Chicago Boyz

                 
 
 
What Are Chicago Boyz Readers Reading?
 

 
  •   Enter your email to be notified of new posts:
  •   Problem? Question?
  •   Contact Authors:

  • CB Twitter Feed
  • Blog Posts (RSS 2.0)
  • Blog Posts (Atom 0.3)
  • Incoming Links
  • Recent Comments

    • Loading...
  • Authors

  • Notable Discussions

  • Recent Posts

  • Blogroll

  • Categories

  • Archives

  • Snow Leopard, Macs and Malware

    Posted by Shannon Love on August 28th, 2009 (All posts by )

    From Instapundit:

    WELL, MAYBE I’LL WAIT A BIT: I mentioned Snow Leopard’s [Mac OS 10.6] malware protection earlier, but this says it only scans for two trojans. [bold added]

    Why would Apple bother to create a system that only scans for two pieces of malware? Well, firstly, the system is designed to automatically update using Mac OS X’s software update feature. More malware definitions can be added in the future.

    Secondly, there are really only two pieces of active Mac OS X malware .

    The article describes the two pieces of malware that Snow Leopard starts out scanning for: OSX.RSPlug and OSX.Iservice. Scanning for only two pieces of malware seems paltry by PC standards but looking up OSX.RSPlug and OSX.Iservice on Symantec’s threat list reveals that both are classified as having a known level of infected computers of 0-49 and known infected sites of 0-2. That is the lowest level of infection Symantec can set and as a practical matter translates into zero infected machines.

    Symantec lists a whacking total of 13 known pieces of Mac OS X targeted malware out 9000+ listed. Of those, four are proof-of-concept programs written by security experts to study exploits. They don’t actually exist outside the lab. Of the remaining 9, four will not run on Mac OS 10.5 or 10.6 and/or have been patched out on earlier system versions.

    All of the remaining six pieces of malware are trojans.

    Malware is usually divided into three subtypes depending on how the malware spreads. Viruses work much like biological viruses, i.e., they hijack a program running on a computer and direct that program to propagate the virus. Worms are self-contained programs that copy themselves from computer to computer. Both viruses and worms can spread exponentially because they reproduce themselves as fast as the infected computer can communicate with other computers, and in doing so they require no human action.

    Trojans, named by analogy to the Trojans’ bringing the Greeks’ wooden horse inside the city walls, require that that a human being load the software onto the computer. Getting infected by a trojan usually requires personal carelessness on the order of taking candy from strangers. Trojans pretend to be a copy of a useful or desirable  piece of software, which the user then installs on the system. Most often they masquerade as pornography or “cracked” — i.e., stolen — software. Trojans cannot propagate quickly because a human has to go through the process of installing them on every computer they infect. If a virus or worm gets control of your internet-connected computer, it will automatically attack hundreds or even thousands of other computers within a few hours. If a trojan gets on your computer, it can only spread by sending messages to another human that somehow tricks that human into installing the trojan.

    Of the six Mac trojans, the vast majority of infections are the result of OSX.RSPlug and OSX.Iservice. So, by including just two paltry malware definitions in Snow Leopard, Apple has protected 10.6 users from 90%+ of the already extremely minor risk posed by malware for Mac users. It’s like handing out helmets to people watching the Pleiades shower to protect them from the odd chance of getting hit by a meteorite.

    Apple hasn’t even bothered to advertise the malware feature, because the malware threat is so trivial that they’d lose more business talking about malware protection — and leading some people to think Macs have a problem with it — than they’d gain by bragging about how they can prevent infection. As this very good article points out, the Mac malware threat is so trivial that a Mac user is more likely to encounter problems caused by anti-malware software than from malware itself. Nevertheless, it’s good to have a system in place in case a significant threat does raise its head in the future. Snow Leopard provides a safeguard against the day.

    In the end, no matter how you cut it, the malware threat on Macs is so trivial it shouldn’t influence anyone’s upgrade decision.

    [Update: Many claim that Mac OS X doesn’t suffer from malware like Windows does because Mac OS X’s market share is to small to attract the attention of malware programmers. I debunk that idea in my next post.]

     

    27 Responses to “Snow Leopard, Macs and Malware”

    1. Curmudgeon Geographer Says:

      Glenn sure likes his tech. But his understanding of some of these issues rarely gets deeper than the marketing-speak shallow end of the tech ocean.

      I found it remarkable that he noted Apple’s Genius Bar didn’t have an opening until Monday while Dell sent out a tech the next day. Failing to note that all Apple Stores are having an enormous but brief event going on as we speak. The roll out of Snow Leopard. Apple Stores across the country have shut down Genius Bars for the brief couple days to handle the introduction of Snow Leopard, then back to normal. This same thing happens with new iPhone releases every single year, the Genius Bars close for a few days to handle the introduction of some bit of major new tech. Why Glenn failed to note this was the weekend of the release of Snow Leopard might be a factor for having to wait a few days . . . ? Kind of stoopid on his part . . .

    2. david foster Says:

      curmudgeon…But maybe people with actual *work* to do on their Macs find it problematic that service responsiveness is keyed to Apple’s internal marketing calendar.

      How would you like it if you couldn’t get telephone service because all the telco ops people were supporting some kind of marketing event?

    3. Shannon Love Says:

      Yes, I have to agree that the poor service that Glenn reported really has no good excuse.

      I’ve got one primary machine and if it goes down I’m running at half capacity until it comes back up. Glenns talking about a mac person losing several days of work if they don’t have a back up. For a $2,000+ machine thats not really acceptable especially when you have a storefront that you could have someone just drop the machine off.

      I say all this as someone who worked for Apple’s Service division for many years. Ironically, if Glenn had had a less protable machine, he could have had a field technician come onsite and fix it. Since he had laptop, he had to either carry it in or ship it in. I really don’t know how someone can do any serious repair work on a laptop on someone’s kitchen table so I’m impressed that Dell seems to be able to carry it off.

      I had a pretty good experience when I got my last Macbook. It had a dead area of the LCD right out of the box. I got an appointment to the genius bar. It took IIRC three days but I could continue to use the machine in its reduced capacity until then. After I handed in to the store they turned it around in under four hours so I was only completely down for those four hours.

      On the other hand, if I had had to wait a few more days while Apple cleared some marketing I would have been upset. If there was one thing I learned in my time in tech support it was that marketing should be kept far away from service.

    4. Curmudgeon Geographer Says:

      I’d be peeved as well. But by not saying why there was a wait of a few days right now he gives the reasonable impression that this could be happening all the time. How often does Apple update its OS? About every 18-22 months, the day of which is advertised weeks in advance. How often does Apple update the iPhone? So far once per year, and the media frenzy makes it quite clear to avoid the Apple Stores on release day. I know better than to go to an Apple Store on iPhone release day unless I’m getting an iPhone, I’ll wait it out.

      That said, Apple does have a phone tech support line . . . no need to go to a store. If you are no where near an Apple Store, Apple sends out a tech to your residence for those covered by AppleCare, too.

      It’s not simply a marketing event. You seem to imply OS updates are all little more then marketing events once all the coding is done and the selling has begun. The release of the new OS (like any new software) is a tech support tidal wave as well. A new OS is going to happen someday, lest one hope and expect software to calcifies and stagnates for eternity. The update comes all at once in a single release on a particular day. The Geniuses are there to facilitate the wave of tech support issues upon release as millions of people install the software and run into some issue or other. How can it be possible to release something as major as an OS and not have a tech support phenomenon as folks get up to speed with the new?

      It is simply nothing more than unfortunate timing for the customer AND the manufacturer.

    5. Curmudgeon Geographer Says:

      I dunno, maybe Glenn’s situation is really also a fable on “free” health care from a single provider.

      The Genius Bar is free. As a free service, it is used as much as a free service would be. As a result, there is rationing, i. e. first come first serve queuing. As more people use it, the lines get longer.

    6. TMLutas Says:

      First of all, Dell doesn’t provide technicians directly. They contract it out to specialized companies. The same companies get contracts from HP, IBM, and yes, Apple. Tech availability is directly related to how much money said computer company is paying out to said local contractor. All companies manage tech availability just like they manage how long your hold time is.

      If you want a genius bar appointment, you can go to Apple’s web site and set one up from home. There was no need for Glenn to drive out to the Apple store and find out that the trip was for naught. He could have called Apple just as he called Dell. He might even have gotten the same technician.

    7. daniel Says:

      Symantec lists a whacking total of 13 known pieces of Mac OS X targeted malware out 9000+ listed. Of those, four are proof-of-concept programs written by security experts to study exploits. They don’t actually exist outside the lab. Of the remaining 9, four will not run on Mac OS 10.5 or 10.6 and/or have been patched out on earlier system versions.

    8. Mr. Bingley Says:

      Well, if I were Dell and someone named “Glenn Reynolds” who happens to get a gajillion hits per day on his website needed a repair done on his computer I’d pony up and send a repair guy out too.

      Cheapest good PR they’ve ever bought.

    9. Glenn Howes Says:

      While this is not directly related to the problem of getting a Genius on the weekend of a system software upgrade, I have had extremely satisfying dealings with Mac Genius’s lately. I brought my iPhone 3G in because the microphone part of the headset was sounding awful. They blew air into it to clean the connection, which made it sound passable but not perfect, and then gave me a new phone, and this was either on the day my warranty expired or the day after! I wasn’t even asking for a new phone, they just gave it to me.

      And the time before, the bearings in my unibody Macbook were really noisy (I take it there was a bad batch of bearings), and all I wanted was a new fan, and they insisted in also putting in a new motherboard as well.

      And the time before, I had a white plastic MacBook whose palm rest was getting dirty brown (a known issue), and it was well, well out of warranty, and they just put a new palm rest on it on request. Took 5 minutes. And they also replaced the battery which was a little out of spec.

      People complain about Mac prices, but without the profit margins, they would not be able to stay in business with customer experiences like that.

    10. Jonathan Says:

      Dell received a tremendous amount of service-related criticism on blogs several years ago. It may be that Dell learned from that experience and now either gives extra attention to prominent bloggers or has improved service generally or both.

    11. Simon Kenton Says:

      I don’t have a blog, therefore get no hits and still got a Dell technician at the house within 2 days after I had a problem. His fix worked, too: 2 new DVD drives. I wish other areas of my life like cars and health care had this level of service.

    12. Mr. Bingley Says:

      Great to hear, Simon; I stand corrected.

    13. Louis Wheeler Says:

      You don’t understand: you scan for what little malware you have. Snow Leopard only had two Trojan Horse samples to scan for. They never amounted to much.

      The list can be upgraded, through software update, if more malware is developed.

      Snow Leopard, because of its BSD UNIX foundations, is not infected with virus’, worms, adware or spyware the way that Windows is. You cannot get infected just by visiting a web site or opening email. Most Mac users don’t have anti virus. They don’t need it.

      Also, Snow Leopard places all applications inside its own sand boxed virtual space so that a corrupted file cannot get out to infect the system.

      The Mac’s security is head and shoulders above Windows. It has never had a malware problem “in the wild” in 9 years. It is better than ever now.

    14. Borepatch Says:

      I’ve worked in Internet Security for 20 years or so, and this it’s not really right to say “there are only 2 known circulating malware examples” for OS/X.

      Most malware these days is delivered via the web, and much of this is delivered by tricking the user into installing the malware (“phishing” attacks). Macs are no more resistant to this than Windows (or Linux).

      What *is* a problem is that Apple has had a fairly cavalier attitude towards security, for some time. I don’t know if they’re drinking the our-security-is-teh-awesome Kool Aid, but they are making rookie security mistakes:

      CommCenter runs with elevated priv on iPhone, so a SMS message can own the phone

      Apple patch process makes corporate patching impossible

      Apple doesn’t announce critical security fixes

      I’m not trying to flame Apple here, but the impression is very much that their culture is one of arrogance and excessive secrecy. Neither is conducive to better security.

      Bottom line, the threat surface for Macintosh is much higher than you would think from the “only 2 pieces of malware” headline.

    15. Shannon Love Says:

      Borepatch,

      Most malware these days is delivered via the web, and much of this is delivered by tricking the user into installing the malware (”phishing” attacks). Macs are no more resistant to this than Windows (or Linux).

      That’s because those forms of attacks aren’t attacks against the technology but rather con artist scams directed against the user. It’s “social engineering”, not computer programming. It is impossible to create a technology that protects a computer from software that the computers administrator choses to install on it. The only thing you can do is have humans compile a list of scam software and provide that information to the end user.

      What *is* a problem is that Apple has had a fairly cavalier attitude towards security, for some time. I don’t know if they’re drinking the our-security-is-teh-awesome Kool Aid, but they are making rookie security mistakes:

      Yes, I know but people have been saying all this for ten years (which is 50 years in “computer years”) and Apple’s supposed gotterdamerung caused by arrogance and carelessness has never arrived. If Apple has a cavalier attitude towards security, shouldn’t that make it even more likely that someone would have created a successful self-propagating piece of malware for Mac OS X?

      I used to think just like you did but after sitting on the edge of my seat waiting for that first Mac OS X virus for TEN FEAKING YEARS I’ve been forced to conclude that we have conducted the best possible extensive real world experiment for the hypothesis that you can write a virus or worm for Mac OS X just as easily as you can write one for Windows.

      Think of it this way: If you went to a security conference today and claimed between 2009 and 2016 or 2019, no one would succeed in writing a virus or worm for Mac OS X, you would be laughed out of the room.

      Suppose you went back in time to 1999 and the release of Mac OS X server. Mac OS Classic has a 2% market but is heavily under attack from viruses. No one has even invented the security through rarity argument because back then rarity did not provide security. Now, you then go to a security conference and make a bold prediction: In 2002, Mac OS X will become Apples primary OS and it will not have a single self-propagating piece of malware attack it over the seven years from 2002-2009! They would also have laughed you out of the room but you would have been correct.

      Back in 1999 or 2002 even computer security expert would have told you that it was only a matter of time, months not years, before someone wrote a virus for Mac OS X just as they had for Mac Classic. They would also have told you that in 2003, 2004, 2005, 2006, 2007, 2008 and now 2009. They will also tell you that in 2010…

      How many years or decades do we have to let go by before you start asking whether the supposed security vulnerabilities on Mac OS X actually exist in the real world?

    16. Louis Wheeler Says:

      Borepatch said:

      “I’ve worked in Internet Security for 20 years or so, and this it’s not really right to say “there are only 2 known circulating malware examples” for OS/X.”

      Fine, what are they? Tell Apple what they are. Get them added to the list.

      I was talking about Trojan Horses; that is what the new malware program seems to select for. I haven’t heard of any other Mac malware problems. The above Trojans took extraordinary means to get installed, so they never self replicated “in the wild.”

      “Most malware these days is delivered via the web, and much of this is delivered by tricking the user into installing the malware (”phishing” attacks). Macs are no more resistant to this than Windows (or Linux).”

      True, no one is protected from their own stupidity, either.

      The problem was that no one was sufficiently and specifically warned about a malware problem. This Malware program does that, so what is your complaint?

      Recently, Mac users who downloaded a porn plugin and an illegal copy of iWorks 2009 found that they had also installed a Trojan Horse. I am assuming that this new system will protect against that. If not now, soon.

      The argument that there are only TWO samples assumes that there will never be more than two samples. I specifically said that software security updates will add more, if necessary. We Mac users get security and point release bug fix upgrades all the time. In the 19 months since Leopard was released there were 8 bug fixes and about that many security updates.

      “What *is* a problem is that Apple has had a fairly cavalier attitude towards security, for some time.”

      Is it a cavalier attitude? Or does Apple know that their Unix foundations are secure enough that they don”t have to panic and reactively respond in the way that Microsoft does? A rushed job is often a botched job. It leads to spaghetti code that no one can unravel.

      Microsoft Windows has severe security problems that Microsoft cannot fix. System Seven carries on vulnerabilities from Windows NT that are from July 1993. Any vulnerability automatically becomes exploitable in Windows. That is not true with the Mac OS.

      http://www.rixstep.com/2/20090601,00.shtml

      Apple, also, has to deal constantly with FUD campaigns about vulnerabilities which never amount to much.

      http://www.rixstep.com/2/20090826,00.shtml
      http://www.rixstep.com/2/20090830,00.shtml

      Let’s talk about your links:

      Your first link was about a iPhone vulnerability that went un-patched for three whole weeks. Boo-hoo.

      The iPhone OS is a work in progress. It is a truncated form of the Mac OS, but the hardware is insufficient to deliver many of the protections that Snow leopard has. Those protections will be added later, when the computer chips improve. If you have problems now, you can simply over-write the OS with the most recent version.

      Much of the sand boxing will be expanded, this year. There is no need to panic.

      The next two links have a Microsoft centric viewpoint. They assume that Microsoft and its methods are always right.

      Apple upgrades individual computers, not en masse. Apple does not cater to the IT professionals. It gives no warning of when it will update its OS. It has no bug fix Tuesday, because it never has enough bugs to fix that often. Consequently, it waits until enough fixes have accumulated and corrects them all at one time. I understand how that can irritate anal retentive people. We hang loose Mac users don’t mind Apple’s system.

      “I’m not trying to flame Apple here, but the impression is very much that their culture is one of arrogance and excessive secrecy.”

      Secrecy is part of Apple’s consumer oriented marketing system. It is what gets Apple so much free publicity when it has something to say or adds new hardware or software. I don’t expect that to change. In fact, I expect that the Enterprise market will change before Apple will.

      Arrogance is in the eye of the beholder. You think that Apple is arrogant, because you refuse to accept that Apple IS superior to Windows in many areas.

      “Neither is conducive to better security. Bottom line, the threat surface for Macintosh is much higher than you would think from the “only 2 pieces of malware” headline.”

      If that were so, we would see that exhibited in the real world rather than in your imagination. The real world doesn’t agree with you, so it must be wrong, right?

    17. Louis Wheeler Says:

      Hi Shannon,

      Most of these arguments are sour grapes. Apple’s detractors try to dismiss real improvements in Snow Leopard’s security.

      It’s going to be a whole two months before we experience how pathetic System Seven really is. I expect a hue and cry when we learn how few Windows XP boxes it will run well on. It is better to get people to dismiss Snow Leopard early, before that happens. That way, disgruntled Windows users won’t migrate to Apple.

      We Mac users are still learning about the implications of Snow Leopard. Much of the security will improve as applications migrate to 64 bit code over the next year. It is easy for Cocoa programmers to upgrade now with just a recompile. Of course, I have read that XCode 3.2 has many improvements in it which will find a program’s current bugs and correct its errors.

      One thing that Apple’s detractors will not discuss seriously is that all applications will be sand boxed. Boot Camp, VMWare, Parallels are sand boxed in their own partition, now.

      How is this possible in 10.5 and 10.6 since it requires hardware and software to do that? It turns out that when Apple moved to Intel processor chips it specified that every CPU would have Intel’s VT — Virtual Technology hardware in it.

      These chips cost more, so VT doesn’t wind up in Intel’s cheaper chips. This hardware was designed to work with Intel’s VPro software which allows an IT department to control a company’s computers. It intentionally sand boxes the Microsoft Windows OS so that it can be protected from virus’ and malware.

      Intel’s VPro software was never successful, so most Enterprise computers have the cheaper chips without VT hardware. Hey, it knocked a couple bucks off of every computer. When you are talking about 10 thousand computers being ordered, that adds up. But, this may be penny wise and pound foolish.

      Snow leopard is too new for us to know if Apple has implemented VPro inside it. If it has, then the Enterprise IT personnel have some pleasant consequences ahead.

      The Mac may be the only computer line on which you can safely run Microsoft Windows, because it will be sand boxed. Wouldn’t that be a hoot?

    18. Borepatch Says:

      Louis, the issue with the iPhone vulnerability is not that it took Apple 3 weeks to patch it.

      The issue was code ran with elevated privilege when it didn’t remotely need it. This, more than anything, is precisely the problem that Windows has. The 2003 Slammer worm targeted the SQL Server database, because everyone installed it with LOCAL_SYSTEM (essentially world+dog) priv. Why? It was easier.

      6 years later, Apple does exactly the same thing. They clearly hadn’t learned from Microsoft’s mistakes, or the 30 years of Unix security work that preceded them.

      What’s different is that we’re seeing multiple examples of mistakes that should not be made today. It’s one thing to make a new mistake. It’s different to make a mistake that everyone knows might happen. To do it several times says something not very complimentary about how important Apple perceives security to be.

      Shannon, we’re very likely done with the days of the mass self-propagating worm (like Slammer). The reason is that the Bad Guys are no longer writing malware for bragging rights, but rather to make money (renting out botnets for spam generation and the like). Mass propagating malware is usually discovered quickly, and rooted out.

      The biggest reason to think that there is a malware problem with OS/X is that Apple thinks that there’s a malware problem with it. If they didn’t think this was brewing, why would they have put in a malware removal capability?

    19. Louis Wheeler Says:

      Borepatch said:
      “Louis, the issue with the iPhone vulnerability is not that it took Apple 3 weeks to patch it. The issue was code ran with elevated privilege when it didn’t remotely need it.”

      We read this differently. What I see is that Apple rushed the iPhone OS out the door before it was remotely secure. It was bare bones, not a finished system. Much of what they planned to do had to be added later. What this smacks of is a new security system which they haven’t completed yet.

      The iPhone OS works fine for the moment by wiping it clean and installing the latest version. Eventually, Apple will correct these security problems, but it has no real rush to do so. Apple has limited resources and has been concentrating them on Snow Leopard.

      “This, more than anything, is precisely the problem that Windows has…”

      Windows has no internal security; its registry is a mess and DLL’s are a joke. Furthermore, MS cannot correct its lack of secure foundations without breaking all its applications.

      I believe that Apple has plans to fix the iPhone OS without breaking any apps.

      “The biggest reason to think that there is a malware problem with OS/X is that Apple thinks that there’s a malware problem with it. If they didn’t think this was brewing, why would they have put in a malware removal capability?”

      You are reading too much into this. You are assuming that Apple is acting out of fear. Apple included both spam and malware protection in SL. These are minor problems which effect very few Mac users.

      Haven’t you ever heard of covering your bases?

      I think it is that Apple recognized that many people are new to the Mac and they felt naked without protection. So, they gave them some.

      I’ve been running Mac OSX since 10.1.5, before that back to system 6. I have never used antivirus with Mac OSX. I never felt the need. Never had a virus, spam or malware problem in 9 years.

    20. Louis Wheeler Says:

      Borepatch, you need to read this because you think that the Mac OS in insecure when it is not.

      http://rixstep.com/2/20090726,00.shtml

      By adding spam and malware notification, Apple covers its bases. It placates the fears of new users.

    21. Borepatch Says:

      Lousi, I actually don’t think that OS/X is insecure. My thinking is:

      1. OS/X has a much, much better track record than Windows, which is to be expected since it is based on a Unix kernel.

      2. I believe that Apple’s market share has grown to the point where it is now interesting to malware writers, who are now motivated not by fame, but by financial gain.

      3. If it’s true that the malware technology arena has evolved into a market, this will present enterprising malware authors with an opportunity to differentiate their product, by providing zombie support for Mac as well as Windows.

      4. Apple’s attitude towards security has repeatedly caused reason for concern.

      Is the world ending? Clearly not. However, the environment may be more target rich than anyone believes.

      Thanks for the link – I’ll read it tonight.

    22. Shannon Love Says:

      BorePatch,

      Louis, the issue with the iPhone vulnerability is not that it took Apple 3 weeks to patch it. The issue was code ran with elevated privilege when it didn’t remotely need it.

      The SMS process did not run with elevated privileges but the CommCenter that spawns the SMS process did.The CommCenter runs with elevated privileges because it has to be able to interrupt, pause or even kill any other process running on the phone. This is because the iPhones function as a cell phone has to be able override every other process on the phone in order in ensure that people can use the phone in an emergency. As near as I can tell, Apple’s patch did not change this, it merely corrected the flaw in the SMS code. I’m not sure there is a way to even run the CommCenter without elevated privileges and still have override every other process.

      This SMS exploit also affected Google’s Android and Windows Mobile. Given that, it really doesn’t serve as a good example of an Apple specific failure. It caught everyone by surprise.

      Shannon, we’re very likely done with the days of the mass self-propagating worm (like Slammer)

      I disagree. There are two widespread viruses out there right now building giant botnets with over a million units each. Self-propagating malware is many orders of magnitude more dangerous than trojan type attacks that filter through human actions (such as visiting a web site). In the later case, the degree of spread is limited to the number of humans who choose the infecting action. If you have a malicious website, at best you can only infect as many computers as you have page hits. No one is ever going to control millions of machines with these types of attacks. Viruses and worms are here to stay as long as the technology makes them feasible.

      The telling thing for me is that your not making any arguments I haven’t heard for the last 7-10 years. The Mac OS X software is just as full of exploits as Windows. Experts have demonstrated ‘X’ number of major exploits. Blackhats can’t make money cracking Macs. Apple doesn’t take security seriously. Apple has taken a security precaution so that means Apples knows it has a problem. And so on…

      How many DECADES will people make the exact same arguments over and over again before we begin to question whether the conventional wisdom has a fatal flaw somewhere?

    23. Louis Wheeler Says:

      Borepatch said:

      “1. OS/X has a much, much better track record than Windows, which is to be expected since it is based on a Unix kernel.”

      May I nitpick?
      Mac OSX is not based on a Unix kernel; it is UNIX 3 compliant. This means that it is full bore UNIX, no less than a mainframe.

      2. I believe that Apple’s market share has grown to the point where it is now interesting to malware writers, who are now motivated not by fame, but by financial gain.

      May I remind you that, when the original MacOS was at a lower percentage of market share than today, it lacked for no number of virus’. As soon as Apple improved its foundations with Mac OSX, those malware problems ended. There have been none added even though the Mac’s market share has quintripled. Why? Because Mac OSX is much harder to break into.

      http://rixstep.com/2/20090326,00.shtml

      Snow leopard’s security improvements will make this even tougher. Mac OSX is not low hanging fruit the way that Windows is; it is very difficult to get at.

      Sure, any OS can have flaws which may be exploited, but Apple have been slowly getting rid of them.

      Apple says that it is going through Snow Leopard line by line to improve it. Sand-boxing the applications will be a major improvement. But, it will take time to see how good a job Apple has done.

      3. If it’s true that the malware technology arena has evolved into a market, this will present enterprising malware authors with an opportunity to differentiate their product, by providing zombie support for Mac as well as Windows.

      It’s the Windows OS which is providing the zombies, not Mac OSX or Linux. But, this is an on going problem.

      A Mac Trojan Horse recently was used as a DDoS zombie, but users had to give away their passwords to get it to work. It was, thus, never wide spread. And it was easy to get rid of in the Terminal App.

      This new malware program in Snow Leopard should prevent that problem.

      4. Apple’s attitude towards security has repeatedly caused reason for concern.

      That is because Apple marches to its own tune, not Microsoft’s.

      For five years after the Love Bug Virus, Microsoft ignored its role in spreading malware. When it got a real PR black eye from it, it got frantic. Now it wants to set itself up as the standard when other OS’s are much better secured.

      It like the spin about Snow Leopard which makes no sense.

      Adding spam and malware protection does not indicate that Apple is feeling insecure. If Apple didn’t add these programs, then the same people would be saying “See! The Mac’s are not protected.” It’s a “heads I went; Tails you lose” proposition for them.

      If Apple adds the same protections as System Seven, then it is being a copycat. If it doesn’t add them all, then it is behind Microsoft. Of course, these people never remark about where Apple is far ahead.

      “Is the world ending? Clearly not. However, the environment may be more target rich than anyone believes.”

      Apple apparently believes that it is secure enough that it can take a measured approach. It can plan far in advance so that it stays ahead of the crooks. Meanwhile, it says nothing so the crooks can’t react to knowledge they don’t have.

      Have you anything more substantial, than your feelings, to back up you position that Apple is vulnerable?

      Thanks for the link – I’ll read it tonight.

      Your welcome.

    24. Louis Wheeler Says:

      Thanks, Shannon for the info on CommCenter.

      I’m not that iPhone centric, since I don’t have one. I read a lot, but it didn’t register on me.

      The iPhone OS still feels like a work in progress, though much improved over when it came out. Tt is amazing how much Apple gets out of the resources it has.

    25. Borepatch Says:

      Mac users need to upgrade Adobe Flash if you’re installed Snow Leopard. Seems Apple bundled an old version of Flash in the release, and you’re vulnerable.

      http://www.youtube.com/watch?v=U20NaKiF3Ds

    26. Shannon Love Says:

      Borepatch,

      Want to lay any money on the number of actual exploits that occur? Given that (1) a user has to hit a flash site holding malware (2) the malware has to run on Macs and (3) it has to run on Snow Leopard.

      Like I said, 7 to 10 years counting still not a single real-world non-human mediated exploit.

    27. Louis Wheeler Says:

      Borepatch, compared to the hundreds of open holes in Windows, a corrupted Flash plug-in is minor.

      May I remind you that Adobe creates its own plug-ins. It’s, thus, hard to say who was at fault for Flash not being in Snow Leopard. These things happen.

      Mac OSX 10.6.1 will be out around the first of next week to correct that. The first point release upgrade is being is tested by developers now. It will be automatically down-loaded by everyone with 10.6 who is connected to the web.

      If you are in a hurry, you can download the plugin yourself by going to Adobe’s website.

      In the mean time, it is extremely unlikely that anyone will take advantage of the vulnerability.

      I never load .0 Operating System’s. I’ll get my copy of Snow Leopard early next week from Amazon, so it is no loss for me.

      We Mac users don’t say that Mac OSX is perfect, simply that it is much better than any alternative.