MacDailyNews Take: Ooh, big blow. Give us a call when cascading self-replicating viruses cost hundreds of billions of dollars in lost productivity, data, and time, m’kay?
Full article, which also includes the painfully obvious fact that “simply listing the total number of potential vulnerabilities isn’t the best way to gauge the relative security or insecurity of a computer, because some vulnerabilities may be more prevalent than others. So Secunia is not saying that Apple products are less secure than other products” here.
Clicked your link. I think his most important point is don’t install Flash.
Ted & others, you may have a valid concern about Mac users’ complacency, and you are simply wanting us to wake up and smell the coffee. The thing is, I don’t drink coffee. I drink whiskey, lots of it especially after reading some of these MDN posts. ; )
What kind of mushroom they eat?
Well, Ted, the thing I find interesting about your argument is that despite all of the evidence to the contrary and the lack of evidence supporting you, you might be right… but we won’t know until it actually happens. And for several years now, people like you have been coming to this site crowing about how people like us (I have had my firewall turned off for years now) are ripe for picking, at least since 2006, when the news that Macs were virus-free started making the rounds. We’ve had this argument many times with people considerably more articulate and convincing than you. And you know what? We’re still waiting. Until then, we’ll continue surfing the web without fear and saving time, money, and processing cycles by not dicking around with Antivirus software.
You state that you are in stealth mode ” out of the box ” but there are websites that can pinpoint your IP address “out of the box”.
That’s not very stealthy.
It has nothing to do with viruses and maybe very few Trojans . It is zero day vulnerabilities and arbitrary code exaction. Bad I-frames from ads that have OS X zero days. Fuck viruses. Take that one out of the picture.
@Ted:
Dr. Charlie Miller has a decent book for geek level Mac hackers.
The Mac Hacker’s Handbook
One thing Miller points out in his interview is that the biggest new security features in 7ista have been cracked:
“Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows.”
As for other ‘Ted’ comments:
Sorry, but the quote below does not pass muster. It’s more of the same old lame old ‘security by obscurity’ crap that anyone capable of doing math can destroy instantly:
“OS X has never been tested with the full Russian/Ukraine/China/Asia hacking world hacking it 24/7. It will have weekly breaches just like MS has when it becomes a target from the pros and government pros. To this date you have only seen a couple grains of sand hitting OS X. Wait till the whole beach of sand starts knocking on it’s door. Mass pownage.”
The fact is that Windows has over 1000x more malware than Mac OS X on a 1:1 user basis. That’s insanely high. It’s obviously because Windows is drastically less secure. Your argument makes not-a-dent in this fact.
And BTW, it’s spelled ‘pwnage’. It’s pronounced ‘ownage’. Saying ‘pownage’ is for newbies.
Hmm… What other ‘Ted’ faux pas shall I find…
@Ringgo:
The “D” in FUD does indeed stand for DOUBT:
http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt
Ahem: Do your homework kids. THEN post.
Here’s a comment I threw in PC World’s face this afternoon, and up on my Mac-Security blog. It shouts volumes:
~~~~~~~~
Facts (vs FUD) regarding Macintosh security:
Number of Mac OS X viruses: 0
Number of Mac OS X worms: 0
Number of illegal Mac OS X spyware: 1
Number of Mac OS X Trojan horses: 23
Compare that to the numbers for Windows and decide for yourself.
No one ever said Mac OS X was perfect (except trolls). But it remains the single most secure GUI operating system available. Only OpenBSD and FreeBSD are more secure, and no surprise that Mac OS X contains elements of both.
So Ted,
Tell us what version of Secunia PSI you are running on your Mac. I can’t seem to find an OSX download on the Secunia web site.
Please help me out. Please !!
@Ted
TED = Too Easily Duped
Quit lying. Most trollers start by trying to ‘validate’ that they are a user of something. Ie. I am an astronaut and own two Apple rocket ships but Microsoft Bullet Bob says that Apple ones aren’t as good because they don’t have a built in nut scratcher.
Go back to your sad, virus plagued, UI nightmare of MicroDroid penile prosthetics.
While I’m taking over the comments, (sorry, it’s one of my areas of expertise and I love the attention
” width=”19″ height=”19″ alt=”wink” style=”border:0;” /> ), let me make more fun of ‘Ted’ comments:
“Wake the hell up! Thinking OS X is this God of an operating system. It will fall…” blahblahblah
In reply, here is another comment I threw in the face of PCWorld this afternoon, and posted at my Mac-Security blog:
~~~~~~~
PCWorld: “Here’s another blow to those insist that Apple products are rock solid and unhackable”
Me: No one says “Apple products are rock solid and unhackable” except YOU PC World. It is an invented club with which to slam and abuse Mac users. It’s called desperate propaganda, aka FUD.
~~~~~~~
It’s expected and kind of lame of ‘Ted’ to reiterate this old troll line. ‘Ted’ is myth mongering.
FACTs:
1) Mac OS X has zero-day exploits on a regular basis. Apple Security Update 2010-004 (the most recent) consisted of 23 security patches.
2) Mac OS X has 24 malware in-the-wild. Three of the Trojan horses can bot/zombie your Mac.
3) In 2009 there was a Mac botnet of an estimated 10,000 Macs, caused by the above noted Trojan bots.
So obviously it pays to pay attention to Mac security.
But how does Mac security compare to Windows security? Go DIY your own research. But I warn you that there is no comparison. My earlier figure of 1000x more malware for Windows than Mac on a 1:1 user basis will prepare you for the further shock.
‘Ted’: Try harder.
Ted
You’re right! We Mac fanboys are gonna get whacked real hard any day now! Yep. …. Wait for it. …. Wait for it. … Wait. … It’s coming! …. Wait. …. … … … Wait. … … It’s almost here! … … … … … … … … … … … Waaaaait. … … … … … … … … … … … … Wait for it. … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … Any day now. … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … Wait. … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … Yep, when the full Russian/Ukraine/China/Asia hacking world is hacking it 24/7, it’s gonna be real messy for us Mac Cultists! … … … … Right about … … … … … wait. … … … … It’s coming! … … … … wait. … … … … … … wait. … … … … … … …
@Ted
You don’t think that *any* pros have attempted to hack Mac OS X in the wild? Surely one or two have taken offense at MDNs repeated taunts of operating for ten years without being hacked, even after turning off the firewall? Why are you so positive that “OS X has never been tested with the full Russian/Ukraine/China/Asia hacking world hacking it 24/7”? But let’s assume that you are correct and only a small percentage of pro hackers has dabbled in Mac OS X. Surely even a small subset of that “hacking world” would produce some results in the wild if “weekly breeches” are a certainty in the future.
You speak as if you are an OS security expert and also appear to believe that every other Mac user is a clueless Apple polisher with no brains at all. That kind of extreme viewpoint is inaccurate. Most of us do not claim that Mac OS X is invulnerable, but it is worth noting that even with the sharp increase in Mac sales in recent years, the incidence of actual security exploits cannot be explained simply by “obscurity.” In my book, 100,000 to nearly none is called a skunk. When the eventual exploit of Mac OS X does occur, there is a significant possibility that it will be via software products from Microsoft or Adobe.
By the way, Ted, what are you doing to avoid the inevitable “mass pownage” of Mac OS X devices?
@Ted
“… now I see how assassin some of you protect OS X like it is Fort Knox…”
I’m sorry, (and seriously, I’m not trying to attack you) but what the heck does this sentence mean?
Really? What does this mean? It’s non-sensical.
@Ted
You claim to be an Apple fan boy, that’s a lie.
Just another Zune Tang pushing the I wish I had the security of a Mac.
Your site is a joke as you are.
Run back to your wanabee hacker site and wait for the end.
Another sensationalist b.s. headline designed to gain hits rather than report facts. I weep for modern “journalism”.
More media fud and BS, Secunia has proven they are not a reliable source many times in the past, this is no different.
Ted did all of your parents kids grow up to be ass hats or was it just you?
@Ringgo
I will replace Doubt with Disinformation from this day forward, because it makes much more sense.
Uncertainty and Doubt are redundant, which I always thought was stupid to include both just to create an acronym.
When you think about it, the noun, disinformation, is an ideal substitute for Doubt because it better describes what actually transpires during these campaigns.
Fear is used to jar our reptilian brains into action. Uncertainty freezes us in place. The disinformation evens our conviction when obfuscation blinds us to the truth, creating a feeling of hopelessness.
FEAR. UNCERTAINTY. DISINFORMATION.
FUD!
My apologies if someone mentioned this earlier and I missed it, but Daniel Eran Dilger did a pretty thorough analysis of the Secunia report. In a nutshell: Their data don’t back up the claim that Mac OS X has greater vulnerabilities than other OS’s (just the opposite):
http://www.appleinsider.com/articles/10/07/22/secunia_issues_contradictory_vulnerability_report_assailing_apple.html
CRAPPLE has no clue how to make anything secure.
and why would they? They’ve persisted to this point on the “security by obscurity” program…they never had to worry about how secure their products were, because no one would bother to attack an insignificant player like them.
But now that people are scrutinizing their products (despite the fact that, at ~4% of the computer market, they’re still an insignificant player), it’s obvious that they have no clue what they’re doing.
In the end, it will make no difference. Macolytes will continue to buy and use CRAPPLE products no matter what – people with brains in their heads will just look at the Macolytes and wonder what the eff they are thinking.
From now on bing and decide. http://www.bing.com
Hi,
I been a mac user for 20 years. I have used System 6, System 7, Mac OS9, and Mac OS 10.0 to 10.6 and I found Mac to be more reliable and secure than Windows.
My opinion about Ted is that he needs to gets his facts. Last time they had a contest, someone hack into Mac, running OS X in less than a minute. That was last year I think. Everyone was shocked. Now the truth came out, and the fact was the first attempt was unsuccessful, so the judges relax the contest rules. So one the contestant asked one of the judges to go to the site, using safari, and click on the link and the mac was hack into less than a minute.
If you read the news Ted, the US Military starting to us Macs now, why because they got sick of their Windows machines getting hack into. Don’t forget Snow Leopard is now certified Unix.
By the way I don’t use antivirus , spyware or malware programs to protect my Mac like Windows uses have too.
I think of Mac computers as F-22 Raptors and Windows SU-33.
That must be why I’ve been using Macintoshes since 1984 and never used virus protection software.