Security scares mount for Macintosh users

Jon Swartz
USA Today
Mar. 2, 2006 11:57 AM


Another day, another Macintosh security scare.

Or so it seems. Recently, users of Apple's Mac computers - rarely touched by viruses, worms and other nasty stuff - have been warned of at least three security threats. Now security experts have detected a flaw in the way Apple software handles downloaded files. The flaw could give attackers back-door access to Macs if their owners open malicious files from bogus Web sites and e-mail.

The latest vulnerability, which comes after the discovery of two low-level Mac worms, underscores that no computer is completely safe, security experts say. The threats could usher in a cautionary era among Mac users, who are unaccustomed to fretting about security patches or opening unfamiliar e-mail and instant-message links.

Windows-based PCs have felt the brunt of attacks for years because those machines command more than 95 percent of the worldwide market. Macs mostly have escaped the attention of hackers. Until now.

"Unless they consider themselves very savvy, Mac users should run anti-virus software just like Windows users," says Larry Seltzer, security center editor at news site eWeek.com. "Mac users need to start developing a sense of cynicism about content that comes unsolicited, even if it appears to come from a user they know."

The first worm targeting Apple's Mac OS X operating system surfaced Feb. 16. The OSX.Leap.A worm is designed to spread over iChat, Apple's instant-messaging system. When launched, it can damage software applications and the operating system, says Vincent Weafer, senior director of Symantec Security Response.

A second worm, spotted Feb. 17, attempts to spread via a vulnerability in a Bluetooth service for Mac OS X. Bluetooth is a wireless technology that lets devices communicate at distances of about 30 feet. The OSX/Ingtana.A worm has expired, so it is unlikely to do much damage, says Ken Dunham, director of the rapid response team at iDefense, a VeriSign company.

But it was created to prove, in theory, that future viruses can spread over the Mac, Weafer says.

Ray Wagner, a security analyst at Gartner who follows Apple, recommends Mac OS X owners turn on all security options, including a pre-installed firewall. He says some Mac dealers bundle additional security software, such as Norton AntiVirus 10.0 for Macintosh.

Most of all, Wagner says, Mac users should practice the same security measures as Windows PC users: Don't open files from strangers or people you don't trust and use Mozilla Firefox as an alternative Web browser.

And it's only going to get worse...

I have a theory on why this is happening now: Mac went Intel.

WTF, you say?

Hackers too cheap or broke to purchase a Mac are now able to run Mac OSX on their x86 machines. This is scary, because what hackers lack in money is more than made up for in the amount of effort they can put into finding vulnerabilites.

MacOS is Debian-based, and it only took a matter of weeks after getting it ported to an Intel-based platform for the script kiddies to find a way to put it on a regular x86 PC, and then proceeding to find all sorts of exploits (5 in about six weeks or so). I fully expect that trend to increase, and even spread to other *nix operating systems (since most of these OS share quite a few traits) as they bring their mercilessly darwinian methods to the new platform.

Comments?

Going to be fun to watch… most Apple users are babes in the woods and the wolf is stalking them now.

I doubt this has anything to do with the Intel port, the guy that wrote Inquata has spent months developing it on a powerpc ibook, .... the macbook pro's just started shipping a couple of weeks ago.
 It's also not quite that easy to just install OSX on any Intel based machine.  The developer versions were somewhat limited and if the production version gets cracked it hasn't happened yet, even then it's going to take very specific hardware due to non-existant drivers.

What you need to keep in mind is the proof of concept viruses while certainly worth a look are not like typical Windows malware in the sense you can get owned just by viewing the wrong webpage.

1. THe first ichat exploit is not a virus in the sense that it can be caught and spread.... a user would need to:

a. download it
b. unzip
c. run as an administrator
d. It also requires some other very specific circumstances

2. The Bluetooth exploit is total bullshit, that was a vulnerability that Apple patched early last year.

3. Lastly the Safari/shell script exploit is similar to ichat that a user needs to download and run a shell script.

I'm sorry but trojan horse capabilities are a weakness of every operating system, a dumbass user downloading and running potentially malicious code as an administrator does not all of a sudden make OSX insecure.  


OSX along will all other unix based operating systems are viral resistant in general due to non-admin accounts, file permissions, and excellent patching procedures.... all points lost on Microsoft.  

Quoted: And it's only going to get worse... I have a theory on why this is happening now: Mac went Intel. WTF, you say? Hackers too cheap or broke to purchase a Mac are now able to run Mac OSX on their x86 machines. This is scary, because what hackers lack in money is more than made up for in the amount of effort they can put into finding vulnerabilites.

Mac OS X's Darwin x86 has been available on Intel for years now.  The core OS that makes up OS X has been out in the open yet no remote exploits have appeared.  If the hackers in question really wanted to do this, all they would have to do is download that, install it and hack away.  The appearance of Mac OS X in Intel doesn't have much to do with that.

MacOS is Debian-based, and it only took a matter of weeks after getting it ported to an Intel-based platform for the script kiddies

No to pick nits here, but Mac OS X is not Debian based.  The core kernel (xnu) is a Mach Kernel with a FreeBSD layer on top. It is very much BSD based, not Linux based.

to find a way to put it on a regular x86 PC, and then proceeding to find all sorts of exploits (5 in about six weeks or so). I fully

NONE of these exploits have anything to do with Intel though.  They were all exploits on PPC as well.  Plus, the number of Intel Mac's is still small.  The release of the exploits and the release of Intel Macs was a coincidence.

expect that trend to increase, and even spread to other *nix operating systems (since most of these OS share quite a few traits) as they bring their mercilessly darwinian methods to the new platform. Comments?

NO doubt there.  The more popular the platform, the more exploits will be found and the more that will be distributed. And certainly, hackers will crack Mac Os X Intel and get it to run on everything. The good thing for Mac users though is that none of the exploits found are remotely exploitable.  They are all trojans.  I don't care how secure a system is, if you can get a (l)user to run an attachment it will work.  Mac OS X ships with everything turned off (web, ftp, ssh, etc.) so there is very little chance of a network worm to wiggle through.

This explains alot about Mac users



-Foxxz

Quoted: This explains alot about Mac users www.penny-arcade.com/images/2006/20060303.jpg -Foxxz

this is so true.  mac people are very.......................... unique    

Quoted: Quoted: This explains alot about Mac users www.penny-arcade.com/images/2006/20060303.jpg -Foxxz this is so true.  mac people are very.......................... unique

Brokeback Mac?

BrokeMac?

Just because I use a Mac does not mean that I like my anus to be used as a semen receptacle.  

The 5% Mac Market share and estimated 5% gay population are merely coincidences anyhow.  And that Rainbow Mac Logo....that is coincidence as well.  I thwear, you guyeths are thilly thumbtimes.

I switched to a Mac about three months ago and now I cannot figure out why I waited so long.   The thing I like best about it?  It just works.  

Quoted: I switched to a Mac about three months ago and now I cannot figure out why I waited so long.   The thing I like best about it?  It just works.

just wait untill you have a hardware problem

Quoted: Quoted: I switched to a Mac about three months ago and now I cannot figure out why I waited so long.   The thing I like best about it?  It just works.   just wait untill you have a hardware problem hr

One more reason I bought the AppleCare plan!   I heard about possible hardware issues.  

Quoted: OSX along will all other unix based operating systems are viral resistant in general due to non-admin accounts, file permissions, and excellent patching procedures.... all points lost on Microsoft.

I don't know about you, but my Windows machine has Access Control Lists and non-admin accounts.

I have never, not even once, had any malware, spyware, or virus on my machine.  I'll install an antivirus or anti-spyware app briefly every few months just to make sure, and I've been clean since 1995 when I first got on the internet.

Quoted: I switched to a Mac about three months ago and now I cannot figure out why I waited so long.   The thing I like best about it?  It just works.

I've done 5 nines* with Windows 2000 on off the shelf HP hardware.




* That's 99.999% uptime.  Do the math.

Quoted: 1. THe first ichat exploit is not a virus in the sense that it can be caught and spread.... a user would need to: a. download it b. unzip c. run as an administrator d. It also requires some other very specific circumstances

Hot Flash 101_Proof: Most of the "exploits" in Windows over the past 12 months have been Trojan-based as well. This doesn't mean your machine is not vulnerable to it. Stupidity is universal.

2. The Bluetooth exploit is total bullshit, that was a vulnerability that Apple patched early last year. 3. Lastly the Safari/shell script exploit is similar to ichat that a user needs to download and run a shell script.

As in my response to point 1. Question: has everyone patched their system?  

OSX along will all other unix based operating systems are viral resistant in general due to non-admin accounts, file permissions, and excellent patching procedures.... all points lost on Microsoft.

Um...Windows has had all of those features available to general public since Windows 2000. I would strongly argue the "Excellent Patching Procedures" contention as well. Patching Procedures are only as good as the Administration team.

Many Windows Administrators come educated and trained with at least some Unix experience. Do you think Windows Administrators act and behave any different than Unix Administrators? Did they magically forget about the basic policies and procedures of systems administraton? Same job, different platform. Saying one group is better than the other is bigotry, plain and simple.

You setup Windows Machined to where the end user is not an admin and you'd be surprised at how secure they are... much to my family's chagrin. :)

All points lost on Microsoft...

Away *nix Troll: you are DEAD WRONG on those points. 8 years ago, I'd agree with you, but certainly not today. Starting in 1998, Microsoft saw the need to a better patching system and it started out like any other version of any one else' software: powerful, but imperfect; this system has since grown to the most powerful and sophisticated patch management system ever devised. Still not perfect, but it is light years beyond what it was even three years ago. By the way, Mac's autoupdate features were copied from and were a direct answer to Microsoft Windows Update.

You can beat on Windows all you like: the fact is, people vote with their wallets, and judging from market trends *nix has been in a death spiral for several years. Apple has done well in the niche markets (iPod), but their installed base has actually diminished. Linux is doing well in the server world (much to the detriment of the big iron Unix distributions), but has yet to make it onto the Desktop. I suspect it never will, because no one will capitalize a software company to develop one. Oh sure, they are out there, and truth be told some are quite good; it's just that there is hardly any enterprise-level software available to run on them.

Tag for later...

from what i've seen, Mac's only automatically update if you configure it too.    

I don't work on that many Mac's  but when I do,  I've got at least 30 mb of updates to install.   Most of the systems are running OS 9.  I guess 10 has perfected that issue


at least with SP2 for windoz.   it will eventually download the critical updates for the OS.  Then install them if the user ever turns the system off.   Or has it set to install the updates at 3am, and then magically reboot during the night.  

Quoted: from what i've seen, Mac's only automatically update if you configure it too.     I don't work on that many Mac's  but when I do,  I've got at least 30 mb of updates to install.   Most of the systems are running OS 9.  I guess 10 has perfected that issue at least with SP2 for windoz.   it will eventually download the critical updates for the OS.  Then install them if the user ever turns the system off.   Or has it set to install the updates at 3am, and then magically reboot during the night.

Just an FYI - you can go to windowsupdate.microsoft.com to do an immediate update.

While I really like my Mac more than my PC, I will say this.  When it comes to security and/or keeping the box up and running, the user is the number one factor.   It all depends on the admin running the server - if he/she is smart, it will be very difficult to hack it - if the admin is a tool, it won't be problem.

In my line of work, I deploy and support both Solaris and Windows servers - I think that there are certain things a unix box will do better than a Windows box and there are certain things a Windows box will do better than unix.  It all depends on the application that will be loaded on it.

Quoted: Quoted: 1. THe first ichat exploit is not a virus in the sense that it can be caught and spread.... a user would need to: a. download it b. unzip c. run as an administrator d. It also requires some other very specific circumstances Hot Flash 101_Proof: Most of the "exploits" in Windows over the past 12 months have been Trojan-based as well. This doesn't mean your machine is not vulnerable to it. Stupidity is universal. 2. The Bluetooth exploit is total bullshit, that was a vulnerability that Apple patched early last year. 3. Lastly the Safari/shell script exploit is similar to ichat that a user needs to download and run a shell script. As in my response to point 1. Question: has everyone patched their system?   OSX along will all other unix based operating systems are viral resistant in general due to non-admin accounts, file permissions, and excellent patching procedures.... all points lost on Microsoft.   Um...Windows has had all of those features available to general public since Windows 2000. I would strongly argue the "Excellent Patching Procedures" contention as well. Patching Procedures are only as good as the Administration team. Many Windows Administrators come educated and trained with at least some Unix experience. Do you think Windows Administrators act and behave any different than Unix Administrators? Did they magically forget about the basic policies and procedures of systems administraton? Same job, different platform. Saying one group is better than the other is bigotry, plain and simple. You setup Windows Machined to where the end user is not an admin and you'd be surprised at how secure they are... much to my family's chagrin. :) All points lost on Microsoft... Away *nix Troll: you are DEAD WRONG on those points. 8 years ago, I'd agree with you, but certainly not today. Starting in 1998, Microsoft saw the need to a better patching system and it started out like any other version of any one else' software: powerful, but imperfect; this system has since grown to the most powerful and sophisticated patch management system ever devised. Still not perfect, but it is light years beyond what it was even three years ago. By the way, Mac's autoupdate features were copied from and were a direct answer to Microsoft Windows Update. You can beat on Windows all you like: the fact is, people vote with their wallets, and judging from market trends *nix has been in a death spiral for several years. Apple has done well in the niche markets (iPod), but their installed base has actually diminished. Linux is doing well in the server world (much to the detriment of the big iron Unix distributions), but has yet to make it onto the Desktop. I suspect it never will, because no one will capitalize a software company to develop one. Oh sure, they are out there, and truth be told some are quite good; it's just that there is hardly any enterprise-level software available to run on them.

So he is a Troll for pointing out some misconceptions about the OS X "vunerabilities"?  It's a fucking operating system.  

I like Macs better than PC's.  Who gives a shit?  No one.  But the whole "OSX Security Scare" thing is really overblown.  

Quoted: Quoted: OSX along will all other unix based operating systems are viral resistant in general due to non-admin accounts, file permissions, and excellent patching procedures.... all points lost on Microsoft.   I don't know about you, but my Windows machine has Access Control Lists and non-admin accounts. I have never, not even once, had any malware, spyware, or virus on my machine.  I'll install an antivirus or anti-spyware app briefly every few months just to make sure, and I've been clean since 1995 when I first got on the internet.

But did your machine have non-admin accounts by default? I'll bet 99% of Windows (home) installations have the main user logged in as an admin by default.  I hear that Vista will have that fixed when it comes out in 200420052006.  Until then ma and pa can hire an IT department to set up their Access Control and admin their machines for them.

Quoted: Quoted: Quoted: OSX along will all other unix based operating systems are viral resistant in general due to non-admin accounts, file permissions, and excellent patching procedures.... all points lost on Microsoft.   I don't know about you, but my Windows machine has Access Control Lists and non-admin accounts. I have never, not even once, had any malware, spyware, or virus on my machine.  I'll install an antivirus or anti-spyware app briefly every few months just to make sure, and I've been clean since 1995 when I first got on the internet. But did your machine have non-admin accounts by default? I'll bet 99% of Windows (home) installations have the main user logged in as an admin by default.  I hear that Vista will have that fixed when it comes out in 200420052006.  Until then ma and pa can hire an IT department to set up their Access Control and admin their machines for them.

Last time I installed Linux, it asked me If I wanted to create user accounts - they were not there by default.  Windows XP asks you upon install as well.  I think you are really splitting hairs here.  Besides, non-computer savvy users such as my inlaws couldn't figure Linux out in a million years.  I don't have experience with OS X.  

They each have their benefits, I suppose.  Macs might be good for someone is computer-illiterate, but I'll keep my Windows boxes.  I know how fashionable it is to bash Microsoft, but they are the best software company in the world.  There is a reason people choose Windows over Linux and OSX (cue the Microsoft conspiracy theorists).

One more thing:  Microsoft's middleware has become top-notch, and SQL 2005 is no slouch either.  What are Apple's server solutions?  MySQL is great and all, but it wasn't made by Apple and I can run it on my Windows machine if I want.  There are no open-source solutions that even come close to MS' middleware, like BizTalk and SharePoint.

Quoted: Quoted: Quoted: Quoted: OSX along will all other unix based operating systems are viral resistant in general due to non-admin accounts, file permissions, and excellent patching procedures.... all points lost on Microsoft.   I don't know about you, but my Windows machine has Access Control Lists and non-admin accounts. I have never, not even once, had any malware, spyware, or virus on my machine.  I'll install an antivirus or anti-spyware app briefly every few months just to make sure, and I've been clean since 1995 when I first got on the internet. But did your machine have non-admin accounts by default? I'll bet 99% of Windows (home) installations have the main user logged in as an admin by default.  I hear that Vista will have that fixed when it comes out in 200420052006.  Until then ma and pa can hire an IT department to set up their Access Control and admin their machines for them. Last time I installed Linux, it asked me If I wanted to create user accounts - they were not there by default.  Windows XP asks you upon install as well.  I think you are really splitting hairs here.  Besides, non-computer savvy users such as my inlaws couldn't figure Linux out in a million years.  I don't have experience with OS X.   They each have their benefits, I suppose.  Macs might be good for someone is computer-illiterate, but I'll keep my Windows boxes.  I know how fashionable it is to bash Microsoft, but they are the best software company in the world.  There is a reason people choose Windows over Linux and OSX (cue the Microsoft conspiracy theorists). One more thing:  Microsoft's middleware has become top-notch, and SQL 2005 is no slouch either.  What are Apple's server solutions?  MySQL is great and all, but it wasn't made by Apple and I can run it on my Windows machine if I want.  There are no open-source solutions that even come close to MS' middleware, like BizTalk and SharePoint.

The users you create in most linux distros are not "admins" (root control) by default.  The Windows users you create at install are given admin control by default.  That's all I am saying.

Macs are not just for the "computer-illiterate".  In my opinion, and I am pretty far from "computer-illiterate", Macs do a good job a what they do.  Who cares about my opinion? No one but others who uses a mac.  They know what I am talking about.

Buy hey, there are two viruses out for OS X.  One in the wild.  The security scares are mounting.  

ETA: I ain't MS bashing either.  I like Windows just fine.  I don't really care what operating system people choose to use, as long as they listen to my opinions if they are going to ask me for help later.  That's why ma&pa and the wife use a Mac...

both Microsoft and Apple and Linux are all stable products.


it is the end user that makes them infected and unstable, either by unsafe surfing, unsafe email practice.  or just plain ignorance.  

 microsoft has had one vulnerablity where the computer was infected without the end user being required.  

Quoted: both Microsoft and Apple and Linux are all stable products. it is the end user that makes them infected and unstable, either by unsafe surfing, unsafe email practice.  or just plain ignorance.    microsoft has had one vulnerablity where the computer was infected without the end user being required.

Exactly... the danger for Apple being the average user is more clueless that the average windows user because they never had to worry about it… they do now.