Watch out Mac guys

[gr8fl4porsche]

Your peace and solitude may be at risk.



'Apple’s rising popularity lures hackers'

By Kevin Allison in San Francisco

Published: December 5 2007 19:18 | Last updated: December 5 2007 19:18

After years of relative safety, the Apple Mac is becoming an increasingly tempting target for malicious computer hackers, according to a new report published this week.

Security researchers have been aware of the threat to Apple since last year, when they detected the first piece of malicious code – or “malware” – specifically designed to target Apple.

Over the past few months, however, the number of malicious programmes has increased, according to a report published this week by F-Secure, an internet security company.

“Over the past two years, we had found one or two pieces of malware targeting Macs,” said Patrik Runald, an F-Secure security researcher. “Since October, we’ve found 100-150 variants.”

[SlowToady]

Oh, so you mean that the previous lack of badware for Macs was a function of their popularity, and not their uncrackable-ness? Who would have thought...

I predicted a rise in badware for Macs awhile ago. If it gets popular enough, someone will take the time to break it if there is a possibility of financial gain.

[Moses]

Virus-free since I switched to Mac 15 years ago.

I have two different networks, both running 6 Macs. No after market anti-viral software. NO VIRUSES.

[id10t]

Strange, many (most) servers on the web are running Linux or BSD (or commercial unix) and I think a high-bandwidth server would be much more desireable to "own" than a desktop machine on someones DSL or cable line... but there have only been 3 or 4 Linux viruses in the wild...

[legion]

I wonder how many zOS viruses there have been...

[nostatic]

I'll believe it when I see it. Many of these "security" firms have everything to gain with new viruses. There has been more than one false sighting to-date.

[Seric]

I've never had a virus on either my Windows x86 or my Mac machines. Never ran virus protection. Common sense and being dilligent about what I open up on my machines is all the protection I have ever needed.

That and a good firewall

[kstar]

Emphasis added in bold is mine.

---------------------

The Mac OS X Malware Myth Continues
posted on: November 05, 2007 | about stocks: AAPL

Continuing a non-story that will never die, Wired Magazine has an article about the threat of Mac OS X malware, in which I was quoted. I spoke with the author, Ryan Singel, by phone yesterday, and disputed the premise that Apple's (AAPL) market share grows, it will be subject to the same degree of malware that Windows is. Unfortunately, something got lost in the translation. Here's the quote:


But Carl Howe, an Apple analyst at Blackfriars Communications, disputes the security researchers' theories. He thinks that OS X's Linux heritage makes Apple systems less vulnerable to attack than Windows-based platforms. He argues that even if hacking Macs hasn't been profitable in the past, attackers would have done it anyway if they'd been able -- just for the attention.

"I think the market-share thing has always been a myth," Howe said. "It's a good story to talk about."

What I actually said was Mac OS X's Unix heritage, not Linux. I wrote Ryan about the mistake, and he corrected it. But I just wanted my readers to know I don't have my *nix's mixed up if they saw the earlier version.


But overall, I do stand by my statement that the whole Mac OS X malware story is one of those urban myths that just won't die, just like Craig Shergold, the child with cancer who wanted to get into the Guiness Book of World Records for the most business cards (which, by the way, was true in 1989, but he survived and no longer needs cards). For an ordinary consumer, it's easy to think that since Mac OS X and Microsoft (MSFT) Windows both looks somewhat similar, that they must be similar underneath and exhibit similar vulnerabilities. Therefore, the reasoning goes, the difference in malware must just be due to market share differences.


The only problem is that it isn't true. The two platforms have completely different business philosophies, architectures, and decisions behind them. And those differences matter when it comes to security.


Microsoft Windows evolved from a hardware platform philosophy


See, it's important to remember who Microsoft's biggest customers are. Those big customers aren't consumers; they're hardware vendors. That's why it's nearly impossible to buy a HP or Dell computer without Windows -- HP and Dell are Microsoft's customer, not you. And these hardware vendors are the people who drove Microsoft's growth.


When Microsoft designed Windows for the ability to run on as many hardware platforms as possible, it had to make its system easily extensible. Therefore, Windows needed ways that anyone could plug their software into, be they a motherboard maker, a peripheral manufacturer, or a software designer. That meant easy ways for outside companies to modify Windows to their needs. This doesn't just apply to device drivers, but other OS components like dynamically loadable libraries, graphical drivers, and the like. And with thousands of Windows vendors involved, developers became very creative at adding their software into Windows. And Microsoft, responding to Steve Ballmer's chant of "Developers, developers, developers....", put application programming interfaces (APIs) -- some of them public, some of them not -- so developers could install these add-ons.


And this extensibility didn't stop at hardware devices. When Microsoft found itself falling behind Netscape and its use of Java in Web browsers, it felt it had to allow Web designers to extend its OS as well. So it added a Windows-only extensibility feature called ActiveX, which allowed Web designers to add code to the browser and to the user's desktop environment. I noted publicly that this was a mistake in Web security in 1997. But in its quest for market share and Internet dominance, it didn't really care about security.


Now in 2004, Microsoft recanted on that view, and Bill Gates declared security its top priority with its Trustworthy Computing initiative. But by that point, Microsoft had millions of pieces of driver code and software add-ons that had to be allowed to insert themselves into Windows for its ecosystem to continue functioning. The company was left with two choices: be compatible or be secure. Guess which choice worked best with Microsoft's business model?


Apple chose a secure software foundation and rigid platform control


Mac OS X, on the other hand, never went through this same "we must be all things to all developers" evolution. It based its OS on a tried-and-true platform, the Berkeley Source Distribution (BSD) version of Unix. The APIs into this system are few and well-publicized. BSD's security model is also both open source and well tested, having been used by educational, government, and commercial researchers for about 30 years. Yes, Apple made changes and extensions to the system, but they were done to make Mac OS X run well on Mac hardware, not a million different Frankensteinian combinations of hardware from thousands of different vendors. And in fact, Apple still exercises very tight control of its platform and operating system software by building in security features that prohibit Mac OS X from running on other Intel hardware, even though it quite easily could allow it.


The result: Mac OS X remains a much tougher nut to crack for malware developers. Why? There are actually a lot of reasons, but I'll stick with just my top three. Unlike Windows,


Mac OS X users don't run with administrator privileges. Until Windows Vista, almost every Windows user had all privileges to install and modify their OS at all times. Mac OS X, on the other hand, always has users run without such privileges. That means you have to type a password to install or change any critical system software. That minimizes the damage that Web- or email-based malware can do. And unlike Windows, there is no compatibility requirement for ActiveX binary code insertion into the user or kernel environment via the Web in Mac OS X.

Mac OS X has less spaghetti code. Ask any security guru and he or she will tell you: a simpler software model is easier to secure than a complex one. Any Unix has only about 200 entry points into the secure kernel environment. And while there are many libraries in the Mac OS X system, most of those don't have enough privileges to do anything really bad (see bullet point above). For a nice graphical comparison of the relatively low complexity of Linux (not the same as Unix, but similar in security philosophy) compared with the high complexity and threat profile Windows, see these lovely charts.

Mac OS X mail doesn't automatically run attachments. One of the poorest security decisions that Microsoft made was that back in 2000 or so, it configured its Outlook and Outlook Express mail systems to automatically execute script code on incoming HTML email without any user action required. This was one of the big vectors for virus proliferation earlier this decade. Microsoft has since patched that problem, but it remains a headache for the entire Microsoft ecosystem because unpatched systems still exist. Meanwhile, Apple mail systems have never run attachments or HTML code automatically, so this very common vector for virus transmission just doesn't exist in the Apple world.

Apple can actively manage and verify its hardware Apple doesn't need to sacrifice security for compatibility with a million different hardware configurations. In fact, as we've seen in its latest Leopard launch, Apple actively prunes the number of hardware configurations it supports. And Apple has demonstrated with its iPhone that it is no stranger to locking down its hardware/software products to guarantee a good user experience. As a result, Apple doesn't have to provide insecure compatibility interfaces for old hardware or software systems -- and therefore can minimize its threat exposure.

Now I'm not saying that Apple has an invulnerable or even a "requires-an-MIT-Ph.D.-to-crack" security system. It doesn't, and smart security guys like Thomas Ptacek have written about Leopard's latest vulnerabilities. There will be security problems, both now, and in the future. But I think it's important to distinguish between having two exploits on the roughly 50 million Mac OS X computers (the latest of which is actually a Trojan Horse, and not a virus) and the roughly 140,000 viruses extant for the hundreds of millions of Microsoft Windows computers worldwide.. Two vulnerabilities don't make an epidemic. And given that Mac OS X is a harder target to penetrate, I don't expect those ratios to change dramatically any time soon.


One final note: I noted above that the vulnerability that is being publicized this week is actually a Trojan Horse, not a virus. What that means is that the user actually has to 1) explicitly download a piece of software, which the author advertises as a QuickTime codec, 2) choose to install that software, and 3) type in their administrator's password before the code becomes active. The fact that this threat requires three explicit user actions to activate and has no other way of spreading itself means it will never infect millions of computers the way worms like Storm or MyDoom do. All that said, if you want information on what and how it works, you can see a pretty good presentation here at the SANS Institute.

Source: http://seekingalpha.com/article/52722-the-mac-os-x-malware-myth-continues

[stomachmonkey]

First off. Report released by F-Secure who have a vested interest in trying to sell Mac users security products. Much like Symantec have been doing for years. Ironically the biggest security threat to Macs was due to Symantecs product. It had a hole that left the machine LESS secure than if it did not have any 3rd party products installed.

They call them variants which indicates they are mods of previous source code. I read that as someone tried to write one or two that don't really work and others are trying to make them work.

To date there have been only 2 viruses found "in the wild". Everything else has been experimental stuff done in security labs.

Some definitions. Virus, has the ability to infect, replicate and spread all by itself. Sorry but none exist for OS X and the nature of the OS's architecture make it a task of monumental proportion. OS X is open source so for every bad guy out there there are 100 good guys finding and contributing to fixing potential holes before they can be exploited.

Malware. A piece of software that does something bad. Well anyone can write malicious code for any OS. The trick is getting someone to run it. On windows you can execute Malware without the user knowing it. In the case of last years OS X Malware the user actively downloaded and autohrized the installation of the software. It did not happen on it's own without the users knowledge. It worked because the user downloaded an application that was not what it claimed to be, it was basically a phising scam. The OS was not insecure, it was bad judgement on the end users part.

Lack of market share is BS. Apple sell millions of boxes a year. OS X has been out for 7-8 years. 100 Million computers is not a large enough target?

Hackers are not driven by money, they are driven by "cred". You can't tell me that they are not highly motivated by pulling off something that they are told they can't. Apple running TV spots and very blatantly waving a red cape in their faces is not enough motivation?

In fact there were a few "contests" that offered cash prizes for anyone that could hack a target Mac that had been placed on the net. No winners. Lots of people tried but no one succeeded.

[Shuie]

yawn.

[SlowToady]

And also much more difficult. Also, when the virus writer is aiming to create a botnet, like Storm, which is what I was alluding to, completely unneeded.

What about root kits for *NIX? You know as well as I do that probably 50% of the hosts on the internet need to be gone through with a steam cleaner. Let's not kid ourselves and think that Linux, commerical UNIX, or BSD is unhackable. You'd either be a complete idiot, naive, or a fanboy. Or some combination.

Apple sells tons of OS X boxes. Good for them. However, when I look at web site stat logs, Mac OS is a very small portion of my hits compared to Windows. That is what virus authors usually see as well. Again, there just isn't enough of them, and wasn't, until recently.

Virus free on a Mac for 15 years? Reasons are multiple. Two of them are that, 1. until recently, as I said, no one (as in Bad People) cared about them. Not enough. Secondly, give me a break. MAC OS ONLY GOT PROTECTED MEMORY WITH OS X. AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA. You really think it'd be a chore to write a virus for an OS WITHOUT PROTECTED MEMORY?????????

OpenVMS has never had a virus written for it. Or MULTICS. Or Plan9. Or blah blah blah. An OpenVMS server was placed on the net with the intention of people trying to hack it. No one did it.

Quote:

Originally Posted by id10t

Strange, many (most) servers on the web are running Linux or BSD (or commercial unix) and I think a high-bandwidth server would be much more desireable to "own" than a desktop machine on someones DSL or cable line... but there have only been 3 or 4 Linux viruses in the wild...

[stomachmonkey]

So explain to me why there were several hundred viruses for Macs pre OS X, at a time when Apples market share was at its LOWEST point.

OS X comes along and "poof" all the Mac virus writers decide to quit at the same time?

Yeah, makes perfect sense to me

Read,

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

http://lists.apple.com/archives/fed-talk/2004/Nov/msg00018.html

[SlowToady]

I was actually thinking this over, over dinner. And I remembered that there used to be TONS of virii for Macs. Why? In the absence of market share, because it was EASY. No protected memory, remember?

Why did all the virus writers disappear? 1. Not as trivial as it used to be. 2. Not enough return to justify the work.

But, hey, what do I know: you guys are right, you'll never see a virus/trojan/rootkit for OS X. Apple has better programmers than any other company in the world, and they know more about computer science and security than ANYONE. Their OS will never be vulnerable. Never mind the countless exploits for any *NIX you care to look at...

Why does Windows have more virii? Well, for one, market share. What is it, like, 90% of the desktops in the world run Windows? That leaves how many other OSes to fill the remaining 10%? Yea, no wonder virus writers don't concentrate their time writing virii for them. Windows virus writers tend to take advantage of an exploit/code bug to write a virus to do evil deeds. Traditionally, that hasn't been the case with *NIX operating systems. Typically, you see the exploit explained, and occasionally some shell code or some C code to make it work. But that's it, really. No real "virus" or "trojan." Maybe it's because the users would be trying to run a BIND exploit on a Solaris machine aren't likely to NEED a pre-written virus. Maybe it's because most people leave their Windows install the same way they got it from the factory, which means there isn't a lot of testing to be done across different versions. Most *NIX users are likely to customize the environment somehow, which makes the testing much more difficult and would lower success rates.

RE: the servers on the internet. Typically servers get a bit more monitoring than do desktops; or at least I know mine do That means hacks/cracks/whatever get detected faster. What good is it to gain entry to a machine if it's just going to be taken away as soon as the SysAdmin finds it, likely in a matter of days or hours? They don't need a virus scanner to tell them something is wonky. Home desktop users, do. A home desktop users isn't likely to be running, say, TripWire to find out that the MD5 hash of explorer.exe has been changed. Probably lots of reasons servers aren't targeted for virii.

But, hey, like I said, if you think *NIX isn't vulnerable to anything because you don't see a ton of virii for it, just head over to InfoSec or BugTraq. You'll find a nice, long list of exploits for any version you care to look at.

Quote:

Originally Posted by stomachmonkey

So explain to me why there were several hundred viruses for Macs pre OS X, at a time when Apples market share was at its LOWEST point.

OS X comes along and "poof" all the Mac virus writers decide to quit at the same time?

Yeah, makes perfect sense to me

Read,

http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/

http://lists.apple.com/archives/fed-talk/2004/Nov/msg00018.html

[SlowToady]

http://articles.techrepublic.com.com/5100-6350-5034641.html

Let me pull out a few key parts.

Quote:

Aside from Klez, other major viruses affecting Linux/UNIX platforms include the Lion.worm, the OSF.8759 virus, Slapper, Scalper, Linux.Svat, and the BoxPoison virus—just to mention a few.

Quote:

An Austrian student named Alexander Bartolich has even written a guide to writing the ELF virus for Linux. Bartolich does not claim to be a Linux virus pioneer and says that he has only more efficiently documented and formatted in a nicer way the virus, worm, and Trojan vulnerabilities for Linux that have already been documented elsewhere. With such revealing documents posted on the Web, the proliferation of UNIX-based viruses is only going to increase, especially since the use of Linux in the server room is increasing. However, systems administrators may want to get a jump on Linux viruses by reading the guide themselves so they can better understand Linux vulnerabilities.

Emphasis mine.

Other good parts, too, but I'll leave that you guys to read.

[Mule]

If that Apple propagandist sounds believable to you, seek help. All computers have vulnerabilities, even the perfect Mac. They can tell you whatever thy want. The truth is, nobody writes viruses to attack 172 users.

[kstar]

Some of you guys' disdain for the Mac and OS X greatly exceeds my love for them!

It is what it is. OS X is basically built on Unix certified BSD, and it is a well known beast. It's not bullet proof (no one said it was) but has been around for a long time in an open form.

The article I posted is succinct and reasonable and by no means a fan-boi fluff piece. Again, it is what it is.

Best,

Kurt

[stomachmonkey]

You guys are completely missing the point.

The reason that .nix OS's are more secure than the products from Redmond has more to do with how the foundation was laid for the environment that they were used in which had a direct impact on how security was approached.

The simple "it's lack of market share" is an opinion that no one can prove or disprove. The simple logic that with the introduction of OSX (when Apple had even less market share) Mac viruses disappeared is a fact that anyone can validate in about 5 minutes. Tagging it's not worth the effort onto it is yet another convenient opinion and does not show a lot of thought on the subject.

UNIX, (which OS X is based on) was originally developed to be used in a shared environment. Many users logging into the same hardware or many users sharing the same piece of hardware. From the outset separation of user accounts from each other and from the core of the system was critical. You can't have 20 or more scientists banging around crunching experimental code that could take out everyone else if something went wrong.

Then along came the Personal Computer. It's affordable to give everyone their own computer. Remember no internet access and closed networks in offices. Now you can do whatever you want on your computer, blow it up all day long and the only one that it creates an issue for is yourself. You don't affect the other users.

So both Apple and MSFT took a different approach to the OS. Let's make it user friendly and we can do away with all the segmentation and additional security stuff, it's not needed, one user per PC.

Things went along fairly OK. Viruses were generally spread by sharing floppies with an affected file but it was pretty easy to identify and shut down.

Then along came the Internet. Now it's possible to cause widespread destruction in a matter of hours. The Internet basically turned all those individual computers back into that one shared computer from 30 years ago. Overnight my personal computer had the ability to take down any other computer on the planet all by itself.

Viruses abound for both Windows PC's and Macs.

Here's were the split occurs. Apple understands that their current OS is out of date with the current computing environment. That a .nix based OS is better suited for the way we use computers today.

So why the Myth that it's all about market share, think about this. Symantec have about 70% market share in the security business and booked just north of $5 Billion in revenue. There are a lot of people making a lot of money that would hate to see big chunks of it go away.

Are .nix OS's vulnerable, yes they are. Are they more secure, absolutely.

[Jeff Higgins]

Sounds like Bill Gates wrote the copy.

[PatrickB]

Man... This thread is better than a Steve Wong vs. Loren battle!

[ianc]

Quote:

Apple can actively manage and verify its hardware Apple doesn't need to sacrifice security for compatibility with a million different hardware configurations. In fact, as we've seen in its latest Leopard launch, Apple actively prunes the number of hardware configurations it supports. And Apple has demonstrated with its iPhone that it is no stranger to locking down its hardware/software products to guarantee a good user experience. As a result, Apple doesn't have to provide insecure compatibility interfaces for old hardware or software systems -- and therefore can minimize its threat exposure.

That's fine. That's also why Apple is still a niche player in comparison to Microsoft.

That's also why there are 100X more hardware and software choices available for Windows users than there are for the Macs. If that lack of choice is worth it to you to not feel afraid that you're going to get a virus, then go for it... The attitude is free with purchase.

ianc