“Is the sky falling in on our smug little Mac universe? On Tuesday, there was news of a security hole in Apple’s Safari web browser that allows a system to be compromised by merely visiting a website. And last week, the first worm to pose a serious threat to Mac OS X, Leap-A or Oompa Loompa, raised its ugly little head,” Leander Kahney writes for Wired News.
“I’m not going to be running any anti-virus software anytime soon, just as I haven’t run it for many years,” Kahney writes. “Also, I’m not going to turn off any preferences that make my daily computing habits any less convenient (the browser takeover is protected against by disabling the ‘Open safe files after downloading’ preference in Safari). The smuggest of smug Mac users is right: the platform is more secure, and these new security threats are no more threatening that a paraplegic kitten.”
“These Mac security holes are a storm in a teacup. They’ve inspired hundreds of stories in the press and even the national network news, but if they were Windows holes, no one would have blinked. That’s because holes in Windows are routine, business as usual, while it now appears the Mac is under attack thanks to Apple’s brand-new high profile. But this isn’t the case,” Kahney writes. “Last month, there were four ‘massive’ virus attacks on Windows, according to Commtouch, an antispam and antivirus vendor. Indeed, viruses are now so aggressive, they routinely outpace attempts by antivirus companies to distribute protective signatures. This state of affairs is now so common, I hadn’t noticed — and I work for a technology news site.”
Full article here.
[Thanks to MacDailyNews reader “Judge Bork” for the link.]
Advertisements:
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related articles:
Report: Apple developing fix for automatic execution of shell scripts – February 21, 2006
Ars Technica: Fears over new Mac OS X ‘Leap-A’ trojan pointless – February 20, 2006
Datamonitor: ‘Mac OS is just as vulnerable to malware as Windows’ – February 20, 2006
Finally, some common sense… I also haven’t changed any settings on my computers.
MW: sense… no really!
I love it when someone has the guts to tell like it is.
Another level headed response to the rash of chicken little articles that have flooded the internet about Mac OS X security.
Thanks Wired! I have another article to forward back to any PC weenie who tries to email me an “I told you so” link about the latest Mac OS X ‘security threats’.
Well for the guys at MacWorld who had to break a sweat for about a day to get Leap-A to reek havoc on their test Macs, what is really the fuss if a user really has go out of his/her way to make it work?!
This is not to say that Mac OS X is somehow hacker proof, but at the end of the day we all know that Mac OS X is inherently more secure than Windows for various reasons (lacking things like ActiveX is an example).
All this stuff is giving me the shits!
I am not a techie just a devoted user and I am just so confused with all the stuff coming from the ‘experts’, which differs quite a bit from person to person.
Then there are all the users here at MDN. I and most of us, I guess, do not know the credentials of the people on this site and who to listen to and who not to!
A week ago we were all bulletproof and today we are full of worms!!!!
CONFUSED!
My favorite line:
“. . . and these new security threats are no more threatening that a paraplegic kitten.”
What a visual. Please open your hearts and give generously to the Paraplegic Kitten Foundation (PKF). Thank you.
Still be wary of files gleaned from social networks, bittorrent, etc… Hackers will be targetting Mac especially since the media is jumping all over every event new or old.
Affy, Mac OS X is very secure compared to Windows. It does have some holes, but they will likely be plugged before anything widespread occurs.
We will never have viruses the likes Windows sufferers XPerience.
Run under a non-admin user account.
Don’t download files from dubious sources and you’ll be fine. I run a virus scanner every few months because my Windows-suffering company mandates it.
Don’t sweat it.
Now what we need is to get CNN Headline News to probe a little more deeply into this “Mac virus” thing like Wired and others have done. To listen to it last night you’d think this new “Mac virus” was running rampant throughout the net causing tons of grief.
I wish news organizations would start competing with each other more on terms of accuracy rather than who can drum up the most shock & awe.
Bill O’Reily are you listening? Go get em.
Affy:
I second that.
Written with real stones.
But Nameless Weasels, I thought Leander had (to use your moronic and misplaced phrase) “jumped the shark”?
Did he not “jump the shark” now?
Does it only work when it disagrees with your “take”?
What’s up Weasels?
This guy is full of crap. Everyone knows that if you have a paraplegic kitten, you just shoot the darn thing in the head. Sheesh!
“Did he not “jump the shark” now?”
Actually, this time Leander strangled the octopus. Ink everywhere.
While Symantec trumpets these “proof-of-concept” exploits developped in their laboratories, they fail to mention that their Antiviruse would NOT have prevented these so-called viruse.
They also don’t mention that one of the worst MacOSX vulnerabilities was in Symantec own antivirus software, a buffer overflow when decompressing zip files in search for nonexistent virus signature.
It has been Microsoft mantra, echoed by gullible journalists, that “All software is insecure”, so people should buy Windows. They fail to mention that Microsoft OSES is demonstrably the most insecure of all, by a huge margin.
DrDude:
We know why God kills kittens. But what on earth do you have to do to yourself for God to paralyze them? Now THAT’S a “storm in a teacup.”
(today is Quaint Expression Day for those of you just tuning in)
Doesn’t hurt anything to move Terminal.app out of the Utilities folder until Apple fixes auto execute on shell scripts. While I don’t suspect any type of attack…moving the app took a few seconds, moving it back when there’s a fix will take another. Well worth the easy fix for a little peace of mind. I’ve rebuilt damaged or compromised computers (PCs for friends & family)…and I’d rather take a simple precaution then have to rebuild a Mac.
I’m really suprised to here this coming from Wired. They have been doing a bit too much Mac bashing as of recently, and they seem to be wanting to try to get some of the advertising dollars back from Apple. Just a thought, since Apple advertising was mysteriously missing from the last couple of Wired magazines.
Is that an English or Metric crapload?
Affy:
Remember Chicken Little? Well, he was wrong. End of story, at least until the next breathless, most likely clueless news report ( or a Sputnik post).
Affy,
I can understand why you feel confused, but the simple point is that all these scare stories originate from companies who sell anti-virus software. It’s very much in their interests that you are made to feel confused and vulnerable so that you go out and buy their software.
Those companies reckon that they can get rich by thinking that you’re stupid enough to be scared by their trumped up nonsense.
I don’t know how many people visit this board. Let’s assume it’s just a few thousand. These are the people who use their Macs the most. Not one person on any forum that I’ve visited has made any sensible claim that they have actually had to ever fight off one of these worms, or even that they know anybody who has. Now ask just ten of your PC-owning friends if they have ever had a virus on their PC.
But don’t forget that these stories are not about viruses, they are about obscure and theoretical exploits where the user actually has to virtually invite the malware in. It was so funny to read the report of the people who tried to investigate one worm and who spent ages trying to make it infect their Mac.
If the most frightening worm that we have to deal with needed two experts to spend hours deliberately making the conditions suitable for infection, then I don’t think we have anything to worry about.
Don’t be a lemming and buy unnecessary Anti-Virus software just so the Symantecs and Integos of the world can make a buck off of this pathetic scare tactic. Just remain calm and have a little common computing sense. That’s the only real protection you need.
The double standards, ignorance and complacency of these forums never fail to amaze me. MacOS has a serious vulnerability whereby a file that appears to be a jpeg, MP3, gif or any other kind of media file can run a malicious script, without you having any knowledge of this, and you’re all dismissing it like it’s part of routine computing. It’s not! If this was a Windows vulnerability you’d be all over it like a ton of bricks. All disabling the Safari option does is prevent this running automatically – the system is still vulnerable to dodgy files. Now, the fact that there are work arounds, and savvy users can avoid the issue, is great – but it doesn’t negate the fact that this is a serious vulnerability. Is renaming system applications so that they won’t run really a sensible option for a modern, secure OS? I don’t think so. For what it’s worth, all Windows vulnerabilities I know of can also be avoided by savvy users and/or work arounds. Does this mean that Windows is now a secure platform? Get real guys.
Totally agree with this guy. The latest script hole is kinda of a joke too. There are still many obsticles to be overcome before anyone could actually take over an OSX machine. Finding what your I.P. address is of your machine would be the first. Getting through your router would be the second and getting through OSX’s firewall would be the third. Then they would need the admin password of the machine and user login to get in. The chances of all of these things being compromised are such a long shot. And all of these stories have been about concepts and theories and not real machines compromised so I stil don’t see the big deal behind it. Apple knows it isn’t perfect but compared to Windows is sure looks perfect and so all of these writers really try and make a big deal out of nothing and then the antivirus companies can’t wait to jump in and make a panic over it to so they can make people jump and go out and buy there products.
Waiting for the day someone writes a complex virus that when you double click on it launches something that resembles a word processing program which causes strange things to happen to your computer…
oh wait, its called Word….never mind