What is Digg?193 Comments
- inactive, on 08/10/2008, -20/+161Mac users hear the same damn thing every year. The flood gates are always on the verge of being opened. I just roll over in my bed and hit snooze.
2003
"The truth is that the Mac OS is just as vulnerable as Microsoft Windows."—Lance Ulanoff, Security, IT Hub.
2004
"Windows is more secure than you think, and Mac OS X is worse than you ever imagined."—Matthew Broersma, Techworld.
2005
"The naming of Apple's Mac OS X to the list of latest warning from security experts to users that Apple's operating system is not immune to threats."—Robert Lemos, Security Focus
"Attacks on Apple's OS X operating system, thought by many who use the Mac to be virtually immune from hackers, are on the rise, according to a report from Symantec, an anti-virus software vendor."—Wired.
2006
"Several security researchers have predicted that 2006 will be the year Mac OS X loses its image as a "safe" operating system."—Matthew Broersma, Techworld.
"Anti-virus software firm McAfee has identified Mac OS X as a growing target for malware attacks."—John Leyden, The Register.
2007
"There will be a significant rise in virus attacks on both the Mac and open-source platforms, according to renowned security expert, Eugene Kaspersky."—Barry Collins, PC Pro.
"After years of relative safety in obscurity, the Apple Mac is becoming an increasingly tempting target for malicious computer hackers, according to a new report published this week."—Kevin Allison, Financial Times.
The reality is that the era of serene isolation is ending, partly because of technical changes that increase a Mac's vulnerability to infected documents-and even programs—originally created on a PC."—James Fallow, The Atlantic.
2008
With Apple's market share now around 8.5 percent and growing quickly, with sales of almost 2.5 million last quarter these Mac newbies are a tempting target for profit-minded cybercriminals.—Dwight Silverman, Chron.com.
I guess I'll add this article to the list.
And by the way, there's always a bunch of Apple Haters who say that Macs don't have viruses because of marketshare, but the prior versions of the Mac OS had even less marketshare than OS X and they all had viruses. Hmmm, now why is that? Could it be that OS X is more secure? No, couldn't be.
We've had this constant fear mongering every year since 2003 and yet, no one has been able to create a REAL virus for OS X. And when I say real, I mean, malicious code that can copy itself and infect a computer without permission or knowledge of the user. There are millions of Microsoft Fanboys who would LOVE it if a bunch of Macs got viruses. You're meaning to tell me that not one of these guys can make a virus just so they can say that Mac users got PWNED?
Anyway, anyone can get a trojan, no matter how good the security. But If you're stupid enough to download a trojan and open it, after ignoring a warning built into Leopard, which tags files downloaded over the internet, then you deserve to get infected, but it doesn't mean OS X is any less secure than it's always been and will continue to be for the near future. - BZKyle, on 08/11/2008, -2/+103"Apple's Safari operating system..."
What's that? Some new secret project from Apple? - Dumbledorito, on 08/10/2008, -5/+71Malicious damage? If you mean "data erasure" or some other archaic "hacking" objective, you need to get with the times.
Sure, the Mac crowd may think that "hacking" is all about destroying data and so forth, but the real name of the game is bot nets and passwords (keylogging). And no matter how well set-up a Mac is, a human will use it. And just enough stupid humans want "free smileys" or think that the attached e-mail really IS a lost tracking number from UPS... - lead2thehead, on 08/11/2008, -1/+60I was at DefCon this weekend and there were actually several talks about OS X vulnerabilities. And yes, they are real threats, but media tends to exaggerate them because:
1) Reporters are not engineers and thus, do not fully understand the problem.
2) Their articles get more circulation if they over-hype the problem.
Nobody is saying that OS X is malware-proof. But OSX, BSD, Linux and Unix all have inherent design features which make them more secure than Windows. The biggest and most important is a concept called Discretionary Access Control. Allow me to explain...
Alll *nix-based systems have a user called "root". This is a super user that can control the entire computer. In order to install software, you must first become root. In order to read or change configuration files, you must become root. If you want to modify an executable, add a shared library, modify a device driver, or change anything meaningful, you must first become root. This makes it next to impossible for a regular user to unwittingly install a virus or any piece of malware on his computer because, in order to do so, he would need root permission. This is called "Discretionary Access Control", or DAC for short.
Most Windows users will tell you that this is akin to the "Administrator" account on your PC, but that is not exactly the case. Microsoft has attempted to emulate this technique many times, but always fails miserably in its implementation. On a typical Windows PC, THE DEFAULT USER ACCOUNT has Administrator access! This makes it very easy for users to unwittingly install all kinds of malware on their computer without realizing it. Think about that for a second... why would you ever need to run a word processor or a web browser as a super user? That would mean that Internet Explorer, for example, would have permission to write to your system32 directory! Why would IE ever need to do that? And what person in their right mind would ever allow it to? It's a virus writer's dream come true.
Now let's talk about software vulnerabilities. Try to stay with me here, because this gets complicated. The vast majority of software vulnerabilities (greater than 90%) involve buffer overflow attacks. This is an attack, where by a malicious user takes control of a running program and shoe-horns its own malicious code onto the instruction stack. When this happens, the malicious instructions have the same permissions as the program it just took over. And what permissions would those be?... it depends on which user is executing the program. When you run everything as Administrator, as is the default behavior in Windows, EVERY vulnerability becomes a critical vulnerability and EVERY piece of malware can run as a super user.
Let's back up... I'm sure that by now, the Microsoft crowd is saying "Wait a second! You don't have to run everything as Administrator! You can create regular user accounts and restrict their permissions too." And they would be correct. I have never met anyone who does this on their home PC, but the option is certainly there. But even if you do that, you're still screwed because EVERY SINGLE BACKGROUND SERVICE runs as Administrator. Oh, you forgot about the background services, didn't you? Don't feel bad... Microsoft forgot about them too. Right click on "My Computer", select "Manage", and click "Services" if you want to see I'm talking about. There you can see nearly a hundred services, all running as Administrator! Break any one of them and you have Administrator access to the entire computer. Nice, huh?
But wait, you say, doesn't Mac OS have that same problem? Of course not. Only an idiot would run everything as super user. Mac OS comes from the factory with FORTY different user accounts, one for every background service that it runs. (Most flavors of Linux do this as well.) So if you happen to exploit one of them, you can only do what that small, very restricted user account can do... and it isn't much. In fact, when you buy a computer from Apple, they don't even give you the root password! You only have access to your user account... your own little world. And if you mess it up, you're not going to take down the entire computer. You'll only screw up your own account because you don't have the required permissions to screw up the rest of the OS. So the underlying architecture of Mac OS is inherently more secure.
Keep in mind that this piss-poor excuse for a DAC is one of a thousand flaws with Windows. I could go on for days about the absolutely retarded design decisions made by Microsoft. Remember the outbreak of email viruses about 5 years ago? Know why those were such a big problem? Because some genius at Microsoft said, "Hey! Let's invent a scripting language that allows user to embed executable code into email messages and then execute that code automatically when you open the message!" Brilliant, huh? It's like they put that hole there on purpose so that every script kiddie with a copy of Microsoft Word could write CRIPPLING email viruses that took down servers and cost billions of dollars to fix.
The issue is much more fundamental than people think. People who use the "security through obscurity" line clearly do not comprehend the issue. - RetlawST, on 08/11/2008, -1/+52Didn't you hear? Whenever one of those PC hackers started to use a mac so they could write a virus for OSX they'd get distracted making photo albums of goth chicks and videos of the last LAN party.
- punx777, on 08/10/2008, -10/+57Sounds like some marketing gimmick to me.
- yotomote, on 08/11/2008, -0/+47Why write a Mac virus when you can make a load of money writing "I am Rich" applications.
- inactive, on 08/11/2008, -0/+24Oh no, somebody who knows what they're talking about! The Mac Hater's worst enemy!
- acmethunder, on 08/10/2008, -7/+31What exactly is the threat to Macs? No where does it say.
- MacParrot, on 08/10/2008, -1/+24Thanks Uncle Ben!
- nakile, on 08/11/2008, -0/+22I buried this article for that exact reason. If these people can't even check the basics before they published an article, it doesn't deserve to be read.
- inactive, on 08/11/2008, -1/+21Mac OS X's Security Model is definitely more secure than Windows - That's not saying much. Granted Vista improves, it doesn't fix everything.
I was really hoping for a /serious/ rehaul for windows, but if software compatibility were a serious problem Microsoft could lose a lot of users out of that. - macspec, on 08/11/2008, -1/+20"Apple's Safari operating system is the basis for internet browsing using iPhones, which are basically handheld mini-computers with telephone, music, and video viewing capabilities."
How can I take this article seriously when they call the web browser (Safari) the operating system. What a dingbat! Might be a simple mistake, but still... - tama00, on 08/11/2008, -1/+20Here we go again..
Wake me up when it actually happens. - atdakore, on 08/10/2008, -41/+59There is nothing that can't be hacked.
However causing malicious damage on a well setup mac, requires direct physical access. And always will. - ctrlfreak13, on 08/11/2008, -1/+19Well of course, most of these are quotes from those in the anti-virus industry, and they'll do anything to convince people that macs are just as unsafe and that their software is just as needed as it was on a Windows machine.
- encephlavator, on 08/11/2008, -1/+18FTA:
"Hackers have historically focused devious efforts on computers using Windows operating systems because the Microsoft software has a horrible security model, a registry and hasn't really been updated in 15 years".
And exactly how many "hackers" did they interview or poll? How stupid does the msm think we are? - Vich, on 08/11/2008, -2/+18I thought it was PEBKAC
- linuxpenguin, on 08/11/2008, -1/+15Buried just for this:
"Apple's Safari operating system is the basis for internet browsing using iPhones"
Of all people/groups in the world, I would think a tech company would know that Safari is a browser - NOT an operating system. - ceralon, on 08/11/2008, -7/+21The problem mac users will face (I am one, sometimes..) the average mac user think the mac is invincible. The truth is, everything has a way in, like one post said the lost ups tracking number, smileys, cnn spoof... or even some new email. This thinking will get the crowd in trouble. Think how a scammer / spammer works. Send 500 emails, no matter what atleast 1 person will fall for it. Its statistics. As the mac gains market share, its eaiser to send to 1000, 2000, 3000 people... the more it sends to, the greater chance of infection.
Look at firefox. People thought hey this browser is secure, it wont get hijacked. Theres been many patches... we're already on 3.01 for FF. The only "safe" computer is one not turned on and the hdd removed. - GothAlice, on 08/11/2008, -0/+13Author's a ***** n00b. Gah. Buried for inaccuracy.
- Gee1004, on 08/10/2008, -1/+13http://digg.com/settings/topics
- ramsinks.com, on 08/10/2008, -7/+19"Hackers have historically focused devious efforts on computers using Windows operating systems because the Microsoft software has a horrible security model, a registry and hasn't really been updated in 15 years".
"When it has market share". Yeah , whatever.
- let me give you root access for that XP AntiVirus 2008 -
na.. - wisedude, on 08/11/2008, -3/+15Come on, don't be that naive as to believe no one will ever find a way through their security remotely
- encephlavator, on 08/11/2008, -0/+11SOS, you haven't heard of it? Code name [...---...]
- rubaaan, on 08/11/2008, -0/+10dugg for awesomeness.
- MacParrot, on 08/10/2008, -4/+14It most likely will happen sooner or later. The part I find disturbing is how many people just can't wait for it. Like suddenly having millions under the gun is something to hope for.
YES, I know many Mac people have been harping on Windows being less secure in the past (though MS has certainly improved). Does that excuse this almost rabid fervor in seeing Mac users suffer? Why not try and be better than that? - kitsua, on 08/11/2008, -1/+10Jebus, you're one to talk you incomprehensible loon. At least his comment was in some kind of earthly language that made sense and was relevant, unlike your incomprehensible, diarrheatic rants.
- jpjandrade, on 08/11/2008, -0/+9http://en.wikipedia.org/wiki/PEBKAC
- inactive, on 08/11/2008, -0/+9All computers crash sometime, the more 3rd party software & devices you install the more likely a crash. A kernel panic is a crash, it has nothing to do with malware.
Do yourself a favor and educate yourself about how your Mac works. It will benefit you in many ways. :-) - P373Y, on 08/11/2008, -0/+8to sell virus software
- theOster, on 08/11/2008, -5/+13um... "The Art of Deception" - K. Mitnick
as Dumble says above - as long as a human is involved, nothing is 100% safe. and i might suggest that mac users are particularly naive at this point in the game. - Virgule, on 08/11/2008, -1/+9$ echo 'credibility' > /dev/null
- Vich, on 08/11/2008, -5/+13I got attacked for suggesting market share as a reason Macs weren't targetted. It may not be the sole reason, but it makes sense. Before you bury me to oblivion, not that I haven't commented on the security of the Mac or made any derogatory comments, I have merely suggested a correlation between market share and attacks.
- sewollef, on 08/11/2008, -1/+9You must live in the same parallel universe as the Bush clan. Apple's track record for addressing 'vulnerabilities' is the best in the industry, but I'd be interested in seeing your sources for that claim. However, since there are no viruses in the wild for OS X it's a moot point, plus their OS is based on Open Source BSD UNIX. Which any industry hack will tell you has a stellar record against hacking.
Microsoft has the.worst.record. for addressing gaping holes in its joke of an operating system. Who is this "everyone" you speak of? Your comments are anecdotal, personal and thus irrelevant in the reality-based world most of us live in.
There is a clinical name for your problem, they call it Stockholm Syndrome. So please, read up before commenting, you'll be less of an embarrassment. - P373Y, on 08/11/2008, -1/+9they rely on unknowing housewives and people who are paranoid
- mrBitch, on 08/11/2008, -0/+8RE: "Mac users hear the same damn thing every year. The flood gates are always on the verge of being opened. I just roll over in my bed and hit snooze.
2003 - "The truth is that the Mac OS is just as vulnerable as Microsoft Windows."—Lance Ulanoff, Security, IT Hub. "
Nice time line - and thank you for posting this as it is very relevant to this thread (for those complaining about multi posts to other threads - I don't care, since I haven't seen this before). - max1018, on 08/11/2008, -0/+7Quick, take cover, he has knowledge!
- statc, on 08/11/2008, -0/+7You should have just written a blog post so you could hit the front page.
- djdole, on 08/11/2008, -12/+19HA! Wake up little man.
You having that pompous arrogant attitude, and a buffer-overflow in ANY installed software (kernel code or third-party) is all a hacker could need or want to do some real damage to the information on your computer.
The first step to maintaining a truly secure system is leaving all system-superiority related arrogance behind.
Second is not believing the manufacturer's marketing department (or the minimum wage employees/drones they hire and dub 'geniuses' to push their product) when they claim to be virus/hack/security threat PROOF. - inactive, on 08/11/2008, -8/+15Actually wrong
You fail... in about .. what was the last fully protected MAC hacked at? 5 minutes?
And who didnt show up to have their OS tested at the latest blackhat convention ??
APPLE AND OSX ! - digitaldivinci, on 08/10/2008, -12/+19With a great market share comes even greater threats.
- rezist, on 08/11/2008, -1/+7you must be new to computers... UNIX/bsd is far more secure than anything else, a good jump off point for a beginner like yourself is google.com
- SPECOPS, on 08/11/2008, -0/+6Its BOTH ways... variations include (credit to the Wiki)
PIBKAC ("Problem Is Between Keyboard And Chair")
POBCAC ("Problem Occurs Between Computer and Chair")
PEBMAC ("Problem Exists Between Monitor And Chair")
EBKAC ("Error Between Keyboard And Chair")
PICNIC ("Problem In Chair Not In Computer")
PEBKAM ("Problem Exists Between Keyboard and Monitor") - agbot, on 08/11/2008, -5/+11Someone hacked a fully protected MAC address in 5 minutes? Whoa.
- infiniphunk, on 08/11/2008, -0/+6Someone has to say it: FUD.
- lead2thehead, on 08/11/2008, -0/+6They weren't really threats. The majority of them were reverse engineering "hacks"... like how to decompile objective C, how to flash the firmware on your iPhone, etc. There was one talk at Black Hat (DefCon's sister conference) about developing OS X rootkits. But of course, you would still need a means of installing it.
- srujanlive, on 08/11/2008, -1/+7The point is you need a physical connection to a Mac to hack it. Yeah that is a vulnerability. But this article talks about viruses in general that are downloaded from the internet. Macs in that case are definitely more secure considering Mac OSX is built on Unix , which is considered one of the most secure systems.
- macbookpromat, on 08/11/2008, -0/+6Please, for us folks who don't pride themselves in learning absurd amounts of vocabulary in less than two minutes, translation?
- inactive, on 08/11/2008, -2/+8Your argument doesn't make sense, because in OS X you don't have a registry or ActiveX controls, which is essential for the spread of viruses sent in Windows e-mail. If someone sends you an e-mail with a virus in OS X, first of all, the Mac is not going to download the attachment and if you okay it, there's no auto-play feature to start the virus and no registry for it to infect. The user will have to actually try to install it themselves.
Once they try to install it, Leopard will tell the Mac user that the file was downloaded from the internet and if prompted, will provide the web site or address that sent the file. And if the user still chooses to install it, OS X will then ask for their Administration password.
So let's say the virus works and somehow circumvents the sandboxing around Apple Mail and sends an e-mail to someone else. That whole process I just explained will start all over again with the next person.
This is not an easy way for a virus to spread. Most e-mail viruses spread without interaction from the user in Windows, so your whole premise is flawed. -
Show 51 - 100 of 194 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is