Get the ECT News Network Weekly Newsletter » View Sample | Subscribe
Welcome Guest | Sign In
ECTNews.com
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider
Discussions

MacNewsWorld Talkback

 
ECT News Community   »   MacNewsWorld Talkback   »   Re: No Immunity for Macs



Re: No Immunity for Macs
Posted by: Mitchell Ashley 2006-10-17 07:26:21
See Full Story

Macintosh operating systems, specifically Mac OS X, have a reputation of being very secure, much more so than Windows XP. Apple touts that frequently and openly in its advertisements and television commercials. Is this reputation deserved? Frankly, yes, but with a big caveat -- the situation is changing. Mac OS X is built on what is considered to be one of the more secure Unix-based operating systems, BSD. However, that's not the only reason Macs have had a reputation of being more secure.


Re: No Immunity for Macs
Posted by: mashley 2006-10-19 04:52:14 In reply to: Mitchell Ashley
Thank you everyone for your comments on the article.
One correction (due to a typo). I recommend you always use WPA security settings for WiFi, not WEP.
I've posted more comments about the article on my blog. See more at http://www.theconvergingnetwork.com/2006/10/comments_on_mac_security.html
Thanks. - Mitchell

Re: No Immunity for Macs
Posted by: mack520 2006-10-17 21:24:02 In reply to: Mitchell Ashley
my understanding is that more user data has been corrupted by the use of AV software than has been lost due to malware.

Re: No Immunity for Macs
Posted by: jbelkin 2006-10-17 09:50:17 In reply to: Mitchell Ashley
Of course, the asteroid expert is going to talk about an asteroid "possibly" hitting you in the head ... same here. Otherwise, he's be out of a job. Yes, Macs are not 100% immunue 100% for the rest of existence but that's his mathematical out but for us regular folk, here's the analogy that holds true. Windows, when it comes to security is a fat, sleepy tourist with a camera around his neck and his open bag at his feet as he naps after a heavy meal - the Mac on the other hand is a special forces soldier. Who do you pickpocket or rob first? That's not to say you can't take down the Marine but most hackers are like pickpockets, why bother risking a beating when there is an obvious and easy target ... what this guy is saying is yes, as a soldier, you shouldn't put your wallet out on as you take a nap but otherwise, the count so far is Macs ZERO spyware, ZERO malware, ZERO virus while Windows is closing in on a MILLION total ...

Re: No Immunity for Macs
Posted by: untwisted 2006-10-17 09:05:49 In reply to: Mitchell Ashley
I think that the idea of Mac users needing all of that security is a load of crap. Frankly, many Windows users don't need much. A careful Windows user can generally get by without even having AV software if they're careful with downloads.
Mac OS X, being based on BSD makes it even more unlikely to be broken with malware not because its got less market share. There is an inherit security built in to the way that the operating system works, unlike Windows. Most windows users are running under an administrator account. This gives malicious code the ability to do pretty much whatever it wants. In a Unix like environment, users *should NOT* be running as an administrator, and though the default Mac account IS an administrator account, most administrative tasks still require the use of a password to perform. Moreover, the kernel architecture of OS X helps to prevent malicious code from running rampant. Being based off the mach micro kernel, OS X does not run in kernel mode as frequently as say, Windows, helping to prevent the spread of malicious code throughout the kernel. Since the kernel is actually a grouping of libraries rather than a large set of system calls in the case of a monolithic kernel, there is less for malicious code to infect as well.
Sure, its POSSIBLE to mess with OS X, or any operating system, its just a lot less likely, and much of a pain in the butt. Its not very difficult to write malicious windows code, or find an exploit for something like IE that allows for massive damage. On the other hand, its much harder to find things like that on a unix like system, and often times they aren't nearly as useful.

Re: No Immunity for Macs
Posted by: reboylin 2006-10-17 08:36:13 In reply to: Mitchell Ashley
While I agree with most of your recommendations I feel your main point is overstated. In any complex OS there are bound to be vulnerabilities introduced along with changes. It's a big difference when you can be assured that these vulnerabilities have been exploited and there are actual threats in the wild. When the first virus threat to OS X is evidenced one would be a fool not to run AV software. After 5 years with no evidence, one could be called paranoid to run it. Another response was posted on a different website yesterday. It shows the security issue in a different perspective. Here it is:
" Obscurity has nothing to do with market share or the installed user systems share. Apple is one of the LEAST OBSCURE computer systems, and offers the one of the most tempting targets for malware creators. This is no secret to hackers.
Temptation #1 - Taunting - Never in the history of computing devices has any other computer manufacturer been so brazen about its security as to advertise it to so many around the world. This level of taunting is like twisting a dagger into the hearts of hackers.
Temptation #2 - Transparent - Apple utilizes far more open-source code than Microsoft. This code is not only in user systems, but is also found in Apple's servers and super-computer grid configurations. All of Mac's core operating system, BSD UNIX, is freely available for use and inspection for vulnerabilities.
Temptation #3 - Vulnerable - Over 95% of the Mac OS X users do NOT use ANY malware protection software. In fact, corporate-owned Apple systems, from in-store demo units to the staff at Cupertino, do not use any such software. They rely upon the innate security of the OS alone.
Temptation #4 - Fame - To be the first to create a successful, self propagating virus or to take control of a Mac for the use of being an unwitting spam generator would bring tremendous international notoriety; the Holy Grail of programming. Apple's public announcement of being virus-free makes this challenge impossible to ignore by many hackers.
There isn't a hacker out there that isn't aware of Apple's use of open source programming, their lack of virus protection software, and their arrogant public taunting of criminals. The general population still dwells within their vast herd of false security and myths, having yet to experience a Mac for themselves and view Apple as being an obscure computer system. But, for the hackers, they clearly see it, they are very well aware of it... but can't touch it. For them, Mac OS X is far from obscure."

Re: No Immunity for Macs
Posted by: machelpdesk 2006-10-17 07:53:57 In reply to: Mitchell Ashley
From Gene Steinberg's Mac Night Owl - All this raises the larger question of whether you really need third party security protection on your Mac. With the recent growth of the platform, some tech writers, and certainly the makers of security software, are claiming that Mac OS X is apt to become a more compelling target for malware any minute now. So far, except for some proofs of concept, and perhaps one infection that impacted a very small number of users, there hasnít been a real Mac virus in years, not since the Classic Mac OS was around.
Certainly, the Mac is not an invisible platform, despite a worldwide market share in the single digits. There are, for example, roughly twenty million Mac OS X users out there. A major virus infection can certainly cause plenty of havoc. Surely thatís a large enough market to attract some attention, and wouldnít an Internet criminal want to be the first to create that virus and see it spread far and wide?
Or maybe they just like Apple and hate Microsoft, which is why the latter gets almost all the attention.
Although Consumer Reports magazine continues to gloss over the fact, every single penny of the billions of dollars lost from computer malware in recent years occurred on the Windows platform. In fact, there are already reports of intrusions on Windows Vista, which hasnít even been released yet. Sure, there may be a few million beta testers, but thatís still far less than the Macís user base.
True, Mac OS X is built upon a tried and tested Unix core, so itís fair to say that the system is locked down in a more robust fashion than Windows. In fact, Microsoft has claimed that it created Windows Vista with superior security in mind, and that may be true, although that isnít stopping Microsoft from touting its own security software package to protect you from the slings and arrows of the Internet.
However, no computing platform is immune. While itís hard to justify using Mac malware protection software right now, except to keep you from spreading Windows viruses by email to unwary friends and family members, bad things might indeed happen some day.
http://www.macnightowl.com/2006/10/17/the-fud-report-more-mac-os-x-virus-myths/

Re: No Immunity for Macs
Posted by: machelpdesk 2006-10-17 07:38:45 In reply to: Mitchell Ashley
Mr. Ashley's are all well and good but, in reality, when someone in his position, CTO and VP of Customer Experience at a software security company, makes recommendations that we all need more and better computer security, it smakes to me of a conflict of interest.
You said: "In mid-2006, McAfee's Avert Labs reported that the number of Mac security vulnerabilities had increased 228 percent since 2003." What was the number of security vulnerabilities in 2003? 10, 20 100? Let's go way out on a limb, for arguments sake, and say it was 500. So in 2006 with a 228% increase, that would be 1140 security vulnerabilities. Nowhere near the 114,000 security vulnerabilities on the Windows platform.
But Mr. Ashley's point is well taken, "Replacing complacency with good security practices can protect any Mac OS X user."
Jump to:
Which best describes what you think about requiring Covid-19 "vaccine passports?"
It will prompt more people to take the vaccine to help end the virus.
It will lessen restrictions and provide more freedom for individuals.
It is a violation of privacy and civil liberties.
It will lead to stigma and discrimination.
It will encourage counterfeits and other criminal activities.