamental mistake, and say that Apple should have known better.
âThe principle of âleast privilegeâ is a fundamental security principle,â says Geer. âBest practices say that if you need minimal authority to do (something on a system), then you donât need to have more authority than that to get it done.â
Microsoft has been roundly criticized for years for releasing early versions of its Windows operating system with administrative privileges automatically enabled. [âŚ]
" I guess Apple hadnât learned those lessons and is now going to learn them the hard way," says Geer.
Miller says that Apple will need to redesign the entire firmware to fix the problem â which would require owners to install a pretty hefty update.
âIf you start from the beginning with security in mind and you design your product thinking about security as you go, itâs not really any harder to design a secure product than an insecure product,â he says. âOnce youâve already got it out in everyoneâs hands, itâs a little harder to go back and add security. And thatâs really what they need to do at this point.â
Itâs not really understandable, Apple promoted the IPhone because its powerful features, and then designed it fundamentally flawed because it was just a gadget after all not a computer. WTH? They really should have known better, but specially after all fingers had been pointed at Windows for years and the lesson was starting to get learned even at Microsoft.
Anyway regarding OSX, letâs not let this degenerate into a discussion about OSes, let alone fanboy yelling. The statement is that Mac is going to start being attacked, and for profit and en masse. Do you think so, how many problems will (average, not knowledgeable) users experiment, what security software will appear for Mac, etcetera?
:THNK
[offtopic] well i ainât no Mac fanboy actually :-)))) in fact iâve never had a Mac, my machine has had Windows on it for a long time, some experiments with Linux distros but thatâs about it - i am a heavy Windows user. The only Apple thing i have is old 20GB iPod (and i hate iTunes).
as for the iPhone - yes, itâs a gadget, still no excuse for such silly security flaws as running everything as root.
AFAIK there IS some security software for Mac - antivirus or something like that⌠Also Macâs got the same security software, same firewalls, user actions control⌠itâs just built-in.
I wasnât implying that any of the posters were fanboys, it was just a preemptive measure: OS and browser discussions always degenerate into yet another âwhich one is betterâ thread, and what is worse many people take it too seriously. And of course nothing yet posted qualifies close to yelling, sorry for not being clear enough and thanks for not taking offence, again it was preemptive. Mea culpa.
Thereâs also some security software for Linux, although very few people use it because of the sense of safety. If enough people start to use Linux some day, I bet that P2P files will start to swarm with trojan Linux rootkits. I guess itâs the same for Mac.
well yes, the more âmassâ is the software - the more âh4x0rsâ inspect the software, therefore increasing chances of finding a vulnerability critical enough to compromise the security of the whole system. i am sure there already are some proof-of-concept rootkits/trojans/malware targetting these OSes, but since theyâre not so popular⌠In case of OSX - like i said that Mac trojan targets a dumb user, not an OS vulnerability. So the more popular OSX/Linux/BSD/whatever is - the more dumb users are on the net using the OSX/Linux/BSD/whatever box and the more the so-called secure OS is compromised by itâs own user. Of course apart from security vulnerabilities in OS or software like OpenOffice, Firefox or whatever.
btw i like reading âholy warsâ - sometimes, apart from âyou suck and your OS sucksâ you can find very interesting information
Yep not only objective information is useful. Most times youâve got to make do with various points of view to try and build your own knowledge critically (talking about the news⌠:P). Most people who think theyâre informed by infallible sources are most times deluded IMO. Precisely from a link posted at some holy wars at another forum, I found this:
These things already exist to some extent, only that theyâre not being developed and used en masse for profit. Also:
Macintosh platform vulnerability discovery rates have increased by 228 percent in the past three years alone, from 45 found in 2003 to 143 in 2005.âMany believe that using an Apple operating system is a form of security in itself, believing that they are far less susceptible to malware than Windows users,â said Stuart McClure, senior vice president, global threats at McAfee. âAnd while the threats targeting the Mac operating system are low in volume, the use of Apple products does not provide an invisibility cloak from malware, and users need to be more vigilant about security as adoption rates soar and attacks on Apple operating systems increase.â
http://www.mcafee.com/us/about/press/corporate/2006/20060505_12524_u.html
http://www.mcafee.com/us/small/products/anti_virus/file_servers_desktops/virex.html
in other words, OS X may be secure, OpenOffice (or whatever other software) may be vulnerableâŚ
Theyâre an interesting read alright. Myself, I really donât care about the O/S Iâm using (Win, OSX or *nix or whatever), I get paid to do work and as long as I can do my work, I donât care about the underlying O/S. They all have quirks, flaws and foibles - build a bridge and get over it.
Ewen
itâs better to combine the power of all three platforms than using only one Windows always have been a good target to attack (hopefully, Vista will change that) since it had no built-in security software apart from simple hashing of account passwords⌠and therefore, if we have a lot of people who donât know or donât care about the security - plus the enormous popularity of Windows systems and especially Microsoft Office - this makes it ideal target to attack (itâs what the original topic and article was about - a Mac being a new Win98).
/i just donât know that much about difference between Linux and BSD so i count them as one, excuse me if iâm wrong