×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why You Shouldn't Panic Over Mac Malware

Soulskill posted more than 2 years ago | from the grab-some-popcorn dept.

Desktops (Apple) 370

Earlier this week, we discussed reports that Mac malware was finally becoming a significant problem. Now, reader wiredmikey points out an editorial arguing that everyone should slow down and analyze the situation more calmly so the threat can be accurately assessed. Quoting: "According to Apple, the Mac installed base is approximately 50 million users. But according to Gartner, the number of Android handsets sold in 2010 alone exceeded 67 million units, giving it an installed base that is larger, and growing much faster, than the Mac base. If a large numbers of eyeballs is indeed the lure that causes criminals to write malware for a given operating system, surely Android is a more tempting target than Mac OS. ... I predict that the increase in perceived risks to Mac customers will give Apple the excuse it needs to increase its control over the Mac software ecosystem, by moving ISVs to the Mac App Store. It is no accident that the theme of the upcoming Lion desktop operating system is 'Back to the Mac': taking concepts that Apple employed successfully with the mobile version of OS X (iOS) and back-porting them to the desktop OS. One of those features is the introduction of the Mac App Store, an Apple-controlled storefront for selling and distributing applications. ... This provides buyers some assurance that their apps are from known points of origin and that they don’t contain malware, such as the Mac Defender Trojan horse.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

370 comments

Panic? (-1, Troll)

TheLink (130905) | more than 2 years ago | (#36206954)

I see more eyes with $$$ signs than panic. The Apple fans will still have "eyes with apple logos".

Why You Shouldn't Panic Over Mac Malware (4, Insightful)

AliasMarlowe (1042386) | more than 2 years ago | (#36207052)

...because you don't have a Mac?
That covers most people - many of whom actually should panic over Windows malware. But nobody should be too smug, not even Linux-only or BSD-only users, since every compromised machine (Windows or Mac or whatever) pollutes the internet commons.

Re:Panic? (3, Insightful)

msauve (701917) | more than 2 years ago | (#36207182)

Today, we celebrate the first glorious anniversary of the Information Purification Directives. We have created, for the first time in all history, a garden of pure ideology — where each worker may bloom, secure from the pests purveying contradictory truths. Our Unification of Thoughts is more powerful a weapon than any fleet or army on earth. We are one people, with one will, one resolve, one cause. Our enemies shall talk themselves to death, and we will bury them with their own confusion. We shall prevail!

And you'll see why 2011 will be like "1984."

Re:Panic? (2)

Hazel Bergeron (2015538) | more than 2 years ago | (#36207262)

The person who most passionately appears to criticise some ideology in his youth is most likely to follow it in his old age.

(Politicians doubly so.)

Safari browser exploits (5, Informative)

Robadob (1800074) | more than 2 years ago | (#36206956)

Safari browser exploits and other app exploits can still lead to installing malware on a machine.

Re:Safari browser exploits (2)

Lennie (16154) | more than 2 years ago | (#36207130)

The solution is obvisous, disconnect all the ethernet connectors, wifi, bluetooth, usb, firewire, cd-/dvd-drives and whatever else you can think of and lock it in a bunker.

While you are at is, remove the user too. :-)

Maybe it will be a bit more secure after that.

Re:Safari browser exploits (1)

freedumb2000 (966222) | more than 2 years ago | (#36207372)

Then we will have reached perfection of the modern human. Independent, electronic thought machines acting autarkic shaping and controlling the world we live in. However those machines may decide to start infighting, destroying all infrastructure and/or removing the pesky humans all-together. Maybe stupid humans in front of "dumb" PCs is the best we can hope for ;)

Re:Safari browser exploits (1)

hedwards (940851) | more than 2 years ago | (#36207658)

Um, isn't that the direction Apple has been going lately? First they take the buttons, then they take most of the ability to install apps, all they need to do is require a password to turn the thing on and not give it out for the vision to be complete.

problem solved! (0)

Anonymous Coward | more than 2 years ago | (#36206978)

of course you are well protected as you can never catch anything from browsing the web!

What ? So android will be apple's lighting rod ? (1)

Anonymous Coward | more than 2 years ago | (#36207000)

These are the most twisted arguments I've ever read to be honest.
It goes like this:
1) hackers, malware makers will not find Apple interesting as they are too busy with android.
2) Apple's further monopoly on the distribution mechanisms for content and applications, creating an unphantomed money making machine, is their antivirus solution.

Re:What ? So android will be apple's lighting rod (1, Flamebait)

node 3 (115640) | more than 2 years ago | (#36207082)

The funny thing is, iOS outnumbers Android by well over 2:1. There are over 200 million iOS devices out there now, over 100 million of which are iPhones alone. Android might be a lightning rod for malware, but it's not because of its numbers.

Re:What ? So android will be apple's lighting rod (0)

Anonymous Coward | more than 2 years ago | (#36207622)

Yea that would make sense if there were actually a large number of viruses in the phone market. Compared to traditional viruses mobile viruses are still in the "Hello World!" stage.

Now I am _really_ panicked (2)

minderaser (28934) | more than 2 years ago | (#36207010)

"...will give Apple the excuse it needs to increase its control over the Mac software ecosystem, by moving ISVs to the Mac App Store" Really? So, the most insanely controlled software monoculture is getting attacked maliciously and the response is to become MORE anal? Yea, that's gonna work. Move along people ... nothing to see here.

Re:Now I am _really_ panicked (4, Informative)

Anonymous Coward | more than 2 years ago | (#36207070)

It's probably not a popular opinion here, but my experience with the Mac App store is very positive. It works well, no installation hassles, automatic upgrades,... and I have the impression that it drives the price down.

Re:Now I am _really_ panicked (2, Interesting)

node 3 (115640) | more than 2 years ago | (#36207096)

Yeah, this story is complete bullshit. Apple is not going to lock down Mac OS X Lion. There's no way they can use this current trojan as an excuse to do something which makes no damned sense in the first place. Apple will not cripple Mac OS X. The only remotely possible thing is that 10.8 could have a security model that defaults to only allowing signed apps, but the user can toggle a System Preference to enable it. However, even this is of extremely low likelihood. Mac OS X and iOS are not the same OS. What's good for one OS is not necessarily good for the other. That's why there are two OS's in the first place! Tech "writers" need to figure this out.

Re:Now I am _really_ panicked (2, Insightful)

sunspot42 (455706) | more than 2 years ago | (#36207352)

Yeah, this story is complete bullshit. Apple is not going to lock down Mac OS X Lion.

I disagree. I think Apple probably will ship a locked-down version of OS X sometime in the next couple of years, and it'll be the default version of the OS. Yeah, you'll still be able to unlock it, but it may not be particularly easy - indeed, the ability to unlock may only be available in a separate "professional" version of the OS.

And I think given the stupidity of the average user (Mac, PC, Android, whatever), this is probably not a bad thing.

Re:Now I am _really_ panicked (1)

PopeRatzo (965947) | more than 2 years ago | (#36207510)

Apple will not cripple Mac OS X.

It's not "crippling", it's revenue enhancement.

And, yes, they will certainly lock down OSX. You may still be able to buy a Mac Pro with an unlocked OS, but I'm willing to bet that soon all iMacs and MacBooks will be 100% walled garden.

Re:Now I am _really_ panicked (5, Insightful)

stewbacca (1033764) | more than 2 years ago | (#36207592)

And, yes, they will certainly lock down OSX.

Ahh, the inevitably incorrect Apple prediction. The most valuable tech company in the world that was predicted dead in 1997...the company that killed the floppy drive prematurely...the company that adopted USB too early...the company with the lame mp3 player.

You may still be able to buy a Mac Pro with an unlocked OS, but I'm willing to bet that soon all iMacs and MacBooks will be 100% walled garden.

That is possibly the most stupid prediction I've seen. Why would the company who is getting ready to consolidate OSX Server and OSX Home into ONE edition --OSX Lion-- start making different versions of the OS based on the user's hardware?

Keep predicting slashdotters, because my livelihood benefits from your terrible predictions.

Re:Now I am _really_ panicked (1)

DarkXale (1771414) | more than 2 years ago | (#36207798)

Shipping a locked an non-locked version is trivial. Its the equivalent of "Windows 7 Home Premium" and "Windows 7 Enterprise", or "Ultimate" as its known by most folk. OSX lost the server wars, so thats why its getting consolidated into the main OS.

Re:Now I am _really_ panicked (1)

boristhespider (1678416) | more than 2 years ago | (#36207596)

I'd be willing to take you up on that bet. It would be suicide -- the number of people buying Macbooks (particularly Macbook Pros) would plummet. I use one because I like having a Unix with a tarty windowing system. Take that away and I put Linux on the machine instead and live with KDE or XFCE, and *everyone* working with me will do the same because we need the GNU toolchain to do our work and the ability to install niche software that's unlikely to appear in the App Store.

Logic fail. (1)

Anonymous Coward | more than 2 years ago | (#36207024)

So it's not a significant problem because another platform might have a bigger problem.

Right.

Qubes OS (3, Interesting)

Anonymous Coward | more than 2 years ago | (#36207036)

I'll admit I bought a macbook in 2009 with likelihood of system vulnerabilities in mind. I *did* consider a number of other things, so I'm not a bad person, I swear.

Some say it's a case of going to a FOSS operating system... or specifically a BSD family kernel... or even of going to OpenBSD exclusively. Some say it's a case of knowing our OpenBSD software inside out and testing thouroughly *and* putting various in safeguards.

However, they're all missing a piece of the puzzle. Qubes OS should be on everyone's radar, especially since it's starting to progress. Sadly, it's one of those things that unless you give it some time to read up about you'll only hear bits and pieces about and then sadly ignore it.

Qubes, with Joanna Rutkowska at the helm no less, is a solid framework of ideas that results in the security we should all expect of an operating system. Fear that you'll have input sniffed or root compromised? Have your system disconnected from the internet - "what?", you say, before you read on and realise how silly it is in the first place.

Everything is in a VM instance, each VM instance can boot from the same image and run a (single, if you feel like it) program. The data that instance *thinks* was written to disk was instead pushed to a copy-on-write block device which can be thrown away when you're done.want files between different VMs? Message dom0 with the request from inside the VM and then accept the dialogue box that your isolated dom0 greets you with.

Sadly, I'm not the best ambassador. Sadly, I'm in a rush and haven't supplied my best effort in communicating how significant Qubes will be. Sadly, it's taken until now to have decent security on a desktop. But now I can be confident.

The universe is smiling down on me for this post with a captcha of "secure", and rightly so if you hop aboard.

Re:Qubes OS (2)

obarthelemy (160321) | more than 2 years ago | (#36207380)

It's not about the OS, it's about the user. Don't run in admin mode, install an antivirus and OS/Apps updates, don't install crap from just anywhere, avoid Flash, IE, Firefox.

Been doing that in Windows for me and my parents for years, got a virus once, when an ex called bout a failing hard drive and I dumbly just connected it to my spare PC to try and salvage the files.

Re:Qubes OS (5, Insightful)

Anonymous Coward | more than 2 years ago | (#36207402)

I don't know whether your post is serious or a reference to some meme I am unfamiliar with, but anyway.

Everything is in a VM instance

If this is the (only) reason why it is "secure", and the official website seems to say so, you may want to go with OpenBSD anyway. To quote Theo de Raadt:

You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.

Rutkowska definitely has an impressive resume, but I don't think that even someone like her can make a system secure just by using virtualization. However, I will make sure to keep an eye on that project, it looks quite interesting even though it won't replace my current setup.

Re:Qubes OS (0)

Anonymous Coward | more than 2 years ago | (#36207672)

OP here

You make a point, and rightly so - there will always be software exploits even when designs are made to avoid them. But you can make sensible choices, and pointing these out would take more time than I have right now - the Xen hypervisor, as used in Qubes, is a far more sensible choice than KVM. KVM is in the same ring of operation as the kernel, so any driver exploit could carry over, whereas Xen by design is a hypervisor from the layer above.

Of note is that the dom0 is a grand total of just a couple of thousand lines aside from Xen - "you could audit it in a weekend, and get someone *else* to do it along side you" as Ms Rutkowska points out. Having a thin amount of code that you actually boot to begin with is a plus, using the more sensible hypervisor and then making sure the VMs are easily thrown away after use are all choices which head in the right direction.

Nope. I don't worry at all, and I guess that few d (1, Offtopic)

Khenke (710763) | more than 2 years ago | (#36207038)

"Why You Shouldn't Panic Over Mac Malware"

Nope. I don't worry at all, and I guess that few do.
Because I and most other don't own a mac. That must be the obvious answer...

(Too lazy/not interested to read the summery or the article)

What a load of crap (3, Insightful)

Flipao (903929) | more than 2 years ago | (#36207040)

There's no need to deflect attention,, this is not about Android, this is about Apple computers having the type of issues for which PCs have always been made fun of.

The reason Mac users are now targetted is because they are less computer savvy, have deep pockets and have been educated to open their wallet on command.

Re:What a load of crap (3, Interesting)

Anonymous Coward | more than 2 years ago | (#36207080)

Mac users less computer savvy? Not really I've seen a lot of IT- and multimedia-pros using them. I've never understood why geeks don't appreciate useability...

For me the Mac is Unix + hardware support + hot souce!

But I'd have to thank Linux as it made me fall in love with *nix-systems.

And exploits? I only get my software from trusted sources, no remote services are on, never connect to public wifi. On the other hand, if you follow this advice you are very unlikely to get infected, even on windows. But I just prefer the Mac. No need for bashing and fanboyism.

Re:What a load of crap (3, Insightful)

dr.Flake (601029) | more than 2 years ago | (#36207142)

Sort of the same for me.

For me the route was also windows -> linux -> OSX.

However, during my linux period i grew accustomed to finding great software doing almost everything i could wish for within a few clicks/google searches.

For OSX its the opposite. For every small task that i want to accomplish, i seem to need to pony up. Every small time programmer tries to make a buck with his little program. Nothing wrong with that, but where are the Free/Libre alternatives?

For now, after long searches i end up installing untrustworthy programs, because i'm used to get it all for "free" (he, i am Dutch). My problem, sure. But a lot of people like me would fall into these kind of traps.

Re:What a load of crap (0)

Anonymous Coward | more than 2 years ago | (#36207158)

Wasn't the whole advantage of OSX to have usability + compatibility with linux and unix applications?

Re:What a load of crap (0)

Anonymous Coward | more than 2 years ago | (#36207224)

The plug.

Re:What a load of crap (2, Informative)

Anonymous Coward | more than 2 years ago | (#36207238)

You have pretty much that, if you want your GUI application to run under X11 (well, some things are a bit different, but not that much).

But if you want native OS X applications, then the free alternatives are usually outnumbered by the shareware ones. Shareware has been strong in the Mac ecosystem since before OS X whereas it has been mostly non-existent in the Linux ecosystem.

Re:What a load of crap (5, Insightful)

Tom (822) | more than 2 years ago | (#36207386)

However, during my linux period i grew accustomed to finding great software doing almost everything i could wish for within a few clicks/google searches.

For OSX its the opposite. For every small task that i want to accomplish, i seem to need to pony up. Every small time programmer tries to make a buck with his little program. Nothing wrong with that, but where are the Free/Libre alternatives?

Not learnt anything during your Linux period? Ok, I'll help out. The answer to your question is: Are you writing them? No? See, that's why they're not there.

Re:What a load of crap (1)

Anonymous Coward | more than 2 years ago | (#36207568)

Where are the free apps for OSX? Seriously?
http://sourceforge.net/directory/desktop/mac

Re:What a load of crap (4, Informative)

Gaygirlie (1657131) | more than 2 years ago | (#36207184)

Mac users less computer savvy? Not really I've seen a lot of IT- and multimedia-pros using them.

Yes, and I've seen plenty of IT- and multimedia-pros using Windows PCs, yet majority of Windows users are still not too computer savvy. Similarly, from what I've seen the majority of Mac users are equally non-computer-savvy.

And that's the whole issue. These scams and such aren't targeting the pros, they are targeting the people who don't really understand what they're doing. Macs are also more costly than the average Windows PCs and thus it's likely that a person owning a Mac is wealthy enough to make an excellent target for these things.

Re:What a load of crap (4, Insightful)

boristhespider (1678416) | more than 2 years ago | (#36207368)

Wait, you mean.... the majority of people aren't computer savvy????? STOP THE PRESSES!

I'm not sure why people find this so hard to understand. Most people in this world
a) Don't understand computers
b) Don't really give a shit about understanding computers
c) Simply just don't care

That goes whether they're running Windows or Mac -- and for those who use a Linux their more computer-savvy relatives installed on their computer. And these days I strongly expect more and more Linux users to be computer un-savvy. That's the whole point behind Canonical's ethos is to grow beyond people who enjoy recompiling kernels, after all.

Re:What a load of crap (1)

stewbacca (1033764) | more than 2 years ago | (#36207640)

I've never understood why geeks don't appreciate useability..

I'm design oriented and can flip this around...I've never understood why I can't get a good grasp on basic programming logic. It seems it's a mindset of WYSIWYG vs. I'm-super-logical-and-need-to-do-this-myself.

I'm married to a programmer, so I live this dichotomy every day ;-)

Mind you neither are better than the other, just different. Of course, "design mode" IS better...for me...because I can get faster nicer looking results...FOR ME...but my wife can knock out 100 times the functionality in half the time, and change it in 1/10th of the time. It just doesn't look as nice.

Re:What a load of crap (1)

Anonymous Coward | more than 2 years ago | (#36207154)

as have been demonstrated time and again at hacking conventions/contests, OSX is the least secure of the major operating systems. Geeks that use it are just blind fanbois.

Re:What a load of crap (0)

Anonymous Coward | more than 2 years ago | (#36207332)

You can't possibly believe that PC users aren't plenty ignorant. Tech savvy people tend to understand multiple OS, and I can tell you most mac users have an understanding of windows but not nearly as often the other way around.

In the end however the internet is brimming with tech-clueless people who install free screensavers and smiley packs or worse yet AOL 9.0 optimized. It isn't a matter of what OS you use. Desktop users are just plain stupid and easily targeted, and for this reason I never want to work in office IT support.

Re:What a load of crap (3, Interesting)

popo (107611) | more than 2 years ago | (#36207346)

Actually, it's all about Android.

Any hacker will tell you that the smartphone is the juiciest target of them all. Loaded with credit card and direct billing capacity, and with manufacturer-customized OS's that are rarely updated or patched, and thrown together under tight deadlines.

Smartphones are the low hanging fruit of the decade. And of that fruit, Android is the juiciest because of it's relative lack of manufacturer updates.

Re:What a load of crap (0)

Anonymous Coward | more than 2 years ago | (#36207444)

Ah, so ignore any kind of negative story about OSX? Gotcha.

Re:What a load of crap (0)

Anonymous Coward | more than 2 years ago | (#36207516)

Smartphones are good for grabbing data, but no good for DDOS attacks. There's no need to have a zombie smartphone, as it's unlikely to be able to pass significant data before the carrier kills it. So while an Android trojan may be likely, a MacOS virus would be able to do more over a longer term for the virus writer.

Re:What a load of crap (1)

hedwards (940851) | more than 2 years ago | (#36207696)

That might be, but what precisely does that have to do with malware that affects an OS which can't be made to run on a handset?

Re:What a load of crap (2, Insightful)

Anonymous Coward | more than 2 years ago | (#36207420)

Around CS and math departments at universities, it seems to me that macs are becoming almost universally adopted. Same is true for the best back-end oriented tech companies (e.g., google). I think it's likely that there are two peaks for computer skill for mac users-- very competent folks who are willing to pay more for an easy-to-use unix laptop, and those less savvy folks that you seem to have more experience with.

Re:What a load of crap (4, Funny)

stewbacca (1033764) | more than 2 years ago | (#36207664)

Unpossible. Haven't you read the comments? Only people who are STUPID and have DEEP POCKETS use Macs. Neither of these describes college students.

Re:What a load of crap (1)

UncHellMatt (790153) | more than 2 years ago | (#36207434)

I don't know if I would entirely agree with this. As someone who services both Macs and PCs, across the board I would put the percentage of ignorance as roughly the same. Consider how many PC users willingly click on the popups that say "Your computer is at risk! Click here to clean" or "Your computer has detected spyware. Click to clean". As well, consider how many PC users visit video sites which claim that in order to view this video of Lindsey Lohan and a great dane getting freaky, you need this "special" video plugin. On both sides of the home computing world, there is at least as many gullible people on Windows as on Mac, it's just that Fruit Heads seem to have this foolish idea that they're somehow immune. As noted by many, the Safari exploit alone is an issue, but there are decidedly more.

Frankly what goes up my nose sideways is this statement: "One of those features is the introduction of the Mac App Store, an Apple-controlled storefront for selling and distributing applications"

So allowing Apple to have final say on what I do and don't get to install on my computer is somehow better? This is precisely what will make me jump ship again; I've used them since the mid 80s, jumped ship with system 7.5 ("Error type 11 has just occurred, please kiss your ass goodbye") then came back at around system 10.2, and while I really enjoyed the OS, this idea that somehow putting all my "trust" in Apple's hands, that somehow Mr. Jobs and crew must know what's best for me, that boggles my mind. Again, as noted by others perhaps not in this thread, Apple has become the Big Brother their ads once suggested they broke away from. If, now don't get me wrong I do mean "if", Apple decides that they want to make the app store the singular method to install apps as it is on the iPad and iPod, that'll be the end of it for me. Which is a pity, because it is a rather nice desktop OS.

Re:What a load of crap (0)

Anonymous Coward | more than 2 years ago | (#36207436)

The reason Mac users are now targetted is because they are less computer savvy, have deep pockets and have been educated to open their wallet on command.

Stereotype much? lol

Re:What a load of crap (1)

stewbacca (1033764) | more than 2 years ago | (#36207620)

The reason Mac users are now targetted is because they are less computer savvy,

*citation needed

have deep pockets

Probably because they have jobs and moved out of their mothers' basements.

and have been shown to be more educated than Windows users.

FTFY, which probably explains your second point as well
    http://news.cnet.com/8301-17852_3-20056815-71.html [cnet.com]

Re:What a load of crap (1)

aardwolf64 (160070) | more than 2 years ago | (#36207692)

What "type of issues" would that be? It's an OS that will let you install software, and there are people that are writing software to do bad things. How is that a fault of the OS?

Not quite. (1)

itsdapead (734413) | more than 2 years ago | (#36207750)

There's no need to deflect attention,, this is not about Android, this is about Apple computers having the type of issues for which PCs have always been made fun of.

Except an important aspect of the "type of issues for which PCs have always been made fun of" was the lack of a credible security model in "old" Windows, combined with Windows' huge albatross of "legacy" software. Even after the deficiency was rectified in NT and XP, this leads to users running as "admin" and/or being so bombarded with security warnings that they ignore them.

OSX and Linux use a "sudo" model which is fundamentally more secure than "old" windows or even XP in its typical "all users are superuser" mode. That ought to be becoming less of an issue with Win7.

None of them are immune to "social engineering" that tricks the user into manually installing, authorizing and running malware. The only solution to that, as TFA suggests, is iPad style lock-down. Personally, I can live with that on a phone or tablet, but if Apple try and impose it on "proper" computers, I'm out.

Why Shouldn't I Panic Over Mac Malware? (1, Funny)

Anonymous Coward | more than 2 years ago | (#36207044)

because I don't own one...

App store as a preventative? On a Mac? (2)

Altanar (56809) | more than 2 years ago | (#36207046)

Unless Apple makes it mandatory for all applications on Macs be installed using the new app store, then it doesn't prevent anything. It's not like Mac users are going to immediately stop installing stand-alone programs the moment the store comes out. And if they're installing standalone programs, then the people who get tricked into installing fake anti-virus software won't give it a second thought about installing what that fake system message pop-up told them.

Re:App store as a preventative? On a Mac? (1)

nzac (1822298) | more than 2 years ago | (#36207236)

Yes its not fool proof but a preventative only has to (significantly) reduce the chance. If people (clueless mac owners) can be encouraged to go to the app store instead of goggling for a program to meet their needs then this will help to reduce virus.

Of course i think only having one app store controlled to produce profit is bad but it should at least have less viruses than the internet.

Re:App store as a preventative? On a Mac? (1)

mwvdlee (775178) | more than 2 years ago | (#36207324)

It'd be hard for Apple to make it mandatory, but at the very least they could simply alter their warranty terms to exclude any system using software installed outside their Mac app store. They could cripple the OS for "security" reasons. They could lock you out of online services. They could do a number of things which may not make it mandatory, but pretty much force you to do as they say anyway.

Re:App store as a preventative? On a Mac? (1)

drinkypoo (153816) | more than 2 years ago | (#36207860)

It'd be hard for Apple to make it mandatory, but at the very least they could simply alter their warranty terms to exclude any system using software installed outside their Mac app store.

Then they're going to have to stop claiming POSIX compliance, et cetera. In the USA, the Magnuson-Moss warranty act prohibits any such shenanigans; if you follow the API then your programs meet specifications and therefore the warranty cannot be voided for running them.

Astroturf. (5, Insightful)

Anonymous Coward | more than 2 years ago | (#36207134)

Nice bit of Astroturf there.

So, we shouldn't worry about malware on the Mac because Oh LOOK here's some speculation about a completely different OS so don't pay attention to this story anymore!!!

And then the inevitable push from Apple to have total control over you system by the eventual restriction of apps to Apple market-approved programs only. Well that's sure a nice idea, too bad some of the Official apps like Safari also contain security weaknesses. So much for the safety of the walled garden approach. But it's not stopping them from trying, apparently.

No, I don't panic over Malware on my Mac. It has nothing to do with Android, or any other OS, or the App Market, or anything else this shit-for-an-article is talking about.

There it is, there's the gimmick! (0)

Anonymous Coward | more than 2 years ago | (#36207136)

Since there are more android phones, than iphones, therefore, malware writers will target that device instead, thus, Apple can proclaim that the iPhone is MORE secure than android phones. Gee, this sounds familar with Macs and PCs.....

Not to state the obvious, but (0)

Anonymous Coward | more than 2 years ago | (#36207144)

Shouldn't you panic that you have a Mac?

No need to panic, merely be more careful. (4, Insightful)

MROD (101561) | more than 2 years ago | (#36207156)

The story has the correct title but rather misses the point. Yes, it's not time to panic. There is a set of malicious tojan horse programs out there for MacOS. The current crop require the user to authorise their installation. i.e. the security weakest link (at the moment) being exploited is the one behind the keyboard. Very often this is the places where security is the weakest, just watch WarGames if you doubt this. MacOS is by design, with a greater degree of privilege and OS/Application separation, more resistant to attack than Microsoft Windows has been. However, this is not to say that it is not vulnerable. All systems are, be it design flaws or merely implementation flaws. Yes, I'm looking at you Linux, FreeBSD, OpenBSD, Solaris, HP/UX and AIX. No-one can rest on their laurels.

Re:No need to panic, merely be more careful. (1)

euyis (1521257) | more than 2 years ago | (#36207272)

Ever heard of UAC?

Re:No need to panic, merely be more careful. (0)

MROD (101561) | more than 2 years ago | (#36207366)

Yes I have, and it's an attempt to retro-fit a useful security model to a system not designed to have such security from the beginning. Of course, because of the poor security decisions made by Microsoft in the 1980s and compounded in the 90s, such as allowing application installs to use the OS directory structure to place DLLs and configuration files and combining the system and application registries into one database, etc. If you add to that the 3rd party software producers who weren't forced to build software which had to operate in a non-privileged environment and hence required to run as Administrator who's applications are still causing problems and you still have a major security problem on your hands. Microsoft let the genie out of the bottle and it's very difficult to put it back in. That's entropy for you.

Re:No need to panic, merely be more careful. (4, Informative)

benjymouse (756774) | more than 2 years ago | (#36207522)

Yes I have, and it's an attempt to retro-fit a useful security model to a system not designed to have such security from the beginning.

No, UAC uses the already user and process tokens which were in Windows NT from the get-go to strip any token of certain rights. Compared to OS X and unix whic were borne with 12 bits of security, the Windows model is much more granular. The fact that Windows model is built to secure any OS object - not just filesystem objects - makes it more suitable in this exact scenario. The *nix idea of allowing setuid or setgid "servers" to "drop from root" is thoroughly broken and has been the source of numerous vulnerabilities and exploits. Setuid is necessary because *nix does not have sufficiently granular privileges.

UAC is using capabilities which were already there, thanks to the initial design using tokens and handles.

Re:No need to panic, merely be more careful. (1, Troll)

hedwards (940851) | more than 2 years ago | (#36207742)

Nice trolling. You do realize that even before MAC [wikipedia.org] that security was more involved than that, right? Perhaps you might want to do some research before you post that kind of BS here. Setuid is necessary because some applications aren't properly programmed.

I can't help but notice that you're ignoring the fact that MAC came out before Windows got any sort of granular permissions and that up until Vista came out in 2006 that Windows effectively didn't have any ability to set permissions on the machines average users were using.

Re:No need to panic, merely be more careful. (1)

cheros (223479) | more than 2 years ago | (#36207300)

Correct, and this supports the one statement I always make when someone tells me that "their" OS is safe: prove it.

I run the 3 major ones (Linux, OSX and -now only occasionally- Windows), and only the Linux setup does not have any anti-virus and anti-trojan on it as it runs off read-only media. But on the Mac I have Kaspersky too. Not that it runs permanently, but I test anything that I'm interested in installing, and every so often I do a full check from an account with admin risks (my work account has no admin rights).

That leaves some residual risk, but I'm happy with that. Oh, and I have Hands Off configured to stop the Adobe Updater getting out onto the Net - when I find time I'll throw the Adobe Reader off the box and restore the default. It updates so often it makes the Mac look like a Windows box :-).

Pet hate: applications installing extra, separate update agents you have no control over. Adobe is far from the only offender, and OSX doesn't have a decent uninstall mechanism. I wish they sorted that out before doing any App shop crap which mainly represents a rise in software prices without benefitting the actual software writers..

Re:No need to panic, merely be more careful. (1)

Paradise Pete (33184) | more than 2 years ago | (#36207338)

But on the Mac I have Kaspersky too. Not that it runs permanently, but I test anything that I'm interested in installing, and every so often I do a full check from an account with admin risks

Have you ever found anything?

Re:No need to panic, merely be more careful. (0)

Anonymous Coward | more than 2 years ago | (#36207496)

I find the occasional Windows virus on ebooks packaged in .exe that my girlfriend insists on downloading from the Russian internet. It's no wonder her Windows XP boxes are totally bricked given her habit of downloading anything and double-clicking it. (And then complaining to me that "it works on my other machine". Yes, because that's a Windows machine. That file is a program. Did you never wonder why they made a book a program? It certainly wasn't for the convenience of it...)

Re:No need to panic, merely be more careful. (2)

benjymouse (756774) | more than 2 years ago | (#36207538)

MacOS is by design, with a greater degree of privilege and OS/Application separation, more resistant to attack than Microsoft Windows has been.

Could you describe that "design", please? I mean a few more specifics beyond the "it builds upon Unix" as if that is in itself a design. What separation are you referring to?

Re:No need to panic, merely be more careful. (1)

Anonymous Coward | more than 2 years ago | (#36207778)

Heh.. don't hold your breath. You will get the usual handwaving and some random anecdote about windows security from the 90s. I think the number of people who actually understand NT design is about 0.0001% of the supposed "geeks" here. I'd say the majority of this websites users are "barely technical". They can install and configure applications and run a few scripts but beyond that, theres no hope of a highly technical conversation without the trolls jumping in.

Oh please (0)

Anonymous Coward | more than 2 years ago | (#36207200)

There are more Android handsets therefore no-one could possibly want to write Mac malware? Nice "logic".

Comparing Mac install to Android? (1)

tyrione (134248) | more than 2 years ago | (#36207248)

How brain dead is that? The install base of OS X is 50+ Million and climbing. The install base of iOS is 120+ Million and climbing. What's your point?

Re:Comparing Mac install to Android? (0)

Anonymous Coward | more than 2 years ago | (#36207700)

My thought exactly ... Along the same line : "surely iOS is a more tempting target than Mac OS/Linux/android/put anything below 120millions users here".

Re:Comparing Mac install to Android? (1)

stewbacca (1033764) | more than 2 years ago | (#36207738)

I read TFA and the point I took from it was that OSX still isn't a juicy enough target, given other, more ubiquitous options. If you search my post history, however, you'll see I think that argument is totally bunk, because if I were a hacker, I'd go after the easiest target that has millions of users...it doesn't matter if one platform had 700,000 million users and the other only had 50 million...if the 50 million were easier to hack, I'd hack it. At some point the argument "there aren't enough Macs to be worth it" has to go away. How many MILLIONS of targets do you need? Does everything in life have to be relative to something else (market share), or isn't 50 million enough?

What kind of logic is this? (1)

kenbo11 (1097593) | more than 2 years ago | (#36207274)

" If a large numbers of eyeballs is indeed the lure that causes criminals to write malware " Not very good to base your security practices on an IF! Just because the majority of hackers think this way, doesn't mean they all do. All it takes is one to say "I don't like Macs, I'm gonna hack it." And "boom goes the dynamite!" It's the 'most people think this, So all people think this' mentality that ticks me off

Re:What kind of logic is this? (0)

Anonymous Coward | more than 2 years ago | (#36207334)

It's Gartner logic. They sell IT reports to necktie wearing professional manager types who know nothing about IT.

Gartner is only ever right about things in the same way a stopped clock is, that is by coincidence.

Re:What kind of logic is this? (1)

stewbacca (1033764) | more than 2 years ago | (#36207754)

Considering how hardcore anti-Apple haters are, I think it says a lot about OSX security that none of those dorks have ever managed to do any harm.

Doh! (1)

mkdx (1314471) | more than 2 years ago | (#36207290)

But of course, none should panic because the usual Apple astroturfing/deflection suggests so...

Re:Doh! (0)

Anonymous Coward | more than 2 years ago | (#36207364)

But of course, none should panic because the usual Apple astroturfing/deflection suggests so...

As a general rule everything Gartner says is mindless babble. They say stupid things and make crazy and wildly incorrect predictions, they have been doing this for years.

Maybe apple paid Gartner, who knows.

#1 reason you shouldn't panic over Mac malware... (0)

mwvdlee (775178) | more than 2 years ago | (#36207296)

The #1 reason you shouldn't panic over Mac malware is because it will be SO funny to all of us who have protected our platforms from malware when Macs get infected, it really IS worth all those Mac users losing their data and having their identity stolen.

As for the eyeballs thing; it also assumes the platform can be succesfully exploited for financial gain by the hackers. That would probably be a lot easier on a desktop OS than a mobile OS.

Why You Shouldn't Panic Over Mac Malware (-1)

Anonymous Coward | more than 2 years ago | (#36207452)

You mean me? I shouldn't panic because I don't run a faggoty OS that causes aids, that's why.

I have a better reason... (-1, Flamebait)

Charliemopps (1157495) | more than 2 years ago | (#36207470)

I don't have to worry about Apple Malware because I have never, and will never own an apple. There is absolutely no reason to own an apple, they've always been more expensive with less features... although I'm sure someone will pop in here to tell me that it's the better system for "Artists" or some other garbage.

Re:I have a better reason... (1)

fluch (126140) | more than 2 years ago | (#36207520)

Well, for me -- not being an artist, but a mathematician -- a Mac just perfoms best. Great huge screen, an OS which just works the way it should, a great TeX distribution, and good choice of programs for surfing the web, reading e-mails and organising my BibTeX references. I for myself have used Linux before and it does a great job but by now I feel more comfortable with my iMac...

Re:I have a better reason... (1)

stewbacca (1033764) | more than 2 years ago | (#36207790)

You fed the troll! Never feed the troll! But yeah, there indeed is "absolutely no reason to own an apple" for sure. Dammit, just feed the troll...

Re:I have a better reason... (0)

Anonymous Coward | more than 2 years ago | (#36207844)

In other words, absolutely nothing except for the way the OS looks.

Re:I have a better reason... (1)

Anonymous Coward | more than 2 years ago | (#36207858)

Mac OS X gives me a UNIX system with a good quality GUI. Show me any other operating system that comes with apache, ruby, perl, and so on pre-installed, and allows me to run microsoft office, and allows me to play a bit of Star Craft from time to time?

It doesn't exist outside the mac. I would have to buy two PC's, one for windows and one for Linux. Or one PC and run the other OS in a slow/buggy virtual machine.

I paid $2,000 for my mac a few years ago and it's still nice and fast now. I'll probably still be using it in another three years. As someone who earns ~$50,000 per year creating websites, a computer that costs a bit over $1 per day is hardly expensive. Is it the cheapest system available? Probably not, but it's not expensive.

For you, maybe Mac OS X is not a good choice. But you're blind if you honestly think there is no reason at all to use it.

From the Apple Ministry of Information: (1)

Dr La (1342733) | more than 2 years ago | (#36207488)

There are *no* tanks in Bagdad, I repeat: there are *no* tanks in Bagdad....

Re:From the Apple Ministry of Information: (1)

stewbacca (1033764) | more than 2 years ago | (#36207800)

Because I'm a Mac user, and therefore more educated, I have to tell you it's spelled "Baghdad".

OS X App Store a disappointment so far (4, Informative)

cerberusss (660701) | more than 2 years ago | (#36207558)

So far, the OS X AppStore couldn't be called 'wildly popular' since its inception on January this year. Regularly, I checked my installed apps for availability in the App Store, because it allows for such easy updating. Lo and behold, only fairly trivial apps are there, the following list is not available in the App Store:

  • Google software (Chrome, Sketchup)
  • Mozilla software (Firefox, Thunderbird)
  • Adobe software (Flash, Flash Builder CS5, Photoshop etc)
  • Microsoft software (Office, Messenger, Silverlight etc.)
  • OpenOffice
  • Seashore (painting program)
  • Parallels
  • VLC
  • Skype
  • Calibre (an eBook converter)
  • XBench (a benchmark for OS X)
  • Vuze
  • KisMAC

Now I agree that stuff like a bittorrent client (Vuze) and a network sniffing tool (KisMAC) would probably be refused in the App Store. But all in all, the OS X App Store could be called a disappointment so far.

Note that the Opera browser (which contains a bittorrent client) is in the App Store.

Re:OS X App Store a disappointment so far (0)

Anonymous Coward | more than 2 years ago | (#36207712)

That's because those publishers don't need or want to give into apple app store extortion.

Re:OS X App Store a disappointment so far (1)

rcoxdav (648172) | more than 2 years ago | (#36207876)

What, you expect Apple to really even acknowledge VLC?? Don't you know that Quicktime just plays EVERYTHING!! And Firefox, Chrome, come on, Safari is the Shiznit! What could be better than Apple made software!

1 billion Linux devices per year (0)

Anonymous Coward | more than 2 years ago | (#36207652)

Linux has come a long way and the number of devices sold each year is exploding.

Oh don't worry (2)

MadeInUSA (2028028) | more than 2 years ago | (#36207678)

Don't worry, huh? There are more Androids than Apple computers out there... While I believe some people store pretty important information on their phones and "pads", I tend to think that malware in a deskptop is a much more serious threat to people - maybe because most people store their most personal and sensitive information in desktops?

Saffire Advice for Slashdot Editors... (0)

stewbacca (1033764) | more than 2 years ago | (#36207812)

3) watch out for too-cute writing that tries too hard to be unpredictable or deliberately controversial.

Using A Sledgehammer To Crack A Walnut (2, Insightful)

pandrijeczko (588093) | more than 2 years ago | (#36207824)

Just an education to those "happy-go-lucky" fanbois who believe their beloved Macs are somehow immune to malware:

1. Malware can appear on any system - yes, even my beloved Linux is not totally immune from the threats.

2. Defending computing devices against malware is as much about your own common sense as it is about someone else's anti-walware software or handing over your responsibilities in their entirety to Lord Jobs The Almighty. That means understanding *how* malware can enter through a web-site, email attachment, etc. and not going to sulubrious websites or opening emails where you don't necessarily trust the source. Yes, fanbois, it may be beneath your designer "pay someone else to do it lifestyles" but it all comes down to not being naive plonkers and learning how a computer works.

3. Apple has become an "evil company" in the eyes of many, just like Microsoft and Sony did. When that's the case, subsets of malware authors who consider themselves to be Internet Robin Hoods will consider that they are doing the world a favour by targetting Apple over and over again. Whether they do that or not is irrespective of how many Macs are out there, it's more on just how big and evil they perceive Apple to be.

4. Apple moving all software under the App Store banner is *precisely* what Apple wants to do because it makes them more money - it has *nothing* to do with anti-malware measures apart from giving them a good excuse to do it amongst the faithful. As that lockdown gets more and more, you will see a recurrence of exactly what has plagued Windows for many years - namely that not every fanboi has millionnaire parents and whilst some will buy every piece of software they use, most will get cracked copies which will be infected with all manner of malware because they won't or can't pay for the software.

5. Yes, Android will also be targetted and non-techie Android users will suffer as a result. But anyone who is tech-savvy knows where the legitimate sources for software are and how to do as many checks as possible before installing anything. I've run Windows XP alongside Linux for years, for about 5 years now I went totally legitimate in the software that I use (I gave up with cracks and warez, I use Open Source programs and legitimately licensed and paid-for software) and I've not seen a piece of malware or virus in years - and that's running freebie virus checkers and anti-malware programs.

6. I've not used Vista or Windows 7 because I've found no good reason to - but as I understand it, in Windows 7 Microsoft have put in much better layered security that takes into account people who don't know what they're doing and, as a result, it's having a positive effect on reducing malware spread on Windows 7. Yet at the same time, Apple leaves a ridiculous amount of unpatched flaws (especially in that Safari garbage) on their systems. The net result is malware creators will ultimately find it easier to target Apple than Microsoft, as Microsoft gets better and better at holding them back. (Nope, I'm not an MS fanboi, I use Linux more than Windows but I tell it like I see it as a security techie in my day job.)

So stop with the defensive posturing, get your heads out of your assholes and READ THE FUCKING MANUALS like the rest of us do.

these are the not the droids you are looking for (0)

Anonymous Coward | more than 2 years ago | (#36207830)

Simple response for all the apple fanbois, your master steve jobs told you there are no problems so there are no problems.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...