Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows

In article <DaWdnWxWI5gARtXUnZ2dnUVZ_t3inZ2d@xxxxxxxxxxxxx>, Daniel
Johnson <danieljohnson2@xxxxxxxxxxx> wrote:

You deny the author's statement, in spite of _huge_ amounts of evidence
that Windows gets a lot of malware and Mac OS does not?

Yep.

It's a standard Maccie trope to claim that since Windows has far more
malware than the Mac, the Mac must have magic pixie dust (which Mac fans
cannot explain) to protect it.
But you're wrong; no one is claiming pixie dust, no one claims anything
magical -- they just show that there is an enormous and undeniable
difference. The experts are uniform in saying it's because of the Unix
foundation and Apple's excellent implementation. Mac users do not have
to know each reason why that made a difference, because (once more!)
Mac users do not have to think about the issue!

But we can look at the actual product, and see that this is not so.
You can see that it doesn't have magical pixie dust? Right.
You can see that there is no difference in the malware threat? Silly,
obviously, stupidly wrong.

The explaination must, therefore, lie elsewhere. It is worth noting that the
notoriously insecure Mac OS Classic also had a very low malware count
(compared to Windows); presumably a lot of this is just market-share.
If you make that presumption in the face of so many factors, then you
are proving to be the simple and uninformed one, not the others.

Windows has done this for years, of course.
No; Windows has had _a_ kind of protection. But it obviously wasn't
doing the same thing, since even items as simple as e-mail attachments
could run and perform actions and send themselves out again and change
files without leaving much evidence they were doing it.

They could do so because auditing is off by default, and if it were on, few
users would bother reading the logs anyway. But Windows certainly has got
auditing features, if you care about that.
Why should you? You are saying that if something goes wrong, a truly
informed expert can figure out what happened, after the fact?
or just that a really knowledgeable user can mostly defeat most of the
common attack types, by changing how the OS is made to operate?

However, you are missing the point. The security features you mentioned-
"administrator permissions to modify the OS"- are just standard filesystem
permissions that Windows has had since NT debuted. But you do not need to do
any of that to, say, compromise an email client, and then send spam from the
compromised account.
Are you trying to _defend_ Windows by saying that you don't have to use
one known weakness, because you can use another? This is by way of
proving there aren't any significant weaknesses in how Windows is made?

More recently, MS has been addressing this problem- and with some success,
you will notice. When the traditional buffer overflow bugs turn up, they
work rather less well than before. Code injection fails because of DEP or
ASLR or /GS stack protection. Or it succeeds, but it can't get out of the
'protected mode' process it is in. Or it can't get out of session 0.
I think you've been copying and pasting, but yes, I knew that Microsoft
had done a lot recently. Most people realize that was because a lot
needed to be done, and there were a lot of things needed.

And MS's secure development lifecycle also seems to be helping. They seem to
be having fewer exploitable bugs in the first place, as well.

You will observe, if you look, that Apple isn't doing nearly as much here.
Uh... Apple isn't doing so much to help solve its malware problem? That
might sound like an observation, but since you haven't shown any
attacks happening... what do you think Apple should have done?

What Apple does here is security theater- a performance to make you feel
safe, not an obstacle to attackers.
You say that as though there have been hundreds of attacks that worked
right through the account protections.

Well, no. But Leap-A would overwrite your applications (to infect them), and
it could overwrite most of them without bothering with a password or
anything. There was no exploit; OS X just allows this.
Seriously? You're going to cite one attack from years ago to show that
the Mac OS problem is similar to what Windows has to deal with?
You're not serious!

Or that Apple has done nothing
whatever to protect or secure these issues. Why do you think that? Is
it just because you haven't been told of anything they have done, or do
you just like to make this attitude stuff up?

Well, has Apple fixed MOAB-15 yet? I can find no reference saying that they
have, and this rather simple exploit takes you from admin to root with no
password. It's easy to use and reliable, too. It's been public for years
now.
Can you show a significant amount of attacks have happened because of
this? (The opportunity for this attack discussed below).

This is what I mean by security theater. They show you the password prompts
to make you feel safe, but they don't bother to close trivial elevation
vectors that bypass it.
You really don't want to make that stupid criticism in the face of how
Windows works, do you?


But you wrote 'overwrite it with malicious code' like that wasn't the
point in the first place -- we're really discussing how to overwrite
with malicious code! (That is, what you do after you've got that first
part done isn't really the point of security that is trying to stop the
first step.)

You open the file and write. It's not hard. You'd think it would be, but it
isn't.
But you cannot save that file, without user ack, right? So you cannot
make any lasting changes? And it's not clear that you can open the
system-protected (superuser ack) files with this 'technique.'

Normally, on a Unix, you would not be allowed to overwrite such an
executable; on OS X you are. If you do overwrite such an executable, it
loses its setuid-bit and becomes a normal executable. But 'repair
permissions' fixes this little problem, leave you with an executable that
will do whatever you want, and do it as root.
You're getting this from what? And you know someone (other than the
claimant) who has tried it and done it this way?


But as long as Mac users can convince themselves that the Mac is
protected
by magic pixie dust, that very fact will make them a bit more vulnerable.

Just like the naysayers who insist a Mac is vulnerable, but just isn't
attacked -- in spite of thousands of Windows users and malware writers
who would giggle themselves dry if someone could succeed at it?

It is attacked. It is just not attacked much. But such attacks as there are
show that it can be done, and we can look at the techniques they use. They
are not very clever or sophisticated; they don't need to be.
Isn't the most important part that it is not attacked much?
After all, once you are talking about real-world risk, that's rather
the point, isn't it?

In any event, bear in mind that thousands of Windows users and malware
writers would not giggle themselves dry- another OS X virus or worm would
just be that, another OS X virus or worm. It's been done before, and it's
not news.
That's exactly the opposite of the claims of motivation for malware
writers. Make up your mind -- do they care, are they trying, are they
choosing their target, or does no one care?

[snipped claims all these attacks are happening and leaving everyone
bored with attacking Mac OS already]


No matter what the verdict on Mac vulnerability comes to, Windows has
been an embarrassment and a tragedy in every way.

Wishful thinking, as I said.
Then you don't understand any of the words.
The massive troubles Windows has had are known worldwide, have caused
huge amounts of trouble and expense, are a routine and frequent cause
of problems for users everywhere, have even been front-page news
several dozen times -- and you're really trying to claim it's all the
wishful thinking of Mac users?
.

Relevant Pages

  • Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
    ... malware than the Mac, the Mac must have magic pixie dust (which Mac fans ... cannot explain) to protect it. ... They present "Unix" as a sort of totem, which is supposed to drive off malware like evil spirits. ... We can see that the product itself is a much softer target than Windows these days; we can see that Apple is not putting much effort into the technical side of security. ...
    (comp.sys.mac.advocacy)
  • Re: My G5 & Leopard
    ... vast majority of all malware a user is likely to encounter... ... up to and including the 2.0GHz quad core Mac Pro. ... less than the 2 GHz quad core Mac Pro. ... "With a quad-core system and Windows low priority I/O there's no ...
    (comp.sys.mac.advocacy)
  • Re: Damn Im Good!
    ... Windows advocates are being dishonest when they claim that they do not ... which could detect this piece of malware. ... All Mac users also DO and HAVE TO own Windows ... analyzing DNA sequences (for the purposes of designing PCR primers, ...
    (comp.sys.mac.advocacy)
  • Re: Damn Im Good!
    ... Windows advocates are being dishonest when they claim that they do not ... which could detect this piece of malware. ... All Mac users also DO and HAVE TO own Windows ... analyzing DNA sequences (for the purposes of designing PCR primers, ...
    (comp.sys.mac.advocacy)
  • Re: Mac Pro Price Trounces Dell
    ... research the specifics on the malware that I specifically mentioned, ... MB of graphics files in the public directories, ... higher ROI for the Macintosh Mac users still choose the PC. ... But yet he went and bought a Windows system for ...
    (comp.sys.mac.advocacy)