digg

Facebook Connect Join Digg About

Mac attacks rare but rising

cnn.com Apple computers have long been prized for being relatively virus-free. But as more people use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware.

Who dugg this? Made popular Oct 21, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

99 Comments

show profanity settings
expand all
  • DougJ, on 10/12/2007, -6/+92"Apple computers have long been prized for being relatively virus-free. But as more people use Apple products, experts say the company is increasingly becoming a target for cyber pranksters and criminals writing viruses and other forms of malware.
    The threat was highlighted earlier this week after a handful of the company's iPods were shipped with the RavMonE.exe virus."

    I guess the author doesn't realize .exe files don't run on the Mac OS. Can't they find people who actually know something about technology to write these articles?
  • tsunamisteve, on 10/12/2007, -8/+65More fact-checking on the article:
    -Symantec later admitted that their big report regarding vulnerabilities in OS X was overblown.

    -Several reports of Apple security flaws in the news have come just after Apple security updates, therefore detailing flaws in _non-updated_ systems.

    -CNN is CNN. They take ***** and run with it.
  • inactive, on 10/12/2007, -5/+46Title: "Mac attacks rare but rising."
    Actual article: "Mac attacks rare but may rise."
    Biased much? Marked inaccurate.
  • griz, on 10/12/2007, -4/+40They should also note that the iPod is not just a Macintosh device. The iPod being used as a conduit to infect Windows machines in no way "highlights" an increased threat to Macs.
  • LoungeActx, on 10/12/2007, -10/+43I don't know about any of you guys but I haven't run into any Worms, Viruses, or Spyware on my Mac.

    Marking this article as inaccurate.
  • unloud, on 10/12/2007, -2/+30"What is it that makes OS X secure?"

    Nothing is completely secure, it's just that OS X is more secure inherently than windows. Here are three reasons as to why that I can name off the top of my head:

    1) OS X is built around UNIX. Unix was made with networks in mind from the begining by having file permissions and administrator requirements built in from it's inception. Windows added networking to Windows 95 at the last minute in order to be compatable with the internet, and did not include file permissions nor even secure passwords until Windows NT/2000. In many ways, permissions are still flawed in Windows, but I hope this is remedied in Vista.

    2) By default, Windows has run for the past 10 in root mode. This changed with windows 2000 and XP, but even all versions of Windows XP Home had a blank password for the administrator account. This means that programs can edit whatever files they want without any warnings or restraint. With OS X, to edit system files you must have root account access enabled which is not by default and out of the reach of your average user. Again, this got better with XP SP2 and above, but it was never fully complete until Vista (which is not out yet).

    3) Safari is not built into the OS....Windows has IE tied into it's main functions as an OS, so anything that can run in the browser and can exploit the browser can exploit the OS. If there is an exploit in Safari, it can affect Safari but in order for it to run anywhere where it can harm your computer or others it needs to ask your password.


    Again, NO OS is secure....It's just the way that some Operating Systems work that allows them to be less vulnerable than others. As of right now, OS X has a more ecure concept for the way that their operating system works.

    With the coming of Vista, who knows? Things might just be a lot better once people adopt Vista. Only time will tell if Microsoft's extra attention in this feild has paid off. Either way, better security benifits everyone no matter what OS you are using.
  • billdcat, on 10/12/2007, -4/+28This article is horribly inaccurate and misleading. WTF does a WINDOWS virus on an iPod have to do with attacks on Macs??? There are THOUSANDS of new virus for Windows every month, and, so far, not one virus in the wild for Macs - only lab-designed proffs of concept.

    No digg.
  • griz, on 10/12/2007, -5/+27You know the sad thing is that Windows Fangirls will never admit how secure the Mac actually is because they don't want to open their eyes to that fact. However, if the day ever comes that Windows manages to get its security act together, then the Windows Fangirls will make it widely known that they have a very secure operating system. Shouting, "Look at us, we ward off hundreds of thousands of viruses daily."
    Making that claim as if a secure OS hadn't existed until that day.
    A secure OS exists today, it's called Mac OS X.
    I don't buy the no marketshare ***** about why noone has written a virus for the Mac. Fact is, it just can't be done. You mean to tell me that spammers wouldn't want a bot network consisting of a few million Macs? It's not that they don't want it, it's that they can't do it.
  • superkendall, on 10/12/2007, -2/+21The difference is there actually are Windows viruses and Indonesian people. There are not yet any Mac viruses (or even malware) in the wild.

    Your counterclaims are a little like saying that there are in fact people still living in Atlantis, we just haven't seen the continent rise up again yet. Or like saying the Cubs could win the world series, if the population of Cubs players grows large enough. I mean people have been implying the same things as you for years now, stil with nothing on the Mac to infect it.
  • cday, on 10/12/2007, -5/+23Maybe the headline would be more news worthy if it indicated there were more "successful" attacks on Macs lately. So far, I haven't heard of any at all..."successful" ones, that is. Attacks on Macs might rise as more people buy them, but I still can't see that there'd be much profit in such things because they just won't work the same as on Windows and likely won't be very wide spread.

  • netburnr, on 10/12/2007, -4/+16Don't digg an inacurate article, mark it as such....jeez.
  • geminem, on 10/12/2007, -4/+15Windows is now Window's. i think CNN they didn't even bother spell-checking.

    from the article:

    ....often with advertising or scams attached, to other Window's machines can generate big money . Writing a Mac-based virus, which could only target other Macs, isn't nearly as profitable.
  • JeremyBanks, on 10/12/2007, -5/+15@Neurofiend:

    How the hell do you manage that?

    I mean, I don't have any installed on my computer, but I've had plenty of them try to install themselves (ActiveX exploits when I used IE, viruses in torrent downloads, etc.).
  • superkendall, on 10/12/2007, -3/+13That is is a rootkit, not a virus or even a worm. It's a tool for someone to use on your system after they have already broken in... It has no means of replicating, no intelligence.

    Thus mac users are still waiting. I guess you haven't really done any real research either instead of just typing something into Google and misunderstanding what it was you found.
  • rtini, on 10/12/2007, -4/+13What is it that makes Mac OS X secure? Who cares. It has zero viruses, zero spyware. I don't have to worry about stupid registration keys when I install it, it's secure out of the box, no worries. I feel like I'm in control with Mac OS X. I can open up the terminal and I've got Linux right there waiting, I've got tons of commercial software (unlike Linux), I can run Windows if I really want to for whatever reason, which is basically to test IE compatibility with javascript. Mac OS X doesn't need to be reinstalled every year or two like Windows does. Mac OS X maintains itself, keeps the hard drive defragged, has no registry to fill up with stuff, indexes new files the instant you create them. You can reorganize applications, move them around, alter the directory structure, no problem, no lost "dll"s ever.

    I don't care how *theoretically* secure and wonderful Windows is, in real life it's got a gazillion viruses and spyware programs - and a thriving industry devoted solely to dealing with those viruses and that spyware. Windows installs go bad like old milk, they need to be refreshed every so often. Windows constantly jumps in my face "hey! let me help you", or "here, let me show you things about Windows!", or "I've discovered new hardware! Now I'm installing drivers for it! Now you can use it!" I'm not interested in that hand-holding crap so much. When I plug in an external hard drive, mouse, printer or whatever, I expect to just start using it without any fuss, since I'm a Mac OS X user and that's what I've come to expect.

    Windows is, in a word, crappy. I hope it never gets too much better though - all of these cool people I know who work at Symantec would lose their jobs.
  • netburnr, on 10/12/2007, -6/+15For starters, the web browser doesn't have direct access to the Kernal, thats M$'s first mistake. 2nd, and change to the system files requires you to type your admin password, meaning you get a nice popup asking for your password everytime something tries to install...Windows...you would never know.
  • nofxjunkee, on 10/12/2007, -2/+9"Most people who use MAcs don't know ***** aobut computers anyway."

    Most people who use computers don't know ***** about computers.

    Troll score: 0.5 / 10 (for the miniscule effort)
  • THEMACGOD, on 10/12/2007, -6/+12Name one, CNN. One virus, piece of malware, etc., that is in the wild and has affected someone.

    Please?
  • fraggle35, on 10/12/2007, -4/+10FUD
  • Fullmoon, on 10/12/2007, -4/+11Ryan,

    Opener requires a user to download a malicious file _manually_, RUN it _manually_ and type in an Administrator password _manually_.

    And since it cant spread properly you would have to spread it to your friends _manually_.

    So, why, yes, I think the "malware" you linked to does not count.
  • streak, on 10/12/2007, -4/+10The "reporter" suggests Macs are less vulnerable to attacks because of the fundamental design of Mac OS X (re: the UN*X underpinnings).

    My belief is Windows is more vulnerable because of all the holes Microsoft intentionally included to help support commercialism through adware. Companies love Microsoft for putting these holes in the OS.
  • vashmyvindows, on 10/12/2007, -3/+9"However 3 minutes spend downloading Firefox, Avast and a good free spyware preventative make most PCs pretty secure as well."

    That's like putting on a condom and packing a gun to go grocery shopping. It's pretty liberating not having to worry about keeping an up-to-date virus scanner, spyware blocker, and alternate browser.

    I got an IM from a friend who said she found someone online who "looked just like me". The link downloaded a file like "myspace_pic_001.jpg.exe" to my desktop, and I double-clicked it just for fun!
  • trylleklovn, on 10/12/2007, -3/+8Mac OS X is not safer than most other operating system... It is just that Windows is so unsafe, it makes Mac OS X seem extremely safe.
  • relativesanity, on 10/12/2007, -2/+7vulnerabilities != exploits
  • rtini, on 10/12/2007, -1/+6The article says that Macs have fewer viruses, but the truth is that Mac OS X has no viruses at all - zero. Important distinction.
  • streak, on 10/12/2007, -4/+8The article's content provides NO data to back up the claims made in the title. Quite the contrary actually. What the article does is point out some of the myriad ways Windows viruses are a problem and reasons why they should continue to be a lesser problem or no problem at all for Macs. This seems to be a case of a "reporter" trying to increase the number of readers by using a surprising (but unsupported) title.
  • mywhitenoise, on 10/12/2007, -6/+10It isn't. Do some research, reading some faulty article doesn't count.
  • r3zonance, on 10/12/2007, -1/+5@ryanirussell

    "What does the previous 20 yeas have to do with the current security models?'

    With Windows it has a hell of a lot to-do with it, because of all the backward compatibility many, many security concessions have had to be made to ge allow old applications to work correctly.
  • austee007, on 10/12/2007, -2/+6"The Mac OS X has a higher security profile," said Ray Wagner, a vice president at Gartner, a technology research firm. "It's not generating anywhere near the same rate of problems, even on a per capita basis.

    Even on Per Capita Basis is the key word in the quote. I guess that simple quote (if true, and probably is) disproves all theory's saying that "if mac had as much market share as windows then they would have equal # of viruses".
  • ryanlrussell, on 10/12/2007, -0/+4"But the biggest difference is that the Mac is not nearly as vulnerable to code execution exploits. Even if there was a vulnerability in the software running on OS X, there's not much that can be done with that vulnerability."

    That's completely false. And I see that sentiment echoed frequently here. I'm curious as to what has led you to believe that, seriously.
  • DaffyDuck, on 10/12/2007, -1/+4"many security concessions have had to be made"

    They didn't have to be made, it's just that Microsoft has no balls when it comes to the idea of slightly upsetting some developers in order to move forward.
  • inactive, on 10/12/2007, -3/+6"Most people who use MAcs don't know ***** aobut computers anyway"

    kuzotz you are the reason there is a mac vs pc debate to begin with you ignorant peice of *****, most people are content with using with makes their lives easier and not having to preach but rather encourages the productivity of individual preference to what hardware gets their job done quickly and efficiently. the whole debate that my hardware is better than your hardware is ridiculous and the display of your ***** comment leads me to conclude that the "Smug" that is usually thrown towards mac users can go both ways.
  • r3zonance, on 10/12/2007, -1/+5@mistshadow

    I think the main point being made here is everything regarding Opener is a very MANUAL process.

    The Sony Rootkit, for example, installed itself right into the heart of Windows AUTOMATICALLY.
  • JackAxe, on 10/12/2007, -2/+5Clueless analyst.

    If more Mac users meant more viruses, than OS X would already be full of them. When Apple's market share was significantly less, the Mac had viruses. I haven't had a virus on my any of my Macs since OS 8 (1998) and that was a single worm. Prior to that there were more under System 7 from what I recall.

    Apple makes the OS and the hardware. They sell only a handfull of hardware configurations vs the thousands upon thousands that MS has to deal with when addressing an exploit. So fixing a critical hole on the Mac is much faster and easier task for Apple.
  • dbr_onix, on 10/12/2007, -0/+3http://www.milw0rm.com/search.php?dong=OS%20X
    Most are local exploits, mostly because the default OS X doesn't have any listening ports. That is the largest reason OS X is "more secure" than Windows. There are a lot of exploits/vulnerabilties for Linux software, as thats what a lot of servers run (So it's secure by default, but you have to open up ports, for say, a web server, FTP, SSH etc). But, it doesn't make Linux any less secure, if all the software (Say, Apache, ProFTPd, MySQL, and a CMS/Forum script) was written perfectly, it would be extremly hard to break into (That applies to any platform)

    Other methods of attacks popular on Windows, things like browser-based exploits, like the WMF one, just don't work on Mac's for the simple reason, depending on the site, you may get < %1 hits (I made that up) from Macs, and the rest on PC's. Add to that the fact Windows, by default, runs as an admin account, it's fairly obvious which is the more tempting target.

    For desktop-OS's, default settings are the biggest factor in security.. If there is lots of listening ports, and you run as admin unless you tell it not too, and the updates aren't forced on you (Many people ignore the Windows Update icon). And on such a wide-spread OS, it's never good.. As such, I think it'll take a long time before there will be an OS that becomes more tempting than Windows for mass-attacking

    Finally, as I somewhat said, most exploits are NOT for the OS themself, it's for software running on them. If someone runs a vulnerable version of apache on OS X, it's no more secure than running it on Windows, or Linux, or OpenBSD, or...
    - Ben
  • nandabanaotakun, on 10/12/2007, -3/+6Man, this article has it right. I have so many viruses on my Mac, it's unbelievable. Maybe one day they'll figure out how to get them somewhere other than my Windows partition and I'll be worried.
  • tripm, on 10/12/2007, -2/+4shockingly inaccurate
  • gerkin, on 10/12/2007, -1/+3News flash ... CNN's Journalistic Integrity Rare but on the Uprise (NOT)

    Sadly this story is fodder and not much more. Looks like it may have been written by a high schooler for their school paper and got picked up, spun in that way that only CNN can do and regurgitated. Marked as inaccurate.



  • inactive, on 10/12/2007, -1/+3"-Symantec later admitted that their big report regarding vulnerabilities in OS X was overblow"

    Uhhh yeah, Symantecs underlying marketing campaign is fear they will overblow anything to spread fud to a culture that thrives off of fear via our News Stations and our Government Officials.
  • nakke, on 10/12/2007, -0/+2Sarcasm isn't allowed on digg it seems :( Sorry.
  • superkendall, on 10/12/2007, -2/+4Waiting for "any", much less "more".

    More like "Overwhelming number of Windows viruses makes it harder for Macs not to pass them along to Windows users".
  • ryanlrussell, on 10/12/2007, -0/+2So, you agree then that malicious code running as a user in the admin group can delete all that user's applications, settings and data. And this on a machine that is frequently used by a single user, meaning that the machine would be put in slightly worse shape than if you wiped the hard drive and reinstalled the OS.

    So far, you demonstrate far more clue than most of the others who have been disagreeing with me.

    But your conclusion is that this is "safe"? You've got a funny idea of safe.

    So let me ask you this: why does the trojan need to be root? What is it not going to be able to do?

    It can get to the Internet, so it can join a botnet, right?

    It can modify any of the apps or settings, so it can install any spyware or monitoring tools, password stealing tools, etc... inside those apps, by modifying them, right?

    It can modify all those applications that will eventually be run as root by prompting for your password, right? Like System Preferences?

    And you ignore the fact the Apple provides an API for admins to be root without having to type a password:
    http://apple.slashdot.org/article.pl?sid=06/09/16/182207

    So given what you have already figured out, I fail to see how you arrived at the conclusion that you did.
  • tdhurst, on 10/12/2007, -2/+3Yes, but please tell me how many Mac viruses you've encountered.

    None?

    That's what I thought, thanks.
  • seweso, on 10/12/2007, -4/+5Can you spot the difference?

    "Mac attacks rare but may rise" v.s. "Mac attacks rare but rising".

    Title's like this should be burried.
  • ryanlrussell, on 10/12/2007, -1/+2Unloud:

    "I apologize; I meant to say NT 4.0"
    OK, so NT4 came out in 96, just one year after 95. Not that that makes much different, the security model had been there since NT3.1.

    "Windows 2000 was intended for system administrators, not for the average user."

    Who do you think was using Win2KPro? Who were those hundreds of users I was supporting...

    And what changed as of Win2K that fixed the permission model?

    " Any administrator can secure their own system. It wasn't until XP SP2 (three years after OS X)"

    It wasn't until XP SP2 that what happend?

    "No. See, you can go to your applications folder and delete Safari without your system breaking. Please feel free to delete explorer.exe from your system to see what happens (hint: you can't). There is a major difference between a web browser being exclusive to a system (Safari) and it being imbeded (Internet Explorer)"

    Sure I can delete explorer.exe. Not that I would want to, since that's the shell, not the web browser.

    I think perhaps you don't have as good a handle on what embedded means in this context as you think.
    http://developer.apple.com/internet/safari/faq.html

    But wait... the permissions are in great shape... but one user can drag Safari to the trash and delete it from the entire syste for all users? And I didn't get a password prompt. How is that working? Seems a little contradictory to me.

    Me: "Wrong. Anyone in the admin group, all standard users I believe, can access what they like without having to cause the password prompt to appear. Just takes a little code."

    "You believe wrong. Know what you are talking about before you make assertions."

    I kinda thought I did know:
    http://apple.slashdot.org/article.pl?sid=06/09/16/182207
    I've posted that link a few times here on the topic of password prompting. The only response so far has been to digg it down. And that's before we even start talking about the local priv escalation vulnerabilities, and file system permission problems. Such as those having to do with different users being able to make changes to the shared Applications folder, that impacts all users...

    Me: "It's Just unix, plus mach, plus a UI layer, plus a bunch of apps. That's more code than your typical unix, which means more errors and more places to attack."

    "Throughout my whole comment I was comparing OS X to Windows, not OS X to UNIX. Avoiding the comparison by comparing OS X to a system that lays at it's core does not substantiate calling both Windows and OS X the same kind of system."

    Your original statement was: "As of right now, OS X has a more [s]ecure concept for the way that their operating system works. "

    And I simply pointed out there there are no new concepts here. If there are no different concepts, then it can't be more secure on that basis.
  • hifiDesign, on 10/12/2007, -1/+2Inaccurate regurgitation of old information coupled with idiotic fearmongering.
  • anonym41414, on 10/12/2007, -1/+2Lots of people here have made the observation that Mac users run with elevated privilege because they can modify the Applications folder.

    If you want, you can think of the Mac has having three "levels" of security. It's not true, but it's a useful model. The standard level, the user account, can write to his own home directory and a few other places (like /Users/Shared and /private/tmp). The "administrator"-level user can write to places like /Library and /Applications.

    But here's the thing. Go into /Applications and delete everything you find. Have you screwed up your Mac? No. Because nothing that lives in /Applications is required for the computer to run.

    All THAT stuff lives in /System, and even administrators can't modify /System without typing a password.

    That's why Macs are safe even from trojan horses. Because no user has access to the system files without being asked for a password.

    (Now, a Mac trojan certainly could delete everything in your home directory, but the same is true of every computer system. The ability to delete your own files without being challenged with constant nag screens is a pretty important aspect of computer usability.)
  • rtini, on 10/12/2007, -0/+1diggrific:

    There are no self-replicating viruses that directly affect Mac OS X. The first link you provided cited no data or sources. The other links talked about malware that required direct user invervention to activate or install them, or application viruses like Microsoft Word macro viruses that take advantage of weaknesses of particular applications.

    If there is actually a self-replicating Mac OS X virus (that doesn't require the user entering in an administrator password, duh!), I'd like to get a link to it so I can find out more. I don't want to be spreading misinformation when I tell people that there are no Mac OS X viruses, but I have been unable to find a single ligitimate case of one.
  • DaffyDuck, on 10/12/2007, -10/+11"Most people who use MAcs don't know ***** aobut computers anyway."

    Care to back this up? Nice spelling BTW.
  • itswoody, on 10/12/2007, -3/+4marked as ***** (if there was an option) totally unsubstantiated drivel.
  • Fetching more discussions...
    Show 51 - 100 of 100 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.