Apple Macs are wide open to malware: Ex-NSA security bod fanboi

[chrisj1968]

http://www.theregister.co.uk/2015/05/07/mac_malware

 

7 May 2015 at 11:58, John Leyden

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial.

Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple's Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code to run or, depending on settings, only packages from the Mac App Store.

Apple's built-in mechanisms - Gatekeeper, XProtect anti-malware, sandboxing and kernel code-signing requirements - are "easy to get around" and "trivially exploitable", according to Wardle.

Wardle said he worked closely with Apple's internal security teams describing them as "responsive" while noting the wider consumer electronics firm had yet to embrace a culture where

[FloatingFatMan]

I think any OS is vulnerable. its inherently impossible to perfectly secure an OS of any kind

 

The difference is that for Windows, Microsoft's approach to security issues is to apply due diligence and patch vulnerabilities as soon as they can, whereas Apple's approach is just to deny it's possible and stick their head in the sand.

[chrisj1968]

The difference is that for Windows, Microsoft's approach to security issues is to apply due diligence and patch vulnerabilities as soon as they can, whereas Apple's approach is just to deny it's possible and stick their head in the sand.

 

I'll take your word for it. I've never owned a MAC OS system ever. But it seems and I'll agree that MSFT does act proactive in getting thrid parties to find vulnerabilities. but for apple to stick their head in the sand... I'll never buy one.

 

I think there was a time, when the economy globally was better that people just out of pure hatred for Microsoft would locate and exploit vulnerabilities for nefarious reasons. now it seems ANY OS is fair game. with ransonware happening more prevalent, its more about extortion. personally, I think these criminals should be handled like Mel gibsons character in the movie "Payback." when we catch them, smash their toes with hammers.

[Depicus]

The difference is that for Windows, Microsoft's approach to security issues is to apply due diligence and patch vulnerabilities as soon as they can, whereas Apple's approach is just to deny it's possible and stick their head in the sand.

 

Well then you are deluded, there are many examples of Microsoft sitting on vulnerabilities, indeed just recently a few that went past Googles 100 days notification guidelines. So please don't think the world is all rosy with any OS. They all have inherent weaknesses and sometimes patches are not delivered in a timely manner but it's not just Apple who are guilty of this.

[FloatingFatMan]

I guess you have reading difficulties, so to help you, I'll quote myself.

 

 patch vulnerabilities as soon as they can

[n_K]

This isn't news, it was widely reported (already on neowin from what I remember) weeks ago.

[chrisj1968]

This isn't news, it was widely reported (already on neowin from what I remember) weeks ago.

 

I just saw this report today in my news feed so someone must have thought it important to reiterate the issue.