Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Do Macs Have an Edge Against APTs?

timothy posted more than 2 years ago | from the not-the-debian-variety-of-apt dept.

China 210

itwbennett writes "Macs aren't being hit with advanced persistent threat (APT) attacks, but that doesn't mean they're invulnerable, say researchers at iSec Partners. Speaking at the Black Hat conference in Las Vegas Wednesday, iSec founder Alex Stamos and his team of researchers took a look at the typical stages of an APT attack — and compared how the Mac would do versus Windows 7. Their conclusion: Macs provide good protection against the initial phases of the attack, but once the bad guys are on the network, it's a whole different story. 'They're pretty good for [protecting from] remote exploitation,' Stamos said. '[But] once you install OS X server you're toast.'"

cancel ×

210 comments

Here We Go Again ... (2, Insightful)

WrongSizeGlass (838941) | more than 2 years ago | (#36992364)

Wash. Rinse Repeat.

Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable.

How many times are we going to get the same stories? If the user is willing to do anything the app or websites tells them to, well, you can't protect them.

Re:Here We Go Again ... (1, Insightful)

russotto (537200) | more than 2 years ago | (#36992906)

Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable.

How many times are we going to get the same stories?

Until the Microsoft propaganda machine stops pumping them out, I suppose.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36992948)

Do you have any evidence to suggest that Microsoft is behind this story in some way? Any at all?

Re:Here We Go Again ... (2, Interesting)

Jerry (6400) | more than 2 years ago | (#36993022)

Apparently you've never read about James Plamondon and his "Technical Evangelists" [groklaw.net] . The Combs-3096.pdf is a collection of his training manuals and describes "The Slog", and a real jewel you'll love called "The Stacked Panel". Then, I suppose, you've forgotten about the stuffed ISO committees, or the scam which gave expensive laptops to journalists in exchange for favorable stories about VISTA?

When his "work" was revealed in the Combs vs Microsoft trial Plamondon did a Mea Culpa, and now decries the tactics he used to help Microsoft establish market dominance. Too little, too late.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36993254)

Let's try this again:
Do you have any evidence to suggest that Microsoft is behind this story in some way? Any at all?

Re:Here We Go Again ... (3, Insightful)

Gadget_Guy (627405) | more than 2 years ago | (#36993290)

Do you have any evidence to suggest that Microsoft is behind this story in some way? Any at all?

Apparently you've never read about James Plamondon and his "Technical Evangelists".

So the answer is no then.

Surely attempting to demean a study and its researchers by alluding to bad things done by a completely separate group of individuals (without any evidence linking the two) is exactly the kind of behaviour (of Plamondon) that you are decrying. The fact that Microsoft had technical evangelists does not mean that the opposition's products are without criticism, nor that such criticism will be sponsored by Microsoft. I have yet to see any indication that Robert McMillan or iSec Partners are shills for any company.

Re:Here We Go Again ... (1)

iserlohn (49556) | more than 2 years ago | (#36994462)

Microsoft has some very dirty laundry in this area, and the GP just wanted to point out the similarities between those cases, and this specific case.

That's my objective reading of this thread, of course, you are free to add your own bias.

Re:Here We Go Again ... (1)

ozmanjusri (601766) | more than 2 years ago | (#36994578)

I don't know about iSec, but McMillan/IDG have a long history of being cosy with Microsoft, both financially, with product placement, and with repeating Microsoft PR stories. It's not exactly secret - just Google it.

Re:Here We Go Again ... (3, Insightful)

jc42 (318812) | more than 2 years ago | (#36993378)

The article seems unlikely to be MS propaganda. Note that the writer quotes that one investigator (Rob Lee) as saying that he's never seen a compromised Mac, and he advises his clients to replace their compromised MS-Windows machines with Macs to prevent re-infection. Would a MS-paid writer be likely to put such suggestions in their article?

This does bring up a curious aspect of the "logic" behind all the claims that poor little MS is being picked on because it's so popular. If this were true, you'd think that a sensible person would simply refuse to buy anything with a MS logo. True, if you buy a Mac or Ubuntu or whatever rather than Windows, you machine might be attacked sometime in the remote future. But, since we "know" that no commercial systems are totally secure, it would make sense to choose a system that might be attacked in the far future over one that you know will be attacked repeatedly on the first day and probably compromised in the near future. You don't need to know the technical reason for this; you just need to be sensible enough to trade likely near-future failures for possible far-future failures.

So I'm puzzled about who might be behind all this "MS is only attacked because it's so popular" propaganda. I wouldn't think MS's marketers would be so stupid as to tell everyone such a good reason to avoid their brand. I wouldn't think a Windows fanboy would say this either, because it would amount to admitting that they intentionally bought a machine because it was highly likely to be compromised. But there doesn't seem to be any good reason for other vendors to make this suggestion, either, since it amounts to saying that their security isn't any better than Microsoft's. So who is really behind this bizarre bit of logic? Who profits from it?

Re:Here We Go Again ... (1)

Anonymous Coward | more than 2 years ago | (#36993510)

This just makes too much sense so it must be wrong. lol

Here's another question on the subject:
As well wouldn't people have a better chance of finding an exploit in a system their more familiar with?

I've always found it funny how some people put their system of choice on a pedestal. Everything can be exploited period. The hardware and software involved is just too complex to plug ever hole. True some, like Windows, seem to be in too much of a rush to market with new "gee whizz" features to catch some of the exploits they should. But no matter how "cool" you may think Justin Long is, Steve Jobs is not the second coming, and Apple products are not the blessed rewards to the faithful.
It's just a computer and OS, it will have flaws. You can count on it.

Re:Here We Go Again ... (4, Insightful)

Daniel Dvorkin (106857) | more than 2 years ago | (#36993652)

I think russotto wasn't calling TFA Microsoft propaganda, but rather calling WrongSizeGlass' "Macs are only secure because they're less popular" comment Microsoft propaganda. Which it is, of course. Any argument that relies on security-through-obscurity is wrong, no matter how you try to dress it up. WrongSizeGlass and the zillion other posters who repeat this tired canard may not realize they're propagandizing for Microsoft, but that's what they're doing, sure enough. They should at least demand payment for their services.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36994382)

There's a difference between:

Spreading Microsoft propaganda
Propagandizing for Microsoft

The difference is whether Microsoft is behind it, vs. Microsoft passively benefits from it. Rusotto mentioned the "Microsoft propaganda machine" and that does not fit with an interpretation where WrongSizeGlass is unwittingly spreading propaganda.

Second, there's a difference between both of those, and a wrong argument. Being wrong is not spreading propaganda.

Third, yes, a system which relies on security through obscurity is not a secure system, but that's germane to this discussion. Security by obscurity absolutely is relevant to penetration rates.

A gedankenexperiment:

Twenty thousand cars, left unattended and unlocked in various parking lots. Half have $1000 on the dash. Half have $1000 in the glovebox.

We can agree that your $1000 is not secure in either case, and that the difference is only that the glovebox car has security by obscurity. That doesn't mean that the expected dollar loss is any different between the dashboard cars and the glovebox cars.

Another:

Blue cars and green cars. People called "black hats" want to steal them and resell them to a person who will use them for scrap metal (and therefore doesn't give a shit what colour they are).

It takes you 10 minutes to hotwire a blue car. Green cars have better security, which take 15 minutes to hotwire. Green cars are encountered 20 times more frequently than blue cars.

Then add the twist that the more green cars that are stolen, the more the scrap metal guy will pay for green cars. Likewise, the more blue cars that are stolen, the more the scrap metal guy wants blue cars. Let's call that "network effect". Thus, if enough green cars are stolen, it actually becomes more profitable per hour to steal green cars.

Given that, is a particular green or blue car more likely to be stolen? That's basically undecidable given just this information. However, you do know that green cars have better actual security, while blue cars just have security through obscurity.

That doesn't necessarily mean that the large amounts of Windows machines does explain the higher penetration, but you can't wave it off with "security by obscurity" arguments, because it does not apply to proportions.

Re:Here We Go Again ... (1)

dave562 (969951) | more than 2 years ago | (#36993660)

Microsoft gets attacked because the Line of Business applications run on Windows. How many large accounting systems, ERP systems, etc. run on OSX? Know anyone running a factory on OSX? How about a firm doing R&D and drafting blueprints and other technical documents on OSX?

OSX is not a target because there are very few people running OSX who have access to the systems with information that dedicated, skilled attackers want to get to. With Apple's incessant focus on the consumer space, little is likely to change in that regard. Likewise, the developers who develop those large scale systems are never going to target OSX because the install base is too small. As applications continue to move toward the cloud and distributed systems that are accessed via a web browser, there will be even less reason to run them on OSX. They will continue to run on Windows and *nix boxes.

People buy Windows because of the software that runs on Windows. Windows systems can be made secure. More often than not, security comes at the cost of useability and few organizations are willing to make the trade off. Even organizations that should be secure (Lockheed Martin for example) still get hacked because it is tough to do security well, and it is even tougher without buy in from the rest of the organization.

Security has been mostly solved. Between diskless workstations, Citrix-esque VDI for known good clean boots and software white listing, it is possible to spin up secure application environments. The trouble comes in when a person wants to work on their business application, and also check email, or browse the web, or, or, or. Every other task a user demands their workstation be able to do opens them up to another exploitation vector.

Re:Here We Go Again ... (5, Insightful)

1729 (581437) | more than 2 years ago | (#36994072)

OSX is not a target because there are very few people running OSX who have access to the systems with information that dedicated, skilled attackers want to get to.

That's simply not true. For example, OS X is very popular among scientists and engineers at many of the national labs.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36994658)

Not to mention that hacked Macs could be used as a vector to attack PCs that may be on the same network or elsewhere. Just because the data on Macs themselves may not be as interesting, doesn't mean that they aren't worth leveraging to an advantage. Botnet is botnet, right?

Re:Here We Go Again ... (1)

LO0G (606364) | more than 2 years ago | (#36994390)

To be fair, Lockheed-Martin was hacked because they depended on a 3rd party (RSA) for a critical part of their security infrastructure.

When RSA subsequently had a massive data compromise, instead of letting their customers know what happened, they downplayed the ramifications of the breach. And RSA just won a pwnie [pwnies.com] for their efforts.

Not that that changes your response in any significant way.

Re:Here We Go Again ... (0)

LordLimecat (1103839) | more than 2 years ago | (#36993876)

So I'm puzzled about who might be behind all this "MS is only attacked because it's so popular" propaganda

Might have something to do with the fact that the first machine to fall at Pwn2Own since its inception in 2007 has been a Mac, every time.
(2011 Pwn2Own writeup) [arstechnica.com]
Wikipedia link of the whole sorry history [wikipedia.org]

In the first contest, Dino A. Dai Zovi and Shane Macaulay worked together to take down the first MacBook Pro.[5] On the second day of the conference Macauley sent an email which redirected the user to a malicious site. The site was able to infect the machine with a client-side Javascript vulnerability which allowed arbitrary command execution

In the 2008 contest, a successful exploit of Safari caused Mac OS X to be the first OS to fall in a hacking competition....

Etc, ad naseum.

Financial incentive? Check. Mac hacked? Check.

Re:Here We Go Again ... (2)

Divebus (860563) | more than 2 years ago | (#36994178)

Hmmm...

1) Hacker sets up server with a big trap door
2) Hacker takes the machine he wants to win and drives the browser through the big trap door
3) Hacker willingly executes the instructions he set up in the big trap door
4) Hacker wins a new MacBook Pro

That doesn't sound like a random attack in the wild to me. Compare that to MS servers sitting in a room somewhere minding their own business with absolutely no human interaction. They get hacked if you just wait long enough.

"Click Here to See the Dancing Monkeys" is self inflicted "hacking".

Re:Here We Go Again ... (1)

dbIII (701233) | more than 2 years ago | (#36994040)

"MS is only attacked because it's so popular"

It's a fanboy response that goes right back to the early MSDOS days. It is of course currently irrelevant considering the number of other devices on the internet now. All those routers, modems, webservers etc out there are also popular and available 24/7 in hundreds of thousands per model or OS version to provide a potential botnet beyond the wildest dreams of a cracker - yet malware is currently only a Microsoft platform problem.

Re:Here We Go Again ... (1)

stms (1132653) | more than 2 years ago | (#36994456)

Your argument presumes that people usually buy things for logical reasons and that when people make logical arguments they usually do it logically and for logical reasons. None of which is true.

Re:Here We Go Again ... (1)

oztiks (921504) | more than 2 years ago | (#36994576)

I don't know whats worse. Microsoft's propaganda machine or Apple's "sweep it under the carpet" regime.

Re:Here We Go Again ... (1)

Anonymous Coward | more than 2 years ago | (#36992928)

If the user is willing to do anything the app or websites tells them to, well, you can't protect them.

Not just that, but most complex software is full of undisclosed and undiscovered vulnerabilities. Just because a piece of software is fully patched as of today doesn't prevent the bad guys from finding or exploiting undiscovered vulnerabilities. And they're not likely going to share those exploits with Apple (or Microsoft, or Google, or Red Hat, or Oracle, or [insert vendor here]).

Two words (or rather a hyphenated number/word and another word): 0-day exploits. Patching and not doing stupid things are great first steps, but they're not the end-all be-all of stopping exploitation.

Re:Here We Go Again ... (3, Insightful)

EreIamJH (180023) | more than 2 years ago | (#36992978)

Wash. Rinse Repeat. Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly.

I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago - there was plenty of malware for Amigas and Ataris, even though their numbers were measured in thousands rather than millions.

Re:Here We Go Again ... (1)

obarthelemy (160321) | more than 2 years ago | (#36993148)

maybe because at the time, these thousands were a very large slice of a much smaller pie ?

Re:Here We Go Again ... (0)

Osgeld (1900440) | more than 2 years ago | (#36993176)

yea and people wrote software for Amiga and Atari, mac user cant even close a program when they are done

(snare drum rimshot)

Re:Here We Go Again ... (1)

arkane1234 (457605) | more than 2 years ago | (#36993208)

command-q
(snare drum rimshot) ... ugh ...

Re:Here We Go Again ... (2, Interesting)

thegarbz (1787294) | more than 2 years ago | (#36993592)

I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago - there was plenty of malware for Amigas and Ataris, even though their numbers were measured in thousands rather than millions.

So you reason that malware writers would do something because 20 years ago in a very different environment for different reasons people did something? The comparison is absurd.

Firstly 20 years ago malware looked different and had completely different goals. The vast majority of them were written for comical / destructive purposes not to make money. These days malware is a business and the ultimate goal is not to have malware which affects the user experience but rather is invisible to the user meanwhile exploiting system resources for profits (botnets). Some are still destructive such as the malware which encrypts portions of your harddisk and demands a ransom, and others just exist to serve you ads. One thing in common is profit, and that wasn't the game 20 years ago.

Secondly 20 years ago malware travelled differently. The vast majority of it spread via physical media and relied people moving it from one machine to the other. The majority of malware today spreads via infection over the network whether automated or via social engineering.

Thirdly and critical to your understanding of why OSX isn't a target, modeling of virus spread has shown that only a small percentage of possible targets need to be immune to stop a spreading virus in its tracks, not 100% as you may think. If by chance your carefully written virus manages to infect one of the only 10.9% of total users who run OSX, there is a very good chance it won't spread further as the computer may be isolated from others by a horde of windows machines preventing the spread of malware. Why risk that when 85% of the remaining users run Windows and thanks to Microsoft's brilliant backwards compatibility you can exploit holes in nearly all of the target market at the same time?

It is simply uneconomical for the modern malware author to target OSX. If you think otherwise I'm sure you'll eat your words if OSX becomes even remotely popular among the general internet population.

Oh and Safari users were smarter than IE users a few days ago and thus don't fall for social engineering attacks, remember ;-)

Re:Here We Go Again ... (1)

LordLimecat (1103839) | more than 2 years ago | (#36993908)

Malware writers would quite happily release malware for OSX if they could make it work

History disagrees.

In the first [Pwn2Own] contest [wikipedia.org] , Dino A. Dai Zovi and Shane Macaulay worked together to take down the first MacBook Pro.[5] On the second day of the conference Macauley sent an email which redirected the user to a malicious site. The site was able to infect the machine with a client-side Javascript vulnerability which allowed arbitrary command execution.[6]

Each subsequent year isnt much better.

And why so smug anyways, Safari is already exploited on windows, as are Firefox, Quicktime, Java, Acrobat reader, and Flash-- all of which are usually installed and vulnerable on Macs (unless you think that PDFs somehow arent as dangerous on OSX).

Wasnt there a story some months back about a PDF that could launch arbitrary code on all 3 common platforms (OSX, Linux, Windows)? Yea, enjoy your smugness while it lasts.

Re:Here We Go Again ... (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#36994054)

Talking of Mr. Zovi, here's what he says about Lion [nytimes.com] :

"[...] now, they are also more secure than PCs, thanks to several crucial security improvements in the operating system itself, Mac OS X 10.7 So says Dino A. Dai Zovi, an independent security consultant. Those operating system features now put Lion ahead of Windows 7, the latest version Microsoft’s operating system, whose leadership was forged from the fire of relentless attacks by hackers and malware writers, he says."

Re:Here We Go Again ... (1)

mehemiah (971799) | more than 2 years ago | (#36994076)

do mac users use adobe reader instead of preview? I'd like to see that data out of pure curiosity

Re:Here We Go Again ... (1)

mysidia (191772) | more than 2 years ago | (#36994146)

I don't buy this reasoning. Malware writers would quite happily release malware for OSX if they could make it work. Just look back 20yrs ago

Invisible/deceptive malware is directly against the Apple Human Interface design Guidelines. And developers targetting OS X are extremely respectful of Apple's application design rules.

Re:Here We Go Again ... (1)

chthon (580889) | more than 2 years ago | (#36994314)

And malware for Mac, I had to remove some in 1990 and 1991.

Re:Here We Go Again ... (1)

Billly Gates (198444) | more than 2 years ago | (#36992986)

"Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly"

I am so sick of hearing this nonsense through every single security story. It is not true and never was and was made up by Microsoft. Read the article ... or please read the summary? The article stated that mac's have weak default security and have more services that can be compromised open. The drivel about them always being equal in security and somehow it is always marketshare is a lie.

Usually Apple is more secure until the last 2-3 years.

Windows XP pre service pack 3 did not check for buffer overflows in strings and other primptives. Therefore it had as many security holes as swiss cheese not to mention IE executed all ActiveX controls and they had full administrative access. DCom/Com+ had more holes you could use. So they were hacked more.

Today, most malware targets flash and java which is multiplatform and never updated. After all updates make all operating systems more secure. But flash is very old in most computers. I will simply target flash and can pawn both a pc and a mac.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36993248)

Most of the Java and Flash exploits are cross-platform but the automated attacks that follow aren't (rootkits etc.). All of these attacks are automated and they almost exclusively target Windows PCs.

Re:Here We Go Again ... (1)

LordLimecat (1103839) | more than 2 years ago | (#36993918)

Because of... wait for it... market share.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36993488)

Yeah, Macs are so secure that they were the first to fall at Pwn2Own for five years in a row.

Re:Here We Go Again ... (1)

dgatwood (11270) | more than 2 years ago | (#36994068)

Try a contest where the first person to break any platform gets to choose which hardware he/she wins, and see if it still falls first. Just saying.

Re:Here We Go Again ... (2)

benjymouse (756774) | more than 2 years ago | (#36994550)

Try a contest where the first person to break *any* system gets $10.000 or $15.000. Then you have pwn2own. And then you'll see that the attackers attack the system they believe most vulnerable first. Or they risk someone else does it. What you'd rather have, a MB pro + $5000 or a HP/Dell + $15.000?

Re:Here We Go Again ... (1)

mysidia (191772) | more than 2 years ago | (#36994164)

Yeah, Macs are so secure that they were the first to fall at Pwn2Own for five years in a row.

Macs presented a challenge, and are highly desirable to own, so it's no surprise that security researchers concentrated efforts on pwn1ng them, so they could walk away with the coolest toy participating in Pwn2own

In other words... it's a contest that tends to select a predictable result every time: whichever the platform is most desirable hardware, as far as the participants are concerned.

So the contest wasn't objective. It would be objective if they had offered the same reward (e.g. $5k cash), regardless of which platform was successfully pwned by the contestant.

Re:Here We Go Again ... (1)

Your.Master (1088569) | more than 2 years ago | (#36994414)

You get $10k per target, which substantially exceeds the machine price, so while it's not perfectly objective it's not that far out of whack.

I do find this argument funny because it's essentially identical to the argument "Windows Exploits are more common because so many more people have Windows and therefore it's more rewarding to exploit Windows".

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36994602)

Just because you would suck Steves cock doesn't mean everyone out there is as retarded as you. OSX is riddled with security holes. FACT. They get exploited at every pwn2own event. FACT.

Re:Here We Go Again ... (2, Insightful)

Jerry (6400) | more than 2 years ago | (#36993090)

Two points:

1) That old saw about Microsoft being vulnerable because of its market share is hog wash. There were over 3 million viruses and Trojans released last year. Were it a simple matter of market share percentages than about 12% of those would be Linux [osnews.com] viruses and another 10-15% would be Mac viruses. But, they are not. Well over 99% of them are Windows viruses. Only 19% of Internet web servers are running Windows but they are the source of essentially all malware.

2) Blaming Windows users for security holes that Microsoft keeps secret from them is worse than obscene. It's fanboism to the extreme.

That 4,300,000 Windows zombie bot farm discovered last year wasn't all Windows because they were hard to break into, and the handful of command & control computers weren't Linux and Mac because they are easy to break into.

Re:Here We Go Again ... (4, Insightful)

artor3 (1344997) | more than 2 years ago | (#36993384)

While I agree with your conclusion (that Windows is a less safe OS than Linux), your first point is completely illogical. The number of viruses released in a given year can be a function of market share without being a 1:1 function of market share. Criminals will always target the OS with the largest numbers of technically unsavvy users. Why double your efforts to increase your pool of potential victims by only ~10%?

Until a non-Windows OS is installed on a plurality of machines, Windows will be the primary target and have the most hackers going after it. The Pwn2Own contests have shown that Macs are plenty vulnerable when people are willing to put in the effort to go after them.

Re:Here We Go Again ... (4, Interesting)

CharlyFoxtrot (1607527) | more than 2 years ago | (#36994062)

Until a non-Windows OS is installed on a plurality of machines, Windows will be the primary target and have the most hackers going after it. The Pwn2Own contests have shown that Macs are plenty vulnerable when people are willing to put in the effort to go after them.

The guy who won all those Pwn2Own contest says that OSX Lion's security [nytimes.com] is now better than Windows 7.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36993412)

Two points:

1) That old saw about Microsoft being vulnerable because of its market share is hog wash. There were over 3 million viruses and Trojans released last year. Were it a simple matter of market share percentages than about 12% of those would be Linux [osnews.com] viruses and another 10-15% would be Mac viruses.

Not really. If 90% of the market is Windows, and 10% Macs, you don't write 9 worms for Windows and 1 for Mac. You don't roll a d10 to figure out which to write. You write Windows worms because an equally effective worm will get you a botnet 9x as big. Yes, eventually, once most Windows machines are owned, and you're fighting rival infections to get and keep your bots from them, you reach a point where you can gain more if you go for the uncontested 10% -- but even then, there's no reason to suppose it will actually be 10% of worms.

I agree with your conclusion, but that argument sucks.

Re:Here We Go Again ... (1)

LordLimecat (1103839) | more than 2 years ago | (#36993938)

That old saw about Microsoft being vulnerable because of its market share is hog wash. There were over 3 million viruses and Trojans released last year. Were it a simple matter of market share percentages than about 12% of those would be Linux [osnews.com] viruses and another 10-15% would be Mac viruses. But, they are not. Well over 99% of them are Windows viruses. Only 19% of Internet web servers are running Windows but they are the source of essentially all malware.

Logic fail. If there is an 80% chance that you will make $100 by wearing blue on mondays, and this is public knowledge, what percentage of people do you think will wear blue on mondays? 80%, or all of them?

Blaming Windows users for security holes that Microsoft keeps secret from them is worse than obscene.

And trying to pretend that most exploits arent through cross platform browser plugins is just ignorant.

Those inflated virus numbers probably also include the fact that viruses are recompiled and repacked daily-- and thus need a different virus definition to detect. How, you might ask, can they afford to do that? Because theres MONEY involved.

Last-- you can always tell when someone doesnt know diddly about viruses when they start referring to "the number of viruses". Its irrelevant, an infection is an infection, and Macs can get infected by arbitrary code as easily as windows can.

Re:Here We Go Again ... (1)

farrellj (563) | more than 2 years ago | (#36994112)

I don't care how many pieces of malware are created aimed at Windows, Linux, MacOS or other flavours of Unix...the result that speaks for itself is that every year that they have had a hacker competition to see who can compromise and root a system where they compared Windows, Linux and MacOS, each of which has been secured by native experts...Windows has *always* been compromised, and I think it was always the *first* one compromised. MacOS, when it was compromised was second, and Linux was either the last compromised, but most of the time it stood up to all the punishment and remained secure.

So numbers really don't matter, it's how well it can survive in the wild that counts!

ttyl
          Farrell

Re:Here We Go Again ... (1)

farrellj (563) | more than 2 years ago | (#36994144)

One correction...one year, the Mac was compromised first.

Re:Here We Go Again ... (1)

LO0G (606364) | more than 2 years ago | (#36994444)

Actually, *every* year, the Mac was compromised first.

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36994214)

Charlie Miller (of NSA, pawn2own, and other fame) seems to think Mac OSX's code is less secure than Windows http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-3.html [tomshardware.com] .

Re:Here We Go Again ... (0)

Anonymous Coward | more than 2 years ago | (#36993116)

Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable.

I'm not sure quantity is the only criterion that makes a target worth attacking. There may not be all that many Mac users but in my experience a quite high proportion of them are high value targets, developers, creative industry (movie, music etc.) professionals, a surprising number of people in higher management positions.. the list goes on.

Re:Here We Go Again ... (1)

Sable Drakon (831800) | more than 2 years ago | (#36993158)

Security by obscurity isn't security at all. It's akin to walking around without health insurance and hoping you don't get injured. Same thing happens, when you do get attacked/injured, it's a world of hurt and quite possibly game over.

Re:Here We Go Again ... (1)

ka9dgx (72702) | more than 2 years ago | (#36993230)

As long as the user has no way to quickly and safely run something in a sandbox, this will continue happening.

IMHO, Once you give them the ability to run programs in a default deny environment, users can manage things fairly well.

See also: http://www.ranum.com/security/computer_security/editorials/dumb/ [ranum.com]

Re:Here We Go Again ... (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#36993770)

Wash. Rinse Repeat. Macs aren't as vulnerable because they don't have a big enough footprint so they aren't stumbling upon the infected sites or aren't being targeted directly. Windows, including Windows 7, is still more prevalent and more vulnerable. How many times are we going to get the same stories? If the user is willing to do anything the app or websites tells them to, well, you can't protect them.

You appear to have missed the bit where TFA was almost the exact opposite of the usual:

According to the security researchers quoted, OSX was essentially never the initial foothold/desktop attack; but was judged to be as weak, or weaker, than alternatives when it came to the post-foothold internal attack phase.

Most Mac/Security stories are an argument between the "It's just obscure" camp and the "superior by design" camp. This article asserts "Obscure(enough to rarely/never be the social engineering initial target) and inferior by design(in that various OSX features are comparatively weak in the face of sophisticated attackers who have finished stage one)"....

Re:Here We Go Again ... (1)

LordLimecat (1103839) | more than 2 years ago | (#36993886)

If the user is willing to do anything the app or websites tells them to, well, you can't protect them.

Reading up on Pwn2Own results, and reading the security update notes on major browsers / flash / acrobat would prove really informative. Most of the viruses Ive seen are not from incompetent users.

Re:Here We Go Again ... (1)

CharlyFoxtrot (1607527) | more than 2 years ago | (#36994084)

Reading up on Pwn2Own results, and reading the security update notes on major browsers / flash / acrobat would prove really informative. Most of the viruses Ive seen are not from incompetent users.

In Lion all those are now separated into independent processes and sandboxed. Should make things a lot more secure.

Not to worry (0)

Anonymous Coward | more than 2 years ago | (#36992388)

My apartment is safe against Macs

Article is crap (4, Insightful)

topham (32406) | more than 2 years ago | (#36992946)

"For example, Mac's Keychain software is vulnerable to what's known as a brute-force attack, he said."

Idiot alert, article is crap.

Re:Article is crap (4, Informative)

gumbi west (610122) | more than 2 years ago | (#36993048)

The NSA's guide to security Apples talks about how to make the keychain reasonably secure here [nsa.gov] . They notably, do not recommend turning it off or using third party software.

Re:Article is crap (1)

517714 (762276) | more than 2 years ago | (#36993216)

"They" notably is Apple, not the NSA.

Re:Article is crap (3, Informative)

gumbi west (610122) | more than 2 years ago | (#36993380)

Yep, that one is copyright Apple. Here [nsa.gov] is NSA's guide to hardening OS X. It does not recommend turning off keychain (though there are several other items it does recommend turning off).

Re:Article is crap (1)

517714 (762276) | more than 2 years ago | (#36993790)

It does not mention keychain. I see that as an oversight - not a recommendation of its security. If you assume otherwise, I hope you are not a system administrator.

Re:Article is crap (0)

Anonymous Coward | more than 2 years ago | (#36993068)

Can someone explain what apt is, other than the package manager for ubuntu?

Try the summary (1)

tepples (727027) | more than 2 years ago | (#36993218)

Anonymous Coward wrote:

Can someone explain what apt is, other than the package manager for ubuntu?

The package manager for Debian.

But seriously, if you read the summary, you see that it's referring to advanced persistent threats [wikipedia.org] .

Re:Article is crap (1)

arkane1234 (457605) | more than 2 years ago | (#36993262)

Sure... it's a package manager for Debian.

Re:Article is crap (1)

Jerry (6400) | more than 2 years ago | (#36993104)

Totally.

Re:Article is crap (2)

dgatwood (11270) | more than 2 years ago | (#36993324)

Idiot alert, article is crap.

Agreed. If they're talking about an authentication model in the context of mDNS, that's prima facie evidence that they don't know the first thing about Mac OS X... or mDNS. mDNS is:

  • Not authenticated at all; it's a multicast service advertisement protocol. The service has security, not the advertisement.
  • On Windows, too.
  • And on most Linux distros.

And they seem to think Kerberos is insecure. Kerberos is, of course:

  • An open, published standard.
  • On Windows, too.
  • And on Linux.

And the rest of their comments seemed to be about the ability to brute force passwords locally. Yeah. No kidding. You can do this... yup, you guessed it:

  • On Windows, too.
  • And on Linux.

As far as I can tell, there's basically nothing but pure FUD here, with no real information to back up the rather sweeping generalizations. As they say in Apple developer circles, specifics and Radar number or GTFO.

Besides, access to any machine on a network is generally access to the data flowing across it and the files stored on it. It doesn't really matter how secure the keychain is if half the corporate networks in the world are sending confidential email around in cleartext, sending passwords to web servers in cleartext, etc., and if all the user's email is stored in an unencrypted mail spool file on the hard drive. In the grand scheme of security problems, if you're worried about somebody brute forcing a keychain password, you're either trolling for article views or you've grossly overestimated the security of most corporate infrastructure.

Re:Article is crap (0)

Gadget_Guy (627405) | more than 2 years ago | (#36993890)

That's your problem? That the protocols that are being discussed are also used by other operating systems? If you are looking at the security of a platform, should you ignore some security holes because they also exist in other platforms too? Or does being an open, cross platform standard somehow make it inherently secure.

If you have a look at iSec Partner's old press releases you can see that they are aware that Kerberos is used by Windows too [isecpartners.com] and that its problems can affect different platforms. With the number of black hat events that these guys participate in, if they did not know what they were talking about then someone more knowledgeable than either of us would have ratted them out before now.

Re:Article is crap (1)

dgatwood (11270) | more than 2 years ago | (#36994050)

My problem is that the article makes it sound like they've found lots of huge flaws in the way Mac OS X handles passwords, yet it doesn't give even one specific example. It also talks about authentication policies for services that don't even involve authentication. And then it implies that all of these supposed flaws are somehow specific to Mac OS X Server, when none of the things listed are specific to the Server version of Mac OS X (or even specific to Mac OS X, with the exception of Apple Remote Desktop, and even that is, IIRC, at least partially based on the VNC protocol, which isn't specific to Mac OS X).

I'm not saying that these folks haven't legitimately found security problems. I'm saying that the IT World article is pure crap, and with such an appalling information void, I can't even tell if they have found a legitimate problem or not....

Re:Article is crap (0)

Anonymous Coward | more than 2 years ago | (#36993696)

Was your point that everyone everywhere is vulnerable to a brute force attack and on average, they will be able to break in when have the key space has been searched? ...and in the best case, the first key breaks in, and in the worst case, the last key checked breaks in. But... you are only presuming that the article is crap because the author has no clue what a brute force attack is. ...Ok, ok, the article *IS* crap because the author has no clue what a brute force attack is.

Macs are better, yes. (0)

Anonymous Coward | more than 2 years ago | (#36993714)

Macs are Unix. Unix is better than Windows for security, therefore Macs are better than Windows.
Linux are kinda Unix, but it's made by amateurs. Macs are better than Linux boxes.

Did I miss any desktop OS?

Thanks for reading.

Sysadmin decides. (4, Insightful)

mjwx (966435) | more than 2 years ago | (#36992966)

Windows server looked after by a good sysadmin == secure.
Mac server looked after by bad sysadmin == insecure.

As always, it's up to the people running it. Is any OS inherently secure, no, definitely not when there is a complete idiot looking after it.

Re:Sysadmin decides. (0)

Charliemopps (1157495) | more than 2 years ago | (#36993014)

I'd argue that both are closed source and therefor, by definition, their security can not be determined.

Re:Sysadmin decides. (2)

Anubis350 (772791) | more than 2 years ago | (#36993036)

I'd argue that my car isn't secure, but I'm still going to make sure I lock the door when I park it. There's a difference between perfect, adequate, and "please break into my stuff". In everything.

Re:Sysadmin decides. (1)

mjwx (966435) | more than 2 years ago | (#36993042)

I'd argue that both are closed source and therefor, by definition, their security can not be determined.

I wont argue that, but it is beside the point.

Put an incompetent nincompoop in charge of a Linux server and you should consider it as insecure as the most unpatched NT4 box. Security is done by people, not programs.

Incompetent nincompoop in charge (0)

Anonymous Coward | more than 2 years ago | (#36993958)

This is a "Duh" in *every* business, whether it be IT or plumbing or medical care. Put an incompetent nincompoop in charge and there will probably be problems. If I had mod points and there was a "Duh" option, your post would get my "Duh" point.

Re:Sysadmin decides. (1)

maxwell demon (590494) | more than 2 years ago | (#36994628)

Put an incompetent nincompoop in charge of a Linux server and you should consider it as insecure as the most unpatched NT4 box. Security is done by people, not programs.

Depends. If the server was well configured before he was put in charge of it, the Linux server might still be safe for quite some time, for the simple fact that he didn't yet find out how to change the settings. :-)

Re:Sysadmin decides. (2)

samkass (174571) | more than 2 years ago | (#36993134)

Most of the core MacOS X systems are not closed source. You can download most of them here [apple.com] . It's true that a lot of the GUI is closed source, but if you're talking about a remote exploit, you're probably hitting a lot of open source packages.

Re:Sysadmin decides. (1)

arkane1234 (457605) | more than 2 years ago | (#36993240)

You could argue that, but you'd be laughed at since Darwin (OS/X) along with a majority of the daemons (sorry Windows guys, services) aren't closed source.
Careful :)

Re:Sysadmin decides. (0)

Anonymous Coward | more than 2 years ago | (#36993612)

I'd argue that you're full of shit.

Re:Sysadmin decides. (1)

Daniel Dvorkin (106857) | more than 2 years ago | (#36993608)

Windows server looked after by a good sysadmin == secure.
Mac server looked after by bad sysadmin == insecure.

As always, it's up to the people running it. Is any OS inherently secure, no, definitely not when there is a complete idiot looking after it.

Yes, of course. But the relevant question for businesses deciding what kind of server setup to use is, "If this system is looked after by an average sysadmin, how secure will it be relative to our other choices?" Because in real life, no matter how much you tell yourself you only hire top-notch people (or, if you're the sysadmin, tell yourself you're top-notch) most servers and networks are going to have admins who are neither the best nor the worst, but somewhere in the middle.

Re:Sysadmin decides. (1)

mjwx (966435) | more than 2 years ago | (#36993648)

Yes, of course. But the relevant question for businesses deciding what kind of server setup to use is,

Security is a conscious process, it doesn't matter what OS you use as long as that process is kept conscious. Contrary to what Apple and the Security Industry say, no software is inherently secure or more secure then the others, security is entirely dependent on your (the sysadmins) procedures and awareness.

As for which OS for business, that's a decision to be made according to the needs of the business.

"If this system is looked after by an average sysadmin, how secure will it be relative to our other choices?"

There is no such thing as an average sysadmin.

Everyone has different strengths and weaknesses, the good sysadmins identify their own weaknesses. The poor syadmins ignore them. Good sysadmins adapt to changing environments, poor sysadmins change environments to suit them.

Re:Sysadmin decides. (1)

Daniel Dvorkin (106857) | more than 2 years ago | (#36993682)

There is no such thing as an average sysadmin.

Right. Every sysadmin is a special snowflake. [rolls eyes]

Everyone has different strengths and weaknesses, the good sysadmins identify their own weaknesses. The poor syadmins ignore them. Good sysadmins adapt to changing environments, poor sysadmins change environments to suit them.

All of which is true, none of which changes the fact that in every job, there a few people who are very good at the job, a few who are very bad, and a whole bunch in the middle. Sysadmin work isn't so different from any other technical job as to change this.

Re:Sysadmin decides. (1)

mjwx (966435) | more than 2 years ago | (#36994338)

Right. Every sysadmin is a special snowflake. [rolls eyes]

You're very good at missing the point.

There are no average sysadmins because you cannot define an average due to the huge number of variables involved.

I'm sorry for not pointing that out, I thought you'd be able to figure it out on your own from the other parts of my post.

All of which is true, none of which changes the fact that in every job, there a few people who are very good at the job, a few who are very bad, and a whole bunch in the middle

In the middle of what?

Is John the Linux sysadmin a bad sysadmin because he doesn't understand FISMO roles yet can configure Sendmail in his sleep. Or Bob the Windows sysadmin bad because he cant even navigate *nix command lines yet understands the deepest, darkest parts of Exchange.

Who is the average sysadmin?

It's a very large field and people have very specialised skillets. Which is why you hire the best man for the job, rather then trying to figure out a median and be happy with it. Yes I know, not everyone does this, but that's their problem.

Re:Sysadmin decides. (1)

Daniel Dvorkin (106857) | more than 2 years ago | (#36994554)

I get your point fine; I just disagree with it. Yes, sysadmin work is a very large field with specialized skillsets. So are programming, and medicine, and all kinds of other technical fields. Does this mean there's no such thing as an average programmer, or average physician, or what-have-you? I maintain that the traits which make a good X are to be found in a broad range among people who choose any of these careers, with most X's falling in the middle of that range. Yeah, in your example, if you decide on a Windows system, you hire Bob, and if you decide on a *nix system you hire Joe -- but in either case, odds are you're getting someone who's competent, but not particularly brilliant. It makes sense to keep this in mind when making the initial platform decision.

Re:Sysadmin decides. (1)

julesh (229690) | more than 2 years ago | (#36994196)

Yes. Of course, stastically, the good sysadmin is more likely than market share would suggest to be running the mac server, because good sysadmins have a tendency to avoid windows wherever possible...

Re:Sysadmin decides. (1)

mjwx (966435) | more than 2 years ago | (#36994324)

Yes. Of course, stastically, the good sysadmin is more likely than market share would suggest to be running the mac server, because good sysadmins have a tendency to avoid windows wherever possible...

A good sysadmin can make anything secure and usable. They literally turn lead into gold (server iron into revenue).

But a good syadmin will avoid Mac because they make it so difficult to do anything useful with them. Want to avoid Windows, he deploys Linux, want an expensive proprietary solution, he'll have the IBM Rep on speed dial, "only another $40K for a system P processor card, a bargain sir".

Only a bad sysadmins are fanboys and make things harder on themselves.

Re:Sysadmin decides. (1)

mcrbids (148650) | more than 2 years ago | (#36994622)

Windows server looked after by a good sysadmin == secure.
Mac server looked after by bad sysadmin == insecure.

The sad part is that much (most?) of being a good sysadmin consists of ensuring that you install security updates regularly. I've been close enough to embarrassing hacks on several servers to know what happened, and all (but one!) have been hacked as a result of a poor update policy. (The last one was due to a weak root password + passwordAuthentication enabled on ssh)

For all my own systems, I demand a strong, default-deny firewall, and (most importantly!) regular, frequent updates. Tools like yum make this easy.

Yes, things like strictly firewalling your systems, moving services only used internally to nonstandard ports, disabling (or never installing) unneeded services, etc. are good ideas and I strongly recommend them all.

But first and foremost, make sure your system is up to date!

Metasploit (1)

phantomfive (622387) | more than 2 years ago | (#36993238)

Metasploit only has a couple dozen exploits for OSX. On the windows side, it has a search field for Microsoft Security Bulletin ID [metasploit.com] . Metasploit is the lazy-man's way to hack, if you don't want to go through the trouble of finding your own exploits. That could partly explain the issue.

BSD is generally more secure than Windows (1)

nzac (1822298) | more than 2 years ago | (#36993242)

Not quite sure on the definition of an APT. Wikipeida says its generally a foreign state.
I would think that due to core system generally having less holes in it, getting in without user execution would be harder. I don't think it matters in the end as you would still execute something, but .dmg are not instantly ran like exe.

I would also think getting the user to execute malicious code would be significantly harder. Base apple software is generally usable so you don't need to find replacements. People who buy macs because they are macs will go apple for other software and the app store is generally easier to go to than the internet to search for program that you might need. The behaviour of having idiot users searching on the internet for unknown third-party solutions is not encouraged on OSX.

Re:BSD is generally more secure than Windows (1)

dgatwood (11270) | more than 2 years ago | (#36993364)

And Mac OS X explicitly warns you if you are about to open an application downloaded from the Internet. This means that getting someone to run your code requires tricking them (through social engineering) into knowingly launching an application that they've never launched before, as opposed to tricking them into running your code by making it look like a JPEG file of Lindsay Lohan naked or whatever. Maybe Windows 7 does the same thing (I'm not sure), but that was at least historically a big problem on Windows.

Re:BSD is generally more secure than Windows (0)

Anonymous Coward | more than 2 years ago | (#36993428)

Windows does this too since Win7 (and maybe even later Vista revisions)...

Re:BSD is generally more secure than Windows (0)

Anonymous Coward | more than 2 years ago | (#36993734)

"And Mac OS X explicitly warns you if you are about to open an application downloaded from the Internet."

            "Windows does this too since Win7 (and maybe even later Vista revisions)..."

Maybe since Win95: "What do you want to do?" O open file

                                                                        O save file

Implicit of a download, usually (I'm not counting UAC, for a local file). :-)

Re:BSD is generally more secure than Windows (1)

Gadget_Guy (627405) | more than 2 years ago | (#36993960)

It was Service Pack 2 of Windows XP that added that feature.

Re:BSD is generally more secure than Windows (1)

LordLimecat (1103839) | more than 2 years ago | (#36993976)

Windows has done this since time immemorial, and generally makes it a PITA to run any downloaded content.

once you install OS X server you're toast (3, Funny)

Culture20 (968837) | more than 2 years ago | (#36993562)

Good News! Apple is taking steps to making that impossible!

sdhjasjassak (-1)

Anonymous Coward | more than 2 years ago | (#36993680)

Internet round sink
moved. Nike Free Run [nikefreeruns.org] Now such a humanity

Oh boy a new buzzword. (1)

gumpish (682245) | more than 2 years ago | (#36994100)

And one that is already occupied by another term in the realm of IT.

Advanced Persistent Threat, eh?

says that it's often easy to trick someone in any company into installing software that they shouldn't -- the first step in an APT attack.

In many APT attacks, the hackers first break into social media accounts belonging to friends of their victims.

Ugh... really? You couldn't just say "targeted attack"? What about spear-phishing? Too hard to spell? Dipshits.

"Brute-forcing" Keychain shouldn't be necessary... (1)

jasomill (186436) | more than 2 years ago | (#36994412)

...unless we're talking about "unused" Keychain files.

Suppose a desktop Mac has been compromised. Then we can assume, for the purposes of security, that the local Keychain binaries have been compromised. Thus the attacker has free access to the cleartext of any keychain used ("unlocked") on the system. But this is hardly a flaw in Keychain, since it's true, by design, for any credential cache whatsoever.

It's unpossible (0)

Anonymous Coward | more than 2 years ago | (#36994620)

Macs run TNPP (Turtle Neck Protection Protocol) that protects the Mac from all unwarranted ugliness.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...