Mac Security Is '10 Years Behind Microsoft'

Number of Mac's presented with Malware to be removed since January 1st - 0.

Number of PC's presented with Malware to be removed since January 1st - Between 200 and 300.

Microsoft, the AV companies and et. all can say whatever the hell they want, what should really matter to people is reality.

And the reality is, I never get presented Mac's to have Malware removed.

Sounds like someone's still following orders...
 
I've run a hackintosh for about a year now. I found it HILARIOUS that OSX prompts for the user to type password FAR more often than UAC requires a single click but Apple used to run those stupid ads with the body guards interrupting the "PC" guy constantly to approve something. OSX is far more obtrusive about it.

That is pretty standard and normal. It really isn't that hard to type in your password... Not much different from *nix. It still blows my mind that people are so annoyed by having to click 'continue' or type in their password. "Wahhhh it isn't secure! Fix it! But don't require anything from me, I am far too lazy to do anything about it!"
 
They go around saying crap like macs and Iphones ipad crap dont get vrirus or hacked when in fect the reason is nobody gives a fuck about mac and hacking them and writing virus programs for them is not worth the time.

While I would agree macs aren't worth writing one for due to its small market share ipad & iphones would definitely be worthwhile. I figure its only a matter of time before we'll see iOS get hit with something. It's just more difficult on non-jailbroken devices due to the closed system. But there's always someone out there who wants to say, "I was the first or took down the most i devices with my code!"
 
and from that link..the first serious virus outbreak was on...... the apple :)
I found that to be interesting as well.
And before all the "it's just a JAVA exploit" comments; Apple has their own in house managed JAVA distro that they patched long after Oracle had patched theirs.
And you've gotta love how they revoked Security Researcher Charlie Miller's dev license when he demonstrated a flaw in security restrictions (note that Apple approved the app for sale in the app store!): http://www.forbes.com/sites/andygreenberg/2011/11/07/apple-exiles-a-security-researcher-from-its-developer-program-for-proof-of-concept-exploit-app/.
So, coveringing up known issues, slow to patch, ignoring security firms, who knows what else. Typical Apple PR damage control.
And "only" 600K (1%) Apple devices infected is a LOT for an "uber secure" OS.

If you still think Apple has your best interests at heart, then you've been drinking too much of the patented Apple Double Rainbow Kool-Aid.
 
I found that to be interesting as well.
And before all the "it's just a JAVA exploit" comments; Apple has their own in house managed JAVA distro that they patched long after Oracle had patched theirs.
And you've gotta love how they revoked Security Researcher Charlie Miller's dev license when he demonstrated a flaw in security restrictions (note that Apple approved the app for sale in the app store!): http://www.forbes.com/sites/andygreenberg/2011/11/07/apple-exiles-a-security-researcher-from-its-developer-program-for-proof-of-concept-exploit-app/.
So, coveringing up known issues, slow to patch, ignoring security firms, who knows what else. Typical Apple PR damage control.
And "only" 600K (1%) Apple devices infected is a LOT for an "uber secure" OS.

If you still think Apple has your best interests at heart, then you've been drinking too much of the patented Apple Double Rainbow Kool-Aid.

^ +1
 
I've run a hackintosh for about a year now. I found it HILARIOUS that OSX prompts for the user to type password FAR more often than UAC requires a single click but Apple used to run those stupid ads with the body guards interrupting the "PC" guy constantly to approve something. OSX is far more obtrusive about it.
You'll see password prompts for installing applications with the Apple Installer (which you rarely need to do, as most Mac applications are bundled), to change settings in the System menu for contexts you've specifically locked (read: gone out of your way to lock) and in Keychain Access when you're looking to copy a password from the Keychain or edit a password.

Beyond those instances, I never see password prompts. That said, if you go out of your way to lock your Keychain, then yeah, you'll get more prompts. But that's something you have to specifically opt in to.

Those commercials were in reference to Vista, where UAC was clearly over-aggressive and would fire a prompt for the most absurd things you could imagine. You may have noticed that that ad campaign stopped a long time ago, as it's no longer really true as of Windows 7 and the changes it made to UAC.
 
I work for a company with an Apple Authorized repair center, and I've never seen a virus infected Mac come in.

I see what you did there ;) (Keyword: Virus)

In the last 2 years I have had to clean just as many MAC OS's as I have Windows OS's (Did a sort in my ticketing system, almost dead even). Bottom line, Apple is seemingly still in the infant/pre-teen stages when it comes to development. They seem to pour their efforts into "shininess" and neglect security and flexibility in their software. But what do you expect when they answer to a more consumer saturated market as opposed to a very business heavy market? Security matters a lot to business, security is an annoyance to most consumers. This isn't earth shattering revelation.
 
Number of Mac's presented with Malware to be removed since January 1st - 0.

Number of PC's presented with Malware to be removed since January 1st - Between 200 and 300.

Microsoft, the AV companies and et. all can say whatever the hell they want, what should really matter to people is reality.

And the reality is, I never get presented Mac's to have Malware removed.

1.) How macs total in your organization vs. how many windows machines?

2.) What version of windows on the windows machines?


My unsubstantiated gut feeling is that your numbers are skewed by:

1.) Total Windows machines VASTLY exceeding total Mac count

2.) Mac users brainwashes into believing that there are no viruses/malware, so they dobt complain about it

3.) windows infection rate exacerbated by running old XP installs more vulnerable to infection.
 
If Kaspersky really cared about security, they would give anyone who buys a Mac a free condom. It may not protect their Mac, but it might prevent the idiots from procreating.

One second thought, you can't get pregnant from butt sex.


You really have to love the assholes in this forum. Grow up children. Can we get an edit for this kind of retardedness?
 
While I would agree macs aren't worth writing one for due to its small market share ipad & iphones would definitely be worthwhile. I figure its only a matter of time before we'll see iOS get hit with something. It's just more difficult on non-jailbroken devices due to the closed system. But there's always someone out there who wants to say, "I was the first or took down the most i devices with my code!"


And you know what i'll do if my iOS device gets hosed? Ill restore it from my secure and encrypted backup in about 10 minutes.
 
I realize that infected Macs do exist and that they will become more common in the future but I've never actually personally seen one.
 
You really have to love the assholes in this forum. Grow up children. Can we get an edit for this kind of retardedness?
Meh. Ignore him. Waste no time responding to someone who doesn't know the difference between "one" and "on".

Just have a laugh at him and be on your merry.
 
the fucking apple are to dumb too know apple prducts are abot as secure as a strippers g string.

They go around saying crap like macs and Iphones ipad crap dont get vrirus or hacked when in fect the reason is nobody gives a fuck about mac and hacking them and writing virus programs for them is not worth the time.


its like trying top protect junk nobody wants hacker or virus dude wants to bother with.


Besides the fucking apple hippster dont have anything worth stealing and the only reason to give them a hack or a vrius is for the lulz.

I'm sorry, but whether I agree or not with your "point," I can't seem to get past you calling out an organization as "to dumb" with such an exquisitely written post.
 
iOS devices are probably the most insecure mobile platform around as of a little over a year ago.

I'm not doing security consulting/research anymore, but iOS and iOS apps are by far easiest to exploit. The keychain is a joke.

No one really cares that much about hacking OS X. No one wants a botnet full of college kids' laptops on iffy wireless. You want always-on machines and minimal firewalling. Usually this means you go after older more vulnerable distributions like unpatched XP.

Malicious hacks follow the path of least resistance unless they're research hacks or state-sponsored which means they generally target older unpatched operating systems.

More importantly, because we all keep our OS up to date right? Safari is vulnerability city but they benefit from Google's constant improvement to webkit. Mobile safari is often a mess even with that.
 
So wait, a snake oil salesman (Kaspersky) is calling out another larger snake oil salesman (Apple) for not using there snake oil?

Hilarious.
 
So wait, a snake oil salesman (Kaspersky) is calling out another larger snake oil salesman (Apple) for not using there snake oil?

Hilarious.

Please learn the difference between there, their and they're.

It is very important.

there = over there
their = belonging to them
they're = they are

:p
 
iOS devices are probably the most insecure mobile platform around as of a little over a year ago.

I'm not doing security consulting/research anymore, but iOS and iOS apps are by far easiest to exploit. The keychain is a joke.
.

How many iOS malware/viruses do you get each day? What about on Android?
 
How many iOS malware/viruses do you get each day? What about on Android?

Well for one, it's not about malware and viruses anymore and probably hasn't been for about a decade. We were out there to find vulnerabilities and test applications, not worry about the implications of those vulnerabilities (malware).

Also, considering I don't deal with it anymore, 0 on each. In security consulting you deal with the app/platform... almost never at an individual device-level unless you're using it as an attack vector to get into an application or network. I don't sit there trying to fix people's phones nor do I track malware. Never have, hopefully never ever will.

The vulnerabilities in iOS are largely related to keychain access, privilege escalation, access to data that should be restricted, and various forms of spoofing. Every few months there's a big buffer overflow exploit found in mobile safari or something else that uses C libraries too. The spoofing and data access issues were typically the big bad ones because they're slow to be fixed. Spoofing tricks people a lot of the time, and it's a lot more believable on a mobile device.

It's the best when there's a safari URL spoofing exploit that's not patched and then you create a facsimile of a client company's web mail page. You can steal user credentials with an incredibly high success rate.
 
Sounds like someone's still following orders...
From this article:
How Widespread is the problem?

Andy says that in the past about 0.2 percent of service Macs were suffering from some kind of malware -- "most always DNS trojans." Now that number soared to around 5.8 percent, mostly thanks to MacDefender -- a trojan that DailyTech previously reported on.
Wow it's at ~6% now. So if my math is correct, and 600K is 1%, then 6% is ~3.6 million infected. If so, then that's quite a jump. But it's easy to say you're not infected if you've never run an antivirus and have no proof either way. If they had, then it most likely wouldn't have become so widespread. Running clean & bold will eventually lead to an infection of some sort. It doesn't matter what OS.
 
You'll see password prompts for installing applications with the Apple Installer (which you rarely need to do, as most Mac applications are bundled), to change settings in the System menu for contexts you've specifically locked (read: gone out of your way to lock) and in Keychain Access when you're looking to copy a password from the Keychain or edit a password.

Beyond those instances, I never see password prompts. That said, if you go out of your way to lock your Keychain, then yeah, you'll get more prompts. But that's something you have to specifically opt in to.

Those commercials were in reference to Vista, where UAC was clearly over-aggressive and would fire a prompt for the most absurd things you could imagine. You may have noticed that that ad campaign stopped a long time ago, as it's no longer really true as of Windows 7 and the changes it made to UAC.

I would agree. Vista was just terrible in its UAC method (the slight delay before popup coupled with stealing focus was beyond annoying) while Win7 is an order of magnitude less intrusive.

OS X behaves just like any Linux machine in this regard. While I would agree that typing a password is somewhat more annoying it is also more secure than clicking a button. I am personally far more fond of the OS X and Linux method than I am of UAC (which I still turn off out of habit since Vista).

As for the story, I'll keep my skepticism. Apple obviously need to step up their efforts after the last two but people have been predicting mass virus outbreaks on the Mac since they started getting popular a few years ago.
 
As for the story, I'll keep my skepticism. Apple obviously need to step up their efforts after the last two but people have been predicting mass virus outbreaks on the Mac since they started getting popular a few years ago.

OS X will probably never see the virus issues that have plagued Windows, the key question is why? Is it because OS X is inherently more secure than Windows or because of OS X's market share? I think most rational people would say it has a lot more to do with the latter.

From an end user standpoint as long as malware isn't causing a lot of issues, the reason why OS X doesn't have much of a malware problem isn't really important. But if malware developers were to put just half as much effort in OS X malware as Windows malware Apple's current security would be woefully inadequate and I think that's the issue here.

As long as the effort in OS X malware is minimal, sure things are great. And it might very well be that the effort will never be put forth. OS X market share is still pretty small even if it is growing a bit in the desktop space but with the explosive growth in mobile I'd think that malware developers will begin to spend more energy in that space.

Long story short, Apple is just fortunate in regards to OS X malware. If they had to actually to depend on their actually security practices with OS X they'd be less fortunate.
 
If Kaspersky really cared about security, they would give anyone who buys a Mac a free condom. It may not protect their Mac, but it might prevent the idiots from procreating.

It shouldnt matter, apple fans are too busy selling kidneys. I think Darwin has a hand in this one. :D
 
OS X will probably never see the virus issues that have plagued Windows, the key question is why? Is it because OS X is inherently more secure than Windows or because of OS X's market share? I think most rational people would say it has a lot more to do with the latter.
It's no doubt a factor of both but, with regard to the latter, it's worth noting that low marketshare didn't prevent OS 9 from being absolutely riddled with viruses back in the day. And the same was true for both the Amiga and Atari ST in those days. Those only sold about 10 million systems combined (a fraction of PCs then and even just the Linux machines today) and that was well before the internet came along.

The system with the biggest marketshare will always be the main target but I can't shake the feeling that things would be worse on OS X (and Linux) if marketshare were the only factor. OS X, in particular, should have more viruses if it's such low-hanging fruit and both have large enough markets to sustain a virus population when compared to the Amiga and ST.

I'm not saying it won't happen or isn't possible but that I remain skeptical of such claims until it does.
 
Zarathustra[H];1038654023 said:
Agreed, but Unix based open source systems have a much better track record of fewer holes (presumably because more eyes see the code) and quicker fixes when something does go wrong (because anyone can write a patch, and there usually isn't that "corporate damage control" thing preventing quick fixes).

No system is impenetrable. As long as people write code, there will be people that find ways to abuse it, on any system. It's always going to be a game of cat and mouse. thus far - however - ever since the mainstream adoption of SELinux into most Linux distributions, Linux has really been the best at this. Even before this though, the Linux and Unix landscapes were far more effective at releasing secure code, and patching when holes were found.

Even today - while it is a lot less common than it used to be - fully patched Windows 7 machines are occasionally infected without any user input, simply by being on the network. I have never heard of this on a Linux box. I'm not saying it hasn't happened, I've just never seen it, or heard of anyone who has had this problem.

Typically - though - infections come from tricking people into giving permission to install something they shouldn't and bypassing UAC or its OSX or Linux equivalents, and this is why user education is one of the most important parts of security. Don't click the UAC prompt, and don't enter your password, unless you know WHY you are doing it.


While education is important - however - it is not a substitution for other good practices, like making sure you run everything in a limited user account, with UAC on, running an up to date real time virus scanner, and frequently scanning your machine just in case. You could be the most educated computer expert in the world, but unless you follow the practices above, you are leaving yourself exposed.

If buy unix based open source you include linux I disagree. I believe the fact is that security is based almost entirely on how many computers are using your OS. In my life I have never had a linux virus on a personal computer. But then again I hardly know anyone who used any flavor of linux on a personal computer. However I have witnessed my web hosts and many different ones get viruses and hacked many times throughout the years I have been doing web work. ALl of those systems run some flavor of linux so what gives? It is simple there is no one targeting viruses and hacking to linux personal computer because no one uses them. But servers are an entirely different storry with massive market share for linux.

The same exact thing is true of Macs, no one used them before and now they are exploding in popularity so virus writers are starting to see a benifit to targeting macs. No OS is secure but the most secure OS is the one that recieves the most threats and has to deal with them. Saying macs or linux do not get viruses is like someone saying American Indians do not get viruses. We all know how that turned out when they were finally introduced to them.
 
I disagree. I think the OS that has more hardware options, more expansive drivers, and a larger software selection, all of which are managed by different vendors and engineers is more likely to be less secure than a more unified, centrally controlled ecosystem.
 
Cant say I agree with you at all, go look at all the viruses you can remember hearing about what percent of them have anything to do with hardware or drivers? The only good arguement is the larger software selection. I also disagree with that so what if you have less software it only means you are likely to become more complacent in developing it or catching exploits because there are less out there to test you. I remember seeing this happen all the time in lesser known games where people would have this stereotype that CS was where all the hackers were but their lesser known game would have all these people using really basic hacks because there was no security at all.

Sure there are more options to find a security hole in more pieces of software, but the antivirus ends up being better developed to detect it in the bigger system.
 
Just to be clear about my point. Imagine someone who says an athlete who works out and practices less will be better because they have less chances of getting hurt. Sure you could make that arguement to a niave person but everyone knows that is not the case. The athlete who practices more is going to have better skills in the vast majority of cases.
 
I don't think you should use that analogy.

Hardware and low-level exploits and malware exist, whether you think it's relevant to the discussion doesn't change that fact.

Those holes are minimized when the same company that designs the hardware also designs the software. The logic you've been using saying that lower market share means less exploits also means that less hardware differences also means less exploits.

The same company also controls how much code is revealed to the world through the development kits.

So the benefits of the PC industry also make it intrinsically more vulnerable than any closed system, OSX included.

In order to test the market share vs. malware hypothesis someone should gather all the data for the past ten years and see if vulnerabilities have been rising with market share of Macs as well as PC's. It's a simple analysis so I'm surprised it hasn't been done and posted here already.

Your games analogy isn't a very strong one, either. We may talk about PC's, Macs, and linux boxes being attacked but in reality it's specific exploits. One of the largest vectors of virii has been Outlook and then it became Office. We should be comparing Office versions, IE versions, Safari to itself vs. other browsers, and looking at IE on Macs vs. PC's, Firefox on Macs vs. PC's, and Safari on Mac's vs. PC's.

All of this stuff you're claiming is testable with objective data and allowing for control of all the variables people are wondering about.
 
From this article:Wow it's at ~6% now. So if my math is correct, and 600K is 1%, then 6% is ~3.6 million infected. If so, then that's quite a jump. But it's easy to say you're not infected if you've never run an antivirus and have no proof either way. If they had, then it most likely wouldn't have become so widespread. Running clean & bold will eventually lead to an infection of some sort. It doesn't matter what OS.

Since you brought it up, a deeper question would be what type of malware is on the Mac in the first place, since at least 20% may have malware that only affects windows users. http://www.techspot.com/news/48328-sophos-20-of-macs-harbor-windows-malware.html

This is everyone's problem, so there's no reason for anyone to get all elitist.
 
We can argue all day guys.... but from my observation if you are

a) Male
b) Straight

you probably hate Apple...

You can fill in the blanks from there.....
 
This is everyone's problem, so there's no reason for anyone to get all elitist.

Especially with bullshit deflection by saying they don't get "viruses" even though trojans and other kinds of malware exist for MacOSX. Viruses aren't written anymore for Windows, either. Everything's a trojan now. Why? Cause botnets make money. Viruses that disable a computer DO NOT.

Virus or a trojan, it's all malware in the end. And Macs absolutely, certainly get malware.
 
What Kaspersky is saying really isn't 'new' news, it's been said for years that Apple does not invest enough in their own security. It's just now someone very reputable said something about it.

As for MAC virus's/malware, I don't think most people encounter it at this point. To me it seems that the malware is usually targeted at something specific, rather than just being 'out there' like Windows infections are.

That said, I do look forward to the day that there is a wide spread infection and MAC users worldwide get caught. It should be a very humbling experience for them and Apple, I think they need it.
 
Trojan's and Viruses (malware) for mac are more prolific but less intrusive than people give them credit for. Most of them are used to steal information but also run botnets. Because of a typical mac user's ignorance...the botnet owner, as long as they don't push to hard, can run indefinately. We have monitored a few and they keep themselves very well hidden from what they are doing.
 
Since you brought it up, a deeper question would be what type of malware is on the Mac in the first place, since at least 20% may have malware that only affects windows users. http://www.techspot.com/news/48328-sophos-20-of-macs-harbor-windows-malware.html

This is everyone's problem, so there's no reason for anyone to get all elitist.

Yeah, and cocky Mac users are probably transmitting the malware to the old XP machines they're taking data to on a flash drive. :(
 
Trojan's and Viruses (malware) for mac are more prolific but less intrusive than people give them credit for. Most of them are used to steal information but also run botnets. Because of a typical mac user's ignorance...the botnet owner, as long as they don't push to hard, can run indefinately. We have monitored a few and they keep themselves very well hidden from what they are doing.

These are my thoughts exactly.

People on macs are conditioned to believing they "don't get viruses" so they don't look for them, don't run scans, and probably wouldn't know the symptoms of one if they experienced them.

Because of this they are likely to go under-reported, and skew the numbers downwards significantly.
 
If buy unix based open source you include linux I disagree. I believe the fact is that security is based almost entirely on how many computers are using your OS. In my life I have never had a linux virus on a personal computer. But then again I hardly know anyone who used any flavor of linux on a personal computer. However I have witnessed my web hosts and many different ones get viruses and hacked many times throughout the years I have been doing web work. ALl of those systems run some flavor of linux so what gives? It is simple there is no one targeting viruses and hacking to linux personal computer because no one uses them. But servers are an entirely different storry with massive market share for linux.

The same exact thing is true of Macs, no one used them before and now they are exploding in popularity so virus writers are starting to see a benifit to targeting macs. No OS is secure but the most secure OS is the one that recieves the most threats and has to deal with them. Saying macs or linux do not get viruses is like someone saying American Indians do not get viruses. We all know how that turned out when they were finally introduced to them.


There are two aspects to this.

1.) If there are more systems, even if there are the same percentage of infections, they will be higher when there are more systems

2.) More systems mean bigger targets, and more people trying for exploits, and thus, that percentage is also likely higher.

As regards Linux, I have seen some production web servers compromised, but most of the time they are running on old production servers with unpatched versions of Apache, etc. run by a company with lax considerations when it comes to security.

Take Sony and their Playstation Network as an example. Unpatched servers, residing on a network that didn't even have a firewall...

That being said A LOT of corporate servers run varieties of Unix and Linux, and as such they are lucrative targets.

There is A LOT more to security than only obscurity. Obscurity only masks security problems that have not yet been addressed.
 
Zarathustra[H];1038658636 said:
People on macs are conditioned to believing they "don't get viruses" so they don't look for them, don't run scans, and probably wouldn't know the symptoms of one if they experienced them.
There's no reason to look for them. There are currently no in-the-wild viruses for OS X, so unless you're a high-profile target for a directed attack, you're not going to be infected with a virus (and even then, you probably won't be — the hacker would ordinarily have no reason to infect the machine he's hacking with a virus.)
 
Back
Top