Has Leopard let the malware cat out of the bag? It's time to ask, given all the security potholes Apple has hit since the release of Mac OS X 10.5. The new QuickTime flaws and exploit are reasons enough to wonder.
Mac users have long lived in a la-la land of enchantment, free from thieving malware marauders. But times change. Increases in Mac market share and Apple's adoption of Intel processors have opened La-La Land to outside trade. Watch out, the big-city felons have followed the trade roads back to the Land of Enchantment. It's not a question of if they will attack, but when.
View: The full story @ MS-Watch
Mac users have long lived in a la-la land of enchantment, free from thieving malware marauders. But times change. Increases in Mac market share and Apple's adoption of Intel processors have opened La-La Land to outside trade. Watch out, the big-city felons have followed the trade roads back to the Land of Enchantment. It's not a question of if they will attack, but when.
View: The full story @ MS-Watch
On that note, where are my Linux viruses and malware? I've been hearing the same story for the last 10 years how "this year Linux will get them", I haven't seen any yet.
and where have you been hearing the same story for the last 10 years? I don't really think people have been saying much about Linux because, well, people don't really care about Linux
On that note, where are my Linux viruses and malware? I've been hearing the same story for the last 10 years how "this year Linux will get them", I haven't seen any yet.
But, for what it is worth, I have never seen one myself, either.
and where have you been hearing the same story for the last 10 years? I don't really think people have been saying much about Linux because, well, people don't really care about Linux
That's a bit of a ridiculous statement. Didn't we have an article here at one point about how, on the "botnet black market" Windows systems were incredibly cheap ($5 for one or something) but a Linux system went for more like $500? These systems are sought after, and there is a monetary incentive for it.
Been 6+ years. You'd think someone - anyone - would like the coveted position of being the FIRST to lay claim to nasty code that brought OS X to its knees in the wild.
Nothing.
You'd think Bill Gates would have paid for one by now.
Well SOMEONE must care. I mean, imagine the fame of being the first to do it.
But if no one cares . . . then it may be years (another 6?) until someone does.
Whaddya think? Will it be 1 year? 2? as little as 4 months?
Have fun, folks.
Well SOMEONE must care. I mean, imagine the fame of being the first to do it.
But if no one cares . . . then it may be years (another 6?) until someone does.
Whaddya think? Will it be 1 year? 2? as little as 4 months?
Have fun, folks.
You forget that viruses today are paid for by malware companies - they no longer are script kiddies trying to get attention. If a malware company decides to write a virus/piece of malware on OS X, you can bet it would happen, and quite easily. They have little (but growing) incentive to write malware, because most people still use Windows.
Remember that security in the user space is non-existant on any OS. There is no way an OS can prevent a virus from deleting the files in a person's user folder.
Last edited by NateB1 on 29 Nov 2007 - 20:47
People with LTD's attitude will be among the first to experiecne the shock of getting hit with the first Mac malware for one simple reason: They think they are invincible just because they haven't seen it yet.
History is filled with examples of "it will never happen" and then it does. When you watched "The Jetsons" as a kid and you saw people talking on video phones you thought "it will never happen". Well guess what? Video phones are here. One of many examples.
Apple users seems to think their computers are invincible fortresses. I suppose it will take an actual malware attack for them to realize it's not. And when that day comes all the PC people will respectfully say "told ya so".
But until then keep telling us how impossible it is. We're in no rush to see the inevitable.
People with LTD's attitude will be among the first to experiecne the shock of getting hit with the first Mac malware for one simple reason: They think they are invincible just because they haven't seen it yet.
History is filled with examples of "it will never happen" and then it does. When you watched "The Jetsons" as a kid and you saw people talking on video phones you thought "it will never happen". Well guess what? Video phones are here. One of many examples.
Apple users seems to think their computers are invincible fortresses. I suppose it will take an actual malware attack for them to realize it's not. And when that day comes all the PC people will respectfully say "told ya so".
But until then keep telling us how impossible it is. We're in no rush to see the inevitable.
Gotcha. Jetson's video phone = Imminent Mac virus.
The thing is, that we've been hearing about this looming threat for years and years. We've become complacent; almost indifferent without any development of the idea. You'd think in that time there has been plenty of able bodied anti-Mac fanatics who possess the skills to bring down OS X, but it still hasn't happened yet.
Personally, I'm more scared of the idea of Norton for Mac than the actual virus required by it... To me that seems like a bigger threat!
This reminded me a lot of this Mac/PC comic. Thanks for the flashback!
Remember that security in the user space is non-existant on any OS. There is no way an OS can prevent a virus from deleting the files in a person's user folder.
Exactly. There is no protection in the user space, especially if the user installs (intentionally or not) the piece of malware thats snooping around. If a virus infects my computer and I can't run my programs, having to resort to reinstalling the OS, then that is a minor inconvenience to me. Now, if a piece of malware snoops around my personal files and comes across a stray credit card number in my web browser cached files (heaven forbid) or logs my key strokes and gets my login/password to my bank account then that would be disastrous.
I have a feeling Apple pays a healthy lump sum to any twat that threatens their OS with a virus attack. They in turn take the money and seal their mouths and keyboards with Krazy Glue.
(Just kidding.)
Seriously, there has to be a way to detect viruses that run in the user space and stop them from screwing around with data that frankly is a hell of a lot more important to users than the OS itself. Vista has Volume Shadow Copy that could help to an extent if such a virus breaks out, provided UAC stops the virus from disabling System Restore/Volume Shadow Copy.
Keep telling yourself that.
This reminded me a lot of this Mac/PC comic. Thanks for the flashback!
LMFAO
Well SOMEONE must care. I mean, imagine the fame of being the first to do it.
But if no one cares . . . then it may be years (another 6?) until someone does.
Whaddya think? Will it be 1 year? 2? as little as 4 months?
Have fun, folks.
that someone that cares must also know how to fin the vulnerability adn write the code, so theres not alot of choices out there, its not as if any joe blow computer user can do it
I guess it's going to depend on if Apple grows enough in the marketplace to make it worthwhile.
Whaddya think? Will Apple ever gain enough market share to make it worthwhile? Will it take 1 year? 2? Longer?
I guess it's going to depend on if Apple grows enough in the marketplace to make it worthwhile.
Whaddya think? Will Apple ever gain enough market share to make it worthwhile? Will it take 1 year? 2? Longer?
Marketshare isn't the only "one grand unified attribute" that determines whether or not malware exists for a platform. You are over-simplifying the situation by saying there is only one variable.
It's the one variable that is good enough for most people though.
Please can we have a front page filter that blocks opinion based stories about Leopard and Vista (maybe one that blocks anything posted by Daniel Flesbourne...)
.
Please can we have a front page filter that blocks opinion based stories about Leopard and Vista (maybe one that blocks anything posted by Daniel Flesbourne...)
.
Agreed! I've already decided any opinion-based articles about OSes are getting a 1 out of 5 on the Quality scale. (Like this one.)
HEY! They (we/you/I) need to eat sometime!
many a true word SHOUTED IN CAPITALS
http://www.theregister.co.uk/2007/10/31/in...ild_osx_trojan/
So the inpenetrable OSX is as penetrable as Windows... They both fall victim to dumb users.
for God sake try to REALISE its only about market SHARE!!!
I would like to ask NEOWIN mods to kindly make a mailing list where people that dont agree are added and when they are proved wrong some comming day they should be emailed along with links to the posts they made so they can say sorry and realize how big of a screw head they had been....
I bet if there was a mailing list like this for the world millons off OSX likers would have got the email...
PS: I am biased for OS's, i use windows becouse its common and have no interest in any other OS simply becouse I cannot invest time to them.
Why is this news? Come on Neowin you say you don't want flame-bait and your posting this sort of article on the Main Page which is not full of facts but an opinion. And its from a Pro-Microsoft website.
At least try to look impartial Neowin.
Is Neowin pro Microsoft or neutral? Come on, what?
Why is this news? Come on Neowin you say you don't want flame-bait and your posting this sort of article on the Main Page which is not full of facts but an opinion. And its from a Pro-Microsoft website.
At least try to look impartial Neowin.
The code used in a buffer overrun attack doesn't have to be written as OSX code. It could be written as x86 machine code and will execute on anything with the right processor. Also note that Neowin did not write this article. Someone at MS-Watch wrote it and another _user_ here submitted it.
Why is this news? Come on Neowin you say you don't want flame-bait and your posting this sort of article on the Main Page which is not full of facts but an opinion. And its from a Pro-Microsoft website.
At least try to look impartial Neowin.
The code used in a buffer overrun attack doesn't have to be written as OSX code. It could be written as x86 machine code and will execute on anything with the right processor. Also note that Neowin did not write this article. Someone at MS-Watch wrote it and another _user_ here submitted it.
You miss my point completely. Microcode specific malicious programs could be executed on PowerPC processors just as easily as it could do on a x86_32/64 processor. By switching they do not increase or decrease the vulnerability of their OS it is the same amount of risk. Security by obscurity is a fools game and should not be factored in to the switching from the PowerPC chips to the more readily available x86 chips. If anything a vulnerability written for a x86 CPU would target specific processor rangers. It would be difficult to locate a vulnerability and successfully execute an attack (exploit) on an entire type of processor architecture.
And I know Neowin did not write this article. I'm saying they should not link to opinion pieces and stick to factual articles.
Why is this news? Come on Neowin you say you don't want flame-bait and your posting this sort of article on the Main Page which is not full of facts but an opinion. And its from a Pro-Microsoft website.
At least try to look impartial Neowin.
The code used in a buffer overrun attack doesn't have to be written as OSX code. It could be written as x86 machine code and will execute on anything with the right processor. Also note that Neowin did not write this article. Someone at MS-Watch wrote it and another _user_ here submitted it.
You miss my point completely. Microcode specific malicious programs could be executed on PowerPC processors just as easily as it could do on a x86_32/64 processor. By switching they do not increase or decrease the vulnerability of their OS it is the same amount of risk. Security by obscurity is a fools game and should not be factored in to the switching from the PowerPC chips to the more readily available x86 chips. If anything a vulnerability written for a x86 CPU would target specific processor rangers. It would be difficult to locate a vulnerability and successfully execute an attack (exploit) on an entire type of processor architecture.
And I know Neowin did not write this article. I'm saying they should not link to opinion pieces and stick to factual articles.
My point was simply Macs use the same processor as Windows now, so it's not unexpected that the 'bad guys' may save time and write the same machine code base that's in a wrapper tailored for the specific vulnerabilities of the parent operating system. If that happens, (or already has happened,) Macs will be marching lock-step in the same bot armies as Windows and Linux PCs. That's why he implies the Intel switch introduces a new vulnerability.
And if you don't like the article, (I didn't) complain and rate it appropriately in that "Quality" box.
However, ... the Mac vs "the world of other OSes" on going war of how, when, who, why and just plain "oh yeah, it's gonna happen" propaganda isn't being fed by those posting news. It's all of you that post 25 replies apiece commenting on what experiences you do have. ( or worse, commenting on experiences you don't have! )
The fact is, I've seen issues bring down a Mac, Windows.. having to use Sam Anti-Virus on the Mac, multiple AVs on Windows... etc, etc, etc. Issues are posted ALL THE TIME about all the different operating systems. The exploits and open door exist on all platforms - a fact that no single user can deny. Period.
Whether or not it's feasible at the moment to use those exploits doesn't elude the fact that they exist. Sites like Neowin post news about exploits being found in any OS.. and the same crap happens over and over again.. just like it is here with this thread.
So.... you Mac or Linux users out there, don't need to come walking around the corner with that chip on your shoulder... for one, it has always made you look like an ass, and two... well, you get the picture. (unless of course, we need to draw it for you)
Oh for God's sake, this is childish.
The unprofessional (so called) journalism here doesn't look good anymore.
The unprofessional (so called) journalism here doesn't look good anymore.
Neowin didn't write the article.
Windows must have lord knows how many security holes and all those exploits and I never update at all and I don't use security tools and, thus far, I have never had any problem with adware or damaging virusses.
I suppose it's very possible that I'm part of a dozen botnets and harbouring all the spyware in the world but what does it matter? I don't have any personal information. I don't bank with the computer. That's the only thing I can see to really worry about. I don't even buy things with the computer.
My situation would be no different if I were running Mac OS X.
I don't think this article is worthy of front page news.
If Mac operating system software does keep getting more popular then sure there will be a lot more exploits and virusses and the like. How about you phone me when that happens? In fact, phone all those Mac users too. Maybe they will start taking this seriously.
Its always fun when the police turn up at your door. Only a percentage of viruses come in though exploits in the machine. Most have to be executed and run by the user.
Most people using Linux will (hopefully especially if its a server) hash check their downloads and only install trusted software. There isn't that much malware about but it does exist even if its just a lame shell script. There are so many Linux kernels and versions out that if you *did* find an exploit and release it into the wild your chance of actually affecting anyone are close to 0%.
The whole point in writing malware now is money this is easy to achieve by 1) Targeting the most stupidest of computer users you know the sort of users we mean the ones you can pop up a message saying "OMG YOU HAVE WON $1,000,000,000" or "GET THIS CUTE KITTY CAT SCREENSAVER FOR FREE!!!!!11111"and they will click away and do whatever it asks them to and
2) The ones who are running as admin on their boxes with often no passwords, firewalls and leave their ADSL connected 24/7 residing on the most popular operating system.
doesen't take much working out.
Viruses have been written for hardware/software that has a far smaller installed base than the Mac. They even wrote a worm to invade iPods that had been hacked to run Linux... there can't be too many of them... and an already patched consumer router with a less than 12,000 still vulnerable target... but 25,000,000 is too obscure for the malware authors?? Sorry. No, it is not "security by obscurity." OSX is built on a more secure model.
feeling safe is not the same as being safe.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.