eWeek article about potential Mac OS X security exploits is fiction, factually wrong

“eWeek writer Paul F. Roberts’ piece on the Mac looks like a detailed article on potential security exploits which may be uncovered with the Mac’s switch to Intel chips. It’s not. Since Mac users will be quick to point out the error of his fiction, eWeek will generate a lot of hits to their web site. More hits, more ad impressions, more revenue,” Tera Patricks writes for Mac360. “Enough with the fiction already. Mac users know better.”

“The very first sentence of the article says Intel Macs ‘could open the door’ to more attacks against Mac OS X. I’ll buy that but not worry about it, because ‘could’ is probably correct. Sales of Macs will continue to increase, market share will continue to increase, so, hey, it “could” happen.” Then Roberts follows up the first step down the Fiction Parade route with: ‘The shift to Intel processors from the Motorola Power PC processors will make it easier to create software exploits for Macintosh systems, and could result in a steady stream of Mac exploits in years to come,'” Patricks writes. “It ‘will’ make it easier? Ok, how about some proof. eWeek did interviews about the so-called mounting ‘pressure’ on Apple to build security measures into Mac OS X. The implication in that line is that OS X does not currently have security features.”

“That’s bad journalism, poor writing, and factually wrong,” Patricks writes. “While Apple thoughtfully declined an interview with eWeek (see! The folks at Apple are smart; don’t feed the literary monkeys), they did say, ‘the security technologies and processes that have made Mac OS X secure for PowerPC remain the same for Intel-based Macs.’ Let’s recap. eWeeks says Apple doesn’t have security features in OS X. Apple says they do. Mac OS X has no viruses, no trojan horses, and no spyware exploits despite being on the market for five years and with tens of millions of customers,” Patricks writes. “Don’t misunderstand my perspective or history. I know that ALL operating systems have exploits and security issues. All. Some are well known, some haven’t been found yet, some are used to mess up your computer. The real issue is, ‘does it happen often enough to be an issue of concern?’ The answer is, YES. For Windows. No, for Linux on Intel. No for Mac on PPC, and no (so far) for Mac on Intel. When it happens, we’ll hear about it. For now, those hackers have much more fun chewing through Windows Swiss Cheese XP SP 42.”

Full article here.

Advertisements:
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. $49.00.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

Related articles:
Security technologies that have made Mac OS X secure for PowerPC remain same for Intel-based Macs – January 27, 2006
Windows virus threatens 170-year-old Toldeo newspaper’s perfect record, Apple Macs save the day – January 27, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – January 26, 2006
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
ZDNet: How many Mac OS X users affected by the last 100 viruses? None, zero, not one, not ever – August 18, 2005

48 Comments

  1. What the hell is this supposed to mean…

    “It is quite possible that the change to Intel chips will make Mac OS more susceptible for Buffer Overruns. Intel chips simply are more susceptible to buffer overruns than PowerPC chips.”

    In what way are x86 chips more susceptible to buffer overruns? This is utter nonsense. Please put away the hash pipe before you pretend to be an ubergeek and astound us with your bigger-dork-than-thou wisdom.

    Or back up your wild claim somehow.

    Dave

    ” width=”19″ height=”19″ alt=”grin” style=”border:0;” />

  2. Continued from my last post:

    Let’s say Apple makes a car and Microsoft makes a car. The Apple car has a really good lock, the windows all roll up, and everything is secured. The Microsoft car has broken locks (which everyone has the same keys to), a window that won’t roll up, a hole in the roof, and a door that you have to hold closed as you’re driving it. The only way to improve this state in any way is to go to the auto parts store and buy a 3rd party upgrade which amounts to some duct tape and a roll of visqueen.

    Does it really matter what engine is in what car?

  3. Oh pog, I see you responded already. Anyway, let me assure you that you’re wrong. That was an Apples and oranges comparison. There’s no new greater susceptibility to buffer overruns on Intel than on PowerPC. Next topic.

  4. pog… that is a fine test you did but I am sure if you would hear the same story from another person who has done this test you would not be satisfied by just assuming that it is the processor’s problem… there is a whole architecture on a motherboard as you already must an expert of which includes also a bunch of masked logarithms and layers of programs written only for that BIOS and setup.

    Think again… I am not rulling out possible vulerabilities of Intel based Mac but your argument is as possible as its anti-theory.

  5. MacDaddy: I know for a fact that the crashes were caused by Buffer Overruns because I can see them in the code. The trouble is the project is so big and important it was cheaper to buy a Mac to run it on than to spend time porting the thing to Linux.

    I’m quite happy about that however as it has lead to us moving to Macs on mass at work. However I do worry that when we upgrade to Intel Macs this code will no longer run.

    In that eWeek article one of the guys quoted states that OSX allows any code in memory to be executable which suggests that Apple isn’t using the no-execute bit. Anyone actually know if this is true.

    Regardless of any of this, I don’t think buffer overruns will lead to viruses as we know them on Windows, they don’t on Linux. However the chances of being hacked are higher, especially local user root hacks (a big issue for people adminstering University computers).

  6. Sum Jung Gai:

    You can assure me all you like, but unless you can prove:

    a) you have initimate experience of the workings of OSX Intel.

    b) you know more about computer programming than I do and actually understand the buffer overflow issue as well as I do.

    I’ll choose not to take your word for it.

  7. pog… I know I cannot ask for your code and what exactly the error was on the intel processors but again, the intel PCs have different BIOS and different architecture than Mac-Intel computers. I know if buffer-overrun occur on a platform with a poor code that can be used as a base for the attacker’s code. Buffer overrun exploits can happen on Mac-Intel but it assumes that Apple has not managed to protect its memory properly.
    This conversation will not go anywhere unless I see some code that causes such error on your intel based PCs.
    As for your mass move to Apple hardware I can only say… damn you are lucky to work at such environment! Cause here at my work we have Micro$ucks “running” on my servers and the only thing we are secure about is our job until they move to Macs. ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  8. The PowerMac with the Intel chip was released to developers seven months ago, the Intel iMac has been in people’s hands for what, two weeks? No reports of “intrusions” to date. On the other hand how long was the Vista Beta in the wild before the first viruses appeared? I think it is safe to presume the problem does not come from the CPU but from the OS.

  9. “don’t feed the literary monkeys”

    I’ve seen those at the zoo.
    They hurl pieces of paper with the word “poo” typed on them at passersby. Mean little simian literati!

  10. No, no exploits will ever appear on Macs – ever. Please remind all Mac users that they have no need for any security – not now or ever. And while you’re at it please send more hate mail to the IT security firms (Symantec, et al) so they just drop developing for the Mac – what a waste of money and effort! In fact, all security firms should drop the Mac OS from their portfolio of products and lay off all their Mac developers – yes, that’s how it should go!

    That would be a great scenario!

  11. “I’ve seen those at the zoo.
    They hurl pieces of paper with the word “poo” typed on them at passersby. Mean little simian literati!”

    And the word “poo” is usually mispelled, as well.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.