Re: spyware on macs ?

Oxford wrote: 
TheLetterK <theletterk@xxxxxxxxxxxxxxxxxx> wrote:


marketshare has very little to do with it,

Your right, marketshare is irrelivent. Share of the installed userbase, however, is everything.

Let's take a sample, shall we?

10000000000000010000

The zeros are Windows boxes, the ones are Macs. Now, which platform do you think is easier to target? Each victim you get will act as another carrier of the virus. Now, the Macs will have to connect with other Macs (a relatively rare event) to spread the virus--the Windows boxes, on the other hand, can pretty much just pick an active address at random and get a viable target.


but we aren't talking about "ease of target" we are talking about "ease to infect",
The two concepts are very closely related. Why would any virus writer try to attack OS X in the first place? Whatever virus they release will spread slowly, and attack a more difficult (but not, by any means, impenetrable) target in the process. Why would they bother when Windows targets are so much more prevelent and easier to compromise?

if this so called "userbase" percentage was flipped, and MS had 4% and Apple 92%... 100% of the Viruses will still only be on Windows.
I'd imagine the split would be something like 2%/98% in 'favor' of OS X. The Windows viruses would die out very quickly.

It's a technical reason OSX doesn't get viruses,
Right--the statistical difficulty of actually infecting large numbers of completely defenseless OS X boxes. It's just too rare a target for virus writers to bother with.

not a "target" based one. A virus writer would get far more notoriety by infecting OSX with it's "1st" virus, than he would by doing the "64,001st" Windows virus. Why hasn't anyone stepped forward? Reason? They can't. 
You probably thought the emperor was actually wearing something didn't you?



the reason is far more technical in nature,

Well, if you consider statistics to be 'technical'.


Stats have very little to do with it, if 100% of the macs were not on the net, then you might have a point, but a good 80% are on the net, and ZERO have been infected over 4.5 years of use.
Yes, with a userbase that hovers somewhere below 5%. Thus, it's a difficult target to hit, simply because each potential target is so rare. It would be like a human virus that could only *possibly* effect 5 out of 100 people.



the fact is a good 15 million osx macs are connected to the net 24/7/365, so don't you think "one measly virus" would of infected the population by now?

One did. The fake word installer virus.


post a reference, bet you can't 
http://secunia.com/virus_information/9393/as.mw2004.trojan/

Exploits the naming vulnerability in OS X.



OSX is designed differently than Windows of any version,

Which does not imbue some magical immunity to viruses.


no, but there are some serious security mistakes in windows. in OSX, not so much.
The mistakes Microsoft made were assuming that technical superiority is more effective than simple (but less versitile) procedures. Windows *is* technically more secure than OS X is. In practice, securing it is so far beyond the average user that it might as well be swiss cheese.

This ties into the reasons I think ACLs are a bad idea on desktop boxes. Too complex for the average user to bother with.



so it's basically impossible to remotely enter a mac,

Well, if you feel so secure, leave your Mac outside your firewall and post your IP addy for the world to see.


firewalls are for wimps, they are basically unneeded on OSX. 
That's why Apple includes one?

my systems are always on, no passwords, sharing is on, come get me or any mac user for that matter.
I wouldn't even consider it--but post your IP addy out here. I wonder how long it would take for someone you annoyed to bring down your unsecured Mac. Probably not very long, considering just how open OS X actually is by default.



If a serious piece of spyware or "virus" was ever to infect a Mac it could only live 7 days, the default "update option on macs" there is some hints that Apple could even invoke a fix immediately if needed.

Unless the virus carried a serious payload.

That's a pretty big if...

Not really.


then why hasn't it happened with OSX being so prominent on the net? 
Is it? 80% of less than 3% of the systems out there is not very prominant.



nah, microsoft is design by committee, they don't have the time to manage linux machines

Nonsense, they run a Linux lab. It's a well known fact. Scouting out their opposition, and all.


and they had an apple // lab, LISA lab, Mac Lab, NeXT lab, nothing new there.

the real reason(s) OSX is so secure...

1) 30+ years of unix, Live 24/7 network development. No other consumer OS is this battle tested on the Internet.
OS X isn't particularly 'battle tested'. It uses a kernel that was, until OS X came out, extremely rare. It's only saving grace is the use of the FreeBSD tools. However, FreeBSD is probably the least secure of all of the BSD distributions... OS X is even less so for the inclusion of new and untested software, as well as a relatively untested kernel.


2) Known insecure networking ports are turned off by default.
Go run an nmap scan against an OS X box with the firewall turned off (this is it's default state, by the way).


3) Automatic Software Update is turned on by default.
The same is true for most consumer operating systems these days. It's a good thing too, because OS X has plenty of holes OOTB.


4) All administrative actions require a password.
Nothing special here. Even Windows does this, assuming you don't do something silly like run as administrator.

In other words, for Virus to move from machine to machine, a Virus writer must go into every house/office then figure out the user's password, then hit return. (now you know why there are Zero viruses on Macs)
Hardly. There are plenty of methods of falsifying or circumventing such a security procedure. A simple keylogger would solve that problem. There's also the tried-and-true method of just misnaming an installer and sending it to the user with a message like 'Click me for hawt pr0n!'.


5) Root administrator account is turned off by default.
Unfortunately, if someone managed to exploit the user into revealing their password... this precaution would do no good.


6) Apple's quick response with security patches. 
Apple can't patch user stupidity.


7) The open source nature of the operating system allows flexibility. If Apple doesn't provide the patch quickly enough I can download the source code and install it myself.
You keep right on thinking that. Who am I to tell little kids santa doesn't actually exist?


8) Like Windows, Mac OS X provides an easy to use user interface which exposes many of its unix underpinnings making it easier to administrate for beginners.
OS X's administration UI is pretty simplistic--it doesn't handle any sort of vaguely difficult tasks. Well, OS X Server is probably better about that--but I don't have a copy so I can't make judgement there.


9) Mac OS X by default supports secure encryption and communication protocols for authentication: Kerberos, SSH, VPN, MS-CHAP2, DIGEST-MD5, CRAM-MD5, DHX, OTP, SMB-NT, APOP. 
And this prevents the user from being exploited... how?


Many of these features are cited by the National Security Agency as pluses in favor of Mac OS X. You can read it about in their publication:
http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf 
'Security buzzwords for idiots'.


Finally, many of Mac OS X's security problems are only theoretical and can never materialize, nor propagate in the wild.
That's right--propogation difficulties are what keep viruses off OS X. It's difficult not because OS X is especially secure, but because OS X is just so rare.

Apple contracts agencies to find security holes in its operating system before the hackers do.
So does Microsoft. It doesn't make Windows a shining pillar of security, now does it?

They work with the CERT (http://www.cert.org/) and the FreeBSD community (http://www.freebsd.org/security/) to address security issues. They also belong to FIRST (http://www.first.org/). In short Apple takes security seriously and if you work with Macs as I do you'd know it too.
I do work with Macs, this is why I have absolutely no faith in Apple when it comes to dealing with security threats.
.

Relevant Pages

  • [Full-Disclosure] os x mass mailers
    ... It would be nice to have a little less stress with Windows and let ... Most mac users have never seen the script editor, ... virus or be harmful to your computer and does not default to opening it. ... that, as a practical matter, the 3% using Macs are much safer. ...
    (Full-Disclosure)
  • Re: 11,000 new viruses targeting Microsoft Windows
    ... the number of new viruses targeting Microsoft Windows ... The virus problem is so insignificant in fact that most ... > A really smart virus writer/philanthropist would target Windows. ...
    (comp.sys.mac.advocacy)
  • Re: Macs in Astronomy Updated; Canon 20D under Mac & Windows
    ... > competitors in 2003 because of their total dependency on Windows while ... Any virus is unlikely to be ... If it were a Mac virus, the Macs would have been ... maintainability, and other concerns that might have bearing on security, ...
    (sci.astro.amateur)
  • Re: best antivirus solution for a Mac.
    ... and virus issues on our network. ... But can someone tell my why Macs account for just 3% of computers out there? ... > Use ClamAV for antivirus protection if you need it. ... > antivirus scanner available for many flavors of *NIX and Windows. ...
    (microsoft.public.macintosh.general)
  • Re: 11,000 new viruses targeting Microsoft Windows
    ... the number of new viruses targeting Microsoft Windows ... The virus problem is so insignificant in fact that most ... > A really smart virus writer/philanthropist would target Windows. ...
    (comp.sys.mac.advocacy)