Macs Less Secure From Hackers And Viruses

Macs Less Secure From Hackers And Viruses

Mac users who've been smug for years over how secure their OS is, could be in for a rude awakening if news out of the Black Hat Security Conference is true.

As Macs have slowly gained market share on PCs — 9 percent of the market in the second quarter of 2009 and growing — the interest in hacking them has increased. The advances in security for the computers, however, has not kept pace, experts said at the Black Hat
security conference in Vegas.

Apparently, this time, what happens in Vegas is not staying there, and the 4,000 "security professionals" (including
hackers) who are attending the conference discussed the hacks and viruses that could end up making Macs just as vulnerable as Windows-based machines, if the bad guys start paying more attention to them. In fact, they said, Macs could be more vulnerable, because they have more code to potentially exploit.

Despite what Mac users like to think, Dai Zovi, a security researcher and co-author of "The Mac Hacker's Handbook," told Reuters in an interview, "There is no magic fairy dust protecting Macs."

At least three viruses infecting Macs have been identified in the past year, including one that was spread through pirated versions of iWorks and allows the hackers to take control of the Macs once they're infected. And Zovi demonstrated one "technique" that allows a hacker to take control of a computer's Safari browser if the computer's already been infected.

Apple is improving security measures, some said, but perhaps not fast enough.

"They are advancing. Our concern is that they are just not advancing as fast as they are gaining market share," Charlie Miller, co-author of "The Mac Hacker's Handbook," told Reuters.

0
+ -

I can't believe I'm reading such FUDvertising here!

>> At least three viruses infecting Macs have been identified in the past year

Compared to how many on Windows? On some individual *days* this year three new Windows viruses have been found.

If three new PC viruses were discovered each year, it would take over 766 thousand years for Kaspersky's AV signatures to have reached their current size.

>> including one that was spread through pirated versions of iWorks

That's not a virus, that's a Trojan that you manually have to install. A few dozen pirates installing that and getting bitten is a far cry from the estimates of 15 million PCs users who got the Conflicker worm through no fault of their own.

If you compare the total number of infections by machine-base, the Mac comes out so far ahead in the area of security that I only have one question:

Did you know that Charlie Miller is being used by Kaspersky to sell their Macintosh antivirus software? 

"But there’s also something you wouldn’t do if you worked for Kaspersky: you wouldn’t point out that Miller, a Mac security expert, thinks your products are unnecessary for most users to buy and install. This winter, Miller took Apple itself to task for recommending in a support document that Mac users consider installing antivirus software."  (http://www.freerepublic.com/focus/f-chat/2211892/posts)

0
+ -

The number of known malicious software isn't a direct measure of how vulnerable a system inherently is.

Take the fact that Mac is always the first to drop in every annual pwn2own hacking contest. Eventually all the OS' and browsers fall, but not only has Safari on Mac gone down first year after year, but the winners have stated in interviews that they specifically chose to target a Mac based browser platform because it is easier. See below for one such example...

Source: http://blogs.zdnet.com/security/?p=2941

Q: Why Safari? Why didn’t you go after IE or Safari? (i think they meant IE or FF)

A: It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.

0
+ -

Yes, your facts are perfect.

But the real world experience goes the other way. They're waiting in the weeds for any unprotected Windows box. They know how to nail you and do it all of the time. It happens fast and will happen for sure.

Not so with my Mac,.....................

0
+ -

I agree with you there. There is much more money to be made smashing windows machines. It is also easier to do for the script kiddies who are just in it for malicious joy. I say easier because there are more tools available, more tutorials, more communities, more help for someone just starting out. If you want to go breaking a Mac, you are much more on your own. For windows, you have a whole back catalog of past vulnerabilities which have been detailed in full, often with openly available proof of concept code lying around. Also there is the fact that even a patched vulnerability can still be exploited since with the number of windows machines in the wild, you'll still find plenty of people without the patch.

However, my original point was that the article is correct. Eventually as Mac gains more market share there will be more malicious software created to exploit it. However the tipping point won't come when Mac reaches some magic home-use market share percentage, it will entirely depend on Mac's market share in business, since that is where the money and incentive is. The wave of malicious software won't happen on Mac until the serious bad guys who are in it for the money start to target it. After all, script kiddies by definition don't create their own tools or methods, but they do statistically account for the largest percentage of security risks. I'm not sure what market share Mac has in business and server settings, but I'm sure it is no where near 9%.

0
+ -

The pwn2own contest results are being spun by the media to say something they don't.

In the case of Miller's Safari exploit:

1) Miller got to go first. They pick who goes first out of a hat.

2) What you win is determined by which machine you hack. The MacBook was the best prize, and Miller's a Mac user... so guess which one he decided to go for first.

2) Miller didn't trivially hack a Mac in "seconds". He had already spent a week or two creating and testing the exploit before he got there.

3) Nils went second, and *owned* IE8 on Windows 7. The prize was a Sony Viao. Anyone that knows anything about good hardware would have preferred the Mac - but he couldn't win that since Miller already had.

4) The machine had to visit a malicious website. Contrast to actual real-world Windows worms that attack machines that only need be left online.

5) The attacker only gained user rights, not admin rights. Contrast to actual real-world Windows viruses which attach themselves to the OS.

I don't see anything at all about this contest that proves anything derogatory about Mac.

[View:http://www.youtube.com/watch?v=4MZTmm_L2s4]

0
+ -

3vi1,

Good link,......

The brute force numbers of Windows based Viruses and Trojans speak for themselves,.....as does the astounding numbers of exploits invading Windows based browsers.

I have a good set of free solutions that I use for my Windows Machines and haven't had a viral meltdown in years. (knock on wood)

When I bought my first Mac about 6 years ago, I bought Norton AV for it. It never found any threat, and premier Mac forums ridiculed the idea of AV software for the mac. So I removed it after it's subscription ran out and never looked back. I do back up the iMac that I now use, but I don't worry about viruses either. All in all it's a good solution.

And for those of you downloading pirated versions of Mac software, you ought to know better. Sites like that are there just to screw somebody and you're just as good to mess with as software companies are. I'm no angel, but I know better.

0
+ -

Sorry, but I'm new to this site ...

Do the writers here actually consider themselves to be "journalists"?

Just wanted to check before I flame Amy Vernon for clearly coming out anti-mac in the first sentence of her "article".

Smug, no us Mac users are not smug. We're smart, computer-using professionals who probably had their share of headaches with Wintel and know that you get what you pay for.

I'm so sick of all the Apple-haters out there, but to see a writer at a site that seems to see itself as unbiased ... well, that's just intolerable. As intolerable as the POS Wintel machine I am forced to use for CG apps, and on which I've spent hundreds to fix. Never had to spend so much as a dime on a Mac after I purchased it.

And you say Macs are expensive? Well, pay now or pay later.

And please note, I am writing this post from my MacBook. I wouldn't dare let my PC be connected to the net.

0
+ -

Welcome to the site,...I'm fairly new here too.

I think that you are the exact opposite of what you claim the writer to be. A PC hater. In my mind it's just as extreme as Mac hate, and just as hateful too.

I use and love my iMac and I keep my most valuable/important Docs and Photos on it and it's backup drive. It's secure by virtue of the absence of Mac attacks prevalent on the web. It's not impossible to attack though. I use UBUNTU as well and it's not totally impervious either, but nobody is interested in hacking it at this time,..so far.

My PC's are an important part of my computing experience as well. They are on the Net all day long and with the free anti-virus AVAST, the free Spybot Search And Destroy, and the free ThreatFire programs that I've installed they are more secure than my iMac. Nobody gets though and I haven't had a virus in many years. I play my favorite games on the PC's, all four of them connected with myself and my house guests all playing the same game together. It's a blast and I recommend it if you have the equipment to do it.

If you have such a horrible time with your PC's then I would suggest you rethink your PC security solutions and remember to update them often. In my case the FREE solutions that I mentioned really helped me to be secure while online.

 

RealNeil

 

0
+ -

Does anything you mentioned dispute the fact that he was correct about the first sentence of TFA or nullify the fact that the title of the article is misleading when, considering OS-level hacked machines / deployed population, the Mac totally destroys Windows?

Which AV do you run on your Mac and Linux? Have they ever detected a virus, ever? If not, it's probably because people aren't interested in writing viruses for systems that won't give them admin rights.

Sure, viruses will affect all systems... but Windows is far from winning any awards for being the most secure OS relative to any known metric.

0
+ -

I don't use AV software on anything but the Windows Boxes. It's not necessary at this time. I know of some for both OS's (Mac & Ubuntu) and if it becomes a problem then I'll use them.

Yes, I agree that Windows Boxes are just meat for the taking when they're put online unprotected. Microsoft has made certain decisions when they've coded software through the years, some maybe not so good either,..........  That, and the fact that every hacker out there has access to an almost unlimited array of tools, forums, and available existing software designed to probe and penetrate Windows Boxes makes them the target of choice. The People who write these exploits are smart and always coming up with new ideas too. Luckily there are smart people on our side too,..................With Windows world dominance of installed OS's there is no other "attractive" target out there.

I just don't leave the Windows Boxes unprotected and they're OK. I keep repeating that with my solutions, I've been virus-free on all of the Windows Boxes for years. I understand that they could crash and die tomorrow too, like the other OS's I use could. Crap Happens,.............

I also understand that the popular AV software titles that people pay too much for are subjected to allot of attacks as well. They sometimes fail. Crap Happens,............

0
+ -

3vi1:
Sure, viruses will affect all systems... but Windows is far from winning any awards for being the most secure OS relative to any known metric.

3vi1, I like you man and the above statement is true but is not the point of the article...everyone knows that PCs really are never "secure" but the basis of the article was just more on how Mac-attacks (sounds like something from McDonalds) are growing...that's it

P.S. Thank you also 3vi1 for being a just [strong] supporter and not fanboi-ish  Big Smile

0
+ -

Well said RealNeil -- kudos to you man for being a supporter and not a rabid fanboi.

Guys/gals...the point of the article is simply this: Macs are gaining market share -- as a result more and more vulnerabilities are being exploited and will continue to grow as such. Mac exploits may seem like nothing compared to a PC but isn't this comparing apples or oranges? (no pun intended)

Shift 5 yrs back and compare the "known" vuln. and exploits taken advantage of in terms of Mac to today -- this would be a better comparison IMO. Yes PCs are more exploited but they still do (and will) dominate the world for years to come; the aforementioned statement really has nothing to do with how secure a Mac is...they are just separate facts

0
+ -

Thanks for the kudos. I usually don't respond to that kind of post.

I like all three of my OS's. Ubuntu is a good music server for the house.

Win 7 is good for lots of things, gaming being only one of them. They are, with Win 7, just as reliable as any other OS that I've used.

And my iMac is reliable and works always just as it should. 

My whole point is that it's a great time to be a computer user no matter what you use for an OS. There IS a free PC Tools iAntiVirus that you can load on a Mac and it works well. I just don't need it yet. When I do, I'll use it. When it becomes necessary to have security software on Macs then it will come and lots of it will be free too.

BTW: The free PC apps that I mentioned really do work, and they work better than what you pay for. (yeah, you're gonna get on me about that comment people, but I and my experiences in the past stand by it) Geeked  Virus free for many years.

The flaming hate just gets old and has no place in intelligent discussion. Unless you have trouble controlling your emotions,.............

 

0
+ -

fharan99,

You're right. There are craploads of viruses, trojans, malware, hacks, attacks, and other bullsh*t waiting to infect PC's. There is a minuscule collection of the same kind of crap targeting Macs at this time.The crapware that exists targeting Macs depends on the user to take an action that allows the crapware to infect the system. 

But Windows machines NEED protection and MUST have it to survive on the web. No user's actions alone can help them. You have to apply software to protect them and it better be the right combination of programs or you're still screwed.

Macs don't really require or need such protections at this stage,..........but they probably will some day.

Most of us know all of this already. That's the point of this discussion.

 

0
+ -

Clearly there are allot of unbiased people on here

I work with mac's and window's based PC's all day long.

I've seen some weird stuff happen to both types of machines. Our office is 90%mac based and just like everything else on the planet its not perfect and never will be.

Furthermore nothing is uncrackable it just needs a core group of people to give it some attention. At this point there's no pay off going after mac os or an x-serv system. Big business hasn't adopted apple as their cure-all, financially it would make no sense at this point.

One day soon I imagine mac's will be virus magnet's and apple will not be able to keep up with updates. things will start slipping through the cracks. its going to get ugly. I will be laughing and saying I told you so.

Here's the underlying issue

Mr Jobs has a whole computer to worry about. Those crappy Hitachi drives hes put in his mac books are starting to go south.

Sure disk warrior could fix it but you have to pay the tech and buy the software bla bla bla. Starting to sound like a PC no?

Overall they both suck and I'm waiting for something amazing to come out.

0
+ -

shadycrew31:
Furthermore nothing is uncrackable it just needs a core group of people to give it some attention. At this point there's no pay off going after mac os or an x-serv system. Big business hasn't adopted apple as their cure-all, financially it would make no sense at this point.

While you hurt my deeply with your mean remarks I think this sums everything up nice. If someone smart enough wants into any system they can get in. Just like locking your doors doesn't stop someone that really wants in your house.

 

0
+ -

This article ignores the fact hat the OSX unix-based software is in itself more difficult to hack and create a virus for that works. The old argument that "there just aren't enough Macs out there to be worth the trouble" is silly. There are millions of Macs being used and that isn't even counting an unkown (ans unknowable) quantity of "Hackintoshes".

The fact is, Apple is one of they top 5 computer manufacturers in the world. Even with a market share only approaching 10%, that's a lot of Apples in that basket.

0
+ -

"Even with a market share only approaching 10%"

There,...you said it,...10% and that's all. 10% doesn't seem to be worth the time and effort for most of the weenies writing viruses. That IS THE FACT.

Even though 10% is really a big number,...it pales compared to 90%. (the big pie in the sky)

I don't think that Hackintoshes are significant in numbers either. They're just a pain in the ass to keep running and not worth the effort unless you have ALLOT of time on your hands.

0
+ -

The fact is, Apple is one of they top 5 computer manufacturers in the world. Even with a market share only approaching 10%, that's a lot of Apples in that basket.

Acai

0
+ -

"Even with a market share only approaching 10%"

There,...you said it too!,...10% and that's all. 10% doesn't seem to be worth the time and effort for most of the weenies writing viruses. That IS THE FACT.

Even though 10% is really a big number,.....really!,...it pales compared to 90%. (the big WINDOWS pie in the sky)

0
+ -

correction... u mean 89.5%... i'm pretty sure theres atleast .5% open source in the market out there.

0
+ -

coolice:
correction... u mean 89.5%... i'm pretty sure theres at least .5% open source in the market out there.

So far, this discussion has only been about Win and Mac, so I was just staying on topic.

I know that Linux is out there, I have it on 2 machines all of the time. If I could play all of my games on my Ubuntu box as well as Win-7 does, then Win-7 Microsoft would only be an afterthought.

Login or Register to Comment
Post a Comment
Username:   Password: