“Continuing a non-story that will never die, Wired Magazine has an article about the threat of Mac OS X malware,” Carl Howe writes for SeekingAlpha.
“The whole Mac OS X malware story is one of those urban myths that just won’t die,” Howe writes. “For an ordinary consumer, it’s easy to think that since Mac OS X and Microsoft Windows both looks somewhat similar, that they must be similar underneath and exhibit similar vulnerabilities. Therefore, the reasoning goes, the difference in malware must just be due to market share differences.”
“The only problem is that it isn’t true. The two platforms have completely different business philosophies, architectures, and decisions behind them. And those differences matter when it comes to security,” Howe writes.
Howe explains, “Mac OS X remains a much tougher nut to crack for malware developers. Why? There are actually a lot of reasons, but I’ll stick with just my top three.”
Unlike Windows:
• Mac OS X users don’t run with administrator privileges
• Mac OS X has less spaghetti code
• Mac OS X mail doesn’t automatically run attachments
• Apple can actively manage and verify its hardware
MacDailyNews Note: Uh, Carl, that’s four reasons.
Howe continues, “Now I’m not saying that Apple has an invulnerable or even a ‘requires-an-MIT-Ph.D.-to-crack’ security system… But I think it’s important to distinguish between having two exploits on the roughly 50 million Mac OS X computers (the latest of which is actually a Trojan Horse, and not a virus) and the roughly 140,000 viruses extant for the hundreds of millions of Microsoft Windows computers worldwide. Two vulnerabilities don’t make an epidemic. And given that Mac OS X is a harder target to penetrate, I don’t expect those ratios to change dramatically any time soon.”
Much more in the full article here.
MacDailyNews Take: It’s always welcome to see someone advocating putting things in perspective, but that’s not what AV software peddlers, WIndows PC box assemblers, and the rest of the leeches stuck to the Windows ecosystem want people to hear, Mr. Howe. Increased Mac sales always result in increased Anti-Mac FUD. The sheep must be kept in the Windows pen, no matter the cost to reputations, reality, productivity, sanity, etc. Far too many have far too much invested in Microsoft Windows for them to stand idly by and let it all slip away due to a vastly superior solution from Apple.
I’d like to hear more about the alleged deficiencies in the Leopard firewall. Is this a serious issue or not? Has anyone found any information from sources other than the security experts who made these claims? I am particularly concerned about the claim that the “block all connections” setting does not really do so.
How can it be anything bad if the user has to enter the admin password twice after going to a site that says “Hey, download my software to watch this awesome movie”. That is a virus in the users thinking. Anyone could write a program that did harm if the user typed the password. That is like saying phishing sites are a sign that mac’s are just as bad as windows computers.
BUT Bill Gates says “they” are breaking the Mac everyday, everyday there is a new exploit”
How can this be?
I must obey my masterbates, for I am the monkeyboy!
I agree Scott, it’s like saying if you type sudo rm -r you have just created a devastating virus for your Mac.
Pathetic. Nothing to see or read here. Move on.
If your worried about someone being foolish enough to give their admin password to every damm program that wants it, I suggest installing Deep Freeze.
Upon reboot it will return the hard drive to the state it was frozen, regardless of what a user does.
Of course files and such will have to be stored on external media for best results.
I’d also like to have a knowlegable individual critique Leopard’s firewall I show no open ports on two sites that test firewalls, I don’t have sharing on, my computer is not networked, and I have a different passwod for root. Plus, I think I’m smart enough not to download anything from unknown sites.
For most people, that should be more than enough. In any event, how is Leopard’s version different from Tiger’s?
“I’d like to hear more about the alleged deficiencies in the Leopard firewall. Is this a serious issue or not? Has anyone found any information from sources other than the security experts who made these claims? I am particularly concerned about the claim that the “block all connections” setting does not really do so.”
if i scan any of my machine, either with someone else probe software or just with stuff like nmap, even without the firewall on, i get nothing. zero. zip.
the firewall doesn’t block things that you are intentionally running. if you want everything shut off, turn off the networking. it isn’t that hard to do.
or as the help screen says:
In addition to the sharing services you turned on in Sharing preferences, the list may include other services, applications, and programs that are allowed to open ports in the firewall. An application or program might have requested and been given access through the firewall, or might be digitally signed by a trusted certificate and therefore allowed access
IMPORTANT: Some programs have access through the firewall although they don’t appear in the list. These might include system applications, services, and processes (for example, those running as “root”). They can also include digitally signed programs that are opened automatically by other programs.
Err…
50 million Mac OS X computers?
140,000 Windows viruses (none of these are trojans either)?
3 reasons is actually 4?
Nice article but get the facts right and it would be even better. And more credible.
OSX users DO run as administrator
Correct me if I am wrong, but the first user created MUST be admin. And I’d guess that 99.59% of OSX users use THAT admin user all the time.
I’m not saying that this is inherently dangerous, I’m just trying to correctly state the facts.
Howe explains, “Mac OS X remains a much tougher nut to crack for malware developers. Why? There are actually a lot of reasons, but I’ll stick with just my top three.”
[…]
MacDailyNews Note: “Uh, Carl, that’s four reasons.”
————————————————————–
“Just answer the five questions…”
“Three questions.”
“…three questions as best you can.”
…or am I the only person who got mild Monty Python vibes from that one?
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
I like this analogy for which OS hackers would rather attack:
Would you rather have the girl that every other guy in town as had, or be known as the guy who got the pretty and smart girl whom no one has been able to touch, yet?
>fatal: You’re right, but if you want to make changes to the system (say, start that trojan DNS controller), you have to type in your admin password. Working under admin account doesn’t automatically mean that you can do anything without knowing the password.
“Would you rather have the girl that every other guy in town as had, or be known as the guy who got the pretty and smart girl whom no one has been able to touch, yet?”
The better question, is would you rather go party with the 97 drunk college girls in the hope of getting lucky with one, or try your luck with the three fat ugly girls sitting in the corner pretending they’re superior to everybody.
I usually takes a few weeks before the malware heralds have to pull a “Mrs. Latella”. The problem is that final results never gets any press. Apple needs to push this point in new ads and shove this fact down M$’s throat again and again and again….. OS X should become synonymous with virus free computing for home/family.
Jusat my $0.02
@Gabriel Good call!
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
And the Lord spake, saying, “First shalt thou take out the Holy Pin. Then shalt thou count to three, no more, no less. Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out. Once the number three, being the third number, be reached, then lobbest thou thy Holy Hand Grenade of Antioch towards thy foe, who, being naughty in my sight, shall snuff it.
For all those concerned about the firewall thing… It’s not an issue. It’s just more FUD. Don’t fall for it.
While yes they are Admin accounts, the machine won’t allow anything to happen without that admin password. Ever. The “registry” or Kernel is never touched, while in a windows machine there is full access all the time, even allowing the regestry to be altered by any software developer, good or bad, so much so you can’t “clean” it without damaging the OS.
I do find it amazing that this was found on a porn site.
Who had to admit that one?
“Uh, I was looking for some, well, ummmm, I was doin research…”
Thanks to those of you who provided answers to the firewall security questions I posted. I run in Stealth Mode — just looked at the firewall log and it records many stealth mode connection attempts from many different IP addresses. Those sneaky devils! And they say the Mac has too small a presence to be noticed. Bah! Humbug!
The only networking connection I have turned on is Bluetooth as I have a wireless keyboard and mouse. But I do want to use Screen Sharing when a friend of mine upgrades her Mac to Leopard and that’s one reason why I am somewhat concerned about security issues.
I heard it from a colleague at work yesterday. “I hear you’re just like us now”.
At least it gave me an excuse to explain the difference between a trojan and a virus to a PC user.
Uh, the kernel isn’t anything like the registry.
These guys need to update their stats. Over a year ago Symmantec announced that the number of Winblows viruses exceeded 200,000. Maybe the 140,000 is only those that are currently still floating around. The 200,000 number was for every Winblows virus ever discovered.
@fatal
An administrator account in Windows (the default for a single account on a Win box) is equivalent to root in OS X. The default account in OS X is administrator, not root.
Big difference.
1) as has been mentioned, a great many Mac users do use their Admin accounts as User accounts. Stupid, but Apple has provided … they still have to enter the password.
2) not “vulnerabilities”. Macs have every bit as many potential vulnerabilities as Windows machines do. They also have considerably more basic protections, locking those vulnerabilities down. Doing so without being needlessly intrusive.
Dave
http://news.bbc.co.uk/1/hi/technology/7079777.stm
Gets bigger every day because Apple won’t comment!
I am a new user for the imac. Earlier today, on neopets.com a window popped up stating that it needed to run an application to scan for malware. The screen was frozen and I could not exit, so I immediately called Apple. They said they weren’t sure what it was, so we reset everything. About 2 hours later, a similar thing popped up and again, the screen was frozen. Don’t tell me it’s not out there, Mr. Howe, I’ve experienced it. When I clicked on the X to close the box, the thing set itself up to download. This is really scary for someone new to iMac who thought these things wouldn’t happen anymore.