Macintosh Hacker Attacks Are on the Rise -Symantec - Tilted Forum Project Discussion Community

mikec · 03-22-2005, 12:45 PM

I remember many mac users on this board touting the fact that their mac's were untouchable. The times, they are a changin'...

story: http://story.news.yahoo.com/news?tmp.../tech_apple_dc

Quote:

SAN FRANCISCO (Reuters) - Hacker attacks on Apple Computer Inc.'s Macintosh OS X operating system, thought by many who use the Mac to be virtually immune to attack, are on the rise, according to a report from anti-virus software vendor Symantec Corp.

"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code," said the report, which was issued on Monday.

"It is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix based operating systems."

Many in the Macintosh computer community have long claimed that the Mac platform has been virtually immune to attack -- unlike Microsoft Corp.'s Windows operating system, which runs on more than 90 percent of the world's personal computers.

The Macintosh operating system, the current version of which is based on the Unix operating system, has less than 5 percent of the global market for computer operating systems.

"All these platforms have vulnerabilities - it's a fact of life," said Gartner analyst Martin Reynolds. "The truth of the matter is that Mac is only a couple percentage points of (computer) shipments so it's not an interesting target."

Apple's recent introduction of the Mac mini, a $500 computer sold without a display, keyboard or mouse, could actually increase the likelihood of more malicious software computer code targeting the Mac platform, Symantec said.

"The market penetration of Macintosh platforms will be accelerated by the much lower priced Mac mini, which may be purchased by less security-savvy users," the report said. "As a result, the number of vulnerabilities can be expected to increase, as will malicious activity that targets them."

An Apple spokesman was not immediately available to comment.

Symantec said that over the past year, it had documented 37 high-vulnerabilities--weaknesses that leave the system open to malicious software attacks--in Mac OS X (news - web sites). They "have been confirmed by the vendor, which, in the Apple case, almost always means that the company has released a patch."

A patch is a small piece of software designed to shore up a vulnerability or to fix other software glitches.

At the same time, the report said that while those vulnerabilities in the Mac operating system will increase, "they will likely be outnumbered in other operating systems for some time to come."

Shares of Apple was down 53 cents to $43.17 on Nasdaq.

crafty · 03-22-2005, 12:57 PM

Every system has vulnerabilities... But you won't be affecting nearly as many people if you target Macintosh.

mikec · 03-22-2005, 01:28 PM

good to see you concur w/Martin Reynolds, who basically said what you said, but better, in the article.

Willravel · 03-22-2005, 01:28 PM

Anyone who thought Macs were immune shouldn't be trusted with their Mac information. Any system can be hacked. They are not an accurate representation of the "Macintosh computer community", becuase they probably don't know the first thing about computers. As, myself, an acurate representative of the "Macintosh computer community", I say it was bound to happen. Those iPod commercials piss a lot of people off. OSX may be more stable and less likely to be hacked, but it is far from immune. It's a shame that Macs will be less safe now. This is not a good day for Mac shareholders like myself.

Redlemon · 03-22-2005, 01:40 PM

I didn't see anything particularly newsworthy in that article. Mostly, it seemed to be Symantec trying to drum up sales for their software. No concrete examples, except that they said that Apple has patched any issues that came up:

Quote:

Symantec said that over the past year, it had documented 37 high-vulnerabilities--weaknesses that leave the system open to malicious software attacks--in Mac OS X (news - web sites). They "have been confirmed by the vendor, which, in the Apple case, almost always means that the company has released a patch."

They say that there are vulnerabilities, but not that any hackers have attempted to exploit them. They merely claim that future hacking is inevitable.

I'm not saying that the Mac is invulnerable, but I don't thing Symantec has made a good case to the contrary.

mikec · 03-22-2005, 01:42 PM

will, I remember reading some of your posts, and I don't believe you're an accurate representation of the Mac community, or the PC community in general.

why? because you seem to know what you're talking about. the PC community, as a whole, is pretty fuckin' clueless IMO hehehe.

03-22-2005, 02:10 PM

Shock Headline!

"Macintosh Hacker Attacks Are on the Rise - Says Security Sofware Firm"

I'm still laughing now!!!

Cynthetiq · 03-22-2005, 02:33 PM

Quote:

Originally Posted by Redlemon

I didn't see anything particularly newsworthy in that article. Mostly, it seemed to be Symantec trying to drum up sales for their software. No concrete examples, except that they said that Apple has patched any issues that came up:

They say that there are vulnerabilities, but not that any hackers have attempted to exploit them. They merely claim that future hacking is inevitable.

I'm not saying that the Mac is invulnerable, but I don't thing Symantec has made a good case to the contrary.

McAfee said the same thing about the Palm platform in the late 90s. Marketing Marketing Marketing.

Slavakion · 03-22-2005, 05:32 PM

Quote:

Originally Posted by Cynthetiq

McAfee said the same thing about the Palm platform in the late 90s. Marketing Marketing Marketing.

Hey, my dream is to become teh 1337est PDA h4x0r eva!!!1!

jamesconrad · 03-22-2005, 09:04 PM

Just remember that security is a process. Microsoft's security process is getting better. Now Apple's security process is being tested. We'll soon see just how good their process is.

"Security is a process, not a product"

doubleaught · 03-23-2005, 12:53 AM

Quote:

Originally Posted by zen_tom

Shock Headline!

"Macintosh Hacker Attacks Are on the Rise - Says Security Sofware Firm"

I'm still laughing now!!!

Me too!! People - check your sources!
OS X is certainly not invulnerable, but it's not nearly as easy a target as a windows box regardless of marketshare.

For those not familiar, os x asks for your administrative password any time a major system change is about to occur. So even if a hacker was to exploit, say, a safari bug and execute code they can only do as much damage as you have priveleges for (which can be pretty bad, but not erase-your-whole-computer or infect-the-boot-blocks bad).

bendsley · 03-23-2005, 01:02 PM

Opinion: Despite Symantec's security warnings for Mac OS X, Macintosh users pay too much for protection they don't really need.

In a perfect world, people might pay for security software based on the number of attacks prevented and the severity of those threats. The bigger the threat, the harder the software works and the more it protects, the more you pay. Seems fair enough.

In the case of Mac OS X, if you paid for what you got, the price for security software would be zero. The price would thus equal the number of virus and malware threats that target Apple's Unix-based operating system.

So why do Mac users pay so much—often as much at $70 for anti-virus alone and as much as $150 for a security "suite." Using the same math, Windows anti-virus software would probably cost $1,000 a desktop, yet it's easy to find software for as little as $20 in the stores.

Mac OS X users pay significantly more for protection than Windows users, protection so far they have needed only in theory or "just in case" a big new threat appears. People are getting wise to this. So is it any wonder that Symantec, in the eternal search for the next dollar, is out with a report that seems to predict dire consequences for future Mac users? It's like a teacher once told me, "Sell the sizzle, not the steak. Especially when you don't have any steak."

I suppose it's to the anti-virus industry's credit that some bored anti-virus developer hasn't launched an OS X threat merely to justify his or her continued employment. Still, with no threats, it's not like the software really requires much dev time.

Indeed, a Morgan Stanley report out this week predicts Apple could nearly double its share of the worldwide PC sales this year, thanks to iPod users buying a Mac as well. Going from 3 percent to 5 percent will be dramatic for Apple, but hardly noticeable in the broad marketplace. Given OS X's small global installed base, even this projected doubling of sales may not be enough to attract too much unwanted attention.

"Contrary to popular belief," the Symantec Threat Report continues, "the Macintosh operating system has not always been a safe haven from malicious code. Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems."

Is it any surprise that Symantec would beat the drums of fear as loudly as possible? This is, after all, a company that has for years persuaded Mac users to pay $70 for software "necessary" to protect their computers against nonexistent threats.

This makes me wonder whether the real threat that concerns Symantec isn't from Mac OS X viruses and malware. Rather, it's customers noticing that they've paid a lot of money for Norton anti-virus software that they didn't really need.

How can Symantec keep those customers in line and writing checks? By scaring the living daylights out of them, that's how. They even invoke the "M" word as a warning of what could be in store!

It's prudent to protect yourself. But what you pay for the protection ought to have some relationship to the threat.

While the "value pricing" concept will never fly, there really should be some relationship between what we pay and the protection we get. Compared with what Windows users pay, $70 is more protection than any Mac requires. Yet that's what Symantec and some competitors charge.

Mac users deserve a break.

03-23-2005, 01:32 PM

It's just not time-effective for a hacker to write code for Macs. A virus wants to be able to spread through as many machines as quickly as possible before it is discovered and patched against - to achieve this spread, all those machines need to be connected to the internet at the same time and running the same application (SQL Server, IIS, Outlook or whatever) - if anything having Macs in the loop should slow the propagation of many of these things down (the way a control rod slows down a nuclear reaction by absorbing the particles flying about)

Yes, a determined hacker could write a virus that targets Macs, but why bother? It wouldn't get the population necessary (due to the low numbers) to make it worth-while. As the number grows, expect more threats.

As for selling sizzle, it's what software vendors are renowned for. Wouldn't expect anything different. However, it's such well documented behaviour, I'm still amazed anyone really takes it seriously.

Slavakion · 03-23-2005, 02:23 PM

Quote:

Originally Posted by zen_tom

Yes, a determined hacker could write a virus that targets Macs, but why bother? It wouldn't get the population necessary (due to the low numbers) to make it worth-while. As the number grows, expect more threats.

Good hackers do something to prove it can be done. They like the challenge. This proves that virus writers must not be made up of very many 1337 hackers if there are still <10 linux viruses and whatever small number for macs.

What would be really awesome (well, awesome isn't really the word...) is if somebody managed to come up with a cross-platform virus. It'd have to have some way to perform OS fingerprinting, and then choose what to do from there. Probably make for a bulky virus, but even a 2 meg proof-of-concept would be cool.

martinguerre · 03-23-2005, 04:20 PM

*nods...

I know my OSX machines are not invunerable. But they are, for day to day operations, not subject to the same threat level that wintel machines are. i've been quite happy with apple's response time with patches, and my security experience...and i've been a mac user since about 1987.

FlunkedFlank · 03-24-2005, 12:20 AM

Most importantly, OS X is far easier to secure from an engineering standpoint. For starters, a large portion of the OS is open-source, and the parts that are are typically the ones that are important as related to security. And it's not nearly as easy to run malicious code as it is on Windows, where things like ridiculous DLL conflicts, ActiveX and MS Office Macros run rampant. And of course there's no registry.

So yes, hackers will devote more attention to it if its market share increases, but I still think that it will prove more secure, proportionally speaking, for the amount of hacking attention devoted to it.

archpaladin · 03-24-2005, 03:20 PM

:: points to OpenBSD ::

Problem solved.

03-22-2005, 01:28 PM	#3 (permalink)
mikec I flopped the nutz... Location: Stratford, CT	good to see you concur w/Martin Reynolds, who basically said what you said, but better, in the article. __________________ Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality

03-22-2005, 01:42 PM	#6 (permalink)
mikec I flopped the nutz... Location: Stratford, CT	will, I remember reading some of your posts, and I don't believe you're an accurate representation of the Mac community, or the PC community in general. why? because you seem to know what you're talking about. the PC community, as a whole, is pretty fuckin' clueless IMO hehehe. __________________ Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality

03-23-2005, 01:02 PM	#12 (permalink)
bendsley Professional Loafer Location: texas	Opinion: Despite Symantec's security warnings for Mac OS X, Macintosh users pay too much for protection they don't really need. In a perfect world, people might pay for security software based on the number of attacks prevented and the severity of those threats. The bigger the threat, the harder the software works and the more it protects, the more you pay. Seems fair enough. In the case of Mac OS X, if you paid for what you got, the price for security software would be zero. The price would thus equal the number of virus and malware threats that target Apple's Unix-based operating system. So why do Mac users pay so much—often as much at $70 for anti-virus alone and as much as $150 for a security "suite." Using the same math, Windows anti-virus software would probably cost $1,000 a desktop, yet it's easy to find software for as little as $20 in the stores. Mac OS X users pay significantly more for protection than Windows users, protection so far they have needed only in theory or "just in case" a big new threat appears. People are getting wise to this. So is it any wonder that Symantec, in the eternal search for the next dollar, is out with a report that seems to predict dire consequences for future Mac users? It's like a teacher once told me, "Sell the sizzle, not the steak. Especially when you don't have any steak." I suppose it's to the anti-virus industry's credit that some bored anti-virus developer hasn't launched an OS X threat merely to justify his or her continued employment. Still, with no threats, it's not like the software really requires much dev time. Indeed, a Morgan Stanley report out this week predicts Apple could nearly double its share of the worldwide PC sales this year, thanks to iPod users buying a Mac as well. Going from 3 percent to 5 percent will be dramatic for Apple, but hardly noticeable in the broad marketplace. Given OS X's small global installed base, even this projected doubling of sales may not be enough to attract too much unwanted attention. "Contrary to popular belief," the Symantec Threat Report continues, "the Macintosh operating system has not always been a safe haven from malicious code. Out of the public eye for some time, it is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix-based operating systems." Is it any surprise that Symantec would beat the drums of fear as loudly as possible? This is, after all, a company that has for years persuaded Mac users to pay $70 for software "necessary" to protect their computers against nonexistent threats. This makes me wonder whether the real threat that concerns Symantec isn't from Mac OS X viruses and malware. Rather, it's customers noticing that they've paid a lot of money for Norton anti-virus software that they didn't really need. How can Symantec keep those customers in line and writing checks? By scaring the living daylights out of them, that's how. They even invoke the "M" word as a warning of what could be in store! It's prudent to protect yourself. But what you pay for the protection ought to have some relationship to the threat. While the "value pricing" concept will never fly, there really should be some relationship between what we pay and the protection we get. Compared with what Windows users pay, $70 is more protection than any Mac requires. Yet that's what Symantec and some competitors charge. Mac users deserve a break. __________________ "You hear the one about the fella who died, went to the pearly gates? St. Peter let him in. Sees a guy in a suit making a closing argument. Says, "Who's that?" St. Peter says, "Oh, that's God. Thinks he's Denny Crane." Last edited by bendsley; 03-23-2005 at 07:32 PM..

03-23-2005, 04:20 PM	#15 (permalink)
martinguerre whosoever Location: New England	*nods... I know my OSX machines are not invunerable. But they are, for day to day operations, not subject to the same threat level that wintel machines are. i've been quite happy with apple's response time with patches, and my security experience...and i've been a mac user since about 1987. __________________ For God so loved creation, that God sent God's only Son that whosoever believed should not perish, but have everlasting life. -John 3:16

03-24-2005, 12:20 AM	#16 (permalink)
FlunkedFlank Tilted	Most importantly, OS X is far easier to secure from an engineering standpoint. For starters, a large portion of the OS is open-source, and the parts that are are typically the ones that are important as related to security. And it's not nearly as easy to run malicious code as it is on Windows, where things like ridiculous DLL conflicts, ActiveX and MS Office Macros run rampant. And of course there's no registry. So yes, hackers will devote more attention to it if its market share increases, but I still think that it will prove more secure, proportionally speaking, for the amount of hacking attention devoted to it. __________________ Jesus saves ... and Gretzky gets the rebound!

03-22-2005, 12:57 PM	#2 (permalink)
crafty Tilted Location: Omaha, NE	Every system has vulnerabilities... But you won't be affecting nearly as many people if you target Macintosh.

03-22-2005, 01:28 PM	#4 (permalink)
Willravel ... a sort of licensed troubleshooter.	Anyone who thought Macs were immune shouldn't be trusted with their Mac information. Any system can be hacked. They are not an accurate representation of the "Macintosh computer community", becuase they probably don't know the first thing about computers. As, myself, an acurate representative of the "Macintosh computer community", I say it was bound to happen. Those iPod commercials piss a lot of people off. OSX may be more stable and less likely to be hacked, but it is far from immune. It's a shame that Macs will be less safe now. This is not a good day for Mac shareholders like myself.

03-22-2005, 02:10 PM	#7 (permalink)
zen_tom Guest	Shock Headline! "Macintosh Hacker Attacks Are on the Rise - Says Security Sofware Firm" I'm still laughing now!!!

03-22-2005, 09:04 PM	#10 (permalink)
jamesconrad Upright	Just remember that security is a process. Microsoft's security process is getting better. Now Apple's security process is being tested. We'll soon see just how good their process is. "Security is a process, not a product"

03-23-2005, 01:32 PM	#13 (permalink)
zen_tom Guest	It's just not time-effective for a hacker to write code for Macs. A virus wants to be able to spread through as many machines as quickly as possible before it is discovered and patched against - to achieve this spread, all those machines need to be connected to the internet at the same time and running the same application (SQL Server, IIS, Outlook or whatever) - if anything having Macs in the loop should slow the propagation of many of these things down (the way a control rod slows down a nuclear reaction by absorbing the particles flying about) Yes, a determined hacker could write a virus that targets Macs, but why bother? It wouldn't get the population necessary (due to the low numbers) to make it worth-while. As the number grows, expect more threats. As for selling sizzle, it's what software vendors are renowned for. Wouldn't expect anything different. However, it's such well documented behaviour, I'm still amazed anyone really takes it seriously.

03-24-2005, 03:20 PM	#17 (permalink)
archpaladin Crazy	:: points to OpenBSD :: Problem solved. __________________ This space not for rent.