Re: Thursday Trump

Jolly Roger wrote:
In article <310120081554419012%nospam@xxxxxxxxxxxxxx>,
nospam <nospam@xxxxxxxxxxxxxx> wrote:

In article
<jollyroger-A5CFAB.17353431012008@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Jolly Roger <jollyroger@xxxxxxxxx> wrote:

In article <4f096d3a-61e2-4456-9e66-f92a5e5a485b@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
"© The OS/2 Guy ©" <os2guy@xxxxxxxxx> wrote:

OS X Is Really Immune To Viruses
Poor Microsoft users. They have to deal with over 200,000 wild malware
(virus, trojans and worms) affecting their Windows world of computing.
The OS X user is immune entirely to all Windows virus, trojans and
worms. That doesn't mean OS X isn't impenetrable, but to access your
system and implant malware the attacker would have to know your
personal system password.
What a load of rubbish. Mac OS X is *not* immune to viruses, trojans, and worms. And to penetrate a Mac OS X does not necessarily require knowing your personal system password.
immune? no, but the chances of getting one are *very* low

That's decidedly not what he said.

with zero
currently in the wild.

There are zero *viruses* in the wild, yes. Other malware, such a trojans and worms capable of attacking and penetrating Mac OS X, however, are in the wild and do exist.

[Sorry for the long post. I'm bored, and this is a fascinating and complex subject that is much bigger than "Macs are hard to exploit".]

Because, the difference is that such malware /depends/ on the subtle interactions between the user and the system. Just find the right way to get a user to make the gestures you need, and there you have it. Plenty of examples of these sorts of attacks in the recent past for the Mac, which were fortunately closed up once a proof of concept was demonstrated (as I recall).

But, all we needed is someone coming up with a clever, and patient, app that leverages InputManager and you have a back-door into every gesture you could make in the UI. At least in releases prior to 10.5. Or some other similar hack; I provide IM merely as an example. I'm glad that Apple is closing up this hole (though they are probably more interested in stability issues and ensuring the UI stays consistent).

I say patient because the best way to do this is to delay the payload, because you aren't going to find the critical mass of unprotected OS X boxes on the internet necessary for the usual "infect and crash trying to do something cute, perhaps actually deliver the attack" sorts of payloads. The trick is getting people to install or run this stuff, which can't be all that hard. The bad guys just need to come up with a way to take advantage of typical Mac user behaviour.

OS X is a pretty unfriendly environment for your typical naive approaches to malware most hackers take, and Apple has actually been taking steps to close up the remaining holes where it makes sense. Since security is a trade-off between security and convenience, the user experience may win out in some cases. The result is Good Enough security that is a pretty hostile environment for the current state of affairs.

Finely tuned, stealthy and robust malware with a diabolical payload and decent propagation is still a very rare occurrence. Most apps and techniques of this sort are lame and brittle, run by script kiddies with little real programming or network experience, often hacked by their so-called friends to spy on /them/. In the commercial malware business, it's more important to maintain the commodity of exploitable boxes on the internet, so no one is going to bother with subverting anything other than Windows for now. It just isn't a commercially viable decision to exploit anything else right now. All they want right now is a box they can leverage for their phishing businesses that they can control with HTTP and IRC.

We have to ask ourselves, to what end would someone mount an OS X attack, specifically? A super-genius hacker looking to make a name for himself (and it is almost always guys doing this)? These sorts of hackers are rare, and need a fair amount of experience before they can mount a real attack like this. To what end would your average script kiddie or phisher put their time and money into such an exploit?

Security is also about what is in it for the attacker. This is one of the fuzziest aspects of the problem, because it rubs up against the very heart of what makes people do stuff like this. At this point someone would really want to exploit you, specifically, or us (i.e., "Mac users"). With the latter, you end up with that lame guy who couldn't exploit the Mac wireless networking, so he hacked a Mac so it could be exploited, and then hand-waved when asked to provide proof. All because he wanted to teach Mac users a lesson, and "put out a cigarette in their eyes".

Seriously? This was the best that a clever network hacker could come up with? He found a Wi-Fi chipset-level hole that /could/ have been in OS X, but luckily wasn't, and this was the reaction? Lame.

Other attackers will have very different motivations for such attacks. There is a whole economy of malware that is only partially related to actual money.

Any one of these things could change. Malware has changed many times since the classic days of yore, when a virus was the most common example. In a networked world, though, it is the servers and protocols that became important targets. Now that everyone runs services, those protocols are even more important.

If these guys could actually write code, or understood TCP/IP well enough, I'd be very worried. The sheer number of demonstrated laboratory attacks on standard protocols that have been fixed in the last 5 years is frightening. And yet not one of these malware writers has been able to mount a real network-wide attack on DHCP, or IPv6, or whatever. And these guys have the exact same access to the information the Good Guys do. I'm still seeing SSH attacks on my edge box from a known exploit from nearly 10 years ago. That, folks, is the definition of "lamz0r scr1pt k1ddi3s".

If it does happen, be afraid.
.

Relevant Pages

  • Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
    ... that Windows gets a lot of malware and Mac OS does not? ... It's a standard Maccie trope to claim that since Windows has far more ... You say that as though there have been hundreds of attacks that worked ...
    (comp.sys.mac.advocacy)
  • Re: Welcome, OS X, to the world of malware
    ... Not exactly the most dangerous malware, but hard to call it anything but. ... How many new pieces of malware were found for Windows this month? ... The most aggressive attacks penetrated before the average AV solution ... Mac world but that type activity is all but ignored in the Windows world: ...
    (comp.sys.mac.advocacy)
  • Re: I cant wait for Leopard
    ... You want to switch to the Mac? ... ? There is no known malware that attacks OS X in the wild ... There are two general types of PCs: Macs and PCs ...
    (comp.sys.mac.advocacy)
  • Re: [O.T.] Computer problems
    ... the number of such attacks are far fewer than those that are aimed at Windows systems; which essentially reflects Mac's tiny market share compared to PCs running Microsoft Windows. ... No computer OS is invulnerable and if there were as many hackers and crackers attempting to discover security flaws in the Mac OS as there are in Windows, there would be much more Mac malware running around on the net. ...
    (alt.smokers.pipes)
  • Re: Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
    ... malware than the Mac, the Mac must have magic pixie dust (which Mac fans ... cannot explain) to protect it. ... They present "Unix" as a sort of totem, which is supposed to drive off malware like evil spirits. ... We can see that the product itself is a much softer target than Windows these days; we can see that Apple is not putting much effort into the technical side of security. ...
    (comp.sys.mac.advocacy)
Loading