MacDailyNews - Where Mac news comes first

DUH!

Is there anybody still doubting it?

The record speaks for itself.

Feb 03, 10 - 02:11 pm Comment from: ElderNorm

Read the original article.... and more importantly, the comments following it.

Such lame Windows users just plain deserve to be infected. Young kids that glance at pc blog headlines and think they are now pc experts. Its sad, but then when their kids grow up in their PC infected world, its only natural.

:-(

Just a thought,
en

This is news!

How can anyone argue this point...

btw Where the Hell is my iLife '10?!?

I agree with the article, but I doubt there will ever be even a majority of Doze users that believe it. We'll never convince 90% of people that they are not good looking, they are not the best thing the opposite sex has ever seen (or the same sex as the case may be), or that they are not good drivers.

So why should anyone expect to change the 90% of computer users who use Doze that it is not as secure as OS X?

...and in other obvious news...green is not purple.

Feb 03, 10 - 03:36 pm Comment from: G4Dualie

Steve Jack glosses over phishing for which WIndows and Mac users are equally susceptible and which is just as destructive as any virus.

He also fails to mention that Macs are enablers who pass on virus-laden emails to Windows users, which only reinforces the problem.

Also, if Mac users are using Bootcamp or virtualization to run Windows, then they should be just as vigilant as any seasoned Windows user. If fact, it would be unwise to ignore any discussion of viruses regardless of platform. The enemy of my enemy is not my friend!

I recommend all Mac users running Windows software to invest in decent antivirus software, because any Mac user who thinks that just because they're running Windows on their Mac, they aren't susceptible to viruses are sadly mistaken.

I would also recommend that Mac users use an ISP that processes all their email through antivirus software before its delivered to you. I receive notices frequently about emails that have been quarantined by my ISP.

To avoid phishing expeditions and Root kits, I use Little Snitch. The Mac's firewall, as well as my router's firewall, are good for incoming requests and Pings, but there is nothing in Mac OS X that scrutinizes outgoing data.

I mean let's face it, were human, and are susceptible to phishing attacks but without a product like Little Snitch, how would you know if someone has p0wned your Mac?

Viruses are the least of my worries because the of the way Macs are set up, but, I can't always trust myself not to fall victim to resourceful phishermen.

In fact, if I'm not mistaken, Safari won't alert you if you encounter a website that is attempting to take advantage of you, whereas Firefox and Opera will.

I know viruses are an afterthought for Mac users but, we can't afford to pretend were safe.

Feb 03, 10 - 03:40 pm Comment from: G4Dualie

I should have stated also that I am aware that antivirus software won't protect you from the newest viruses, only known viruses. So for all the good it does, not even AV software can keep you 100% safe, but good AV software can alert you to suspicious activity and even isolate a suspected virus.

Feb 03, 10 - 03:54 pm Comment from: dd

Here we go again...

Going by the "logic" of the Inquirer, North Philly is safer than Blue Bell, PA because homes in North Philly have extra deadbolts on the doors and bars on the windows. See? Extra security means safer living. Anyone who has ever lived in, or around, Philly can understand my statement.

Must be a good press week for security folks or something...interesting security perspectives here for anyone interested and not drowning in Cupertino Kool-Aid:

http://news.cnet.com/8301-27080_3-10444561-245.html

Good quote from one of the panel:

"Robert G. Ferrell, information systems security specialist at the U.S. Dept. of Defense: "Is it more dangerous to take off from a terrorist-infested airport, or land at one? Flippancy aside, I just don't think this question (Mac or PC) has any real meaning today. Far more relevant to me are the browser and e-mail clients a consumer is using, irrespective of the operating system or hardware platform. Even more critical from a safety standpoint is the level of security awareness exhibited by that consumer. If you haphazardly visit every link and download every file sent to you in e-mail or posted to your social-networking pages, sooner or later you're going to get nailed. Period. Platforms are passe. Apps are where it's at." "

He's right.

I could not agree more with Steve Jack.

To g4duality and anybody who would like to be protected from phishing, I introduce to you "OpenDNS". check it out. I know it's working for me!

It's safe to say that OpenDNS.org will help.

Feb 03, 10 - 05:43 pm Comment from: dd

That site is filled with Windows-centric idiots, quoting bad statistics.

But, statistically speaking, people living in suburbia live with LESS security than their ghetto-living counterparts. Sure, I know plenty of people in suburbia who:
- don't have multiple locks on their doors; hell, their doors are UNLOCKED all the time, even when at work.
- don't have bars on their windows

Since ghetto neighborhoods typically employ those two pieces of security, I can now conclude that the ghetto is far safer than any suburban neighborhood and I don't have to worry about robberies, mugging, gunshots...

I know. I'm preaching to the choir, but it is amazing what people will do and say to defend a platform that invites malware.

Feb 03, 10 - 06:04 pm Comment from: TheMacAdvocate

@Another IT guy

Ummm...no. I mean, seriously?

/pokes with stick

Back under your bridge, for Chrissakes.

Although the OS as such is more secure a mac will be just as much affected by spam mails themselves as a windows machine

The Windows industry is huge and I doubt if anybody wants to give up their jobs for another OS. All those IT managers that went to school to get their certificates spent a lot of time and energy to get where they are. If I had a job like that now, I'd certainly want to keep Macs and OSX out of the workplace because it might take less personnel maintenance and I might be at risk at losing my job. The Windows platform is just like the iPod accessory industry. I'm sure those iPod accessory manufacturers wouldn't like to see the iPod go away. People protect their livelihood any way they can even if they have to lie and cheat. I find it understandable that even if something better comes along they'd try to block it. That's why it's so hard for me to envision the demise of the Windows platform in the corporate world. There's just too much easy money to be made maintaining a possibly inferior platform.

This is how I think the military is. If wars don't happen naturally, they'd try to start a few of their own just to stay in a state of readiness.

Feb 03, 10 - 08:03 pm Comment from: G4Dualie

@iphonerulez

This is how I think the military is. If wars don't happen naturally, they'd try to start a few of their own just to stay in a state of readiness.

You make an interesting point about job security and then I get to that last statement and realize you're just an another idiot who hates our military.

Feb 03, 10 - 08:36 pm Comment from: hakalautom

There is a class of viruses for which "security through obscurity" makes sense to me: those that rely upon successive retransmission to generate exponential growth. To see this, consider m infected machines of a given OS type, each of which sends out n emails in an effort to infect others. Let f be the fraction of recipients sharing the senders OS, r being the chance of exposure (user clicks the bad thing, etc.), and p being the chance of infection when exposed. Then the expected number of new infections is the product m n f r p. If the product n f r p > 1, then the infections grows; otherwise, it dies out. Let's compare OS's keeping n & r constant--reasonable first-cut assumptions. Then exponential growth depends upon a certain minimum value of the product f p. Assume for this argument that f is 0.8 for Windows and 0.1 for Mac. Then it seems clear to me that, even if Windows' value of r is 7 times smaller than Mac's--that is, even if Windows resists infection 7 times better than Mac, Windows is still more likely to suffer a pandemic infection.

Feb 03, 10 - 09:59 pm Comment from: dd

Forget the iPod virus example. How about this...

iPhone has a HUGE market share compared to Android. Number of viruses/malware/questionable apps plaguing the system is ZERO.

Android, with maybe 1/10 to 1/5 of the iPhone apps, has already seen its share of phishing apps (pretend banking apps).

So, obviously, security by obscurity is a load of shit.

Feb 03, 10 - 10:09 pm Comment from: ken1w

Well, there is a very small bit of truth in "security via obscurity." If Windows was as secure as Mac OS X, then there would, in fact, still be more focus on the part of hackers on Windows because Windows has greater user share. The part of the myth that says Windows is a bigger target is accurate.

However, it certainly does not explain why there are zero viruses out there for Mac OS X. And that leads to the greater truth.

The reason why Mac OS X is far more secure is because it would be significantly harder and less profitable to compromise a Mac. The reason Mac OS X gets less attention from hackers is NOT because it is "obscure." It is because Windows is easier to exploit. A thief is basically lazy. Why work harder to exploit Mac OS X (even if possible), when Windows (not Apple) is the low-hanging fruit?

Even if Mac OS X market share grew to equal Windows market share, the hackers would still be going after Windows. It's security via "having a much easier target out there for hackers." Mac users everywhere should therefore offer thanks to Microsoft, for providing that target.

Don't worry, the iPad will be the new computing platform.

Once the sheep get it in their hands they won't buy another PC, ever.

It may be true to the slightest degree that developers of viruses, malware etc may not target the Mac platform due to relative "obscurity".

But in my short experience, I've learned that most people creating these viruses are doing it to be recognized for their hard work, and not for money, at least not right away. they will be recognized for their impact on society and then bought out by a company to consult on how to protect people from viruses like the one they made, if that makes any sense to anyone.

So their doing it for recognition right? then why on earth would a hacker or whoever not target the Mac platform? people who know, know that the mac has never had a serious infection or outbreak, and if I were a virus creator I would be trying my hardest to be the first to give it one. Because as far as recognition goes, it's hard to beat the first one who did anything.

My opinion is that many have definitely tried, but they simply can't do it...

"Besides social engineering scams (phishing, trojans; no OS can instill common sense) the only thing by which Mac users are really affected are large swaths of compromised Windows machines slowing down the 'Net with spam and nefarious botnet traffic targeted at exploiting even more insecure Windows boxes."

Wrong on this one. Macs are also affected by Flash bugs/security holes, Acrobat Reader bugs/security holes and Microsoft Office bugs/security holes that could potentially compromise a Macintosh, as reported in their updates. Apple also has various security updates that appear every now and then (but not as often it seems as the ones mentioned above) that fix potential security holes, although the malware authors have not come out without any zero-day exploits that I am aware of for the Mac.

And Apple does NOT update anything prior to the previous and current versions of the OS, so myself running Tiger right now can NOT get any security updates, while security updates are still being released for XP and sometimes for earlier releases of Windows. But then Windows does need these fixes. Apple only seems to release system fixes and updates for the current release of the OS, although they do release as many bugfix/updates as they can for the previous OS version just after the newest version of OSX is released.

Apple also does NOT update all the various "OSS" (open software system or freeware) components that make up OSX as often as they should and these OSS components could potentially be holes into OSX as has been evidenced by the black hat "hack a mac" contests held over the last number of years. The guy that has hacked into the Mac in these contests has said that is what he looks for, to find his way into a Mac to hack it. This is the Achilles heel of OSX security.

I am a long-time Apple person (1979 on an Apple ][+, Mac in 1984, Newton in 1997) and I only use a Mac to surf the web or for email, but Apple, while heads and shoulders better than Microsoft on security IMHO could also be better too.

Windows, in a setting that does NOT access the internet can be very stable and secure, but the holes for the internet allow the crooks to drive through and drive by your system and plunder it and drop off bots with ease, unless you have lots of time, energy and sometimes a bit of money to secure it properly.

Security by Obscurity for the Mac is only partially true, simply because crooks, like anyone, are lazy and there is enough low hanging fruit via insecure Windows systems (legit Windows as well as so many illegitimate/pirated Windows systems) out there operated by people who don't know security requirements but only how to work a program. The better design of OSX makes it more difficult, and the saying in physical security that crooks want to break into the least secure building holds true with computer OS's as well, IMHO.

Let's just talk about the stats and forget about the technology for a moment...

Let's look at crime rates in neighborhoods. Crime are essentially viruses, trojans, worms, etc and the crime rate is the number of infection attempts. Police, alarms, and, security doors act like virus protection.

Neighborhood 1 (Windows): Crime is rampant, people have alarms, security doors, and full staffed police. Crime still occurs nightly and high frequency despite protection measures. Attempts and successful breaches in security are normal.

Neighborhood 2 (MacOS): Crime is very rare, people forgo alarms and security doors and there' only one sheriff in town. One could even mistakenly leave the door unlocked and still not be a victim of crime.

Neighborhood 1 (Windows) can claim to have more secure with all the anti crime measures in place and NOT get robbed whereas neighborhood 2 (MacOS) doesn't really need the security measures since there isn't much crime. Statistically, neighborhood 1 has a higher chance of crime whereas neighborhood 2 simply has no crime.

Would you like to live in neighborhood 1 or 2? Lastly, Windows and MacOS are totally different. Quit comparing security technology between two different demographics. What good is security if you don't need it. It's really that simple. I've never used virus protection and likely never will. People using Macs are less prone because they are living amongst "friendlier" people and Windows users have tons on criminals around friendly people.

If you want to get rid of crime, move to neighborhood 2!

security by obscurity?

OS 9 had up to 80 viruses. It had 3% market share.

OS X replaced it nearly 10 years ago and it has zero viruses, yet has up to 10% market share (reported Infoworld Jan 09).

Hmmm. The basic arithmetic doesn't add up.

"And Apple does NOT update anything prior to the previous and current versions of the OS, so myself running Tiger right now can NOT get any security updates"

Wrong; I just bought a slot-load IMac circa 2001 for $35.
Using it as a music player etc in my home.

Installed Panther on it, which is older than Tiger. As soon as I plugged in the Ethernet cable, it automatically checked Software Update and installed 3 security updates, as well as 8 or 9 other security updates relating to Safari, Itunes, etc.

Are you making stuff up?

O'Really?

http://www.channelregister.co.uk/2008/03/28/mac_hack/

"A brand-new MacBook Air running a fully patched version of Leopard was the first to fall in a contest that pitted the security of machines running OS X, Vista and Linux. The exploit took less than two minutes to pull off."

"At time of writing, the Windows and Linux machines were still standing."

Apparently you don't pay attention to much on the internet.

http://theappleblog.com/2009/01/26/more-mac-viruses-similar-sources-time-to-worry/

Got Linux?

Seriously, nobody cares.

Mac is the also ran of the computer industry.

http://www.theinquirer.net/inquirer/analysis/1590073/apple-mac-os-x-secure-windows

Apple can no longer live under the veil of obscurity that saved them from viruses. Their lack of adaptability has mad them just as prone to viruses as a pc, because the responsibility for security belongs to the end user.

G4Dualie, that is the best thing i've ever heard any mac user say. Everyone should listen to this person cause it doesn't matter what you're running, even if its something like openBSD, the largest security flaw is the user.

kenh said:

"Installed Panther on it, which is older than Tiger. As soon as I plugged in the Ethernet cable, it automatically checked Software Update and installed 3 security updates, as well as 8 or 9 other security updates relating to Safari, Itunes, etc.

Are you making stuff up?"

No, when you plugged it in and ran Software Update, you got the various Panther updates taking you up to 10.3.9 and a few other system updates that were released after that, but I haven't seen a system update for my eMac running Jaguar for ages, same as no Tiger system updates on my iBook. Updates for iTunes and Safari are not system updates, and Safari on Jaguar is older than the current Safari that I have (Version 4.0.4 (4531.21.10)) on my iBook G4. Not running Panther so I don't know what parts have been updated for 10.3.9.

I use Firefox 3.x on Jaguar 10.2.8 as it is a newer browser and does more than Safari on Jaguar. Leopard and Snow Leopard have newer versions of Java and other stuff that is simply not available for older versions of OSX for example.

The same happens with Windows, but Microsoft has had to update and maintain older versions of their OS's due to the number of customers who have maintenance contracts. At some point, Microsoft stops offering updates, but it varies with the OS version. Some updates simply work for an older OS version even if that OS version is no longer officially supported.

I now have 10.5 Leopard disks (legit, not pirated) to update my iBook, but I'm busy with too much stuff at the moment and I'm not going to be able to do anything to go to 10.5 for a couple months. Then I'll see whether I want to do that or simply get a newer Intel Mac, or maybe just an iPad and the iBook on 10.5. Time and money will tell.

LOL! Did you guys seriously remove my comment because I called this article an embarrassing "rant," which it is? Why am I not surprised.....

The problem is anymore all your comparing is Mac OS to Windows OS. The computer war of Mac vs PC platforms is over. Now its just about operating systems.

Also if anyone thinks that their system is un-hackable i have a bridge to sell them. Honestly if the mac os was on 50% of the computers out there and the windows os was on the other 50% i would bet you money that you would see viruses and hacking being about equal on both systems.

Completely ignoring the fact that Mac achieves this "security" by locking down the computer in a way that makes it impossible for a person to do anything useful with it. Doing anything "advanced" with a mac requires you to tweak the settings in a way that completely removes your so-called "security." Let us also ignore the fact that for a gamer, you're going to have to wait months to years for the newest games to be ported to macOS. And the fact that you're paying hundreds of dollars more for the exact same hardware. And the fact that anyone who actually knows what they're doing knows how to avoid these viruses.

Long story short: Macs are for computers users that are too busy drooling on themselves to learn to use a computer.

there are so few viruses for the mac cuz barely anyone uses it cuz its trash :3

LONG LIVE WINDOWS :D :D :D

Isn't it strange that most mac users also have a windows computer? The fact of the matter is that businesses have windows. If you ever plan to do any work at home for your coporation then you'd most likely want to do it on a windows machine. Or jump through some hoops to get your document or anything from a mac to a windows. What I really find ironic is that I will see a mac fan install a windows partition on his mac just so he can play some video games on it. This is the way it is... Companies make products for Windows, Mac makes products for Mac and that's it. Could it be that Mac is more secure because the code isn't as well known? Or maybe Mac doesn't offer the same deals to corporations as Windows does. If you want to game, if you want to get along with the company you work for (computer wise). You'll have to bite the bullet and get some form of windows. Until people as a mass can be more comfortable with change, it's not going to happen. Windows got biggest fastest.... done.

Well if the roles were reversed and Apple had a 99% world market share and Windows had a 1% market share, I'd make the argument that MAC's would be less secure cause millions of people would be trying to hack them. As it is what will you get if you hack an Apple machine? Credit card numbers from broke hipsters who spent all their money on an apple iPhone, iBook, iPad, etc, etc. It would be a worthless proposition. On the other hand many businesses run PCs and with the same algorithms you could break into them all, so who would you try to hack. Indeed when Apple computers are targeted specifically, they can be hacked very easily, this has been show with wireless takeovers and dozens of other exploits. This isn't to say the same exploits don't work on PCs, its just to say who the hell cares about hacking an Apple?

Feb 05, 10 - 03:51 am Comment from: Derek Currie

Bravo SteveJack!

To this very day it is nearly impossible to get professional computer security 'experts' to face this simple fact:

The ratio of Windows malware to Mac OS X malware is over 10,000 to 1.

What is the market share ratio of Windows to Mac OS X? Nearly 5 to 1.

And yet the ridiculous 'security-via-obscurity' propaganda persists.

Then consider that there are only Trojan horses for Mac OS X. There is not one single virus, worm or illegal spyware app.

Great hackers in the Mac community made it clear that there have been and continue to be security flaws in both Mac OS X and Apple's cross platform software. And yet Mac OS X remains consistently in the top 3 most secure operating systems, behind only OpenBSD and FreeBSD. Not surprisingly, Mac OS X incorporates elements from both of these UNIX operating systems. Behind Mac OS X in security performance is Linux.

And what's dead last on the operating system security list? Need I tell you? Need I point out that even the latest version of that operating system has a worse reputation for security than Mac OS X? Of course not. The entire world knows the answer.

And yet 94% of computer users still have the least secure operating system running their box. The market share winner is the security loser. How does anyone explain that expensive ambiguity?
(o_0)

I call it technology ignorance. Keep that in mind the next time someone proclaims the superiority of Windows. The mind boggles.

Derek Currie
http://Mac-Security.blogspot.com

Feb 05, 10 - 04:04 am Comment from: Derek Currie

ERROR Correction:

Please read:

"What is the market share ratio of Windows to Mac OS X? Nearly 18 to 1."

Not 5 to 1. Apologies. I need sleep zzz

Feb 05, 10 - 04:09 am Comment from: Derek Currie

*Waking again*

Has anyone noticed that ALL the trolls in this thread are ANONYMOUS? They dare not register at MDN. The word for today is:

COWARDICE

Yes, real men register! Real men call people out in a comment section! Real men cyberstalk each other! Real men get defensive over which OS they prefer!, and start calling each other "fanboys"! Real men get into 30 page debates!

You hear that, you unregistered cowards!? You aren't real men!

Actually, if you get out of the education marketplace, where Apple sunk a ton of money back in the 80's when they were relevant, the ration of Windows to Mac is closer to 100 to 1.

It makes more sense to attack Linux.

http://voices.washingtonpost.com/securityfix/2009/04/worlds_first_mac_botnet_hardly.html

http://voices.washingtonpost.com/securityfix/2006/03/when_macs_attack.html

Botnets and malware specifically targeted at Mac OSX operating systems, circa 2006 and 2009.

Feb 07, 10 - 01:06 pm Comment from: Derek Currie

Thank you generic, non-registered Nauctshea! 2006 PHP infections were well publicized at the time, including infections of Macs running PHP.

But the fact that these infections were able to bot the serving machines as well totally fell beneath my radar. I'd very much like to know how this was done. Of course the PHP processes had to be running inside an administrator account. But how they get hacked into the permissions of the OS to zombie the machines would be fascinating to know. However it was done would indeed have required a security hole in the operating system itself.

In any case, I've personally avoided PHP as well as SQL because of their fundamental lack of security features. If only I could find a secure alternative to the email protocols that didn't require PGP/GPG.

Feb 07, 10 - 01:16 pm Comment from: Derek Currie

I should note one further issue: The lack of cooperation or sharing amidst the anti-malware community.

In my years now of keeping track of Mac security issues, why haven't I ever come across VirusTotal?

http://www.virustotal.com/

They're noted in the second article discussing the 2006 botnet.

Sadly, it is entirely typical for there to be no central or consistent way to keep track of malware via the Internet. Anti-malware companies compete with one another to find the latest malware in the wild then refuse to share them. This competition also results in a proliferation of different names for exactly the same malware. And typically none of those names conform to the published standard for malware naming. I could blether on about the chaos in the anti-malware community. You'd think that fighting a common enemy would bring the computer community together. But that is distinctly NOT the case, which I consider a dreadful shame.

http://Mac-Security.blogspot.com