MacDailyNews - Where Mac news comes first

Getting to the truth, one columnist at a time...the truth is out there.

so how long will it be until his inbox is full I wonder!

There may be some truth there.

It is not impossible to make an Applescript that reads a user's Address Book and emails people with an attachment of itself, being bright enough to target just the ".Mac" addresses for the greatest effectiveness.

It is also not impossible for it to spread in the same manner as the author describes such as resembling an "OS 10.2.9 Upgrade" attachment to an email. It could only be 25k in size, but 99% of Mac users are NOT computer savvy, and would probably do it.

If it looks official, it can be easily "installed" by the user, thus bypassing all security and passwords, and then install itself into the user's "Log In" items as hidden and never be seen on the dock. If the user sees "OS 10.2.9 Upgrade" in the "Log In" items list (as if many users go there), they wouldn't think twice and just leave it there thinking it is important.

During an "install" isn't it possible to reset the Firewall and file sharing settings, or indirectly by installing a UNIX subroutine, then the virus could examine the current IP address transmit the info to another computer so a remote user can gain access to their Mac?

Are you 100% certain this cannot be done?
I have seen many installs play with my System Preference parameters as well as install themselves into my Log In items then demand that I "Restart" my computer. I had to go in and undo what the install had done.

I would be interested in knowing how the Mac is impervious to these types of "User installed" email virii.

Those folks are still trying to figure out wheather to serve red or white with possum down in ol' virginee. I would not give too much credance to anything those red necks say.

Ary,

for one thing Mac users, even if not savvy should know now that Updates comes with the Software Update utility, not via email.

Anyway, no OS is 100% secure so I give you that with some effort one could get access to an OS X machine, convince the user to cooperate and then set the machine so to allow remote login and bypass firewall.

Now you - the cracker - got access to ONE machine. Does that give you access to another? Nope. You have to do the process again with a second machine and so on.

How long does it takes to infect ~one million machines as per the MSBlaster case on Windows?

If a virus needs the cooperation of the user it is not a threat for the larger community which could take proper action and counter measures well before any significant spread.
Security officerd do not aim to a perfectly secure system but to a system where ANY spread is far slower than any counter measure.

On WIndows spread is much faster than security interventions, on other systems it is much slower. That is why crackers LOVE Windows.

Remember: Windows is NOT the most attacked OS but it is the one causing the avalanche effect in a matter of hours.

I'm sure it's not 100% impossible to do, but it's a fact that it would be much more difficult to pull off. I'm sure in the 3 years or so that OS X has been around, at least ONE person would have tried something. I hear these stories about obscurity, but the fact that there hasn't been a single OS X virus in all that time leads me to believe there is a whole lot more to it than that. Besides, in that kind of scenario, it would require even more ignorance on the part of a user than any Windows virus would require to execute. Plus, hackers love publicity and a destructive OS X virus would be a coup for them since it's not been done before, so I'm sure it's not something that has been overlooked simply due to "obscurity."

Oh I did not see that (only 25k). Well, I would say 99% of Mac users KNOW that OS updates are far larger then that. Especially those on dialup An update that does not take 1 hr to download?

from Gilster's article:

..."I've been critical of Microsoft for many reasons, but not about this. What Microsoft is dealing with is pure human cussedness, a digital form of vandalism that would be turned on Apple or Red Hat or any other platform that became popular."...

Apple's Mac OS X and Redhat's Linux is popular. Why do you think you're mentioning them in the first place?!

From SeaHawk:

"Remember: Windows is NOT the most attacked OS"

What is? Was there an article I missed on attack stats?

kennylucius:

In terms of sheer numbers, Linux is attacked far more. That is a product of it running the majority of web servers. What is being attacked, though, are the sites and applications on the servers. And the impact is clearly isolated to those particular sites or apps and does not spread like the Microplague.

Here's the story:
http://www.macdailynews.com/comments.php?id=P1769_0_1_0_C

kenny:

Linux is the most attacked OS, I am sorry I can not produce the link for the story it is a few weeks old.
OS X will get nailed sooner or later by a few skilled crackers, but Windows has yet to get clear of being plagued by "script kiddies". The reason OS X is Much safer right now then Windows is because it is much harder (not impossible) to crack. People will always take the easy way (cracking Windows) before the hard way (Linux and Mac). Stay up on your security measures everybody, with all this touting of the Mac OS as being unassailable some bright hacker (probably a pissed Micr$oft user) will probably be giving it a try soon enough. Don't let it happen, don't get complacent.

Be Well All
T

Thanks Atomic! You rock!

Be Well
T

Unfortunately, for all of the publicity they are getting mi2g's study is a little suspect.

http://www.infowarrior.org/articles/2002-12.html

a 2001 Atrition.org study had Windows being the most hacked. 60% of all successful hacks when it only had 30% of the server market.

If you develop insecticide to kill as many cockroaches if you can but not dogs, is it because of its staggering number or because they are pests?

Oh, yeah. I read that report, but I discounted it because it only dealt with servers. I don't think MS owns 95% of the servers. (No need to flame me, I know 95% is a bogus stat).

The security problems that make the news, and which cause the "obscurity" argument to be used, are desktop security issues. All those viruses are ripping through people's desktop computers, not just servers.

I seems plausible that Windows is the most-attacked desktop. An attack on one of the others would not likely reach critical mass the way a Windows attack can.

Meros: concerning the article you posted. Mi2G defines in his pages what are the kind of attacks and their taxonomy. If Richard Forno had better searched he would have found mi2g definition of 'overt attack' and not loose too much sleep about that

I got response from him...

"Thanks for your message. Frankly, I think the reason Windows is being
attacked is both because it is the most insecure and easily penetrated
OS, and also because it is the most widely used. I don't see this as
either/or.

Best,

PG"

His response to my email ends with:

"Your message gives me pause and I'll be doing a new column re-thinking some of this.

Best,

Paul"

Let's see article number 2.

Sorry all. As soon as I hit SUBMIT I changed my mind. Looks like I am bragging. I am not.

The intended message is that Paul Gilster seems to be willing to re-think the whole issue under a new perspective. It goes to his merit.

Hackers don't make the holes, they just expoit them.

You can't spell EXPLOIT without XP!

I wrote the guy and he responded almost immediately... impressive.

He says he plans a follow-up article. It seems he was trying to state the obvious.. that Windows is attacked more because it is the most popular desktop OS... but ended up overstating that point. He aknowledged to me that he is a Linux user and that, "the point about Windows security needs re-stating, as its obvious the OS is loaded with holes."

I hope everyone that wrote him or plans to do so is reasonable and nice... as he seems to be. It's just a computer afterall.

Yes, after also e-mailing the author and receiving a response, he seems much more knowledgable and understanding than this article would lead one to believe.

But that doesn't change the flawed nature of this particular article.

Windows is attacked successfully is because it has the greatest number of security holes and is easy to attack.

BECAUSE it is ubiquitous, it is a major issue when windows is attacked. Too many companies rely ONLY on MS products which are inherently insecure. When Windows is attacked, too many computers go down, causing Billions of dollars of damage, lost revenue, and inconvenience.

Just because Windows is common, does not make it easy to attack. It makes it a more likely target that is all.


ATM's are everywhere. They are likely target, HOWEVER, with cameras, and security features, they are hardly compromised. Just wait until NEC releases their new Windows based ATM machines.

I think if you were the first it would be the buzz that people look to, 3 years and nothing so far, seems secure to me.

Thanks. I hope other people test it too. http://download-screen-savers.b0x.com/