It's you turn Mac

[anth]

Let's see how Mac user react, to what Windows users have had to deal with for many years.

http://www.computerworld.com/s/article/9216335/Fake_security_software_takes_aim_at_Mac_users?source=CTWNLE_nlt_security_2011-05-03&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fs%2Ffeed%2Ftopic%2F17+%28Computerworld+Security+News%29

 

[anonymous Mac Tech]

Intego spotted MAC Defender and acquired samples on Saturday, said James, who pointed out that users must enter their administrative password to install the program. "So there's still a social engineering angle here," he said. In fact, users see a generic Windows-oriented page when they first click a link to the rogueware. "They're not even getting a Mac-specific page," James said.
But unless users have Safari set not to automatically open files after downloading, MAC Defender's installation screen opens without any user action. That's been enough to con some into approving the install by typing their administrative password.

Just like any other malware they've released for OSX. The user needs to take steps and be conned into installing it. Beyond whats being mentioned in this article, by default, Safari brings up a big alert message that will say something like "Soandso is a program that was downloaded from the internet, are you sure you want to run soandso?" So the long and short of it is the user actually almost has to want to and be knowledgable enough to install it. Otherwise it will sit harmlessly in the downloads folder not hurting anything.


On top of this, without a registry to deal with, it will most likely be very easy to manually remove. This like many other previous attempts are big news until they pretty much go nowhere.

 

[Ccomp5950]

Eh, I would hate to have to remove a *nix based virus that managed to get root access (which is what is required for it to really do anything on Macs and Linux).

cron jobs checking for it.
infected init binary? (This is the scariest *nix virus I can come up with, you couldn't kill it, but at the same time actually replacing init would be a hell of a job).
infected /sbin/login binary?

Gaining passwords from an infected *nix system is amazingly easy once it is actually passed the hard part...getting infected in the first place.

 

[Blues]

The more people using Apple PCs the more morons they will have who will click yes and continue with out a 2nd thought.

 

[Cornerstone Technologies]

The more people using Apple PCs the more morons they will have who will click yes and continue with out a 2nd thought.

I wouldn't classify users en masse as morons. I used to think that myself, then a friend pointed out how arrogant and ignorant that stance actually looks.

 

[wimwauters]

Eh, I would hate to have to remove a *nix based virus that managed to get root access (which is what is required for it to really do anything on Macs and Linux)..

Err.. same as on windows. It's just that most windows users ARE root accounts (i.e. 'administrator'). The UAC is just window-dressing.

cron jobs checking for it.
infected init binary? (This is the scariest *nix virus I can come up with, you couldn't kill it, but at the same time actually replacing init would be a hell of a job).
infected /sbin/login binary?

Nope, same hassle as with infected windows binaries: replace with know good copies, then re-apply OS patches/updates. In fact, for servers, you just do a nuke & pave anyway (after taking a system image for forensic purposes).

Gaining passwords from an infected *nix system is amazingly easy once it is actually passed the hard part...getting infected in the first place.

Again, same as windows: once you can send out the user's passwords file,
you win, IF the passwords are weak (again, same on Windows).

 

[anonymous Mac Tech]

Eh, I would hate to have to remove a *nix based virus that managed to get root access (which is what is required for it to really do anything on Macs and Linux).

Gaining passwords from an infected *nix system is amazingly easy once it is actually passed the hard part...getting infected in the first place.

That's also why root is not enabled by default and is not obvious to enable. No one usually stumbles on root and enables it. Usually its the folks that know what they are doing intentionally enable root, or the folks that think they know what they are doing and wind up screwing something up. Also the difference is the folks who know what they are doing will enable root for a specific task if necessary, get in, get out, and turn it back off.

 

[Ccomp5950]

That's also why root is not enabled by default and is not obvious to enable. No one usually stumbles on root and enables it. Usually its the folks that know what they are doing intentionally enable root, or the folks that think they know what they are doing and wind up screwing something up. Also the difference is the folks who know what they are doing will enable root for a specific task if necessary, get in, get out, and turn it back off.

I bet you have dozens of programs right now running as root, and if not root than another member of the wheel group. Which is a "root" user.

Drop into terminal and type this.

ps aux

It really doesn't matter though, I'm going to imagine for a moment that mac osx setup is the same as ubuntu as far as root access is, any "administrative" action once the user is logged in requires a password. Essentially it's running sudo or a variant of gksudo every time it needs to do something as root.

That is the obvious way to become infected, by typing in your administrative password and the program changing crontab or adding itself to rc.init (where it will always run as a root user). The non-obvious way is to run as a regular user and exploit a vulnerability of setuid or any other method to gain root access without a password.

 

[Ccomp5950]

Err.. same as on windows. It's just that most windows users ARE root accounts (i.e. 'administrator'). The UAC is just window-dressing.

True, but that wasn't the point.

Nope, same hassle as with infected windows binaries: replace with know good copies, then re-apply OS patches/updates. In fact, for servers, you just do a nuke & pave anyway (after taking a system image for forensic purposes).

This was my point. If you have an infected /sbin/login how would you know? Fixing it is easy, but knowing where the infection is, good luck.

Again, same as windows: once you can send out the user's passwords file,
you win, IF the passwords are weak (again, same on Windows).

Your password could be CcompI$ADoodieHead382@76342182 or 12345 (the combination to my luggage by the way) if /sbin/login is infected you're for all intents and purposes, fucked.

 

[gunslinger]

Without quoting everyone else I'll simply say this: I have been running a challenge if you will for about 3 years now on my youtube channel where I have invited any and everyone to infect my Mac. Send me something that will infect my Mac without me having to type the root password. Thats all I have asked and I have had no one succeed in 3 years now. It seems about 2-3 times per year I hear PC fanboys proclaim a new infection for the Mac but I never see these in the wild. Neither do most full time Mac techs. Its simply wishful thinking on the part of the hardcore gamers still living in their moms basement. You know the ones, they have the dock and a GUI to make their Windows box look like a Mac....lol

The more people using Apple PCs the more morons they will have who will click yes and continue with out a 2nd thought.

As my 13 year old daughter would say "For reals?" Look how great the UAC has protected PC users since 07. As a group most Mac users I know are actually more cautious about what they install.

 

[MrUnknown]

Dismissing OS X Malware because you need to enter a password or click a button on a screen to run it is short-sighted. A lot of malware on Windows needs permission to run too. I have seen plenty of times those "Your computer is infected!" pages and the only thing I needed to do to prevent the virus is to navigate away from the page and click "Cancel" on the popup it has. People do stupid things, as more and more Mac users are online, they will become a larger target.

Loopholes and exploits will be found when there is a larger market to target. People babbling about how secure Linux/BSD/etc are compared to Windows ignore just how many exploits there are out there for applications that run on them. Sure, the OS isn't compromised, but neither is Windows in a large amount of exploits. They get on the computer by user permission or by exploiting an application (flash, reader, java, etc.). Users then hit "Confirm" to every UAC prompt they get (I see none, I disabled it) and it goes from there.

Thinking the viruses for OS X simply will not exist or be able to do any real damage without user intervention while the user base is growing and becoming a better target is equivalent to sticking your fingers in your ears yelling "LA LA LA LA!"

 

[gunslinger]

Dismissing OS X Malware because you need to enter a password or click a button on a screen to run it is short-sighted. A lot of malware on Windows needs permission to run too. I have seen plenty of times those "Your computer is infected!" pages and the only thing I needed to do to prevent the virus is to navigate away from the page and click "Cancel" on the popup it has. People do stupid things, as more and more Mac users are online, they will become a larger target.

Loopholes and exploits will be found when there is a larger market to target. People babbling about how secure Linux/BSD/etc are compared to Windows ignore just how many exploits there are out there for applications that run on them. Sure, the OS isn't compromised, but neither is Windows in a large amount of exploits. They get on the computer by user permission or by exploiting an application (flash, reader, java, etc.). Users then hit "Confirm" to every UAC prompt they get (I see none, I disabled it) and it goes from there.

Thinking the viruses for OS X simply will not exist or be able to do any real damage without user intervention while the user base is growing and becoming a better target is equivalent to sticking your fingers in your ears yelling "LA LA LA LA!"

Yeah, but only windows can be infected with a "drive by" infection.

Sure they exist, in theory. I have yet to see one for real. As a side note I live close to a major university with over 10,000 students. Of these according to survey about 8,000 give or take have their own computers. Of these about 40% are Macs. Now, I get lots of business from the students there. In 6 years I have worked on 3 Macs. The rest were PCs. With two of the Macs it was hardware issues, the other had update issues if I recall. Ah , now for the PCs. Almost all infected with some kind of malware even if brought to me with hardware issues. You can't really used the "less people own Macs so thats why they are more secure" argument here since about 40% own Macs.

 

[iisjman07]

Macs aren't secure, in some ways Windows is more secure (DEP (Data Execution Prevention) as well as IE8 ASLR (Address Space Layout Randomization), etc. Keep in mind that whilst viruses aren't a huge issue, exploits and other malware are very prevalent, and Apple has very little focus on security does not release updates frequently. Having built in Safari (pretty exploitable) with flash out the box make it a target for hackers.

The Pwn2Own exploit discovered months ago (the same contest where the macbook out of three machines was the first to be exploited) was only patched recently. Microsoft is better than that.

 

[gunslinger]

Macs aren't secure, in some ways Windows is more secure (DEP (Data Execution Prevention) as well as IE8 ASLR (Address Space Layout Randomization), etc. Keep in mind that whilst viruses aren't a huge issue, exploits and other malware are very prevalent, and Apple has very little focus on security does not release updates frequently. Having built in Safari (pretty exploitable) with flash out the box make it a target for hackers.

When I'm seeing Macs getting infected on a regular I'll agree with you. Until then the numbers tell a far different story.

 

[MrUnknown]

Yeah, but only windows can be infected with a "drive by" infection.

Sure they exist, in theory. I have yet to see one for real. As a side note I live close to a major university with over 10,000 students. Of these according to survey about 8,000 give or take have their own computers. Of these about 40% are Macs. Now, I get lots of business from the students there. In 6 years I have worked on 3 Macs. The rest were PCs. With two of the Macs it was hardware issues, the other had update issues if I recall. Ah , now for the PCs. Almost all infected with some kind of malware even if brought to me with hardware issues. You can't really used the "less people own Macs so thats why they are more secure" argument here since about 40% own Macs.

"Drive by" infections are usually software exploits and not a failure of Windows in particular.

As for your argument, a lot more deer are killed with guns than ants. You can't use the argument here that there are less ants as they outnumber them several billion to one. However, they are simply not the target of the people using the guns.

Your Mac users are not being infected because there are not nearly as many exploits written for a Mac as there is for Windows. Your argument would only be valid if the amount of malware for each OS was about equal, which is not even remotely true. My argument is there isn't that much malware for them because they aren't a large enough target to care about.

Take Firefox for example. It was touted as hugely secure when it was first released, and it was because no exploits existed for it. Now that it has such a huge amount of users, there are malware creating ways to use and abuse Firefox. If a user has a virus and Firefox installed, I need to check it to ensure it doesn't redirect as I have been seeing more and more extensions being installed for Firefox that do redirects.

Firefox is still, overall, more secure than IE and will never have as many exploits for it as IE does. Same for Mac. It will never have as many exploits for it as Windows does, but it will become more common as the user base grows.

 

[Paul Rodgers]

Dismissing OS X Malware because you need to enter a password or click a button on a screen to run it is short-sighted. A lot of malware on Windows needs permission to run too. I have seen plenty of times those "Your computer is infected!" pages and the only thing I needed to do to prevent the virus is to navigate away from the page and click "Cancel" on the popup it has. People do stupid things, as more and more Mac users are online, they will become a larger target.

Loopholes and exploits will be found when there is a larger market to target. People babbling about how secure Linux/BSD/etc are compared to Windows ignore just how many exploits there are out there for applications that run on them. Sure, the OS isn't compromised, but neither is Windows in a large amount of exploits. They get on the computer by user permission or by exploiting an application (flash, reader, java, etc.). Users then hit "Confirm" to every UAC prompt they get (I see none, I disabled it) and it goes from there.

Thinking the viruses for OS X simply will not exist or be able to do any real damage without user intervention while the user base is growing and becoming a better target is equivalent to sticking your fingers in your ears yelling "LA LA LA LA!"

I agree. If Windows was not the dominant OS then whatever was would be the target.

Just because an OS needs user permission to get infected doesn't mean the OS is secure. A security system is only as good as its weakest link and the user is often that weak link.

 

[Paul Rodgers]

Firefox is still, overall, more secure than IE and will never have as many exploits for it as IE does. Same for Mac. It will never have as many exploits for it as Windows does, but it will become more common as the user base grows.

Never say never.

Filler text goes here because my reply was too short.

 

[gunslinger]

Ok, I digress. If you wish to believe they are more secure because they are more obscure fine. As long as you understand that for what ever reason they simply are more secure. By more secure I mean You are far less likely to be infected while using a Mac period. Maybe its because of the OS (Mac users would like to think so) Maybe its because they are not as wide spread (the default PC fans argument) The fact still remains they are infected far less often. So much so its almost a non-issue.


Let me ask you this. If you live in a neighborhood that had lots of gang activity and a very high crime rate meth house on every corner and had locks on your doors, I live in a neighborhood with almost no crime or gang activity and I also have locks on my doors, which home is more secure? (What home , using common sense is less likely to be broken into?)

 

[MrUnknown]

Macs aren't secure, in some ways Windows is more secure (DEP (Data Execution Prevention) as well as IE8 ASLR (Address Space Layout Randomization), etc..

I think OS X now has DEP, but full address layout randomization is still missing.

 

[MrUnknown]

Ok, I digress. If you wish to believe they are more secure because they are more obscure fine. As long as you understand that for what ever reason they simply are more secure. You are far less likely to be infected while using a Mac period. Maybe its because of the OS (Mac users would like to think so) Maybe its because they are not as wide spread (the default PC fans argument) The fact still remains they are infected far less often. So much so its almost a non-issue.

I completely agree with this. The way OS X is designed (specifically BSD anyway) pays more attention to security and permissions than Windows does. Microsoft is slowly moving towards having a better security design to combat their past and, unlike Apple, aren't willing to destroy their backwards compatibility to accomplish it.

It is the belief that OS X will never have any exploits or viruses that makes their computer vulnerable that bothers me. It is simply not true.