Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft: Macs 'Not Safe From Malware, Attacks Will Increase'

timothy posted more than 2 years ago | from the what-a-huge-surprise dept.

OS X 290

An anonymous reader writes "Microsoft researchers have analyzed a new piece of Mac malware that uses a multi-stage attack similar to typical Windows malware infection routines. In a post titled 'An interesting case of Mac OSX malware' the Microsoft Malware Protection Center closed with this statement: 'In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.'"

cancel ×

290 comments

Sorry! There are no comments related to the filter you selected.

"Get the Facts" (0, Offtopic)

tripleevenfall (1990004) | more than 2 years ago | (#39900857)

All we need here is a statement about the "viral nature" of the kernel. And that OSX eats old people's medicine for food.

Re:"Get the Facts" (1, Troll)

Kotakee (2632245) | more than 2 years ago | (#39900907)

Most of this has been known by, well, knowledgeable users by a long time. Most of the malware now comes via third party software or stupid users. It really doesn't matter what platform you use, as hackers will find a way around to get the best bang.

All three largest OS - Windows, OS X and Linux - are pretty much equivalent now. In fact, OS X is probably less so than Windows or Linux (and I use mac!).

In before all the stupid replies that Linux cannot be hacked. :)

Re:"Get the Facts" (5, Insightful)

clang_jangle (975789) | more than 2 years ago | (#39900983)

In before all the stupid replies that Linux cannot be hacked. :)

I suppose there could be some people stupid enough to say that, but I haven't seen much of it (unless you count obvious troll posts). In fact, a misconfigured linux system is one of the easiest to hack -- but we're discussing malware, not hacking. Since most linux distros are using repositories for all the third-party software (vs non-tech users zooming around the web downloading "10,000 similies!") malware for linux is pretty darned rare -- much more so than windows or os x. Unless, of course, one counts all the android trojans -- I don't because to me android is a completely unique OS that happens to use some linux code.

Re:"Get the Facts" (1, Insightful)

Kotakee (2632245) | more than 2 years ago | (#39900995)

Android is a great example how malware just gets there, around the obstacles when the market share is right. It's even on their official store.

Repositories also wouldn't work if Linux had the same market share as Windows, or hell, even OS X. You just cannot do everything via such system, and there needs to be a way to install software off from the "official" platforms. Hell, most of slashdot constantly argues against this too (DRM).

Re:"Get the Facts" (4, Insightful)

TWX (665546) | more than 2 years ago | (#39901087)

Fact of the matter is, basically all computing requires more trust than should really be granted. We trust Microsoft to patch their vulnerabilities now that malware manages to find ways in through ever more creative means. We trust Apple to have an OS that was never really vulnerable to start with, and we trust GNU/Linux distributions and other free operating systems to have clean repositories and to be free of backdoors. We rely on non-OS, internet-connected software companies to produce software that isn't vulnerable to bringing problems in from the Internet.

All of these are essentially untrue, or are relying on means of security that can't be verified or well tested until something comes out in the wild. We instead rely on updates after the fact, and on feeble attempts by some to make programs to remove malware.

Even in the privileged/unprivileged user landscape that modern OSes are capable of using, too many users desire more credentials on their local computers than they need in order to perform the very basic tasks that a computer user does on a daily basis. In the early days I too was guilty of this, but learned. Unfortunately when there are combinations of vectors to infect the local user and then local root exploits even a good privileges model won't work.

We should demand more out of our browser developers and more out of our plugin developers. That is the single biggest category of infection route, and I'm sorry, but software that voluntarily brings in and deploys the exploit simply by visiting a markup-language page is completely unacceptable. Fix the bugs before worrying about new features.

Re:"Get the Facts" (0)

Anonymous Coward | more than 2 years ago | (#39901301)

Web browsers are the one crucial link in the security chain, similar with add-ons.

With the past record in mind, browser makers are wising up, but add-on makers are still in the stage of viewing security as something they can strap on when there are no other projects or features on the table, and if there is money left to pay Tata for those.

Realistically, the OS has to step in and to the job. One can't just rely on a browser, or add-on makers for this. The browser not just should run in a separate context as the user, each tab and window should run in a different context, so a compromise in one browser tab isn't able to get to another.

It is harder to do than in times past where the majority of intrusions were via direct incoming attacks, and where a simple firewall coupled with a NAT or even a SOCKS server was good enough.

It will have to be the OS makers who have to handle the dirty work that the browser and add-on makers cannot/will not do.

Re:"Get the Facts" (4, Insightful)

BasilBrush (643681) | more than 2 years ago | (#39901265)

Android is a great example how malware just gets there, around the obstacles when the market share is right. It's even on their official store.

No. There is virtually no malware for the iOS, which is in the same ball park as far as market share is concerned. So it's not just market-share. Security, including walled gardens, make a huge difference.

Re:"Get the Facts" (1)

Anonymous Coward | more than 2 years ago | (#39901531)

"virtually no malware" != "no malware"

It will get tougher as people figure out how to do the things Apple tells them they don't want them to do.

Re:"Get the Facts" (1)

Anonymous Coward | more than 2 years ago | (#39901437)

Let me remind you, Android is not Linux and Linux is not Android.
android sufferes same fate as any other closed source products.
Syncronised company pushd updates, etc.

Most Linux distributions will not have those attack vectors common to Androids.

At the end of the day, even now, its not news, that Android is actually closed soure.

Re:"Get the Facts" (0)

LordLimecat (1103839) | more than 2 years ago | (#39901033)

Linux also has a whopping 0.7% market share as far as web browsing is concerned, so its probably not a very high priority as far as malware writers are concerned.

Re:"Get the Facts" (1)

Snowbat (1118171) | more than 2 years ago | (#39901565)

[citation needed]. It's 1.65% according to Wikimedia's stats [wikimedia.org] (includes wikipedia.org traffic - a top 6 site), 5.22% if you include Android.

Re:"Get the Facts" (0)

Anonymous Coward | more than 2 years ago | (#39901153)

Which brings us to iOS, which is nowadays Apple's major OS, while OSX becomes more and more a "hobby" for Apple.

Apple's development efforts appear to be headed towards convergence of iOS and OSX, or perhaps more accurately: OSX being subsumed into iOS. It may not be long before Apple desktops and laptops are running iOS with mouse support.

Re:"Get the Facts" (1)

BasilBrush (643681) | more than 2 years ago | (#39901251)

Since most linux distros are using repositories for all the third-party software (vs non-tech users zooming around the web downloading "10,000 similies!") malware for linux is pretty darned rare -- much more so than windows or os x.

Of course most OSX third party software is coming from the Mac App Store these days, so the same applies.

Re:"Get the Facts" (4, Funny)

K. S. Kyosuke (729550) | more than 2 years ago | (#39901047)

Most of this has been known by, well, knowledgeable users by a long time. Most of the malware now comes via third party software or stupid users. It really doesn't matter what platform you use, as hackers will find a way around to get the best bang.

As one of my great compatriots once said: Artificial intelligence will soon best the natural one, but there's no adequate substitute for natural stupidity.

Re:"Get the Facts" (3, Insightful)

nzac (1822298) | more than 2 years ago | (#39901065)

In before all the stupid replies that Linux cannot be hacked. :)

I assume you mean cannot get drive-byes. Linux is hacked in broad scene rather often. Linux does not get viruses in the sense that its never happened.

I assume you mean there is likely to be similar security holes in a bleeding edge easy to use distro as windows which may be true.
Linux is extremely hard to compare security on as you can everything from a full on SElinux setup to whatever ASUS use to distribute.

I think rapid updates all security wholes are fixed within a week (worse case) and a low user base make Linux so unattractive for virus spreading that no one needs to worry. When there a successful virus for Linux, then Linux security becomes non-hypothetical and decisions can be made on the security convince trade-off (as of now its just all inconvenience for malware threats).

Re:"Get the Facts" (0)

Anonymous Coward | more than 2 years ago | (#39901011)

All we need is MS to say these things during a 30 second television commercial starring 2 mildly amusing actors and then suddenly everyone would love MS for saying this.

Re:"Get the Facts" (3, Interesting)

jellomizer (103300) | more than 2 years ago | (#39901203)

It comes down to the more popular your OS is, the more problems you will get with security.

Oh well. (0)

lanswitch (705539) | more than 2 years ago | (#39900863)

Isn't it ironic...

Re:Oh well. (3, Informative)

Known Nutter (988758) | more than 2 years ago | (#39900895)

Re:Oh well. (0)

Anonymous Coward | more than 2 years ago | (#39901397)

Possibly.
http://en.wikipedia.org/wiki/Linguistic_prescription

Re:Oh well. (0)

VortexCortex (1117377) | more than 2 years ago | (#39901045)

Isn't it ironic...

Absolutely! Positively, Without a Doubt! Why, That's EXACTLY how you use that word! Stunning use of vocabulary and sentence structure too! Where did you attend school? I want to commend your English teacher for doing such a fine job and recommend them for a Nobel prize in Education!

Re:Oh well. (2)

dyingtolive (1393037) | more than 2 years ago | (#39901575)

Achievement unlocked:
Falling for the Alanis Morisette troll.

Re:Oh well. (1)

Cito (1725214) | more than 2 years ago | (#39901287)

don't you think?

It's like rain, on your wedding day.
It's the free ride when you've already paid.
It's the good advice that you just didn't take
but who would have thought... it figures...

Re:Oh well. (1)

hendridm (302246) | more than 2 years ago | (#39901513)

More like the pot calling the kettle black...

Not really surprising (5, Insightful)

TheRaven64 (641858) | more than 2 years ago | (#39900871)

Possibly a biased source, but not exactly a shocking conclusion. The OS X kernel is a massive amount of C and embedded C++ code. On top of that is a huge pile more code. It's not going to be bug free, and at least some of those bugs will be exploitable. It does about the same set of things as other modern operating systems to reduce the damage that a compromised application can do (e.g. making it easy to run apps in sandboxes), but any network-exposed system running arbitrary code is vulnerable, the only question is whether the effort involved in finding and exploiting a vulnerability is greater than the reward.

Re:Not really surprising (2)

realityimpaired (1668397) | more than 2 years ago | (#39900909)

Possibly a biased source, but not exactly a shocking conclusion.

That's the problem. While the conclusion is hardly surprising, and is in fact what many people have been predicting for years, a lot of people are going to say "oh, it's Microsoft, FUD!" and ignore it. Interestingly, using many of the same vectors a virus for Linux is equally possible, it's just that most virus writing these days is done for profit, and it's not a big enough target to make it worth their time.

Re:Not really surprising (5, Interesting)

drerwk (695572) | more than 2 years ago | (#39900967)

Until MS ports Office to Linux, Linux is safe from this particular vulnerability.

Re:Not really surprising (2, Funny)

Anonymous Coward | more than 2 years ago | (#39900985)

Virus ? Seriously you can craft some damned document in postscript that can thrash any system that has the ps interpreter.
PS is a turing complete language. You can pull some crazy stuff with this shit.

Re:Not really surprising (1)

Entropius (188861) | more than 2 years ago | (#39901031)

Will it actually thrash it so that it requires a reboot, or just soak up all the CPU cycles on one core until the user gets around to running top and killall -9? (I guess this basically boils down to: does postscript have a fork call?)

Re:Not really surprising (2)

Dunbal (464142) | more than 2 years ago | (#39901005)

a lot of people are going to say "oh, it's Microsoft, FUD!" and ignore it.

Nah that's the thing about having 90% market share - you don't get ignored even when it _is_ FUD.

Re:Not really surprising (4, Insightful)

martin-boundary (547041) | more than 2 years ago | (#39901147)

Nope, and yes, it's Microsoft FUD to some extent.

It's true that *abstractly*, any computer system has bugs and vulnerabilities, and if you attach it to an untrusted network and if this network has a lot of malware that targets the system then compromises will happen, in direct proportion to the quantity of malware in circulation and the number of bugs and vulnerabilities in said system, which itself is proportional to the amount of code etc.

But having said that, malware is not very smart or adaptable and this has nothing to do with the profit motive: every tiny change in a target system requires a rewrite or an addition to the malware code, and the more additions there are the bigger and more conspicuous the malware becomes, which makes it easier to recognize.

That's why patching systems is effective, the malware is too dumb to smoothly react to the unexpected. It's also why predominantly Microsoft and to some extent Apple systems are more vulnerable than Linux systems. Microsoft OSes are hyper identical (available APIs, installed software, etc), so malware can be quite dumb and still be successful. Apple systems are a monoculture too. But OSes that come in kits and have lots of alternative subsystems that must be configured by users/owners, like Linux, are inherently safer. The malware just has too many variations to consider when it tries to invade. Note that systems like Android are also more vulnerable, like Apple systems, because the needs of user friendliness and unified user experience result in monoculture again.

And thats where the commercial/consumer world is shooting itself in the foot. As the installed base grows, the cluster of identical machines grows at the same rate. Whereas in the more chaotic world of Linux/*BSD, the total installed base can grow but it's ok to fracture into alternative distros and flavours, and it suffices for the number of incompatible alternative clusters to grow at the same rate as the total installed OS base, so you can have more and more clusters which are all of a limited size and any malware can only affect one or two clusters at a time.

Re:Not really surprising (2)

binarylarry (1338699) | more than 2 years ago | (#39901293)

While kind of true, Linux is so widely used on public networks that it's easily the most secure out of Mac OSX, Windows and Linux.

That's not to say it's impervious but no one got fired for running Linux. ;)

Re:Not really surprising (3, Informative)

Megane (129182) | more than 2 years ago | (#39901035)

The OS X kernel is a massive amount of C and embedded C++ code.

Except the kernel isn't the problem. I haven't heard a single word about this recent malware crap that indicates it exploits the kernel or somehow achieves supervisor mode. Nor have I heard a single word about user-less exploits, as opposed to how you could simply install Windows, connect to the network, and have it owned within an hour, if not minutes.

All this has been user land exploits, which require a user to do something. Some of them haven't even required the user to do something stupid, other than to go to "bad" web sites. But stop babbling about the kernel when it's not involved.

Re:Not really surprising (0)

Anonymous Coward | more than 2 years ago | (#39901333)

you could simply install Windows, connect to the network, and have it owned within an hour, if not minutes

Only if the Windows you installed is XP, in which case, you got EVERYTHING that you deserved for installing a 13-year-old operating system onto an unprotected network....

-AC

Re:Not really surprising (1)

Zemran (3101) | more than 2 years ago | (#39901049)

It was also found that the Titanic was not unsinkable... Shock Horror !!!

I do not think that any intelligent person thought that Macs are unsinkable/invulnerable, just that they are much harder to attack than a Windows box. Same with Linux, of it can be, it is just much more safe than Windows.

user-friendly software deemed insecure, news at 11 (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39900889)

Maybe we need a new motto? You can have it easy to use, affordable or secure. Choose two.

Re:user-friendly software deemed insecure, news at (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39900929)

The thing is OSX doesn't really fit into ANY of those categories =P

Re:user-friendly software deemed insecure, news at (1)

Entropius (188861) | more than 2 years ago | (#39901041)

I dunno, Linux seems to be all three to me. It's braindead-easy to install these days -- hell, my mom can do it by herself, which is definitely not true for Windows.

It's free, and it's pretty secure, only sacrificing security for usability in intentional, configurable ways (i.e. "should I require a password on console login?")

Re:user-friendly software deemed insecure, news at (0)

Anonymous Coward | more than 2 years ago | (#39901305)

yes, until mom needs word processor (cloud services like google doc don't count), and the ability to watch movies their kids email her of a newborn. The point is, while you could help your mom install linux or whatever other app she needs initially, she can't go out and download or buy additional software on her own, and then install it on her own.

I enjoy linux as any other, but I don't think it passes the grandma test yet.

Re:user-friendly software deemed insecure, news at (0)

Anonymous Coward | more than 2 years ago | (#39901407)

Have you by anychance used the new Ubuntu Software Center. I'd say that that is a fairly user friendly piece of software seeing as my own grandma can use it, and she's almost 83.

Re:user-friendly software deemed insecure, news at (1)

BasilBrush (643681) | more than 2 years ago | (#39901363)

Interesting that the GP said "easy to use" and you changed that to "easy to install". Which of corse isn't the same thing at all. For sure, Linux is not easy to use. But lets quantify that - it's less easy to use than the other 2 mainstream desktop OSs.

Re:user-friendly software deemed insecure, news at (1)

Entropius (188861) | more than 2 years ago | (#39901489)

I mentioned the installation thing because that's traditionally been one of the confusing bits about Linux.

Use is pretty simple -- you have a menu, it has stuff in it, you click on it. When you want something you don't have you fire up Ubuntu Software Center and go get it.

Re:user-friendly software deemed insecure, news at (0)

Anonymous Coward | more than 2 years ago | (#39901509)

Installing Linux has never been an issue. Using Linux is difficult, confusing and arcane, and I say that as someone who has tried to pick up Linux 4 different times unsuccessfully.

Re:user-friendly software deemed insecure, news at (1)

Entropius (188861) | more than 2 years ago | (#39901545)

Installing Linux *has* been an issue -- perhaps I'm just older, but it was a serious pain in the ass back in the day.

What distribution(s) have you tried, and what have you been trying to do on them?

Thank you captain obvious (0, Flamebait)

sl4shd0rk (755837) | more than 2 years ago | (#39900891)

Thanks MS. Another opportunistic moment to point out to the world your not the only f*uck-up in the solar system.

MS is the vector apparently (2)

drerwk (695572) | more than 2 years ago | (#39900901)

I’m most concerned that this malware uses a three-year-old flaw in Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac. Here’s the corresponding security bulletin: MS09-027 - Critical.

Re:MS is the vector apparently (1)

drerwk (695572) | more than 2 years ago | (#39900917)

And I suppose to be fair in attentive os x users.

The voice of experience (2, Funny)

sootman (158191) | more than 2 years ago | (#39900913)

If anyone has a lot of viruses to examine, it's Microsoft!

Re:The voice of experience (3, Insightful)

arbiter1 (1204146) | more than 2 years ago | (#39900955)

Accepting the fact your OS has flaw's is first stepping to make a secure OS, Apple for years claimed their OS didn't have any. Know all mac fan boys are finding out the hard way and its only gonna get worse.

Re:The voice of experience (4, Informative)

Joce640k (829181) | more than 2 years ago | (#39901043)

How to use an apostrophe [theoatmeal.com]

Re:The voice of experience (1)

FreedomOfThought (2544248) | more than 2 years ago | (#39901085)

I had to read this 3 or 4 times to understand what you were trying to say.

More experience (0)

Anonymous Coward | more than 2 years ago | (#39901105)

Even worse, sales staff actually many customers their macs CANNOT get viruses. Even now, I notice that Apple still doesn't automatically update software by default, so, the only people who tend to install the update are those who are security-minded anyway. OSX is a sitting duck. But, everyone still defends it because a sales person told them "its based on unix", and "Apple wouldn't lie in their ads"

Re:More experience (2)

BasilBrush (643681) | more than 2 years ago | (#39901317)

Even now, I notice that Apple still doesn't automatically update software by default, so, the only people who tend to install the update are those who are security-minded anyway.

False. By default OSX automatically checks for updates on a weekly basis.

Additionally, your claims as to what sales staff say is hearsay. And given you're an AC and your one checkable claim was wrong, it's not worth much.

Re:The voice of experience (0)

Anonymous Coward | more than 2 years ago | (#39901161)

Accepting the fact your OS has flaw's is first stepping to make a secure OS, Apple for years claimed their OS didn't have any. Know all mac fan boys are finding out the hard way and its only gonna get worse.

[citation needed]

Can you please provide references to where Apple has claimed this. This line has been repeated so often that it has its own name: Artie MacStrawman.

Do a search for that term and tell me what you find.

Re:The voice of experience (0)

Anonymous Coward | more than 2 years ago | (#39901415)

Apple has gone out of its way to portray their systems as being immune or otherwise unsusceptible to malware, even if they cagily do so without specifically stating it! Furthermore, they have a history of only grudgingly acknowledging that the OS has flaws, and also of patching it haphazardly and/or slowly and/or quietly.

They have gone to great lengths to cultivate the mistaken impression amongst the unwashed masses that their OS is better than Windows because Windows gets exploited, insinuating that theirs doesn't...

As such, for MOST of the Apple user base, this exploit comes as a complete shock to their perception of reality...

-AC

Re:The voice of experience (1)

whisper_jeff (680366) | more than 2 years ago | (#39901167)

Accepting the fact your OS has flaw's is first stepping to make a secure OS, Apple for years claimed their OS didn't have any.

Uh, no. They didn't. The fact that they've regularly and consistently provided security updates shows that they recognize that they have flaws in their OS that need patching. What they have claimed is that they don't have a lot of viruses, which is absolutely true. Due to Macs not being worth targeting because of a smaller user base, malicious attacks against Macs were very rare compared to PCs (which is always the benchmark they compared themselves to). So their claim was true.

They have never, however, claimed they don't have flaws and their actions demonstrate clearly that they know they do have flaws that need fixing once spotted.

Re:The voice of experience (4, Insightful)

burne (686114) | more than 2 years ago | (#39901261)

Do I need to point out that the recent incident with FlashBack would have been impossible without gaping holes in Adobe's Flash, Oracle's Java and Microsoft Office?

Microsoft makes a office-suite with no easy way to notify users of available updates and blames Apple for the gaping holes in Office?

Re:The voice of experience (1)

Nerdfest (867930) | more than 2 years ago | (#39901391)

Well, there is a mechanism available to notify users of these updates, but I'm guessing MS is not that interested in handing over 30% of their price. I think Apple's exclusion of 3rd party repositories from their marketplace is pure greed. The Linux model they borrowed from should have been more blatantly copied. I think Windows should do the same, but I think they're following the iOS approach for Metro that locks users to a single market.

One of the best features of Ubuntu, etc, is the single channel for software updates and patches.

Re:The voice of experience (-1)

Anonymous Coward | more than 2 years ago | (#39901267)

Apple never claimed that their OS didn't have any flaws. For years there wasn't a known virus, trojan, or exploit of Mac OS code, so any claims to that effect by Apple during that time were true. Saying that there are no known viruses is not the same as saying that the OS doesn't have any flaws. Either you don't understand the difference, which is ignorant, or you do understand but deliberately blur the two to make your point, which is dishonest.

As for "mac fan boys", if you mean "someone who stupidly claims that Mac OS is completely impervious to malware" I challenge you to name an actual person who fits this mythological description pejoratively used by what in my personal experience tend to be teenage boys who spend hours a day playing their Xbox because they don't have girlfriends and have generally been duped into believing the MS BS. On the other hand, if a "mac fan boy" means someone who knows and really understands the underlying Mac OS, then I hate to tell you, arbiter1, but these people aren't "finding out the hard way" that no OS is perfect -- they already knew it.

So, in the spirit of scientific inquiry, arbiter1, I'd like to know if you fit the windows fan boy profile. Are you male? Are you a teenager? Do you own an Xbox? How many hours a week to you play it? Do you have a girlfriend? Do you live at home with your parents?

Re:The voice of experience (1)

sootman (158191) | more than 2 years ago | (#39901541)

When did MS first accept that their OS had flaws? Because securing Windows was about a 12-year journey.

No one is safe (2)

nurb432 (527695) | more than 2 years ago | (#39900919)

No matter how 'secure' a system is, as long as end users have the ability to install software, systems will still be at risk. Its just part of the deal.

If your particular systems are attacked or not, depends on your market share.

Re:No one is safe (0)

Anonymous Coward | more than 2 years ago | (#39900945)

Malware can exist without physical installation, even if this is not persistent between boots of course, furthermore even without the *users* ability to install software, every system can be subject to priviledge escalation of such a priviledge system is actually in place (assuming the OS is not an entirely self contained system with no means to write anything).

Will be a surprise to most OS X users (2)

Stem_Cell_Brad (1847248) | more than 2 years ago | (#39900923)

While I will agree with lack of surprise from /.ers, most of my colleagues that enjoy their Macs like to tout "invulnerability" to malware. Mac-pride makes them brave/foolish to the point they will not bother with anti-virus. I think they are more the norm than exception for Mac users. Once the Mac OS reaches a high enough number of users, there will be a significant surprise for most users.

Re:Will be a surprise to most OS X users (0)

arbiter1 (1204146) | more than 2 years ago | (#39900937)

I been saying it for years it was only a matter of time before it happens, Apple painted a picture of 100% secure OS for years now they are eating their words.

People have been saying this for a long time. (2)

metrix007 (200091) | more than 2 years ago | (#39900931)

It's about marketshare. IT has only ever been worthwhile for virus writers to target a platform that is popular enough to warrant a return on investment, whether that be fame or clandestine botnet software.

People always used to use half baked arguments trying to claim that OS X was mroe secure because it was "unix" or some crap, despite OS X being very insecure [osnews.com] for most of it's run.

Aside from being common sense this is supported with some pretty solid mathematics, not least an article in an IEEE journal showing there is a certain percentage of marketshare that would attract malware. We are now seeing this with OS X and we have seen it previously with Android.

What will be interesting is how Apple react. Will they tighten the grip they have on their users and restrict them even more, or actually get off their buts and increase their security and respond to problems in a mature and timely manner.

Re:People have been saying this for a long time. (4, Insightful)

flyingfsck (986395) | more than 2 years ago | (#39900981)

Hmm, since Linux has by far the largest market share, then by your logic, it must have the most viruses. Yes, Windows probably has the largest market share on desktop machines (a dying breed), but Linux leads on computers overall, by a wide margin. Samsung alone sells hundreds of millions of Linux machines each quarter. So where are the Linux viruses? The difference is in the design, which is not dependent on market share.

Re:People have been saying this for a long time. (1)

Anonymous Coward | more than 2 years ago | (#39901029)

This always makes me laugh.

Desktop space is always what has been talked about. You don't have a lot of direct execution of apps by users on a server.

Moreover, you're going to spout the usual BS about "The desktop is dying"?

That has only been bruited about for...20+ years now?

Desktop = Rasputin?

Re:People have been saying this for a long time. (1, Interesting)

flyingfsck (986395) | more than 2 years ago | (#39901095)

OK, so compare viruses on servers then. Linux clearly runs the vast majority of servers compared to Microsoft. So how does Windows Server stack up security wise? The difference is in the design.

Re:People have been saying this for a long time. (0)

Anonymous Coward | more than 2 years ago | (#39901455)

Do you even know what you're talking about?

Properly configured, Windows Server 2008 stacks up perfectly well against any other mainstream server OS... I would even go so far as to say, a freshly installed, out-of-the-box, with default settings, Server 2k8 installation is MORE SECURE than most Linux distros (again, assuming a brand-new, straight-up-default install)...

The difference is in the design indeed....

-AC

Re:People have been saying this for a long time. (1)

spire3661 (1038968) | more than 2 years ago | (#39901605)

The standard 'big box' desktop is on its way out. Pocket computers and docking stations are the future, bank on it.

Re:People have been saying this for a long time. (1)

Anonymous Coward | more than 2 years ago | (#39901417)

So where are the Linux viruses?

In google play.

Re:People have been saying this for a long time. (1)

benjymouse (756774) | more than 2 years ago | (#39901169)

It's about marketshare.

No it is not. It is about yield.

Two things have been happening over the past years
* OS X has increased in market share
* Windows and apps running on Windows have grown

But But (0)

Anonymous Coward | more than 2 years ago | (#39900935)

Please can no one chime in with the comment that Apple said Macs can't get virus's. They never said that. Not even in the "I'm a mac, I'm a PC" advert. They said they can't get a windows virus.

Any one who continues to believe apple said they can't get a virus or continues to believe such foolishness, really shouldn't be commenting somewhere like slashdot.

Re:But But (0)

Anonymous Coward | more than 2 years ago | (#39900997)

Macs don't get pc viruses, they get mac virusus.
Are you happy now ?

Re:But But (0)

Anonymous Coward | more than 2 years ago | (#39901063)

Much better! Thanks

Funny (4, Insightful)

iMouse (963104) | more than 2 years ago | (#39900943)

...a poorly written Microsoft product leaves a vulnerability open for exploitation, yet it is Microsoft who provides an internal assessment and statement that Macs are "not safe from malware".

Re:Funny (0)

Anonymous Coward | more than 2 years ago | (#39901001)

When malware uses 3rd party vulnerabilities to attack Windows, Slashdot is all "LOL Windows is so insecure. What a piss-poor OS."

When malware uses 3rd party vulnerabilities to attack OS X, Slashdot is all "LOL it's Microsoft's fault because they are a 3rd party vendor who introduced a vulnerability in OS X."

Ahhh Slashdot. I stopped taking you seriously years ago because it became obvious to me that most posters around here simply are not intellectually honest.

Re:Funny (0)

Anonymous Coward | more than 2 years ago | (#39901421)

Are you suggesting that the average person IS intellectually honest? Do you live in your parents basement or something?

Their cheese has holes in it too. (0)

Anonymous Coward | more than 2 years ago | (#39900957)

Sayeth holiest-of-all-cheeses manufacturer's research division, with as many difficult words as they could muster.

Fingerpointing isn't all that productive, as in it doesn't get you less holey cheeses, even if it is entirely understandable from their point of view. They've been pointed at for decades. Of course, they started out with ignoring the fingers and ignoring the reasons of the fingerpointing for at least a decade. So now you can see them think (FSVO 'think') that the shoe is on the other foot. And in a sense, apple is acting just as irresponsibly as they were. But instead they could be teaming up and learning something instead of doing some more fingerpointing of their own.

It just isn't seemly.

Did anyone else notice... (4, Insightful)

voss (52565) | more than 2 years ago | (#39900979)

Not only was it opportunistic but the vulnerability comes from A MICROSOFT PRODUCT(It was an office for mac issue)!

If I were apple and feeling particulary snarky I would send out an email to my users warning about microsoft software including the microsoft
post and recommend that they not use Office for Mac and switch over to Libreoffice for a more secure computing experience.

Re:Did anyone else notice... (3, Informative)

Amarantine (1100187) | more than 2 years ago | (#39901055)

Not only that: this particular exploit doesn't even work any more in Lion. Only Snow Leopard and earlier.

Re:Did anyone else notice... (0)

Anonymous Coward | more than 2 years ago | (#39901119)

Good point. I guess they would make them switch over to their "Pages", though :)

Re:Did anyone else notice... (1)

Anonymous Coward | more than 2 years ago | (#39901207)

Actually, they'd be better off recomending their own product iWork instead. Gains them enough additional users to be able to brag about it and since OSX supports PDF natively, there's not interchange/exchange issues with files. Simply save as PDF and be done with it as almost everyone can handle that format

Re:Did anyone else notice... (3, Informative)

gstrickler (920733) | more than 2 years ago | (#39901209)

And, it doesn't work if you've applied any of the Office patches in the past 3 years. Patches that Office (by default) notifies you about weekly.

Very opportunistic.

Still, they are correct that attacks will increase, and anyone who has refused to install security patches in a needs to change their habits, or they will eventually be infected.

And I think that's their point (1)

Sycraft-fu (314770) | more than 2 years ago | (#39901571)

Not that "OMG Apple is evil," but that "Mac users need to wake the fuck up and think about security."

I've met more than a few Mac users who really believe that "Macs can't get viruses," and such things. They don't patch their shit, have weak passwords, etc, etc. They think the magic Apple fairy will protect them from all harm.

I argued they were like someone living in a rich gated community that left their door open all the time. Nobody had broken in because nobody had really tried, but they weren't really secure.

Well, that's over now. MS is most likely correct, this shit will just increase. So Mac users need to get with the program. They need to install those Office updates, they need to patch their OS, they need to think about getting a virus scanner. Basically, they need to start being proactive about their security.

"...Attacks will increase" (1)

BoogeyOfTheMan (1256002) | more than 2 years ago | (#39900999)

Am I the only one who thinks the headline sounds kind of like a threat?

Old news (4, Insightful)

Anonymous Coward | more than 2 years ago | (#39901025)

I'm gonna go ahead and cite the Ken Thompson hack here:

"It's been more than twenty years since I read Thompson's marvelous paper, but I believe I correctly recall his fundamental point: UNIX, and every system like it, can NEVER be "secure". It doesn't matter how many layers of anti-virus software, "internet worm protection", "firewall" or any other buzzword -- systems like UNIX (including all versions of Linux, Macintosh OSX, and all versions of WinXP) will NEVER be secure. Thompson published his paper and revealed his hack in order to demonstrate this point. "

Closed sourced, open source, free, paid, whatever it is it will never be fully secure and people are foolish to believe anything to the contrary.

Can you be any more blatant? (-1)

Anonymous Coward | more than 2 years ago | (#39901069)

What the fuck, Slashdot?

Article rife with logical fallacies and biases. (0)

Anonymous Coward | more than 2 years ago | (#39901107)

Biased source.
Hasty Generalization from a single instance.
Post hoc ergo propter hoc - They say that number of attacks is related to market penetration, but this is not true. Linux totally dominates on Internet servers, but is hacked less by an order of magnitude than windows servers.

Plus the people that use the system are different groups between mac and windows. Mac users tend to be college graduates in the liberal arts, so they are inherently more skeptical when they get an email asking them to click. Therefore they are much less likely to be infected even if the two systems were of equivalent security levels. Which they are not.

Re:Article rife with logical fallacies and biases. (1)

spire3661 (1038968) | more than 2 years ago | (#39901649)

You really need to reassess your perception of mac users. Scads of CS/IT people use macs because its so UNIX-like

what matters is how vulnerabilities are handled (1)

e**(i pi)-1 (462311) | more than 2 years ago | (#39901125)

First of all, it must be said that the word "mac fan boy" is one of the most ingenious PR actions against apple. The statement of Microsoft that "macs are not safe" is a too obvious PR spin along the same lines. Any operating system is vulnerable as long as users can modify operating systems. This is not for discussion. What matters is how fast these vulnerabilities are handled and communicated and corrected. Apple as well as Linux distributions have handled vulnerabilities in the past pretty well and I feel quite safe both using a mac or using linux boxes.

GET THE FUCK OUT OF HERE! (0)

Anonymous Coward | more than 2 years ago | (#39901179)

Well ...that's it. I'm going back to Microsoft where it's safe!

A foreseeable difference between MS and Apple (3, Insightful)

erroneus (253617) | more than 2 years ago | (#39901217)

When Microsoft puts out updates, they just put out the updates.... most of the time in single-fixes which are individually selectable and uninstallable. (Doesn't always work but they try) They do it like this because business depends on compatibility and continued operations of their apps. So if a particular update or patch breaks an important app, it can be rolled removed or at least identified and skipped.

Apple doesn't care about that. Apple will push updates and bundle them with anything they like including feature removal and things users don't want.

So what I foresee happening is that Apple will bundle a critical security fix with something else which the users don't want and they will refuse to update their machines.

Some people here are "fans" of a particular brand or whatever. I'm none of those. I just call them as I see them. But if someone must insist I'm a hater of this or a shill for that, I run Fedora Linux on most of my stuff but I hate Gnome3 so I'm going to CentOS until the people out there get their heads on straight and listen to the users.

Want some cheese with your whine? (3, Informative)

RogueWarrior65 (678876) | more than 2 years ago | (#39901303)

Sour grapes, much? Jeez. The only malware A) is a Java problem and B) uses Office as the transmission medium.

Re:Want some cheese with your whine? (-1)

Anonymous Coward | more than 2 years ago | (#39901657)

C) You and Apple users like you all suffer from cranial-rectal inversion.

LOL I have a Mac (-1)

Anonymous Coward | more than 2 years ago | (#39901429)

LOL I have a Mac and I never have malware

www.pornhouse.com
www.girlpussy.com
www.freecunt.com
www.pussypower.com
www.flashback.com

In other related news... (1)

hey_popey (1285712) | more than 2 years ago | (#39901481)

Apple: PCs 'Not Safe From Malware, Attacks Will Increase'

Microsoft says Macs no safe (1)

Gumbercules!! (1158841) | more than 2 years ago | (#39901617)

Microsoft exec: "More people are going to be trying to attack Macs... and we've got the receipts to prove it!"
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?