“Apple’s market share of desktop computers is nearing 17 percent,” Jeremy Kirk reports for IDG News Service. “OS X, Apple’s operating system, is popular with consumers and enterprises, making it a more interesting target for hackers.”
“A report to be released on Thursday by the security company Bit9 + Carbon Black shows that more malware has been found this year for OS X than in the last five years combined. The company found 948 unique samples of malware this year compared to 180 between 2010 and last year,” Kirk reports. “Although the increase is large, the malware isn’t very sophisticated and is easy to remove, security experts say. More than half of the malware found this year was aimed at forcing people to view advertisements, a class of annoyances known as adware. Also, infections were mostly dependent on users making poor decisions, such as downloading what should be recognized as questionable software [trojans].”
“The jump in OS X malware also still pales in comparison to Windows,” Kirk reports. “‘If you put all of the Mac malware that we’ve seen, and you combine those numbers for the history of OS X, basically it is less by a significant amount than the amount of Windows malware you will see in an hour,’ said Rich Mogull, an analyst with Securiosis in Phoenix, Arizona.”
Read more in the full article here.
MacDailyNews Take: All of the OS X “malware” ever, over 14.5 years worth, is significantly less than the Windows malware seen in an hour. An hour.
This isn’t Windows, hackers. OS X is UNIX, the Unix version with the largest installed base in the world and backed by the world’s most valuable compnay, no less. Good luck with anything beyond adware and silly trojans. You’re gonna need it.
It is fuel for the hackers FUD fire.
Unfortunately, they are a tenacious bunch O basement dwellers who have nothing better (or more importantly) constructive to offer the tech world. I.e. CESSPOOL EATERS
iPonder how much Samscum & GAAGLE Schit Mole are paying these bottom feeders???
NOT much I suppose … just enough to keep the vitriol against AAPL going. Pathetic in truth. Android? …. GMAFB already.
On the upside for Macs is the guarantee that Apple has a whole team of programmers following the dark web and analyzing and patching to protect Mac users in near real time.
Cook and crew realize that Mac protection is key to their high growth rate.
I’ve seen a person’s machine infected with over 2,600 pieces of Adware and Malware, which was discovered and eliminated by Eset CyberSecurity.
However, the majority of it was targeted for Windows, which Macs are immune to.
Point is, you need to watch what you’re downloading.
We live in a nice little bubble of illusion with the Mac and security. Truth is there’s more than a few ways to look at it.
If you look at new and known exploits, OS X and iOS are at the top of the list.
Check out the CVE system.
“The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. CVE is used by the Security Content Automation Protocol, and CVE IDs are listed on MITRE’s system as well as the US National Vulnerability Database.”
The vulnerabilities are the things that say if you leave your computer running, in a bar, with a sign on it that says feel free, logged into a privileged account, an attacker might gain access to your computer. OS X and iOS have lots of those.
Still hackers don’t seem to take advantage of the available exploits to create functional attacks, because what you don’t see many of, hardly any actually, are full fledged in the wild, your kids are infected attacks. This leads me to believe most of the OS X/iOS exploits are not high risk. Though I’ve only begun to try to classify them personally.
Also if you check US – CERT at least weekly, and you look for targeted high risk vulnerabilities, the Mac typically only shows up because of 3rd party stuff like (you guessed it) Microsoft Office, Flash, and Java.
If you go to major anti-virus companies and look through their lists of vulnerabilities, the Mac stuff is all from years ago and it’s one or two things you’ll remember, but nothing recent.
Anti-Virus software still primarily catches Windows viruses that come in email when I run it on a Mac. In fact I don’t remember an anti-virus EVER actually catching something that could hurt a Mac directly. If required though I use SOPHOS free version. I used to use ESET but it’s expensive and you notice the performance degradation.
Still what bothers me is that known exploits list. If nothing else, because the Mac and iOS are on top, it says that people are beating on OS X and iOS and are determined to find powerful high risk vulnerabilities. The kind where your computer can be attacked without your assistance.
I’m not sure that many of the vulnerabilities aren’t being generated by so called security companies. Which is fine, better they find them, then unknown zero-days pile up out there.
Your computer is being assaulted and felt up without your knowledge when you are on the Internet. Porn sites, watch TV for free sites, etc. You know where the flaky stuff is. I run ad blockers personally not so much because the ads are annoying as all get up, but it’s greater security because web ads are a well known attack vector. Why leave it open if you don’t have to? I put ad blockers on all client computers as well.
I also force people to use non-privileged accounts. Most computer users don’t need a privileged account to their own computers. So I create a standard OS X account for them to work in every day, and a privileged account with a username and password, hidden in an envelope. If they need the privileged account, they call me which alerts me to the fact that they’re about to do something risky. Mostly it’s updates.
scotch and brief.
I was wondering if you get paid for texting here.
I have not seen the 17% number yet, that is a great improvement. However he said “desktop”. I’m not sure if that’s excluding laptops or just tables. If it’s just iMacs, Mac Minis, and MacPros than that is even more impressive to me. Apple seams to focus more on their laptops than desktops. Desktops today tend to be more in business environments than home use. I have said for a long time that the more iOS gets into enterprises the more Macs will too. They will need some to control the iOS devices. I think the MacPro and 27″ iMacs are more popular than people believe. Especially the “I need a real tower” crowd. Most of that group tends to be gamers, small but vocal group.
I use Disconnect Desktop which uses a VPN system to mask location and blocks ads.
I have an Adobe free Mac.
I use the OS X Firewall and Intego’s NetBarrier Firewall.
I also use Intego’s VirusBarrier Anti-Virus.
I use Click to Plugin- a cousin to Click to Flash to prevent plug ins from loading automatically.
AutoFill is turned off.
Safari keychain is turned off.
Open safe files is turned off.
Preload smart search is turned off.
Ask websites not to track is turned on.
Cookies are limited to sites I visit.
Smart Search Field is selected to show FULL WEBSITE ADDRESSES.
I also have a full system backup on a non live ProBox for all content and a backup current OS on a USB drive, so I can boot if the boot disk is corrupted.
This does not slow down my Mac. It makes it faster than running it otherwise.
Sad that we live in such a world. The NYT recently posted a graphic showing how much of your bandwidth is tied up with all the advertising, tracking and such. Here is the link:
http://www.nytimes.com/interactive/2015/10/01/business/cost-of-mobile-ads.html
How is the speed on the VPN? Do you use it all the time or only if you want to be incognito? Does it effect streaming media or downloading large multi-gigabyte files from iTunes for instance?
The only issue with Disconnect is that the app will launch at boot, but not activate the VPN. Support says it is a known issue they are working with Apple on.
I am on Comcast as an ISP and the VPN works very well.
Clarification, you have to turn on the app after it launches. Once it connects it is fine.
Love Little Snitch on my Mac for catching those weird network accesses you’re talking about. Is it false security?
I like to lock down odd connections beyond normal known domains on port 80 unless I know what they are. Like I’m ok with mail on 465 and such, but I try and keep it tight.
Little Snitch, and I use most of the tips from the NSA on Mac hardening, even though it’s fairly out of date. http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf
And Linux (any single version) has a much smaller user base of active individual users and has many times more malware and viruses that attack it.
MDN: Why does the share button crash the iPad app every time – even after a reboot?
It’s not feasible on the Mac to restrict downloads only to the AppStore – too many software vendors don’t publish their software here. And others let their certificates expire.
For many developers, I guess the 30% fee is just too high for apps which sell in low volumes in the Mac environment.
Apple needs to rethink this and bring more developers under the AppStore umbrella.
The default position on Safari is open “safe” files after downloading.
The default position on the OS Firewall is off.
Apple is still not serious about security.
No, Apple is very serious about security, it’s the users that aren’t. You can put a brand new Mac on the internet and it will not get a virus, period. You can put a brand new Windows machine on the internet and it will be infected in under 24 hours. I do believe Microsoft turns on the firewall by default.
This whole story is FUD created by a security company that is looking for publicity.
What orifice do they pull these numbers from?
What is the context of these numbers?
Why is there persistent ANTI-Apple security FUD?
What is IDC actually good for?
Nothing?
I vote nothing.
IDG being the subject.
If there truly is a relationship between security risk and the size of the installed base, it would be interesting to see the rate of change between them for different platforms over time.
This story is more FUD and they shouldn’t be calling it malware, it is adware. Malware steals data, replicates, turns into a botnets, and so far I haven’t seen anything like that in OS X. Now, Safari does have an adware problem when being used by a not so smart person.
The solution to staying safe online is to block all advertising.
Oh My Gosh!!
I’m gonna run out and buy Kaspersky Virus Tools today!!!
/s