Linux and Mac users will be "easy targets" for hackers

Russian security expert Eugene Kaspersky, co-founder of IT security company Kaspersky Labs, has said Linux and Mac users will be "easy targets" for hackers and malware writers over the next few years.

Linux and Mac users have enjoyed a secure past which has split opinions across the world as to why this is the case. Some believe that malicious virus writers and hackers do not target Apple OSX as it has a small percentage of the market share compared to Microsoft's Windows operating systems. The opposite opinion is that the Mac OS is inherently more secure than that of Windows so the same attacks do not work.

Apple ran an ad campaign in the UK where adverts claimed macs are not subjected to viruses. The Advertising Standards Authority in the UK cleared the adverts which included a national press ad, a regional press ad, a poster and two Internet and cinema ads.

Kaspersky goes on to mention that "Modern operating systems are flawed by design. Mac and Linux are not as secure as [users] think; criminals pay no attention to them at the moment, but they will be vulnerable — easy targets. The problem is that customers design the operating systems (either within open source communities or via market demand) and they choose flexibility over security."

Report a problem with article
Previous Story

LG turns it's eyes to solar panel production

Next Story

McAfee Launches Plan To Fight Cybercrime

76 Comments

Commenting is disabled on this article.

No ****.

Why do people write crapware? For a laugh? No - for the money that's in it. At the moment their time is better spent attacking Windows purely because the 1% of users who open or run whatever it is that gives them the data they want make it worthwhile.

If Macs and Linux increase in market share it will become more worthwhile to attack them.

As far as proof of concept goes, it's a nice idea, but it doesn't compare to organised and persistent attacks like we see against Windows so I don't think it would ever lead to the same level of malware. Money motivates a lot more people than bragging rights..

I have never been hacked on PC and ive been using PC for about 9-10 Years and Mac's for 1-2 years and i have never been hacked, so gladly to say, if you get hacked its your own bad luck

The market share argument doesn't really hold water. The bragging rights associated with being the first to write a successful virus for OS X are incentive enough, along with bringing Mac users down a peg or two.

OS X's authentication process makes it impervious to self-propagating malware. With UAC Microsoft has, as usual, taken someone else's concept and made it less user-friendly.

I don't wanna come off as another smug Mac user, but ... ah, what the hell. Wake me when there's an OS X virus in the wild!

The marketshare argument might sound like an excuse but it makes perfect sense and that's why people use it. Would you rather spend your time trying to exploit something that affects 90% of people or only 10%? The only reason you'd go after that 10% was if it was significantly easier and you had more to gain.

sorry guys, i like linux plenty, windows less. server 2008 was a decent MS product. any hardcore linux junkie might not admit that, but that should be attributed to linux junkies, not linux users. i digress. anyway, linux is more secure, MS ploys to the contrary have to do with checking ALL possible installed binaries(read wget CVE master list | grep linux) and oh well. if you install windows with no binaries it is not terribly useful either. moving right along. i use clamav - stemming off the flame, i do not use it with any autoupdate or with the daemon running, no vuln there, EVER. leaving anything running adds to your vulnerability. most linux vulns are from autoupdates or daemons for software that doesn't really need it. linux CORE libraries have almost no vulns listed in the CVE. but server 08 seems like the lovechild of linux and windows. i wait to see...btw, in response to someone's blog on fedora vs xubuntu -- install livna repo seems pretty straightforward to me. it should be a possibility out of the box on fedora, it isn't but if you get it for free don't complain. sorry guys, i stick with linux and can't understand why this is even a discussion. as for windows AV i like bitdefender anyway, not any other vendor, although kaspersky does produce great books, i find their software lacking

Its about what is secure at this moment. At this moment Linux and Mac's are the more Secure by design OS. By the time those are exploited as bad as windows there will be something else to fall back on. Look at IE and Firefox. Firefox is still more secure than IE7 though IE7 is a huge step forward. Once Firefox get's raped by all things malware people will probably flock to Opera.

Mac I could see, but I asked this ages ago about writing a virus in linux. Who would want to is the answer. It would take forever to write one. That said, it can be done, but it would take a good working knowledge to do it. For whatever it's worth I've had a virus scanner on Ubuntu for quite some time.

PatrynXX said,
It would take forever to write one. That said, it can be done, but it would take a good working knowledge to do it.

Very good point.

PatrynXX said,
Mac I could see, but I asked this ages ago about writing a virus in linux. Who would want to is the answer. It would take forever to write one.
...

You didn't ask the right people, apparently. Anyone with a modicum of knowledge would have known that there have already been several viruses/worms for the Linux platform.

lol Kaspersky says this because they want to sell their products and there are becoming less windows users (to some degree) they are probably seeing more people than ever using linux and mac's now that they want to target that market.

smooth3006 said,
mac & linux will need antivirus and spyware solutions just like windows soon enough.

When this is a serious issue, I will install. :)

(email attachments in Linux are not executable, since they lack the "rwx" attributes)

P.S. In all actuality, I already have avast installed on my Linux box, mostly just to play with it. Strangely enough, my Linux PC was found to be virus-free, even after visiting porn, gambling and warez sites.

smooth3006 said,
mac & linux will need antivirus and spyware solutions just like windows soon enough.


Windows users (especially sellers of antivirus software) have been saying this for 7 years now since OS X was released. How soon is "soon enough"?

smooth3006 said,
mac & linux will need antivirus and spyware solutions just like windows soon enough.

Hope not like windows... I'll certainly never use an on access AV on linux.
If we do ever get to that situation I'd rather rely on something like SELinux instead of hogging resources with AVs where you can only hope they will detect something before it screws your computer.

Like: virus and spyware aren't allowed to run on my computer. Period.

Yeah, vendor of security and protection software tries to scare users into buying their services/products. Nothing new here. But it's worth looking at how Windows' security model is evolving towards Linux and Mac's, and is relying less on... whatever it is their security model used to be (chasing exploited buffer overflows, requiring admin privileges for tasks, integrating insecure software into the core OS).

I've used Linux (Ubuntu) to some extent... I have used Windows (98, 98SE, 2000, XP, Vista)... and I am now using Mac OS X 10.5... I have had 1 virus the entire time I've used computers, that was when I was just starting out using computers. Since then I've adopted safe browsing habits, download habits, etc. I didn't use anti-virus on XP or Vista, didn't need it. And if viruses come out for OS X or Linux, awesome, will still mostly affect inexperienced computer users.

Juski814 said,
I've used Linux (Ubuntu) to some extent... I have used Windows (98, 98SE, 2000, XP, Vista)... and I am now using Mac OS X 10.5... I have had 1 virus the entire time I've used computers, that was when I was just starting out using computers. Since then I've adopted safe browsing habits, download habits, etc. I didn't use anti-virus on XP or Vista, didn't need it. And if viruses come out for OS X or Linux, awesome, will still mostly affect inexperienced computer users.

how do you know you didn't have a virus or something on XP or Vista if you didn't have something scanning for it?

offroadaaron said,
how do you know you didn't have a virus or something on XP or Vista if you didn't have something scanning for it?

Most people with computer experience can tell when they have a virus. Significant slow downs, strange processes running etc. I personally run my PC and Laptop both with Vista and without a Virus scanner running.

These days I don't think virus are a real issue as long as you half competent on what you do on the internet. I've been running computers on both Windows and Linux for years without getting a virus and in my opinion if anyone does write a virus for Linux or Mac's it wouldn't do much since in my experience users of these system generally know what they are doing around a system more than the average Windows user.

Sadly it seems I'm the first to say that I hope Linux and OS X do not become the focus of the attacks, and I hope the criminals (or word of your choice) who write malicious software for Windows get thrown in jail so that the attacks on Windows stop, too. I don't care which OS you use, spam and DDoS attacks impact us all just the same.

Those of you that pay more attention to post on every conversation ever brought up about OS security.. specially the Mac vs Windows variety.. need to Google "sunlight, where does it come from?".

If you are sensitive to the fact (i.e., not naive) that there are Viruses out there, then you will avoid them. Windows users are sensitive to that fact (smart ones, anyway) and for the most part are not affected by them. Mac and Linux users, however, have not had to worry about it and therefore are naive. That will probably change after the first major "doom" virus infects half the Macs on the planet.

I haven't had a virus on any of my Windows machines since 2000, 2001.

All OSes have secured the system files side of the OS very nicely. However, user data is very vulnerable on all OSes.

sweetsam said,
There was a contest held not too long ago titled PWN to OWN involving a OSX, Linux and Vista. Guess which machine got hacked first ? OSX ! So please... stop preaching that macs are secure. Any computer is secure as long as the user is smart about what he does with it.

http://www.itworld.com/mac-hacked-first-in-contest-080327


Confined to contests and labs.

Let's see something in the wild now. Today!

You'd think someone would have *gotten paid* to write one by now, especially given the ridiculous notoriety they'd enjoy.

Labs and contests don't really count, although they're interesting in terms of fiddling around with a proof-of-concept.

I wonder, though, what the first virus in the wild for OS X will be like . . .

LTD said,


Confined to contests and labs.

Let's see something in the wild now. Today!

You'd think someone would have *gotten paid* to write one by now, especially given the ridiculous notoriety they'd enjoy.

Labs and contests don't really count, although they're interesting in terms of fiddling around with a proof-of-concept.

I wonder, though, what the first virus in the wild for OS X will be like . . .

Yea, they arent the same as someone in the wild attacking. But a lot of consumers read these kind of things and then base their purchase off of it. Lot of non informed people out there.

And there are Mac viruses...just not a lot of them.

techbeck said,

Yea, they arent the same as someone in the wild attacking. But a lot of consumers read these kind of things and then base their purchase off of it. Lot of non informed people out there.

And there are Mac viruses...just not a lot of them.

Fair enough, that's true.

But re the last part: there are no actual documented viruses for OS X.

techbeck said,

Yea, they arent the same as someone in the wild attacking. But a lot of consumers read these kind of things and then base their purchase off of it. Lot of non informed people out there.

And there are Mac viruses...just not a lot of them.

What I quoted very clearly proves that it is not secure. Hackers putting in time and effort to write a malware or virus is a totally different story which brings in a lot of other factors. The point I wanted to highlight is that OSX is like any other OS i.e. only as good as its user.

LTD said,
But re the last part: there are no actual documented viruses for OS X.

True, I was just talking about Mac in general (missed where you stated OSX). I know there were viruses for the older Mac OS.

techbeck said,
True, I was just talking about Mac in general (missed where you stated OSX). I know there were viruses for the older Mac OS.


Anyone running a Mac made in the last 6 or 7 years is going to be running OS X. Bringing up the fact that there were viruses for OS 9 and earlier is comparable to bringing up viruses that only worked on Windows 95 or 98. Mac Classic OS (9 and earlier) viruses will not run on OS X at all, so they are essentially a moot point anyway now.

I hope Mac and Linux users do get hacked. Hell, I am glad Windows gets hacked all the time. I dont wish these things because I am a prick....

Mac and Linux users have been in a false sense of security for a long time. Apple runs ads that say Macs dont get viruses. I also hear, on a weekly basis, from people that Macs dont get viruses or spyware and there is no need for any type of antivirus or protection. Yea, a lot of these comments are from normal users. but several are from Apple itself. This was a bad move for Apple since OSX is just as insecure, if not more, than Windows. Same goes for Linux. It was proven several months ago that the OSX was the least secure with Vista coming in 2nd and Linux coming in 1st.

And hackers/virus makers, attack away at Windows and discover those flaws. You are actually doing MS and the rest of us PC users a favor. You are discovering security issues with that OS and that MS is really quick to fix/patch thus making Windows an even more secure OS.

Macs have been in the news with their issues more and more since they claimed the #3 computer maker in the US title. Heck, Apple couldnt even patch a DNS exploit correctly the first time. I am not ragging on Apple, but if they cannot patch a simple DNS security flaw, then they better get their **** together or they will be caught with their pants down.

You seem to fail to recognize a difference in wishing for people to "get hacked" or exploited as a basis of revenge, as different from wishing for possible exploits to be found and repaired before many people are exploited.

An exploit that creates millions of spam-bots does not do the computing world any bit of good.

Chonson said,
Hackers that find security exploits and those who create viruses/spyware/rootkits etc are worlds apart...

Never heard of a virus that attacks exploits and vulnerabilities in software huh? But regardless, hackers and virus makers serve the same purpose...makes software more secure whether it be an OS, or antivirus software.

markjensen said,
You seem to fail to recognize a difference in wishing for people to "get hacked" or exploited as a basis of revenge, as different from wishing for possible exploits to be found and repaired before many people are exploited.

An exploit that creates millions of spam-bots does not do the computing world any bit of good.

I dont fail to get anything...im just giving my opinion...but anywho.. I am not condoning anything and if there were no hackers or viruses...then the world would be a perfect place...lot less security related jobs to.

How long is the "hackers don't pay attention to Linux/Mac users" excuse going to last?

And it's easy to sit there and say "Hey, in the future you will need our product!" Of course, because nobody has any idea what the future brings! Way to go out on a limb.

Bear in mind Kaspersky want to shift as much software as possible, it does them a favour spreading a little uncertainty over whether or not to buy AV software for your Mac/Linux box. Don't really think there's a story here.

Bear in mind that Apple wants to shift as many computers as possible, so claiming whatever they can to do that is what they do whether true or false.

Soldiers33 said,
i want mac users to get hacked so they can stop bragging

Well, at least you have a good reason for wanting an OS to get exploited. :ermm:

I am a Linux user, and you don't see me getting some childish glee from Windows exploits. But whatever floats your boat, man.

markjensen said,
Well, at least you have a good reason for wanting an OS to get exploited. :ermm:

I am a Linux user, and you don't see me getting some childish glee from Windows exploits. But whatever floats your boat, man.

Off topic, but what Linux distro you use?

techbeck said,
Off topic, but what Linux distro you use?

Up until recently (last year) I was a Red Hat (Fedora) kind of guy. Switched from dual-booting to 100% Linux back in 2003.

Since Feb 2008 (with purchase of a new computer), I have decided to go the *buntu route. Xubuntu, specifically. My wife liked Ubuntu on her desktop, and some aspects of installation and initial configuration were much easier than I was used to in Fedora. For a longer version of the story, look here: http://www.neowin.net/forum/index.php?auto...&showentry=1638

markjensen said,
Up until recently (last year) I was a Red Hat (Fedora) kind of guy. Switched from dual-booting to 100% Linux back in 2003.

Since Feb 2008 (with purchase of a new computer), I have decided to go the *buntu route. Xubuntu, specifically. My wife liked Ubuntu on her desktop, and some aspects of installation and initial configuration were much easier than I was used to in Fedora. For a longer version of the story, look here: http://www.neowin.net/forum/index.php?auto...&showentry=1638

Cool, I may PM you if thats ok since I have some questions. I have tried and like Ubuntu and tried Xubuntu at one point. Be interested to hear why you like Xubuntu over Ubuntu

techbeck said,
...
Be interested to hear why you like Xubuntu over Ubuntu :)

Simply put, I like a minimalist window manager / desktop. On my older hardware, I used fluxbox over KDE/Gnome to reduce my resource usage. I grew to really appreciate fluxbox, so much so that it has been my window manager of choice, even on my new much more powerful box.

night_stalker_z said,
As long as theres a stupid user using the computer, no OS is secure.

Agreed. *nix viruses exist. It is just a plain fact. But, just as in Windows, it is up to the admin (which is also the user in home systems) to keep all of his software updated, and to know enough to not start up services that are unnecessary, especially outward-facing ones that accept traffic on a TCP/IP port, for example.

And, in this case, from what I have seen, Apple has been pretty lucky. The version of BSD they use seems to have some older packages, and Apple tends to be slow in updating them. (If I recall correctly, BIND is one of the packages in question)

MEH, can't get any worse than the situation with Windows- i.e. millions of different viruses/malware e.t.c, and despite that the last problem with malware I had was a dodgy download (of antivirus software, ironically), completely my fault.

I don't think there'll be many viruses per se, just trojans, spyware and rootkits, as they seem to be the in thing at the mo, and the obvious inevetable program vunerabilities. Firewall and patches FTW.

Realistically, unless you've just reformated with a fresh copy of Win XP RTM and didn't do any updates, you're immune to about 98% of those viruses.

geoken said,
Realistically, unless you've just reformated with a fresh copy of Win XP RTM and didn't do any updates, you're immune to about 98% of those viruses.

Technically though it would be interesting to see how many exploits are actually found in the patch of the patch of the patch of the patch of the patch all of which XP RTM wouldn't have.

I usually see cleaner Sp1 machines than Sp2

*yawn* I've seen the DNS hijackers out there. Who cares, really? In the end, its just another stupid computer, with a stupid user sitting in front of it.

mrmckeb said,
If only someone would hurry up and prove Eugene right.


The only reason I would want this to happen, is to wipe the smug away from... certain users.

RAID 0 said,
The only reason I would want this to happen, is to wipe the smug away from... certain users.


Yes... that would be priceless. All those mac zealots ****ing their pants because they got a virus! HAHA

"Oh noes! viruzes are has for the windowzes!!"

Whoa Haha !!

"Oh noes! viruzes are has for the windowzes!! == Priceless !

"Oh noes! Me solded mines lagses to byies thees Muckinposh !! Sheeeeet ! Oh Mon Dieues ! "

I guess this news applies to Snow Leopard because of its future tense...
We'll see when it'll happen :)

I'm pretty confident though, that so little damage will be done that I'm gonna laugh