HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
The folks at eWeek have posted an editorial today saying that the Mac isn’t as secure as some people want you to believe. Ummm, duh!
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
The Mac Isn't as Secure as Some Want Us to Believe
- Thread starter HardOCP News
- Start date
Fortunately the author comes to a decent conclusion here:
I don't buy the "security through obscurity" argument simply because Mac OS 9 had lots of malware issues, and that had a much much smaller install base than OS X has. It had a small user base but it was a much easier target for hackers. OS X is a much larger target but it is a much tougher one at the same time.
Even OpenBSD is a frigging target! What a nonsense argument.
The other reason, and this is mostly speculation on my part, is the whole prestige/vanity aspect of being the hacker responsible for the first major malware outbreak that turns millions of OS X machines into spamming zombies that spread their infection like wildfire onto other OS X machines. Apple touts security as a major feature of OS X for eight years, you figure that some hacker out there would try and do this.
Again, this was very possible on both Windows XP and Mac OS 9, yet it is damn near impossible with both OS X and Windows Vista.
Viruses are not an issue with OS X for the same reasons they aren't with Vista or other UNIX flavors, which is that installing or running anything that asks for a change in the OS requires elevating admin rights, and they feature sandboxing within the OS. The best that can be managed right now against them is a trojan, and at that point the security risk is the exact same one that every other OS has: the user.
ANY computer can be tricked by a Trojan, because it involves the user himself unwittingly giving away control to a harmful application. Education is the only protection in cases like this. No OS is invulnerable as long as some idiot is driving.
I don't buy the "security through obscurity" argument simply because Mac OS 9 had lots of malware issues, and that had a much much smaller install base than OS X has. It had a small user base but it was a much easier target for hackers. OS X is a much larger target but it is a much tougher one at the same time.
Even OpenBSD is a frigging target! What a nonsense argument.
The other reason, and this is mostly speculation on my part, is the whole prestige/vanity aspect of being the hacker responsible for the first major malware outbreak that turns millions of OS X machines into spamming zombies that spread their infection like wildfire onto other OS X machines. Apple touts security as a major feature of OS X for eight years, you figure that some hacker out there would try and do this.
Again, this was very possible on both Windows XP and Mac OS 9, yet it is damn near impossible with both OS X and Windows Vista.
Viruses are not an issue with OS X for the same reasons they aren't with Vista or other UNIX flavors, which is that installing or running anything that asks for a change in the OS requires elevating admin rights, and they feature sandboxing within the OS. The best that can be managed right now against them is a trojan, and at that point the security risk is the exact same one that every other OS has: the user.
ANY computer can be tricked by a Trojan, because it involves the user himself unwittingly giving away control to a harmful application. Education is the only protection in cases like this. No OS is invulnerable as long as some idiot is driving.
KillaChaos
Limp Gawd
- Joined
- Apr 25, 2008
- Messages
- 351
Even though OpenBSD is a target, are you going to get an OpenBSD user to run heres_this_cool_pic_of_you.jpg?
Any computer can be tricked, but most problems like between the monitor and the chair.
Most Mac users upgrade, most Windows users are still using 8 year old XP. That's why Windows has so many malware outbreaks relatively speaking. Modern Windows (vista and win 7) are as secure as Mac OS X or even more so. You have to suspect Apple's motives here, on the one hand they attack the insecurity of Windows which is due to most people running XP on the other hand they attack Vista and Win 7, to discourage people from upgrading to more secure versions. A regular catch-22 in their propaganda. But apple's propaganda has not worked well, I'd even say it 'back-fired' - 75% more people upgraded to Vista than MS anticipated in the first 24 months. Lots of bloggers act like Vista has failed, but a lot of these guys (zdnet, infoworld, mac*, digg, slashdot, etc.) never had a good hold on reality in the first place.
On a side note, I can't wait until Windows XP is finally completely left behind. It is a complete security disaster compared to any modern OS, just fundamentally broken. Get rid of XP and malware takes a massive hit. Let's hope that Windows 7 becomes the dominant form of Windows within the next few years, because I can't believe how many people still use that shitty old OS. Move on!
aaronearles
[H]ard|Gawd
- Joined
- Aug 31, 2006
- Messages
- 2,016
Apple is just trying to make money like anybody else, they're not going to encourage you to upgrade your xp machine to Vista, they're going to try and encourage you to switch to their own OS. That said, the same applies to Microsoft, they could have added UAC to XP with SP3, but they wont do that because they want to leave it behind and sell their new product.
TechieSooner
Supreme [H]ardness
- Joined
- Nov 7, 2007
- Messages
- 7,601
Nothing new here... Everyone that knows this already knows it. The problem is convincing the brainwashed Mac Cult sheep differently.
IBM Security Report: Apple displaces Microsoft in 2008 in security vulnerabilities
Apple in 2007: More critical flaws than Windows
Black Hats: As Apple gain traction, so does their attractiveness to attackers
Data from 2006 by Symantec: Apple average fix time 66 days, Windows 21 days
Symantec in 2009: Of any browser, Safari has the longest window of exposure (actually shot up 900%, whereas IE dropped 8% or so).
Take that and chew on it
IBM Security Report: Apple displaces Microsoft in 2008 in security vulnerabilities
Apple in 2007: More critical flaws than Windows
Black Hats: As Apple gain traction, so does their attractiveness to attackers
Data from 2006 by Symantec: Apple average fix time 66 days, Windows 21 days
Symantec in 2009: Of any browser, Safari has the longest window of exposure (actually shot up 900%, whereas IE dropped 8% or so).
Take that and chew on it
Wow, security vulnerabilities in OS X were discovered and fixed, how fascinating.
Again, explain to me how Mac OS 9 had so many more security issues than OS X with a much smaller install base. Your security through obscurity argument is a sham.
In another eight years you and obsessed Windows-only fanboys like yourself will be making the same tired arguments, while die-hard Mactards will be saying the same stupid thing about Windows security even though that was fixed with Vista.
This isn't Windows XP we're talking about here, OS security isn't the nightmare it used to be, move on!
Finally, here's an interesting comment on the article:
The problem is that keeping things in perspective doesn't generate sensationalist headlines that drive website hits.
Again, kill XP and you kill a large percentage of infectious malware (nearly all they'd have left are Trojans). Increased Windows 7 and OS X adoption means that its days are numbered.
The problem is that keeping things in perspective doesn't generate sensationalist headlines that drive website hits.
Again, kill XP and you kill a large percentage of infectious malware (nearly all they'd have left are Trojans). Increased Windows 7 and OS X adoption means that its days are numbered.
I'm not so sure about that, changing the standard for user rights, adding application sandboxing, those things seem to be pretty major changes to me. I'm not so sure that a reengineering like that on such a fundamental level is something that could be accomplished through something as minor as a service pack. As it stands, SP2 and SP3 had major security additions, which while they didn't fix what was a fundamentally broken security model, they certainly did provide a good band-aid over the problem.
Again, I don't know about this but I certainly hope that Microsoft wouldn't put security at the expense of profit on a new OS for that reason.
Wow, security vulnerabilities in OS X were discovered and fixed, how fascinating.
Again, explain to me how Mac OS 9 had so many more security issues than OS X with a much smaller install base. Your security through obscurity argument is a sham.
In another eight years you and obsessed Windows-only fanboys like yourself will be making the same tired arguments, while die-hard Mactards will be saying the same stupid thing about Windows security even though that was fixed with Vista.
This isn't Windows XP we're talking about here, OS security isn't the nightmare it used to be, move on!
Mac OS 9 had no security whatsoever, it was trivial to write a virus for it. OS X has SOME security, it's just not as good as modern Windows OSes, but it's enough to turn hackers off from writing malware because writing malware for modern OSes is a lot of work and there are so few OS X boxes. You really have to be a programmer to understand why this is so, but it just is.
The thing is, since Mac OS X is NOT more secure than Vista or Win 7, mac fanboys and apple should stfu about security, period. The fact that OS X has some security, and that makes it not worth writing Mac OS X is irrelevent, unless you think your mattress is a good place for your life savings since banks get robbed all the time.
You hit it on the head.
TechieSooner
Supreme [H]ardness
- Joined
- Nov 7, 2007
- Messages
- 7,601
Actually, those numbers from 2007 included both XP and Vista, if anyone happened to notice... Take out XP and OS X looks even worse.
Finally, here's an interesting comment on the article:
The problem is that keeping things in perspective doesn't generate sensationalist headlines that drive website hits.
Again, kill XP and you kill a large percentage of infectious malware (nearly all they'd have left are Trojans). Increased Windows 7 and OS X adoption means that its days are numbered.
Yeah...numbered until new malware is written for 7, which won't be long. Even if all XP users switch to 7 doesn't mean the problem is cured...only remedied. You can't deny that the same people will begin working on spyware/malware/etc for 7. Even if 7 proves to be more secure doesn't make it invincible. Mac isn't invincible either....eventually it'll be a serious problem.
TechieSooner
Supreme [H]ardness
- Joined
- Nov 7, 2007
- Messages
- 7,601
What you say, and real life, are two different things.
Vista infections are much lower than XP. Vista security vulnerabilities are much lower than XP. For the same reason crappily-written applications have issues running on Vista with UAC, is the same reason why alot of malware just won't work on Vista.
Windows 7 will actually improve upon the principles of Vista (requiring the user not to run as an Administrator) by knocking even more things into user-level space. An example Microsoft gave is the time zone. The time itself should remain protected, but the Time Zone is something that should be user-configurable. So by making it even more like that: less reasons for folks to turn UAC off, less prompts, which actually equates to a more secure system.
dyzophoria
Gawd
- Joined
- Jan 17, 2006
- Messages
- 946
OSX? not secure? LIES!
Really?
I'll requote from the commenter that posted his AV findings.
I wonder if there are truly less than 100 pieces of malware for Vista out there. While I believe Vista is as secure an operating system as OS X, I don't for a second believe that it is less targeted than OS X.
Same applies to OS X just as well as it does to Windows. Security vulnerabilities exist on even the most secure operating systems, but the fact of the matter is that holes, nearly all of which are discovered by security experts, are plugged up before people with bad intentions either discover or use it themselves.
People have been calling saying that OS X security is overrated for eight years now, and yet Mac OS has less malware than it ever has while being more popular than it ever has. To extend that to Windows, you have massive adoption with fewer infections than on XP.
A superior security model (which UNIX/BSD are based on and Microsoft adopted with Vista) is a major first line of defense for this.
I think fanboys on both sides have their heads up their asses. OS X and Windows Vista/7 are extremely tough nuts to crack. Anybody claiming that they are insecure outside of user error with a sneaky trojan has way too much love/hate for some corporation. Get over it.
No. YOU DO!!! NYA!!!
The main reason there is so little Mac Malware is that the people who write most Malware programs have never touched a Mac in their lives. How the heck are they going to write Malware for a Mac when they don't have the first idea, or interest in, how the stupid OS works.
They sure as heck aren't going to drop 2 or 3 times as much cash as they would pay for a similar PC to get a Mac to practice on either. They are interested in MAKING money, not throwing it out the window.
They sure as heck aren't going to drop 2 or 3 times as much cash as they would pay for a similar PC to get a Mac to practice on either. They are interested in MAKING money, not throwing it out the window.
It really is simple most virus authors are not the ones spreading the virus, they build it to see if they can. Then becuase of the same itch lets give it to a script kiddy and see what they do with it. Now the promblem with macs is that the script kidding is usually the one packaging it and they are too stupid to figure out how to embed logic in active video, or any of a dozen other ways that will load and run any code you want on a end users machine without them ever realizing what they ran was dangerous.
Virus get caught becuase they wast too many resources or damage files t he user needs. Several very nasty trojans that cost corp customers a shit load of money did so because they did not impact the user until all was in place to break the system they were leached onto. Large companys do not talk about this because if you admit you were hacked it means it is possible, thus cause many more atempts.
Which is why as much I disagree with apples marketing methods, they are actully following the path that makes the most sense. If a large majority of people think something is impossible generally they are half defeated before they start. But only an idiot or some one who does not know any better would assume that anything they put on their macine connected to the net is safe. Idiots in this case being the actual meaning of the word, someone who knows better and does it anyway.
Virus get caught becuase they wast too many resources or damage files t he user needs. Several very nasty trojans that cost corp customers a shit load of money did so because they did not impact the user until all was in place to break the system they were leached onto. Large companys do not talk about this because if you admit you were hacked it means it is possible, thus cause many more atempts.
Which is why as much I disagree with apples marketing methods, they are actully following the path that makes the most sense. If a large majority of people think something is impossible generally they are half defeated before they start. But only an idiot or some one who does not know any better would assume that anything they put on their macine connected to the net is safe. Idiots in this case being the actual meaning of the word, someone who knows better and does it anyway.
Rockjay420
Gawd
- Joined
- Sep 29, 2005
- Messages
- 732
in regards to who funds the developers of javah and other malware for mac, i think it's norton/sophos/mcaffee
"lets make a mac virus to sell antivirus copies"
"lets make a mac virus to sell antivirus copies"
thewooster
Gawd
- Joined
- Jan 12, 2006
- Messages
- 512
Meh, Macs have failed every security test to date, and their track record only gets worse as their popularity rises.
Macs have always traditionally had security by obscurity. They've only ever been a tiny fraction of the market so no seroius malware writers would waste their time writing code specifically for that platform.
Now that they've grown a bit more you've seen some more activity there, and that will continue to grow as marketshare does. More exploits will be found when more people are actually looking
Now that they've grown a bit more you've seen some more activity there, and that will continue to grow as marketshare does. More exploits will be found when more people are actually looking
I use xp with no problems running free antivirus. Until a new os can do something for me that xp can't, I have no need to change. I change hardware all the time, it offers me more fps. I don't see the os upgrade doing anything for me at this point.
StillFunkyB
[H]ard|Gawd
- Joined
- Oct 6, 2007
- Messages
- 1,386
I have to agree with the above posters who said XP skews the numbers.
When I had XP installed on my wife's machine I was always having to do something to get rid of crap on it, and had to reimage the thing a couple of times. The last time I gave up and installed Vista and I haven't had to touch it since. Very nice. I am very happy with Vista, and I can't wait for W7 since I messed around with the beta for a bit.
XP was a decent operating system, minus the security or lack thereof. A huge step up from 95/98/ME.
I like OS X, I even like Apple's commercials from an entertainment POV. Their claims however are rediculous and idiotic IMHO.
When I had XP installed on my wife's machine I was always having to do something to get rid of crap on it, and had to reimage the thing a couple of times. The last time I gave up and installed Vista and I haven't had to touch it since. Very nice. I am very happy with Vista, and I can't wait for W7 since I messed around with the beta for a bit.
XP was a decent operating system, minus the security or lack thereof. A huge step up from 95/98/ME.
I like OS X, I even like Apple's commercials from an entertainment POV. Their claims however are rediculous and idiotic IMHO.
StillFunkyB
[H]ard|Gawd
- Joined
- Oct 6, 2007
- Messages
- 1,386
People like yourself aren't the problem. It's the people that click on everything in front of their face and then ask the resident family "computer guy" to come fix their computer because it's "slow" and when they get there, they have every single IE "search bar" installed, a porn dialer or two, and Anti Virus 2008 (or whichever flavor of the month).
SP2 was a major overhaul for XP. To the point that you could have called it a completely new OS. That's how drastic the changes were with SP2. SP3 was nothing but hotfixes, for the most part.
TechLarry
RIP [H] Brother - June 1, 2022
- Joined
- Aug 9, 2005
- Messages
- 30,481
None of these reports matter. What matters is reality.
And the reality is this. I average 15-25 calls a month from users on PC's with Spyware or Virus infections. In 11 years, I haven't received a single one for a Mac user, nor heard of a verified infection.
I have not owned a Mac in over 7 years, so I have no personal interest in this other than what I see.
And the reality is this. I average 15-25 calls a month from users on PC's with Spyware or Virus infections. In 11 years, I haven't received a single one for a Mac user, nor heard of a verified infection.
I have not owned a Mac in over 7 years, so I have no personal interest in this other than what I see.
InorganicMatter
[H]F Junkie
- Joined
- Oct 19, 2004
- Messages
- 15,461
/yawn
Another useless report. Until there's a real virus for the Macs, I've quit getting excited over these. Theoretical security technologies aside, Macs are still safer than their competitors.
And no, the iLife trojan doesn't count. Anything that requires the user to input a root password doesn't count. That logic is asinine. Applying that logic to BSD/Linux: I've created an undefeatable virus, just run this command:
Make sure you enter your root password when prompted!
Another useless report. Until there's a real virus for the Macs, I've quit getting excited over these. Theoretical security technologies aside, Macs are still safer than their competitors.
And no, the iLife trojan doesn't count. Anything that requires the user to input a root password doesn't count. That logic is asinine. Applying that logic to BSD/Linux: I've created an undefeatable virus, just run this command:
Code:
rm -rf ~/../..TechieSooner
Supreme [H]ardness
- Joined
- Nov 7, 2007
- Messages
- 7,601
From what standpoint? Viruses in the wild? Sure.
But Apple has exceeded Microsoft in security vulnerabilities the past two years, and is well on track to make 2009 the third.
Security through obscurity will bite all these Mac users in the butt later down the road when "the big one" hits. It's even worse because Mac users are brainwashed into thinking they are immune. Thus, they all spread the crap around and magnify the problem.
D-OveRMinD
Weaksauce
- Joined
- Aug 22, 2005
- Messages
- 111
I was in a Fry's yesterday, and noticed a big Mac banner that listed why you should move to Mac. One of the reasons was, "Macs don't get PC viruses." I was about to call bullshit and false advertising, until I realized the wording..."PC viruses." They didn't say that they don't get viruses at all, just that they didn't get PC viruses.
Carefully selected terminology by the marketing department? I think so!
Carefully selected terminology by the marketing department? I think so!
Agreed and I fail to see the point of such arguments unless people are on the board or own significant amounts of stock in whatever company.
Meh.