“A report by Agence Presse-France from this year’s DefCon hacker convention in Las Vegas centered on comments from security analyst Cameron Hotchkies. Hotchkies, who works with Zero Day Initiative to find and report security vulnerabilities in Apple software, gave a talk on Mac OS X hacking this past Saturday to a packed room. ‘There are a lot more people getting into it and really getting their hands dirty,’ he told AFP. ‘I’ve been seeing a lot of reverse engineering on the Apple platform,'” Chris Foresman reports for Ars Technica.
“The article goes on to ‘explain’ that an increase in Windows ports and iPhone jailbreaks are evidence that users should start to be worried about hackers and malware,” Foresman reports. “The truth is that increased scrutiny could lead hackers to target Mac OS X, but users jailbreaking an iPhone or a Windows developer porting poorly-written code to Mac OS X isn’t going to lead to rampant malware problems overnight. Users jailbreak iPhones to add software capabilities that aren’t approved by Apple; a bad Windows port is not likely to sell in very high numbers on a Mac.”
Full article, which also rightly reminds readers to be wary of social engineering (phishing and trojans), here.
MacDailyNews Take: Somehow this is “news” yet again, this time to Agence Presse-France. The same “report” has been published quarterly, at least, for the last half a decade. Yet, somehow, we Mac users manage to survive and surf the Web unimpeded on our Macs in the face of all of these “reports.”
In the full Agence Presse-France article, Glen Chapman reports, “Hackers have historically focused devious efforts on computers using Windows operating systems because the Microsoft software has more than 90 percent of the global market, promising evil-doers a wealth of targets. Macintosh computers have been gaining market share and catching the interest of hackers.”
That the Mac is secure via obscurity is a myth. Why, if obscurity means security, in April 2007 was there a virus for iPods running Linux (a few thousand devices total, at most, in all the world), but there are no viruses for the 30 million or so Mac OS X computers that are currently online? Hello? Bueller?
Uh, oh – logic is certainly not what AV software peddlers, Windows PC box assemblers, and the rest of the leeches stuck to the Windows ecosystem want people to hear. Fear is what they’re after. Increased Mac sales always result in increased anti-Mac FUD. It’s as sure as death and taxes. The sheep must be kept in the Windows pen, no matter the cost to reputations, reality, productivity, sanity, etc. Far too many have far too much invested in Microsoft Windows for them to stand idly by and let it all slip away due to a vastly superior solution from Apple. But slip away it does nonetheless.
The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because fewer people use Macs, is simply not true. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here.
“Security via Obscurity” is a defense mechanism for the delusional and also tool for Microsoft apologists and/or those who profit from Windows to keep the sheep in the pen. 30 million Mac OS X installs is not “obscure” at all, but seven (7) years of Mac users surfing the ‘Net unimpeded certainly is “secure.” Besides social engineering scams (phishing, trojans; no OS can instill common sense) the only thing by which Mac users are really affected are large swaths of compromised Windows machines slowing down the ‘Net with spam and nefarious botnet traffic targeted at exploiting even more insecure Windows boxes. Get a Mac.
I think we should start a campaign like that LifeLock CEO and go around with big billboards that say “I have a Mac and my IP address is BLANK – crack me if you can, and I’ll give you ONE MILLION DOLLARS” cue Mr Evil voice.
@ ElderNorm
Maybe not faster, but them internets tubes would sure feel snappier!
@ Mac+
Now that you’ve stroked your ego by garnering several replies to your post, you can go back to your Windoze sites. We know better. The market-share myth has been debunked so many times, it’s really a waste of bandwidth to debate it again with a troll.
If we actually look at the reason that they purport as the reason that Windows is targeted, “because the Microsoft software has more than 90 percent of the global market, promising evil-doers a wealth of targets”, then this implies that people write virus software to get their names known by hitting a large number of computers.
Now I believe that the bigger “high” would come from being the FIRST to introduce a true virus into the MacOSX world. The notoriety here would eclipse anything that can be done in the Windows world.
So, as we all know, Macs don’t have viruses because they are just better systems. Yes, there are security flaws as can be seen by the Security Update kits that Apple releases. The point is that even if a hole is exploited, the system is secure enough that something that gets in is still well contained, one of the main tenants of computer security.
I was at both BlackHat and DefCon in Las Vegas last week, and I can tell you from *first hand* experience that while some reverse engineering is going on (especially at the kernel level) it’s really not that easy to write malware for the Mac unless you combine it with some smooth social engineering (ie you have to trick the user into doing something and bypassing existing controls). The other route that is being looked at is finding vulnerabilities in the open source software that has been integrated into OSX.
I saw more MacBooks and MacBook Pros at this years’ conferences than ever before.
@Eldernorm: LOL That was sarcastically brilliant.
Hackers are trying since years to hack OSX as a very geeky challenge and they have been unsucessful ever since.
This interest will only give more credit to OSX and, if ever it could happen that a hack succeeds, it will improve OSX’s strength by getting a better OS over the years… just in opposite from M$ worthless efforts to patch a virus sponge like windose…
“you can go back to your Windoze” – Hm…
The inability of certain people, usually Mac fan, to argue force them to use violence in their words.
This type of reaction, shared by people like you Hm, is the principal origin of chaos in this world.
@Mac+: Unix has been more secure than Microsoft Windows for as long as there has been a Microsoft Windows. Period.
Unix has been engineered to be secure in multi-user networked enviornment since before Windows existed.
Macs run Unix.
Macs are more secure than machines runing Windows.
QED
This is rather simplistic. To be more accurate, Macs are not UNIX, but rather an OS that has a UNIX-based foundation. IOW, it is UNIX and a bunch of other stuff, like Cocoa frameworks and services. That’s why Leopard is certified as a UNIX system and yet most Mac OS X softwares are not UNIX compatible. Because of the extra stuff, the potential of attack vectors is higher. Fortunately, Apple has done a pretty good job keeping the extra stuff from problems and quickly patches vulnerabilities that are found. It is quite the opposite of Microsoft. They had a decent OS derived from VMS, but they piled junk on the top that opened all sorts of cans of worms.
@does it matter
“Unix has now surpassed Windows in terms of vulnerabilities”
I googled that statement and got jacksquat…
…you’re a pathetic liar
No OS is bullet-proof of course. But to say that Macs have not been targeted because they are a small part of the market is silly. Like someone said earlier, imagine the street cred a hacker could get if he was able to hack the Mac. You don’t think there are smart people trying to be the first? I will take my chances with Macs, thank you. And unless you are stupid enough to download something you shouldn’t, you should continue to be fine. There may come a day, but it sure hasn’t happened yet, has it?
“…you’re a pathetic liar”
You’re a pathetic googler. try “mac os x vs windows vulnerabilities”
Or Maybe Apple has a secret google killswitch that hides bad news from you.
“but they piled junk on the top that opened all sorts of cans of worms.”
But the statistics just don’t bear out your position. Apple has a bigger can of worms on their hands, just fewer people paying attention.
“IP address is BLANK – crack me if you can, and I’ll give you ONE MILLION DOLLARS””
Do that and you’ll owe some one a million bucks pretty quickly.
“the bigger “high” would come from being the FIRST to introduce a true virus into the MacOSX world.”
That “first” has been achieved a long time ago. They tend to die of hunger because there’s not enough targets to replicate to. But bragging rights for the “first” Mac virus are long gone.
Bzzzzt! Sorry, Charlie, but the Morris Worm attacked networking software running on VMS systems, not Unix.
“Bzzzzt! Sorry, Charlie, but the Morris Worm attacked networking software running on VMS systems, not Unix.”
If you weren’t in IT then and remember it, At least read a few seconds about the Morris worm before ignorantly posting. Yes one of it’s targets was DEC systems, but those running Unix not VMS.
Specifically BSD Unix, the same flavour as Mac OS X.
So BSD Unix, As still used on the Mac today, is the original proof of concept platform for Internet Worms.
“So BSD Unix, As still used on the Mac today, is the original proof of concept platform for Internet Worms.”
Yes indeed fanboy Frigtrads your OS is indeed the one that bore and nurtured the Great Worm, the proof of concept. The worm from which all others followed.
[Intro: ‘Anti-Virus’ is an incorrect, insufficient and antiquated term. The correct term is ‘Anti-Malware’ which can be shortened to ‘AM’. The word ‘virus’ refers only to a subset of computer malware.]
The fact that ‘Security By Obscurity’ has been a myth for Macs for all eternity really ticks off the anti-malware developers. Basically, there remains no serious reason to have pay for anti-malware software. As a courtesy to Windows users, considering the remote possibility that you will pass along to them some piece of Windows specific malware, it may be a kind gesture to have anti-malware installed on your Mac. I am one of those courteous people. So I use ClamXav. [Purists please read as: ClamXam.] It’s FREE. It’s malware definitions are updated almost daily.
Despite wise words from professional (versus bogus or Dvorakesque) technology journalists like David Pogue, we consistently get the FUD line that we Mac users should all be scared because THE MALWARE ARE COMING! based ridiculously on the fact that Mac’s have taken market share away from Windows PCs.
Quicky history lesson:
The current wave of ‘Security By Obscurity’ rubbish began in August 2005 in a diatribe perpetrated online by Symantec. They were in the midst of two problems on the Mac platform: (1) Norton Anti-Virus for Mac wasn’t selling. (2) Norton Anti-Virus was (and remains) one of the single most buggy if not outright dangerous programs for Mac OS X. Time for marketing spin!!! So what do you do when your product is crap and no one wants it for perfectly sensible reasons? You lie.
McAfee joined in the lying game later that year. Apparently there was a disconnect between the marketing morons at McAfee and the CEO, because in 2006 the CEO went on record stating that, in his humble opinion, the single best way to be malware-free was to Get A Mac. That’s shocking honesty. Bravo.
What happened next has actually been extremely important. Rather than scumbag lying marketing morons perpetrating stupid nonsense to sell pointless product, professional hackers got into the mix. Sadly some of them were verbally incompetent, but they brought to the table the ability to actually find and publish vulnerabilities that existed in Mac OS X. So in the midst of their acting like juvenile a$$holes, they prodded Apple to wake the frick up and start taking Mac OS X security seriously.
And no, Apple were NOT being serious about security until this time. Why so lazy? What was their incentive to care? Humans require incentives to innovate. To this day Mac OS X has a measly one (1) piece of malware of any real concern to users, and there is a FREE cure program available. The second malware that’s still kicking around was made inert last month on Mac OS X Server, and it is rarely viable on MOSX client machines unless the user turns on the BIND processes for DNS forwarding, which is extremely rare. What got Apple moving was public outcry and good old fashioned embarrassment.
That brings us up to today. The more FUD and embarrassing comments leveled at Apple, the better Mac OS X security becomes. It’s called irony and I love it.
CONCLUSION: The Anti-Malware developers are now more ticked off than ever. Not only does the motivation to pay for Mac anti-malware remain non-existent, but Mac OS X was made more secure specifically because the marketing morons at their corrupt companies loudly lied to their potential patrons.
HAHAHAHAHAHA!
And now a moment of silence for the poor decrepit anti-Mac security trolls who are crying in their beer. Poor, sad, dejected OFTs. What lame retort will they make this time?
What lame retort will they make this time?”
If Lameness was their goal, I think you’ve set a standard which can’t be easily topped.
Just for fun, and to enjoy a metaphoric parable
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
If I may, allow me to *paraphrase/re-write* some dialog between George (Jack Nicholson) and Billy (Dennis Hopper) from ‘Easy Rider’
George: Oh, they’re not scared of you. They’re scared of what you represent to ’em.
Billy: Hey man. All we represent to them, man, is somebody using a fruity computer.
George: Oh no. What you represent to them is a computer that works.
Billy: What the hell’s wrong with using a computer that works, man? That’s what it’s all about.
George: Oh yeah, that’s right, that’s what it’s all about, all right. But talkin’ about it and bein’ it – that’s two different things. I mean, it’s real hard to believe your computer works correctly when you are bought and sold in the marketplace of FUD and your computer is always under threat of viruses or crashing. ‘Course, don’t ever tell anybody that they’re computer doesn’t work properly and they got suckered in by going with Windows – ’cause then they’re gonna get real busy killin’ and maimin’ to prove to you that it is ok. Oh yeah, they’re gonna talk to you, and talk to you, and talk to you about having a good computer, but when they see a computer that really IS good, it’s gonna scare ’em.
Billy: Mmmm, well, that don’t make ’em runnin’ scared.
George: No, it makes ’em dangerous.
BC
OFT (our foolish troll) sez:
“That “first” has been achieved a long time ago. They tend to die of hunger because there’s not enough targets to replicate to. But bragging rights for the “first” Mac virus are long gone.”
Gotta love that spirit of persistent and insistent ignorance.
No little troll. Not even in the lab has there ever been a single Mac OS X VIRUS. It’s time for you to do your homework again! Go look up the phrase “computer virus” and discover that a virus has to be able to replicate itself in the wild. Now name ANY Mac OS X malware, including any that was proof of concept, that was able to replicate itself outside of a LAN. Go on! I’ll wait…
[Teehee! While our OFT fries his tiny brain trying to defend his lunacy, let’s go over the names of the two (2) malware in the wild for Mac OS X. They are:
(1) The OSX.RSPlug.A Trojan
and
(2) … oh wait! There is no #2!
It used to be the AppleScript.THT Trojan, but Apple made that one inert in June! Sorry!]
;-Derek
I’ll ask this again as I did on another thread.
How many actual Macs with OS X purchased for normal use by non-hacking consumers have been affected or compromised by malware?
How many actual PCs with Windows purchased for normal use by non-hacking consumers have been affected or compromised by malware?
Ballpark guess?
To the other steve jobs:
“Fine. So what? There aren’t NOW. Would it be a better idea to get a Windows computer and get all the viruses out there right off the bat, or why not use the other platofrm, where there are none, and let them gradually show up?”
Well put.
In other news: something may happen… somewhere.
“So BSD Unix, As still used on the Mac today, is the original proof of concept platform for Internet Worms.”
Yes indeed Fanboy Frigtards your OS is indeed the one that bore and nurtured the Great Worm. The proof of concept. The worm from which all others followed.
PART 1:
OFT (our flaky troll) sez:
“”Bzzzzt! Sorry, Charlie, but the Morris Worm attacked networking software running on VMS systems, not Unix.””
“If you weren’t in IT then and remember it, At least read a few seconds about the Morris worm before ignorantly posting. Yes one of it’s targets was DEC systems, but those running Unix not VMS…. Specifically BSD Unix, the same flavour as Mac OS X….. So BSD Unix, As still used on the Mac today, is the original proof of concept platform for Internet Worms.”
I have to point out that OFT skinned his knee on this one, but is essentially correct. Here is the study of the Morris Worm that is most often sited:
http://homes.cerias.purdue.edu/~spaf/tech-reps/823.pdf
To quote Eugene H. Spafford:
“On the evening of 2 November 1988, someone infected the Internet with a worm program. That program exploited flaws in utility programs in systems based on BSD-derived versions of UNIX. The flaws allowed the program to break into those machines and copy itself, thus infecting those systems. This program eventually spread to thousands of machines, and disrupted normal activities and Internet connectivity for many days.”
Mac OS X uses BSD UNIX as derived from Free BSD and Open BSD UNIX.
But where OFT got his knee skinned is the fact that we’re talking about 1988 here. BSD UNIX was on two years old. It still hadn’t freed itself from legacy AT&T;UNIX code.
http://en.wikipedia.org/wiki/Berkeley_Software_Distribution
FreeBSD was not begun until 1993. OpenBSD was not begun until 1995.
http://en.wikipedia.org/wiki/FreeBSD
http://en.wikipedia.org/wiki/OpenBSD
Therefore, I have to point out that comparing the BSD UNIX from 1988 to BSD UNIX of today is pretty darned silly.
PART 2:
And just to freak the trolls, check this out from 2004-11-02:
Mac OS X, BSD Unix top security survey
http://www.macworld.com/article/40451/2004/11/mi2g.html
“London-based mi2g Intelligence Unit on Tuesday released a report that says Mac OS X and Berkeley Standard Distribution (BSD) Unix are the “world’s safest and most secure 24/7 online computing environments.” Linux operating systems offer the worst track record, according to mi2g, with Windows coming in second.”
Deep study: The world’s safest computing environment
http://www.mi2g.com/cgi/mi2g/press/021104.php
“London, UK – 2 November 2004, 02:30 GMT – The most comprehensive study ever undertaken by the mi2g Intelligence Unit over 12 months reveals that the world’s safest and most secure 24/7 online computing environment – operating system plus applications – is proving to be the Open Source platform of BSD (Berkley Software Distribution) and the Mac OS X based on Darwin.”
“…More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004,” said DK Matai, Executive Chairman, mi2g.”
Meanwhile, here in 2008, the trend of companies and governments moving to the security of Mac OS X continues. The market share of MOSX as of 2008-01 is listed at Wikipedia as 7.57% There have been no studies since 2004 that have contradicted the mi2g findings. BSD UNIX based operating systems remain the safest on the planet.
“Therefore, I have to point out that comparing the BSD UNIX from 1988 to BSD UNIX of today is pretty darned silly.”
Yet nevertheless you fanboys claim this great Secure Unix Legacy. But then you quickly admit that claiming that Unix always had great security is a false and a silly idea.
Which one is it Fanboy Frigtard currie?
“You’re a pathetic googler. try “mac os x vs windows vulnerabilities””
First you need to redefine your definition of vulnerability. It does NOT equal virus or malware. Just like eryone is vulnerable to stupidity, Mac users are just less prone to that than others.
“That “first” has been achieved a long time ago. They tend to die of hunger because there’s not enough targets to replicate to. But bragging rights for the “first” Mac virus are long gone.”
Umm.. yes. the first mac viruses were done already. They were made for OS 7, 8, and 9. NOT OS X. Completely different platforms. And the viruses I did get in OS 7 did ABSOLUTELY NOTHING to my machine. The viruses die of hunger not because there aren’t enough targets but because the holes they target are patched fast quite often before the virus can get into the wild. By the way that virus in OS 7 was the only virus for mac I have ever encountered in my 15 years of using macs with no antivirus on them and it came on a disk not over the web.
Above should read:
Just like everyone is vulnerable to stupidity, Mac users are just less prone to that than others.
Sorry two to many times pressing the delete key
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />