OSX is the new ME

Interesting report on Mac OSX Leopard trojan.


Let the fun begin!

Ewen :slight_smile:

Well one must consider, Apple only advertised that there were less malwares out there for OS X, they never said it was immune to it :wink:

Anyways this was predictable and unavoidable as Apple’s market share grew :wink:

I’d like to see their new “I’m a Mac, and I’m a PC” ad now :slight_smile:

and on the iPhone (while not a trojan, it’s a doozy of a vulnerability!!)


and again …


Yep, just what I need, somebody listening in on my phone conversations ;D

Great job Apple (:CLP)

the article about a Mac being a new WinME says malware does not target any OS vulnerability, but the dumb user :slight_smile: it can’t install itself silently, and that proves mac is still far more secure than Windows :slight_smile: :BNC

I’d back a dumb user against a smart OS any day!
To find out if something is fool-proof, add a fool. They will do things that you or I couldn’t even contemplate. :wink:

well that’s bullsh-t! if i use Windows/Mac/Linux, download something i shouldn’t, launch it, press allow everywhere, enter an administrator password and get myself infected - is it OS to blame? or maybe flawed firewall, that allowed me to do something I told it to allow? or maybe inefficient Anti-Virus/Anti-Spyware software, which i accidentally forgot to install? i do NOT think so :slight_smile: firewall is not an AV software, it cannot determine whether pending action is safe. It’s like heuristics - it checks SUSPICIOUS actions, but the decision is left to the user. And if the computer is full of security software (properly configured of course) or simply runs Mac/Linux (UNIX-like, therefore based on something developed with network and security in mind) and still gets infected - 99% to the user being an ass (1% goes to software vulnerabilities).

LOL. You missed my point entrirely. The Mac OS is inherently secure - far more so that Windows - you won’t get an argument from me on that one. All I was saying was that a dumb user can trash the smartest system and dumb users can and do trash smart Macs and smart Lunix boxes and smart Sun boxes and ultra smart SGI boxes and trying-to-be-smart Windows boxes.

Systems are designed from a logical viewpoint. Security operates from a worst case perspective. Dumb users live in left field and drag everything out there with them. They do things that sane designers couldn’t dream of, and therefore couldn’t cater for. The designers and engineers try, but there is no limit on the extent of human stupidity.

Ewen :slight_smile:

I know that, i’m just frustrated about the article :slight_smile: and all that “I’m a Mac, I’m a PC” ironic stuff :-)) as if Mac OS X finally has a major security breach :slight_smile:

A friend and i were debating about this awhile ago and i remember him making an excellent point about why windows seems so “vulnerable” and Macs and Linux machines are so much “safer”… But the point he had was Windows OS is the #1 OS it’s sold on the Majority of computers so of course hackers and everyone else is going to attack it to affect more people. And like the article says “The next two years will be interesting” Looks like MACS will need comodo soon :wink:

the real reason is rights management :-)) almost everyone runs Windows within the administrator account, but only a complete idiot can do everyday work under root :-))) therefore a virus gets inside the system - and what can it do? :-)) change wallpaper? :-))) it doesn’t have required priveleges to do some harm :-))

Mac may be inherently more secure than Windows but the IPhone is not:

It wasn't long after Apple released the iPhone in June that researchers discovered that every application on the device -- from the calculator on up -- runs as "root," i.e., with full system privileges. [...]

“As long as everything runs as root, there are going to be bugs and people are going to find them (to take over the device),” says Charlie Miller, principal security analyst for Independent Security Evaluators, who, with colleagues, discovered the first reported bug with the iPhone earlier this year. The bug, found in its Safari browser, would have allowed hackers to take control of a phone. The researchers criticized Apple in their paper (.pdf) for designing iPhone applications to run as root.

Although Apple issued a fix for the Safari vulnerability in July, the company never responded to criticism about the root problem with its phones. Apple also didn’t respond to calls from Wired News for this story. […]

Computer security professionals call the iPhone design flaw a fundamental mistake, and say that Apple should have known better.

“The principle of ‘least privilege’ is a fundamental security principle,” says Geer. “Best practices say that if you need minimal authority to do (something on a system), then you don’t need to have more authority than that to get it done.”

Microsoft has been roundly criticized for years for releasing early versions of its Windows operating system with administrative privileges automatically enabled. […]

" I guess Apple hadn’t learned those lessons and is now going to learn them the hard way," says Geer.

Miller says that Apple will need to redesign the entire firmware to fix the problem – which would require owners to install a pretty hefty update.

“If you start from the beginning with security in mind and you design your product thinking about security as you go, it’s not really any harder to design a secure product than an insecure product,” he says. “Once you’ve already got it out in everyone’s hands, it’s a little harder to go back and add security. And that’s really what they need to do at this point.”

It’s not really understandable, Apple promoted the IPhone because its powerful features, and then designed it fundamentally flawed because it was just a gadget after all not a computer. WTH? They really should have known better, but specially after all fingers had been pointed at Windows for years and the lesson was starting to get learned even at Microsoft.

Anyway regarding OSX, let’s not let this degenerate into a discussion about OSes, let alone fanboy yelling. The statement is that Mac is going to start being attacked, and for profit and en masse. Do you think so, how many problems will (average, not knowledgeable) users experiment, what security software will appear for Mac, etcetera?

[offtopic] well i ain’t no Mac fanboy actually :-)))) in fact i’ve never had a Mac, my machine has had Windows on it for a long time, some experiments with Linux distros but that’s about it - i am a heavy Windows user. The only Apple thing i have is old 20GB iPod (and i hate iTunes).

as for the iPhone - yes, it’s a gadget, still no excuse for such silly security flaws as running everything as root.

AFAIK there IS some security software for Mac - antivirus or something like that… Also Mac’s got the same security software, same firewalls, user actions control… it’s just built-in.

I wasn’t implying that any of the posters were fanboys, it was just a preemptive measure: OS and browser discussions always degenerate into yet another “which one is better” thread, and what is worse many people take it too seriously. And of course nothing yet posted qualifies close to yelling, sorry for not being clear enough and thanks for not taking offence, again it was preemptive. :slight_smile: Mea culpa.

There’s also some security software for Linux, although very few people use it because of the sense of safety. If enough people start to use Linux some day, I bet that P2P files will start to swarm with trojan Linux rootkits. I guess it’s the same for Mac.

well yes, the more “mass” is the software - the more “h4x0rs” inspect the software, therefore increasing chances of finding a vulnerability critical enough to compromise the security of the whole system. i am sure there already are some proof-of-concept rootkits/trojans/malware targetting these OSes, but since they’re not so popular… In case of OSX - like i said that Mac trojan targets a dumb user, not an OS vulnerability. So the more popular OSX/Linux/BSD/whatever is - the more dumb users are on the net using the OSX/Linux/BSD/whatever box and the more the so-called secure OS is compromised by it’s own user. Of course apart from security vulnerabilities in OS or software like OpenOffice, Firefox or whatever.

btw i like reading “holy wars” - sometimes, apart from “you suck and your OS sucks” you can find very interesting information :slight_smile:

Yep not only objective information is useful. Most times you’ve got to make do with various points of view to try and build your own knowledge critically (talking about the news… :P). Most people who think they’re informed by infallible sources are most times deluded IMO. Precisely from a link posted at some holy wars at another forum, I found this:


These things already exist to some extent, only that they’re not being developed and used en masse for profit. Also:

Macintosh platform vulnerability discovery rates have increased by 228 percent in the past three years alone, from 45 found in 2003 to 143 in 2005.

“Many believe that using an Apple operating system is a form of security in itself, believing that they are far less susceptible to malware than Windows users,” said Stuart McClure, senior vice president, global threats at McAfee. “And while the threats targeting the Mac operating system are low in volume, the use of Apple products does not provide an invisibility cloak from malware, and users need to be more vigilant about security as adoption rates soar and attacks on Apple operating systems increase.”



in other words, OS X may be secure, OpenOffice (or whatever other software) may be vulnerable…

They’re an interesting read alright. Myself, I really don’t care about the O/S I’m using (Win, OSX or *nix or whatever), I get paid to do work and as long as I can do my work, I don’t care about the underlying O/S. They all have quirks, flaws and foibles - build a bridge and get over it. :wink:

Ewen :slight_smile:

it’s better to combine the power of all three platforms than using only one :slight_smile: Windows always have been a good target to attack (hopefully, Vista will change that) since it had no built-in security software apart from simple hashing of account passwords… and therefore, if we have a lot of people who don’t know or don’t care about the security - plus the enormous popularity of Windows systems and especially Microsoft Office - this makes it ideal target to attack (it’s what the original topic and article was about - a Mac being a new Win98).

/i just don’t know that much about difference between Linux and BSD so i count them as one, excuse me if i’m wrong