Re: 13 MASSIVE holes found in Safari...

In article <r3ukf.62$g87.1717@xxxxxxxxxxxxxxx>,
Wegie <here@xxxxxxxxxxxx> wrote:

> In article <2005120319521937709%micron@invalidnet>,
> Michelle Ronn <micron@xxxxxxxxxxx> wrote:
>
> > On 2005-12-03 19:44:41 -0800, Wegie <here@xxxxxxxxxxxx> said:
> >
> > > In article <tNydndFbWJDv_g_enZ2dnUVZ_sydnZ2d@xxxxxxxxxxxx>,
> > > "MuahMan" <muahman@xxxxxxxxx> wrote:
> > >
> > >>>> "The most severe of these are the vulnerabilities found in curl and
> > >>>> the
> > >>>> PCRE
> > >>>> library used by Safari," said Thomas Kristensen, chief technology
> > >>>> officer
> > >>>> for security site Secunia, which rated Apple's updates as "highly
> > >>>> critical"--the second-highest danger ranking.
> > >>>
> > >>> And yet, not a one of them has been exploited.... Go figure.
> > >>
> > >> Then why release a patch if they can't be exploited?
> > >
> > > it goes back to apple's perfectionist nature, a product isn't complete
> > > until it's polished to a high sheen. they've been doing that since the
> > > woz days, this is no different. there have only been about 70 viruses
> > > in the company's history, just goes to show they really care about the
> > > product.
> >
> > This stuff cracks me up. Apple's security is good, but it is no where
> > near perfect. It cannot be.
> >
> > Please give me one, just one, technical reason that a virus cannot be
> > written for the Mac?
>
> there is not just one, but many reasons.
>
> 1) 30+ years of UNIX, Live 24/7 network development. No other consumer
> OS is this battle tested on the Internet.

Meh. Security holes are being found in things like ssh all the time --
software that's been around for a really long time, where security is at
this point probably the most serious development priority.

> 2) Known insecure networking ports are turned off by default.

Which just means that no system in its default configuration that is not
used interactively can become remotely infected with anything.

> 3) Automatic Software Update is turned on by default.

But updates are not automatically installed by default, and updates are
only checked for once a week by default. The way exploits often work in
the Windows world is, Microsoft releases a patch, and people reverse
engineer the patch to find out what holes it plugs. This is much easier
than actually discovering holes in the system in the first place. Then
people take this knowledge, and write software that exploits those
holes, which they release before most people have had a chance to
install the patch. Sometimes they do this on the same day a patch is
released -- a 'zero-day exploit'.

OS X is quite vulnerable to this in its default configuration.

> 4) All administrative actions require a password. In other words, for a
> Virus to move from machine to machine, a Virus writer must go into every
> house/office then figure out the user's password, then hit return. (now
> you know why there are Zero viruses on Macs)

This assumes:

1) The user won't just provide the password when requested. Many will.
2) There are no flaws that allow local privilege escalation.
3) The virus even needs administrator access to spread or do damage in
the first place. Most conceivable OS X malware wouldn't.

> 5) Root administrator account is turned off by default.

But the default user account is in the admin group, which means it has
'sudo' privileges.

> 6) Apple's quick response with security patches.

See above, about'zero-day exploits.

> 7) The open source nature of the operating system allows flexibility. If
> Apple doesn't provide the patch quickly enough I can download the source
> code and install it myself.

Sometimes. And even when this is true, it's only true for users with a
good amount of technical skill, which is not most of them.


Is OS X better than Windows? Yes. Is OS X perfect? Not at all. It's
quite possible to write viruses, worms, and other sorts of malware for
OS X. The reasons this has not happened are, basically:

1) Because the Mac is not the world's default platform, most people who
use it use it by choice. As such, there's less resentment against the
platform within its own user base. This reduces the likelihood of
'hobbyist' malware.
2) The higher cost of the Mac makes it less popular in e.g. Eastern
Europe, where a lot of malware is coming from these days.
3) The Mac's smaller market share makes it a less attractive target for
both malware hobbyists and professionals.

[snip]

--
"It's in our country's interests to find those who would do harm to us and get
them out of harm's way."
-- George W. Bush in Washington, D.C., April 28, 2005
.

Relevant Pages

  • Re: Symantec releases "demo" OSX virus
    ... claims that Symantec 'released' this malware. ... than Mac OS and Mac OS X combined. ... IMPROVING the security of Mac OS X by digging for security ... Apple's May 2006 Security Update fixed a whopping 43 holes. ...
    (comp.sys.mac.advocacy)
  • Re: Another reason to buy Wintel.
    ... >> software (such as, perhaps, a Mac?). ... > Those are by no means the only tools for protecting against malware. ... > It helps a lot to have an OS that, by design, makes acquiring malware ... you must remember that the "holes" were not ...
    (comp.sys.mac.advocacy)
  • Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
    ... malware than the Mac, the Mac must have magic pixie dust (which Mac fans ... cannot explain) to protect it. ... They present "Unix" as a sort of totem, which is supposed to drive off malware like evil spirits. ... We can see that the product itself is a much softer target than Windows these days; we can see that Apple is not putting much effort into the technical side of security. ...
    (comp.sys.mac.advocacy)
  • =?ISO-8859-1?Q?Re:_Empfehlung_f=FCr_Virenscanner?=
    ... Hersteller einen Patch hat, dies ist leider nicht immer rechtzeitig ... zeitlichen Abstand zur Malware. ... ist aber in den allermeisten Fällen bei gängiger Software ... Malware-Scanner geschaltet ist. ...
    (de.comp.security.misc)
  • Re: Does Mac Malware Benefit From Obscurity? No! Proved By Data.
    ... of times more malware than Mac is that the Mac is 'obscure.' ... Below I perform some calculations to prove this conjecture to be ... Windows, versus the current percent on Mac, and the number of malware ...
    (comp.sys.mac.system)