“Google has revealed a critical bug in Microsoft Windows software that could give hackers full control of your computer,” Sara Ashley O’Brien reports for CNN.
MacDailyNews Take: Not our computers. We don’t use crap.
“The search giant’s security team discovered ‘zero day’ bugs in Adobe and Microsoft software,” O’Brien reports. “‘The bug could be used as part of a larger attack to take control of the entire system,’ security researcher Katie Moussouris, CEO of Luta Security, told CNNMoney.”
“Adobe addressed the bug with an update to its Adobe Flash Player on October 26, five days after it was first notified by Google. Microsoft, however, had yet to issue a fix, so Google went public with the bug on Monday,” O’Brien reports. “Google says the Microsoft flaw still exists and can be ‘actively exploited.'”
Read more in the full article here.
MacDailyNews Take: Windows. Same as it ever was.
SEE ALSO:
The debate is over: IBM confirms that Apple Macs are $535 less expensive than Windows PCs – October 20, 2016
USB Kill 2.0 can destroy any Windows PC in seconds, Apple Macintosh unaffected – September 12, 2016
Microsoft’s Windows 10 Anniversary Update freezes systems, breaks millions of webcams – August 20, 2016
Never a week goes by where I am cleaning a Trojan horse from some poor students mac, once it was a full blow warez distributing IRC bot.
Windows is fine, OSX is fine.
Users are not fine.
You can’t teach stupid, that’s not apple’s fault. If they have their security settings correctly configured and don’t just randomly enter their admin password, Trojans don’t happen. The fact remains that there are no self proppogating viruses for OSX or iOS, don’t try the false equivalency nonsense.
Windows is not fine, the fact that it still has legacy code from 1983 in there and security holes that still exist from Windows 95 is a major problem.
Indeed! See my post below about the AtomBombing attack that affects ALL ( A L L ) versions of Windows. All.
I haven’t seen an actual virus for Windows in the Wild in ages either. Almost every vulnerability discovered now, Mac or Windows, is of the flaw in software type. They typically require the user’s cooperation, and they almost always require the user be privileged. This is why it’s a good idea not to run with privileges generally. Run in standard mode, and if you find you need privileges, then give the system an administrator username and password. Otherwise you seldom need privs.
Also remember that Voice of Reason is about as bright as a small appliance bulb. Trojans do happen. Each time you see a fake Flash install, its a trojan, for instance. Most attacks by far come from the web. The most common exploits are adware, and other crap that screws up browsers, DNS, browser toolbars from hell, forcing people onto different search engines, etc. etc.
Regarding proper security settings… Last week I was conferring with some colleagues about a fake Flash installer (among several) called “SilverInstaller”. It installed crapware considered to be PUA/PUP (Potentially Unwanted Applications/Programs). Before it was stopped, it was using a LEGITIMATE Apple developer security certificate. We’re still trying to sort out whether the certificate was stolen or the developer was so stupid as to foist malware on unwitting victims. Apple has been silent about it.
There have been more distinct known vulnerabilities published for OS X in 2016 for than Windows. The difference is that the vulnerabilities are seldom exploited, i.e. turned into full fledged attacks in the wild. The only possible reason this is true is that it’s just not worth it to hackers. Security through obscurity.
The numbers I recall are approximately 222 for MacOS 131 for Windows 10, 102 For Windows 7.
The highest number of 2016 vulnerabilities is Android well over 450.
Apple has improved greatly since 2015 where OS X led the list at over 380 something, and surprisingly iOS was #2 at 375.
Schools are the most difficult environments to secure. Hopefully none of your students run in privileged mode Frankenstein!
While this is enough to convince me to not take security for granted on the Mac, I have not taken this data and done a formal analysis on the average severity of a Mac vulnerability vs a Windows vulnerability and how often access to the system is obtained for instance.
Not all vulnerabilities are equivalent.
The worst security flaw in computing systems consistently turns out to be the USER. On Mac OS X, almost all malware have been Trojan horses. There have been around 125 of them so far. A couple of them have resulted in botnets of hundreds of thousands of Macs.
Thankfully, as of Snow Leopard, Apple has been vigilantly disposing of malware Trojans by way of their embedded XProtect system.
The term I learned to use regarding computer users who can’t help but invite in malware is: lusers. Social engineering has been remarkably successful. It’s simply an extension of the old concepts of propaganda and confidence tricks. There’s a luser born every minute. I personally call it the Luser Syndrome.
Sadly, we may all be susceptible, depending upon the circumstances.
OK, hit me. But… The Republican party certainly proved themselves to be lusers by inexplicably allowing the Trump Trojan to…
Not a flaw, a standard Windows feature for years. (Though usually caused by PICNIC.)
I miss those commercials; it seems so long ago.
That is one of my favorites. I love how they found the retro outfits all the way back to those flip-up sunglasses. Such a simple, but effective message: “trust me”.
Some idiots are pondering giving up their MacBook Pros for this.
Well doesnt that show just how bad Apple is handling things that people are prepared to jump to Windows in spite of that.
Pft! This may be a pesky Windows zero day exploit. But it’s nothing next to this bomb shell:
Windows Atom Tables popped by security researchers
You can’t duck and cover from AtomBombing
Wonderful: a security researcher has found a way to abuse the system-level Atom Tables in Windows – all versions of Windows, through to Win 10.
Atom Tables are defined by the system to store strings with an identifier to access them; they can be global (like the tables that pass data via DDE between applications), or local (for use by a single application)….
In its “AtomBombing” attack, an attacker “can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table. We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.”
An average day in Redmond.