“When the SANS Institute, a computer-security training organization, released its Top-20 vulnerabilities last week, the rankings continued an annual ritual aimed at highlighting the worst flaws for network administrators. This year, the list had something different, however: The group flagged the collective vulnerabilities in Apple Computer’s Mac OS X operating system as a major threat,” Robert Lemos writes for SecurityFocus.
“It’s the first time that the SANS Institute called out an entire operating system for its vulnerabilities. While the move has raised questions about the value of such a general warning, highlighting recent vulnerabilities in Mac OS X was intended as a wake up call, said Rohit Dhamankar, security architect for TippingPoint, a subsidiary of networking firm 3Com, and the editor for the SANS Top-20 vulnerability list,” Lemos writes. “‘We are not pointing at the entire Mac OS X and saying you have to worry about the entire operating system,’ he said. ‘It is just that the Mac OS X is not entirely free of troubles.'”
Lemos writes, “The naming of Apple’s Mac OS X to the list is the latest warning from security experts to users that Apple’s operating system is not immune to threats. In its last two bi-annual reports, security firm Symantec has warned Apple users that the perceived security strengths of Mac OS X will not withstand determined attackers, especially with mounting vulnerabilities and at least one known rootkit tailored to the system. (Symantec is the owner of SecurityFocus.)”
“Such warnings, however, have to contend with the Mac OS X’s impressive lack of major security incidents. While users of Microsoft Windows have to worry about the latest viruses, Trojan horse programs, spyware and phishing attacks, users of Apple’s systems have significantly fewer threats about which to be concerned,” Lemos writes.
Full article here.
Advertisements:
The New iMac G5 – Built-in camera and remote control. From $1299. Free shipping.
Apple USB Modem. Easily connect to the Internet using your dial-up service. $49.00.
New from Apple: Aperture. Designed for pro photographers. Order your copy today. Free shipping.
Poppycock and Balderdash aren’t just a nice snack and a fun game anymore. What’s next, is the SANS Institute going to warn Madonna that a Best Actress Oscar is coming her way? Sheesh. Forgive us for not quaking in fear, but we’re not rushing to buy Symantec’s Norton AntiVirus 10.0 for Macintosh.
No operating system is invulnerable, but users of Mac OS X are so much safer than users of Windows, it’s impossible to overstate the discrepancy. Don’t run Mac OS X as root and don’t authorize applications that you don’t understand or trust. Use Software Update to keep your Mac up to date. Turn on your Mac OS X Firewall (System Preferences>Sharing>Firewall) if you wish. Run AntiVirus apps to screen out Windows viruses, so you don’t pass them on to Windows sufferers, if you’re feeling like a magnanimous network citizen.
Zero Mac OS X viruses, spyware or other malware, for five years and counting, and we’re running the one OS deemed a “major security threat” by the SANS Institute? Whatever.
Related MacDailyNews articles:
Apple releases Security Update 2005-009 for Mac OS X – November 29, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
NY Times’ Pogue: Apple’s iMac G5 with sleek, virus-free, spyware-free OS earns place in living room – October 19, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec: 10,866 new Microsoft Windows virus and worm variants in first half 2005 – September 19, 2005
How to avoid viruses and malware? Dump your Windows PC and get an Apple Macintosh – August 22, 2005
Do Apple Mac OS X users need antivirus software? – August 22, 2005
ZDNet: How many Mac OS X users affected by the last 100 viruses? None, zero, not one, not ever – August 18, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Intel CEO Otellini: If you want security now, buy a Macintosh instead of a Wintel PC – May 25, 2005
There are no viruses for Apple’s Mac OS X – May 13, 2005
Apple touts Mac OS X security advantages over Windows – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Apple’s Mac OS X is virus-free – March 18, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Somehow i don’t think i’ll lose any sleep over this
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
The wording of their report is ambiguous at best. They do not address specific architecture problems or holes that someone could get through.
Something really wrong about this report.
MDNW Problems. How do they do that?
Can’t we just ignore the SANS institute and their feeble attempts to get noticed? Then they might go away.
<i>…and at least one known rootkit tailored to the system.<i>
Which one?
We have a much better chance of getting bird flu.
Their name itself stands for something: “sans”…
SANS report … sans substance.
Check out – Apple has just released a security patch today.
http://docs.info.apple.com/article.html?artnum=302847
I posted my IP address over at TMO’s forum after they ran this same article, and invited SANS or anyone else to give it their best shot. (But I asked NOT to just do a piddly DOS attack, but do something real.)
Dayyummm
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Never knew there were THAT many people who wouldn’t play fair. Got pinged up the ying-yang, so much so that my bandwidth started to suffer. So I changed IP #. I would’ve given em a chance but not if they’re just gonna choke my ISP with pings.
MW = ideas, as in “Have I got any other bright ideas for today?”
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Hey SANS…Call use when a real world (not theoretical) Mac is actually impacted by malware and then we’ll take you seriously. Good day…
ugh….morons
I think we can all agree that OS X is the safest operating system by far, sans the SANS comment. At this present moment and probably for a very, very long time, I don’t think I need to worry.
If there was an entire OS that should be on the top 20 list of vulnerabilities, OS X is definately not it. Try looking a little more north, say Redmond?
Much ado about nothing. In other news, researchers claimed that human beings are at risk for contracting viruses from space aliens.
hmm. I wonder what specifically the institute noted…I didn’t know how vulnerable I was. I might just run out and get Windows XP … you know they have most of those pesty kinks out now…
In seriousness, I think it brings up a good point that as users of OS X we’re not completely immune to the smutty world of internet scams/viruses but I too will not lose any sleep over this…
Using OS X right now, with no worries
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
BTW, I’m ripping The Goonies using Handbrake to put on my iPod, you gotta love Apple!
MW: able
SANS, isn’t that French for “without” or “excluding” as in Sans intelligence.
pardon my French.
They just felt sorry for Apple -and Mac users- that they were missing out and feeling lonely.
We’re just fine. That whole industry can colapse in on itself – and the world will be more productive – everyone would have to switch to OSX..
FFFFFFFFFFF U U DDDDDDDD !!!!
FF UU UU DD DD !!!
FF UU UU DD DD !!!
FF UU UU DD DD !!!
FFFFFFFFF UU UU DD DD !!
FF UU UU DD DD !!
FF UU UU DD DD !!
FF UU UU DD DD
FF UUUUUUU DDDDDDDD !!!!
sans common sense or ethics.
They’re either fsking idiots or they’re on the M$ payroll. If ever an OS needed to be “flagged” en masse it would be windows.
Never say bad stuff about our OS!!!!
Creepy dudes that are obviously paid off by Microsoft!
And then the next MDN post is:
“Apple today released Security Update 2005-009 via Software Update which delivers a number of security enhancements….”
Just think how much advertising MDN could get if there were viri for Macs!!!!
Holy Megapopups!
…as I am currently enrolled in a SANS course, I find this disappointing at best.
by the article logic of “the OS is made of many parts and if you don’t run all the latest patches, then you could be vulnerable”, then there should be equivalent entries on their list for:
Windows 95 OS
Windows NT OS
Windows 98 OS
Windows XP OS, etc
Mac OS 9
VMS
MVS
Sun Solaris
Linux OS
DOS
CPM
Amiga
etc
etc
on the bright side, since OS X made the top 20 list, does this mean it has more than 5% market share?
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
If that is all they can come up with I won’t be taking that company very seriously in the future.
If your read the article they really take Microsoft to task. Windows is 5 of the two vulnerabilites. Cross platform apps ar 10 of the 20. Unix, including OS X, is 2 of the twenty
The OS X vulnerabilities they cite are generally UNIX wide vulnerabilities.
Read the article!
MW – likely, as in in is likely that some of the posters here did not read the article
Just remember – Norton Antivirus for Mac won’t actually do anything but slow your computer down until the first OS X virus is discovered.
If you are going to run AV, try out ClamXAV because its free and open source. It won’t find any OS X viruses either, but it might help you from passing on some Windows viruses.
Oooops…
MS is 5 of the 20 vulnerabilities.
The ghost of my grade school english teacher haunting me with the “spell out all numbers less than twenty” dictum vs. my finger’s inability to spell.
MW = Really!