By SteveJack
Viruses that aren’t viruses. Hysterical reports that equate Mac OS X security to Windows. Media reports about Mac OS X “worms, trojans, and viruses.” Totally unsubstantiated reports that Mac OS X can be “hacked in under 30-minutes” (the lack of proof screams for attention). Which, of course, is the headline that’s blared.
Why all of this noise about Mac OS X and “security issues” lately? I’ll tell you why: Microsoft and their parasites are getting nervous. Market share is increasing for Apple Macintosh. The Windows platform means billions of dollars to Microsoft and companies built and run around Windows’ deficiencies. Throw in antivirus purveyors now threatened by Microsoft’s slimy entry into the market (it’s beyond belief to Mac users that Mafiasoft will now charge suckers $50 per year to “protect” their own product) that are looking for a new market and you have more than enough reasons for the spate of articles questioning Mac OS X security.
Many people are worried. And rightly so. What if a large portion of people switch to Mac from Windows? What happens to the mom and pop operations that depend on selling boxes that run Windows and that have no experience with Macs? What happens to the antivirus companies that depend on the Windows security mess? How will they sell their wares to Mac OS X users? What happens to Microsoft’s Windows profits? What happens to software makers that make Windows-only software? The list goes on forever; there’s a whole economy based on fixing and supporting Windows.
Munir Kotadia’s latest for ZDNet is just another in a string of FUD pieces (see related articles below) designed to introduce doubt about the Mac in Joe and Jane Sixpack. Gotta keep ’em in the fold; by whatever means possible, it seems. Big bucks is involved here. (In all fairness, Kotadia has written at least one pro-Mac security piece, too.)
People are switching to Mac from Windows. Apple’s Mac market share increased over a percentage point in the last year alone, according to Gartner and IDC. That is why Mac OS X’s security is being attacked in dubious articles (weakly, but attacked nonetheless). In fact, over a year ago, I warned about Mac backlash from those interested in protecting their Windows turf. Such backlash will get worse before it gets better. These people and companies aren’t about to let facts get in the way of continuing to fill their pockets with Windows-related profits.
Ultimately, these articles mean good things for Apple. It shows that the Mac is gaining and it’s making a lot of people who depend on keeping the masses stuck on Windows very, very nervous.
SteveJack is a long-time Macintosh user, web designer, multimedia producer and a regular contributor to the MacDailyNews Opinion section.
Related MacDailyNews articles:
Apple Mac OS X clearly offers superior security over Microsoft Windows – March 02, 2006
Apple Mac OS X has a lot more vulnerabilities than Windows XP? – February 28, 2006
Enderle: Security vendors see Apple as next big opportunity – February 28, 2006
As Apple Mac grows in popularity, will security issues increase? – February 27, 2006
The Idiot’s Guide to Mac Viruses For Dummies 101 – February 24, 2006
Wired News: ‘Mac attack a load of crap’ – February 22, 2006
Report: Apple developing fix for automatic execution of shell scripts – February 21, 2006
Ars Technica: Fears over new Mac OS X ‘Leap-A’ trojan pointless – February 20, 2006
Atlanta Journal-Constitution asks: Is ‘Mac virus’ all just propaganda from Mac haters? – February 20, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – January 26, 2006 (Kotadia)
IDC: Apple Mac 2005 U.S. market share 4% on 32% growth year over year – January 20, 2006
Analysts: Apple Mac’s 5% market share glass ceiling set to shatter in 2006 – January 09, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – September 09, 2005 (Kotadia)
Joke of the month: Gartner warns of Mac OS X ‘spyware infestation’ potential – March 30, 2005 (Kotadia)
Symantec warns about Mac OS X security threat – March 21, 2005 (Kotadia)
These pathetic attempts to show how unsecure Mac OS X is only show the opposite. If this is the best these “hackers” can to against Mac OS X, then I feel REALLY safe using Mac OS X. Apparently, they can’t come up with anything better than “concept” worms that require the user to give permission and hackers who say they did something without any proof or details. I’m sure Mac OS X is not invulnerable, but it’s much much better than Windows.
People go after OSX because so many of the faithful say it can’t be done. You hold OSX out to the public as an indestructable, impenetrable fortress. This is an irresistible temptation to the same people who go after Windows just because its the biggest kid on the block.
Given sufficient time and a determined mind, there is no operating system that can’t be broken into. Your own banter and swaggering egotism is the reason these incessent attacks are taking place.
Try being honest with newbies and potential switchers for a change. Don’t tell them Macs are perfect. Don’t tell them Macs can’t get viri and such. Just tell them the truth. At this point in time, Macs are the best system out there.
The Mac Mini that was “hacked” was done so by a guy with an axe to grind…he set the thing up so *anyone* could log in and get an account.
3 cardinal rules of Systems Security:
1) Don’t let the bad guy get physical access to your computer. If he can touch it, it’s not your computer anymore.
2) Don’t let the bad guy run programs on your computer. If he can log in, it’s not your computer anymore.
3) Don’t let the bad guy to convince YOU to run his programs on your computer. If you run his programs, it’s not your computer anymore.
This guy is a a**hat troll.
I don’t doubt an OSX system could be hacked in half an hour … even I could do it if the system’s admin left enough doors open. And a Windows guru just might do that … accidentally or on purpose.
Some Mac users might do the same! My step-daughter’s iBook boots up and auto-logins to an admin account! The one she uses for everything! We have spoken about this several times and she has said she’ll let me set up her next system (in a few months) but that she’ll allow no changes to her current system (fear of loss of data).
Mac users should thank the (WERE they MS employees?) folks who created the ineffectual malware that the ignorant are making such a fuss over! Nobody is out there sweating over being The First with a Mac virus. Well, maybe a few … those who want the watered-down acclaim for the first VIRUS, and can accept that other non-viral exploits preceded his effort. And … there are now fewer Mac owners leaving their systems wide open to the simplest of exploits.
As much as we Mac users are called zealots and macolytes and such we all must keep in mind that there are Microshaft zealots as well. They just don’t have to defend their position as much because they’re in the majority, but nonetheless the thought of Apple becoming dominant in the computer world scares them more than it excites us.
Don’t get me wrong, I love Apple and OSX and I’m not defending Windows or Microsoft, I think they are crap, but….
The notion that Apple is or will become dominant in the computer world is like saying that Creative will become dominant in the portable music player world..
Sure, Apple gained a POINT in one year.. So now they are up to 4% marketshare… At this rate, Apple will have a 10% marketshare in 2012… That is not even close to being dominant..
Give it up peeps.. We will always be the minority.. There’s nothing wrong with that…
Tre – dream on troll.
Anything can happen. M$ is dying – the sheeple are just to stupid to realize it yet.
All a paraplegic killer kitten can do is try to tell you that you should never allow people to setup local accounts on your system at their leisure. After that, you are on your own…
The hacker had a legit user account on the machine he hacked.
Yes, I believe he hacked it.
How many Russian hackers have a legit user account on your home machine?
If none then don’t worry about the vulnerability he used to gain root access.
You are still safe.
the contest was set up very much like a server environment: many unprivileged doing their own thing on a single machine. with that said, shouldn’t it be reasonable to expect that none of the users can perform a privilege escalation attack and gain root access to deface the site?
what this test really proves is that privilege escalation attacks are possible with Macs (a true bug). the really interesting thing here is how the attack was performed, and how should we protect against it until Apple releases a patch.
with all that said, i still love my PowerBook 12″ and the two PowerMacs. =)
SteveJack is attempting to put some spin on this, but it would be better to say Mac OS X is more secure than Windows and leave it at that.
Local access isn’t something folks generally give away. However, what’s to stop somebody sending malware (exploiting the Safari safe file hole) that runs a shell using the techniques the hacker used to gain root?
Nothing is impenitrable.
Cheers. Magic word = account.
Comment:
…the thought of Apple becoming dominant in the computer world scares them more than it excites us.
Not likely to happen, but what would be so wrong if it did? What could be so very terrible about Mac OSX that the MacZealots haven’t recognized?
Comment:
We will always be the minority.. There’s nothing wrong with that…
Yeah, see if there are any minorities around that suffer through any ‘tyranny of the majority’. If you find some, ask them how cool it is to be ostracized.
Comment:
…Nothing is impenitrable.<sic>
Yes. But, some things are less penetrable. And some things are much less penetrable.
Look, Fort Knox doesn’t get robbed less often than all 7-11s because there are LESS Fort Knoxes. And it was built by fallible humans, after all. So, is it possible to acknowledge that the single Fort Knox likely has better security than all of 7-11s put together – by DESIGN?
Spongebob,
Don’t jump on Tre. He’s probably right, except his math is wrong. I think the Mac OS will make bigger gains in the next few years. However, Windoze will probably always reside on more computers than any Mac OS because of business/corporate users. The real benchmark is how many home/personal users use Winblows vs. the Mac OS. This is the area that Apple can make big gains.
For what it is worth, here is a repost of a note I posted elsewhere about this spurious event:
To understand what has happened in this spurious story it is important to read the exact challenge that was made:
http://rm-my-mac.wideopenbsd.org/
And to read the page that reveals the fallacy of the original report as well as provides a REAL – ACTUAL challenge:
http://test.doit.wisc.edu/
My observations:
(1) The original challenge was, as the URL itself points out, to ‘rm-my-mac’. ‘Rm’ specifically means erasing the hard drive. This never happened. The challenge was not exactly met, and I am wondering why this obvious point has been ignored in the press reports. Nonetheless, according to the hacker ‘gwerdna’, he did work his way up from a provided ssh accessible user account up to root access and make changes to the machine.
(2) Gwerdna is NOT actually a ‘hacker’ by definition. Note that I am sticking to the traditional and honorable definition of ‘hacker’, not the abused and stupid definitions floating around the net these days. A real hacker provides the specific method they used to break into a system. Gwerdna never did this. Instead he keeps his methodology a secret. This means that (A) gwerdna is a ‘cracker’, that being someone who breaks into a system for no other purpose that to perpetrate damage. Crackers have no interest in improving the system the ‘crack’. Yes, gwerdna chatters on about related information, but never provides any useful knowledge to prevent similar cracks in the future. (B) Since gwerdna’s methods remain unknown they are, from a scientist’s perspective, unreproducible and therefore unprovable. Apparently gwerdna was on the machine with a level of access that allowed him to change aspects of the machine. That is ALL we actually KNOW about what happened. Talking about some undocumented method of cracking a Mac does NOT at all PROVE that the crack even exists. For all we know this entire event is a perpetrated joke and anyone believing it is being laughed at. That is how very poorly this event has been documented and understood. Let gwerdna prove how he cracked the Mac. Then he will gain credibility and will rise to the level of the much more worthwhile role of hacker.
3) The challenge being given in the second URL above is true-to-life versus the goofy original challenge that actually gives hackers inside access to the machine.
4) Like many thousands of Mac OS X Server users, I have had a machine running full time on the Internet for years without a single incidence of being hacked or cracked. In my case the machine has been running since August 2001. I frequently get people and bots attempting to crack in, most commonly by faking an ID and password. All attacks have been repelled. And this machine only runs lowly old Mac OS X Server 10.1.3.
So does this report of cracking of a Mac Mini make me worry? Nope! Nonetheless I am a fan of security and see nothing wrong in overdoing it: I run a frequently updated virus scanner, Paranoid Android (recently updated and still better than MOSX built-in security), and if folks have the money to buy it I also recommend using Little Snitch which provides inside firewall security not yet available in MOSX.
Lisa said: “To this day Macs wont work with many internet sites.”
These sites are coded to bounce Mac systems and/or Mac browsers, especially Safari, on purpose or through coding laziness. Some sites that lock out Macs can be accessed by changing the user agent to Internet Explorer to foil the Windows bigots.
But whatever causes the inaccessability, such a site’s coding does not adhere to web standards — and these standards are not those deemed to be so by Microsoft.
I believe that macs are way overpriced and do not offer the cyber security that everyone raves about. I would not have one if it was given to me. It’s almost like all mac owners are brainwashed to spew off pro-mac propoganda, even though they are mostly trash.
I’m not “jumping on TRE”. I just think he’s a freakin’ troll.
And I also think that M$ is dying – the sheeple are just too flamin’ stupid to realize it yet. They will – just give it some time…
John, you seem a tad bit derogitive towards Macs.
I have had both systems and am fully receptive to your opinion on the exorbiant pricing Apple employs, but I must say you exhibit a HATRED.
What home computer are you currently using that exceeds the Macs capabilities?
Does it matter what I’m using? I could be a pansy playing with toy trains and it would still better better that the OSX trash.
What do trains have in reference to compters?
I have a 20″ IMac and have no problems with “Hacking”.
What is your intended purpose for perpetrating this site?
Apple4Me, Jon S. is just another troll. All pisssed off ‘cuz he bought into the M$ tripe…
They’re just mad ‘cuz they ‘wuz had.
Jon S.
You lost me at “I believe…”.
You didn’t say “my extensive research shows…” or “my personal experience with Mac is…”. You present no empirical evidence.
Do you also “believe” the Earth is flat and sits on a turtle’s back? Do you “believe” the Sun revolves around the Earth?
The drugs don’t work they just make you worse.
Microsoft do not care how good or bad OS X security is at the moment. Windows market share is still incredibly high compared to Apple’s small switcher percentage and there is no shortage of money to be made by providing these anti-spyware/virus/firewall tools. If this article was written in 2008 then it may represent something closer to accurate but right now OS X is still just a baby.
To have 3 OS X exploits pop up in one week (fixed already by Apple) and the artificial hacking incident are just coincidence.
ZDNet are known for spreading innacurate information. Nothing to panic over yet boys and girls although its still worthwhile keeping an eye open for this kind of information.
To suggest that there’s no problem that a system can be compromised just because the proof of concept was done with shell access is stupid.
To reflect on the way most PC exploits happen, they happen by getting the PC user to do something dumb.
On average mac users (not all mac users, just the average mac user) are less sophisticated than PC users and less hardened to a real world which includes viruses, trojans etc, or are convinced by know nothing blowhards that OSX or any other OS is invunerable, so more likely to do something dumb.
Secondly PC users by neccesity usually have second lines fo defense in the OS and in antivirus programs and in apps which warn them if they’re about to do something dumb. That doesn’t exist to the same degree on the Mac because of some stupid misbelief that the machine is invunerable.
If you can compromise the OS by hand from a shell prompt, you can do it programatically from something that the customer downloads, or exploit another vunerability to get unpriviliged access to the machine, then leverage that into root access.
So, beleive it or not, being able to gain priviliged access from an unpriviliged account is actually a BIG problem.
To all those who say it isn’t, you’re just showing your ignorance.
SO with the pc you have a situtation where a people have been exposed to a number of viruses, trojans and so on, and they and the OS have built up some immunity to them, bith to social engineering attacks and to other attacks (The smart ones anyway who actually do purchase a home firewall router and an antivirus program, and don’t open every mail promising a bigger erection or naked pictures of Britney Speers and follow the links).
By comparision many MacOS customers, bouyed on by a lower current level of virus attacks, and a a misperception spread around by know nothing idiots that the OS is invunerable, are just sitting around waiting to be wiped out by the first simple virus that they catch.
To misquote Bagdad Bob:
“The Viruses are not there. They’re not in MacOS. There are no Viruses there. Never. They’re not at all.”
“We have killed most of the Windows infidels, and I think we will finish off the rest soon.”