Re: spyware on macs ?
- From: TheLetterK <theletterk@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 25 Oct 2005 22:39:40 -0400
Oxford wrote:
How would it solve the virus problem in a day? All it would do is prompt virus writers to target OS X instead of Windows.TheLetterK <theletterk@xxxxxxxxxxxxxxxxxx> wrote:
hogwash, an easy target is what gets hit the most, it has nothing to do with "marketshare". if OSX was "equally" easy to "hit" it would "equally" be "hit".
Can you back up this assertion? No one in the security field seems to agree with your assessment.
funny that... IT security people concerned about job security :) fact is, if everyone was able to switch over to OSX tonight, it would solve the entire virus problem in 24 hours... and most all those "security" people would be out of a job, funny that! OSX is a rock, there is no way in or a way to propagate malicious code and that's been proven over and over and over...
But they have *everything* to do with determining how susceptable a machine is to infection by a virus.
this isn't about statistics, it about "ease of target". get that through your thick head.
Statistics plays a huge role in determining infection rates and probability of being targeted.
stats have nothing to do with the ease or "dis-ease" of breaking into a machine.
the only stat you need to understand is OSX is immune to viruses, that's been proven, over and over and over and over.OS X has never been tested in this regard--no one has bothered to write an OS X virus, save the Office macro viruses and that word installer trojan.
Actually, it is a long time. A minute here, and a minute there add up very quickly when talking about millions of repetitions.
it's not any more difficult to hit than 5% of exposed windows machines.
Yes, yes it is. Each 'node' would take ~20 times longer to find for a Mac virus than it would for a Windows virus. This is due to Apple's low share of the userbase. Virus propogation times would slow to a crawl, simply because there aren't very many Macs to act as zombies for virus propogation.
20 times longer of a few seconds isn't much, you need to learn more about statistics that's all.
plus you are are completely forgetting, 95% of the windows machines sold are not on the internet,
Can you prove this? I didn't think so.
no, and I never said I could, but we know many PCs are never openly connected to the web/internet.
But nowhere near 95% of the Windows boxes out there. Maybe 30%. *Maybe.*
I was using the common term for virus, which includes worms, trojans, backdoors, and other overtly malicious software.
only about 60% are online, the way that so called "5%" of macs are. lots and lots of pcs are never tied to the internet. cash registers, signage, dumb factory terminals, etc, etc, etc, etc.
Yes, many are not. But the vast majority are.
60% of that 95% or so...
and that isn't a virus, read the link before you post next time.
Playing with semantics now? Well, by that logic Windows doesn't have very many viruses either--they're almost all worms and trojans.
so secunia is playing with "semantics"? they call it a trojan, not a virus, you were the one that mistakenly thought it was a virus.
"Description:
Trojan Characteristics: This trojan was distributed in a file called "Microsoft Word 2004 OSX Web Install", hence the name. (Note - the name can be easily changed and alone can be an indicator of neither malware presence nor absence)."
Really? then please explain why there are 64,00+ viruses for MS based PCs and NONE for OSX? It seems you completely forgot to think before writing your comment.
Because propogation time for Mac viruses is prohibitively high, the target 'audience' is miniscule, and the task is a bit more difficult?
not within a large population of macs, take a campus for example, some departments are fully mac based, still no viruses,
Who would bother to write one that would hit a few hundred machines?
or any of the media companies
See above.
or even Apple,
See above.
they are probably the largest single installation with 14,000 or so macs, why haven't they ever been hit if it's..... so easy?
Because 14,000 Macs is a miniscule target?
Yes, it is prone to them, were it to have a significant ahre of the userbase. Say, 15%.
face the facts, osx isn't prone to viruses no matter what you do.
Unless you consider flying a kite in the rain to be suicide, it's not illegal.
go knock on this IP, 70.57.60.153 it's open, why can't you get in? hum?
It's illegal, you know.
flying a kite in the rain is too, who cares, you can't get into that machine can you... figures, it's running OSX.
I can compromise my iBook easily enough.
Apple has to bow to the ignorant, not having one would be a missing "check off" item, so the people that don't understand security would be mistakenly afraid. It's sad really when MS's weaknesses forces honest companies to cheapen up their products.
I, for one, am glad that Apple did show a bit of foresight and chose to include a good firewall by default. Now, if they could just be bothered to turn it on by default... I'm doubly glad that you aren't administrator for any of my boxes. Your lack of knowledge regarding security is appaling, as is your trust in Apple to provide solutions.
turning it on would cause unneeded disruption to the user, you don't want that.
Yes, yes I do want that.
if you are mentally unstable or ignorant, leave it off, if not, turn it o, realll simple.
Fixed.
I deal with many, many more macs than you will ever see, none have firewalls or in form of extra security,I can only thank the nondenominational diety(ies) that you do not have my Mac's admin password.
some users have passwords, most do not, none will be infected or breached this year or anytime in the future.Keep telling yourself that, maybe it will make you feel better when your fired for screwing up your job.
I think most of us are laughing at your delusions, or have killfiled you by now. Something I'm probably going to do shortly.
You must be paranoid, I have hundreds of machines with no passwords, no firewalls, all work perfectly, none have been breached. It's the difference of OSX compared to Linux or Windows.
Right, keep digging that hole oxtard.
you're the one that seems overly concerned with non-issues, it's your hole we are building, i'm just laughing at you as you shovel.
Incorrect, GNU/Linux outsells OS X, and that does not include free downloads.
On a worldwide network it certainly is the most battle tested consumer OS.
Can you justify this statement, or is just another example of your favored tactic--'proof by declaration'.
easy, OSX is the top selling OS not based on Windows...
Windows is notoriously insecure, thus, OSX is the most battle tested consumer OS there is.
No it isn't. It's hardly ever in a situation to be tested.
If you can think of another, please let me know, otherwise, give it up already.
GNU/Linux is a consumer OS that has undergone much more rigorous testing.
sure if you are sitting in front of the machine and have a startup CD, there is a way in, but a virus writer would be awfully busy trying to do that worldwide.
I can exploit my own Macs fairly easily--it's how you shore up their defenses you know.
and what exactly needs shoring up?
OS X's swiss-cheese security.
go ahead, exploit this mac, bet you can't 70.57.60.153 (running tiger server just so you know)
Why would I break the law to prove a point I already know to be true?
Great, you can attack my printer!
No, a malicious cracker could attack your *printer service*. If there is a vulnerability in this component, then it could allow the attacker access to the machine as a whole. And there is more than just a printer service running.
wrong, cackers can't magically jump through print services,
Right, they could possibly exploit vulnerabilities in the service.
into the rest of the machine,You seem to assume the vulnerability in question would not allow priv elevation and/or arbitrary code exectuion.
it doesn't work like that.Your right--most of the time, the stupid user will just be tricked into running the code for them.
yes, there are more running/open ports, but none of those ports have facilities to breach the entire system.Right--a word of warning to anyone wandering across this thread, ignore oxtard here. He's an idiot.
go for it... gosh, that's were I store all my gold! Maybe you could have my printer, print fake $$ and have it automatically mail them to yourself? That seems about the level of your intelligence on this matter. Bottom line, there is nothing you can do to break into a default OSX install, it's locked down tight.
Oxtard, can you become any more of an idiot? It must be a challenge to continually lower the bar.
that's funny, you seem to be the one failing on every comment you make, you didn't know what a trojan was,
I didn't realize we were playing with semantics.
couldn't breach a naked mac out on the internet,
More correctly, I didn't try.
thought someone could crack print services to take over a mac,thought someone could exploit a vulnerability in a printer service to compromise a Mac.
etc, etc.
Where are these holes? waiting...
Let's see... in the last security update for 10.4.2, the following holes were patched:
* ImageIO
CVE-ID: CAN-2005-2747
Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2
Impact: Viewing a maliciously-crafted GIF image may result in arbitrary code execution.
Description: By carefully crafting a corrupt GIF image, an attacker can trigger a buffer overflow in ImageIO which may result in arbitrary code execution. Several components of Mac OS X utilize ImageIO including WebCore and Safari. This update addresses the issue by performing additional validation of images.
was this ever an issue in the "wild"? no.
Could have been. This is a hole in your vaunted security.
CVE-ID: CAN-2005-2746
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2
Impact: When using auto-reply rules, Mail.app may expose the contents of encrypted messages.
Description: Mail.app includes the contents of messages when processing auto-reply rules. If a message being processed was encrypted, the automatically generated response will include the decrypted message contents. This could allow an attacker to intercept the message. This update addresses the issue by ensuring that unencrypted responses to encrypted messages are not generated. Credit to Norbert Rittel of Rittel Consulting for reporting this issue.
was this ever an issue in the "wild"? no.
Could have been, this was a hole in your vaunted security.
the rest snipped for brevity.
The rest were snipped because you realized how stupid your claim was.
Asshat Linux has never been compromised either--by virtue of running on exactly *one* system in the entire world.
Which is the same for any system.
Yet you still claim OS X is especially secure... why?
still no serious breaches 4.5 years into use, OSX gets stronger ever day.
Asshat Linux has never been compromised either--by virtue of running on exactly *one* system in the entire world.
Which is the same for any system.
Yet you still claim OS X is especially secure... why?
still no serious breaches 4.5 years into use, OSX gets stronger ever day.
Let's see, that's one Mac for every 20+ Windows machines... Yeah, that's pretty rare.
And now describe your latest "threat" that caused a breach of security using OSX, bet you can't.
Your right, I can't. But that is because of the statistical difficulty of needing to expliot an OS X box.
18+ million machines, is hardly "rare" on the internet,
there are large pools of 100% mac, none ever compromised.
That is most certainly an incorrect assertion.
if a breach were to happen, it would have already occurred by now,
Why? No one targets OS X, so why would you think a breech would occur?
OSX is extremely secure as shipped
So is Asshat Linux. I dare you, try to break into it.
and constantly being improved to even thwart "clean room based theories", thus no current spyware, viruses, and probably never will be.You are correct--there never will be, because OS X will never attain a significant percentage of the userbase.
you can reply if you want, but this is my last post, you are too paranoid to deal with.
Thank god! .
- Follow-Ups:
- Re: spyware on macs ?
- From: Peter Hayes
- Re: spyware on macs ?
- References:
- spyware on macs ?
- From: asdf
- Re: spyware on macs ?
- From: TheLetterK
- Re: spyware on macs ?
- From: TheLetterK
- Re: spyware on macs ?
- From: Oxford
- Re: spyware on macs ?
- From: TheLetterK
- Re: spyware on macs ?
- From: Oxford
- Re: spyware on macs ?
- From: TheLetterK
- Re: spyware on macs ?
- From: Oxford
- spyware on macs ?
- Prev by Date: Re: Front Row is now up and running on non-iMacs
- Next by Date: Re: spyware on macs ?
- Previous by thread: Re: spyware on macs ?
- Next by thread: Re: spyware on macs ?
- Index(es):
Relevant Pages
|
Loading
