MacDailyNews - Where Mac news comes first

I'd like to take issue with the claim, "No Mac OS X user in the wild has been affected by malware."

Many Mac OS X users also have to run Windows. Most of those Mac OS X users have in fact been affected by malware. Okay, sure, I'm being pedantic and pissy. But as Dan Quayle famously said (and GWBush Inc. should say), "I stand behind my misstatements."

Schmugar?

Got to love all the security experts they poll who work for security software companies. What are they going say? Don't buy anything anymore?

Hah!

Been running OS X since March 24, 2001, and have

been completely free of malware. That's the bottom

line!

The kind of people who think percentage increases mean anything in isolation are the same people who think that increasing the volume to 11 actually makes it louder.

Come on MDN - do you really expect a priest to say there is no god?

If you talk to someone from McAfee what do you expect?

Most Windows users live by "The devil you know" philosophy apparently.

What's worse, a boat with a bowling ball sized hole in the bottom, or one with a number of pin-pricks? Vulnerabilities ≠ exploits. Windows has severe issue after severe issue. One bowling ball-sized hole is enough, don't ya' think?

MDN "thinking," so you don't have to.

Running Mac OS since 1992, Mac OS X since day 1.

I am a CFO for a small manufacturing company in So. California.

NO PROBLEMS WITH SECURITY OR MALWARE. Mac OS X has been "stellar" as an low maintenance cost software operating system.

These articles about Mac OS X lack of security in any sense are bullsh_t. McAfee really has nothing to sell for Macs in security products. Nor does any other company.

All the Windows malware problems at the company I am employed by have been brutal. Software and Router upgrades, IT "troubleshooting" consultants, down time, and lost productivity have cost this small company over $10,000 in the past year alone on it's Windblows "security" issues. This does not include other Winblow issues.

Frankly, I am sick of writing the checks.

On the Mac side, downtime operating costs have been less than $500. No malware. No viruses. No other unplanned operating costs. Period.

Ratio of Windows PC's to Macs in my company: 4 to 1.

My take: buy a Mac and operate much less expensively than Winblows.

'It's still safer, but not as safe as Apple pretends it is,' Ullrich said in an interview. 'Some features, like the firewall, aren't all that great. But, yes, it's still pretty safe.'"

I tend to agree with this statement and unfortunatly disagree with MDN's stand on Mac OS X's security.

Mac OS X needs some improvement in the security area.

1: Out of the box Mac OS X is insecure because as soon as it's hooked up to the internet and before Software Update can be used, the Mac can be compromised. Home users tend to go months, even years before doing a SU!

Apple needs to provide Software update disks with each new machine and disable internet access until the SU disks are run.

Alsothe firewall is not enabled by default. There is no outgoing firewall whatsoever.

2: Apple doesn't practice enough compartmentalized security with Mac OS X.

Applications shouldn't demand a admin password to install and leave hooks into Mac OS X that can be exploited via application exploits. Apple should take over the installation process to insure security and police developement. Sandbox the OS better.

3: Apple tends to include a users real name and details in places it shouldn't be. Like the name of the computer, emails and Apple website loging cookies for instance. People should have the option to have a privacy install option.

4: Apple still hasn't fixed a severely critcal Metadata file exploit from a few years ago. Any file has the potential to run code on Mac OS X.

5: There has been over 100 exploits of Mac OS X since it's arrival. Some very severe, like the URL handler exploits.

6: Buisnesses have the money for IT staff to keep Windows secure. Windows services are open "out of the box" which is bad for the home user

Mac OS X services are closed "out of the box" which is good, until the novice home user enables the services, then it's bad.

There is more, but I said enough.

I sincerly beleive the reason Mac OS X is mostly ignored is because Windows is easier and more common to exploit. The reason Windows is less secure is because out of the box it takes more for it to be secure.

I sincerly beleive if Windows and Mac OS X market share were reversed that Mac OS X would be the most exploited OS and Windows would have some malware floating around anyway.

"...Richest market? Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts..."


rich |ri ch |

2 plentiful; abundant : China's rich and diverse mammalian fauna. • having (a particular thing) in large amounts : many vegetables and fruits are rich in antioxidant vitamins | [in combination ] a protein-rich diet. • (of food) containing a large amount of fat, spices, sugar, etc. : dishes with wonderfully rich sauces.

@ Sum Jung Gai. Pedantic? Shifting the "affected by malware" from the OS to the user is beyond pedantic. The PCs I manage at work are affected by malware, my Mac at home is not. If I run Windows via Boot Camp, and it gets whacked by a virus, it's not Mac OS X's fault. It's Window's.

So maybe you could say I'm affected by malware, but you can't, because of broader scope, say that it has anything to do with OS X.

Actually us Mac users are under attack all the time. From Windows users who's computers get taken over by "malicious code" and are used without the owners knowledge to send us truck load after truck load of spam email!

Thanks Windows user.

Has anyone done a comparison between the amount of exploits and relative market share of the two OS's?

If Mac OS X had 100 exploits over 5 years with 5% market share.

and

(example) If Windows had 100 exploits over 5 years with 95% market share....

See where I'm getting at?

All things being equal, Windows should have 9500 exploits over the last 5 years in order for it to be equal to Mac OS X in market share.

(not versions of malware mind you)

I seriously beleive the larger the market share, the more exploits. Because more eyeballs are messing with the code.

OK Proof!!

Look at these charts based upon the number of exploits!!

http://blogs.technet.com/security/archive/2006/10/17/2006-january-through-september-vulnerability-trends.aspx

@Wiseguy

Your hypothesis and numbers are great!!!

Too bad they are uproven in the real world. I don't know, maybe you should ask a Mac user if their Macs have been compromised. Their reply would most definitely be "Virus, Malware, what the hell is that?".

You guys and your pipedreams. LOL

Bottom line is there is no threat to Mac OS out in the wild = 0%,

...while there are thousands of threats that a Windows machine is instantly bombarded with every second on the internet = 100%

So what is the comparison?

Let the spinmeisters spin....

I switched from a PC to a Mac almost a year ago and nope... no viruses, no malware, no crashes. It's like they say, once you go Mac, you never want to go back. So stop with the FUD campaign PC drones!

In brief from the link.

1: Mac OS X exploits are increasing.

2: Mac OS X exploits exceed the amount of Windows exploits.

3: Both pale in comparison to the 95% of exploits that target applications.

(don't give apps the admin password!)

Windows has more malware using the exploits because they have a larger market share and the Mac was a forgotten platform until just recently.

It's plain as rain.

I still love my Mac anyway though and confident Apple will turn things around as far as exploits go.

"Home users tend to go months, even years before doing a SU!"

Uh, yeah, any evidence of that? Maybe Windows users don't update much, but I seem to remember every new Mac I buy phoning home as soon as I hook it up. And in TS, almost everyone I encounter is running the very latest build. Even if they're running 10.3, they're running a fully updated 10.3 Windows users span the timeline all the way back to Win 2k and beyond. I'm not saying you're wrong, I just think you might be mistaken.
Anyway, my 2 word response to this whole article:
"No Shit."

-c

MW: 'straight' (yeah. that'll be the day)

"Apple’s Mac OS X is more secure than Microsoft’s Windows Vista"


DUH! Of coarse it is, this is news???

Windows=sucks.

Easily the worst article in the last few months. It lies so much that one can only take it as comedy.

over three years since i switched (panther is what did it for me). no viruses, malware, etc etc. how many times have i checked for them? none. i'm not going to say that mac os x is bulletproof. it's not. it DOES have vulnerabilities, and every mac user on MDN is aware of that. it's not the point, though. OUR point is that there hasn't been even ONE reported instance of an os x machine SUFFERING fro malware or exploits, aside from people who tried VERY hard to set up special instances (like that whole wireless fiasco a few months back).

i was checking for malware every day before i switched to mac. haven't had to since. don't see it happening in the near future. if the day ever comes that os x is in as bad of shape as windows is, i'll find something else. i don't see that happening, though. =)

Please excuse my ignorance about this subject. I have been a Mac user since the beginning as my friend who introduced me to computers is too. I probably would be a Windows user if he had been one. Who knows.

Anyway, I am confused about the differences in the security lingo being used ie attacks, vulnerabilities, exploits and threats. Would someone be kind enough to enlighten me about the differences. The only problems I've had with OS and OSX have been of my own making which I guess would mean I had none with the operating system or any outside interference. This would be over a 10 year time span.

Thanks in advance

"The jury is still out on that one."

They must have got the jury from the OJ Simpson trial.

Exploit - In computer security, an unethical or illegal attack that takes advantage of some vulnerability.

Vulnerability - A security exposure in an operating system or other system software or application software component. Before the Internet became mainstream and exposed every organization in the world to every attacker on the planet, vulnerabilities surely existed, but were not as often exploited.

Threat - The danger of an attack on a computer system.

Even though "vulnerability" is more accurate to reflect a software flaw, the new generally used term is "exploit" because of the internet's rapid response it doesn't remain a vulnerability very long.

Think of the comparison of OSX and Windows as a school surrounded by a playground.

The OSX school is a seamless cube with doors that can only be opened from the inside because all of the critical system functions were designed from the beginning on the inside. What goes in and comes out is controlled.

Contrast that to Windows which is like an old schoolhouse built back in the day when they had no running water and used an outhouse.

When they had bring in running water, and pump out the crap from the bathroom (the running water and the crap being comparable to the newly found critical system functions that were not originally designed in Windows) the designers of Windows for whatever reason decided to run the in (water)pipes and the out (crap) pipes through the existing doors and "windows," instead of creating new in and out pipes with their own separate controls through the outer skin or wall. Or buried deep in the ground so that no one could dig up the pipes.

That meant that the "doors" and "Windows" could not be secured, or if they were, only temporarily. The "doors" and "windows" keep getting re-opened by hackers who redevelop new versions of old viruses (now THAT is scary!).

It is theorectically possible that some hacker could penetrate the one piece skin of our OSX schoolhouse, but is that likely to happen before the repainted old schoolhouse with many new padlocks woodscrewed to the doors(Vista) implodes?

Forgot to include the playground in my school analogy.

In both playgrounds, the malware kiddies get to play, but they can't get inside the outer skin of the OSX school, while the doors and Windows have to be opened to let students, as well as the inbound water and the outbound crap to pass through.

kenh:

Does that mean Windows is using Metamucil regularly?

I'm in the wild?

John: Metamucil stops outflow, right?

Actually, you may have a point. The analogy there could be that the hard drive eventually fills up, AND the Windows registry can't handle it. Two parallel analogies?

Ok, the Windows registry is the equivalent of the little signout book that we use in the classrooms for the students to sign in and out when they go to the restroom, and I suppose when we run out of pages...........................

Have to go to the bank and the grocery store now. Have to manage my inflow and outflow.

All this bull$#!+ about "vulnerabilities" and "attacks" overlooks one extremely obvious point. The vast majority of attacks on Windows machines have one single goal: to add the PC to a "botnet" for sending spam and orchestrating DNS attacks. There is, to date, NO KNOWN WAY to turn a Mac into a zombie bot. Given that, why would the malware makers waste their time creating Mac malware?

Exploit - In computer security, an unethical or illegal attack that takes advantage of some vulnerability.

Oh really, Mr. Wiseguy? And said "exploits" are increasing, you say? Well, then -- I'm sure you can point me to a link documenting a victim of one of these "unethical or illegal attacks". Not a description of how such an exploit could be carried out. No, I want documentation of an ACTUAL F#$&#xIN;G VICTIM. Can you give me that?

That's what I thought.

Go blow smoke up someone else's ass.

The vast majority of attacks on Windows machines have one single goal: to add the PC to a "botnet" for sending spam and orchestrating DNS attacks. There is, to date, NO KNOWN WAY to turn a Mac into a zombie bot. Given that, why would the malware makers waste their time creating Mac malware?

Sorry to inform you it already has been done.

http://blog.washingtonpost.com/securityfix/2006/03/when_macs_attack.html

kenh:

Metamucil increases out flow, so more can get out and not retained.

In your ANALogy, this would mean the Registry could take a dump just about anytime winblows would like it to.

Hence, your analogy is correct, as my winblows unit at work dumps the registry all the time.

Oh really, Mr. Wiseguy? And said "exploits" are increasing, you say? Well, then -- I'm sure you can point me to a link documenting a victim of one of these "unethical or illegal attacks".

Read the link in my post above, the charts speak for themselves.

It's not really Mac OS X or Windows security we have to worry about, it's the whopping 95% of exploits targeting applications.

Online practically everyday since 1995. no firewall, no antivirus...nada. Quadra 840V...all the way up to 24" iMac. Never had one damn issue.

I read in some Forrester report last year, about consumer technology usage, that the average home PC user spends about 56% of their computer time just maintaining the machine or dealing with problems.

So this means I have had way more actual computer time than the average PC user. What is time worth?

Online practically everyday since 1995. no firewall, no antivirus...nada. Quadra 840V...all the way up to 24" iMac. Never had one damn issue.

I echo that same experience, that's why I stick to Mac's.

However things have changed in the last few years.

1: Mac OS X has increased in market share.

2: Hackers have taken notice and found over 100 exploits.

3: Apple has been on a hot pursuit of feature bloat and not paying attention to security.

The main issue I have with propoganda stories like this one is that we will be caught off guard.

Don't get me wrong, I love Mac OS X.

It's just I don't want Apple resting on their asses.

been using a mac since the the performa days and i have yet to ever have a virus or exploit or anything. my macbook pro is on 24 hours a day and no firewall no antivirus or anything like that and yet amazinly enough i dont have any problems. Its sad i know that you windows users have to sit there and deal with this stuff while im busy being productive.
wise guy is offering charts he made up i stil dont see any proof of actuall exploits or malware on the Mac os x in real world.

Vista talks big about security and how it was going to be much more secure then xp now they say not yet they need time to iron out all the bugs.

visit us on the web
http://www.disneyinfo.ws
http://www.onestopmacshop.com

WiseGuy:
although this would never happen, you sound like a situation where a high school football coach is miraculously called up to be an NFL football coach.

He brings his high school football play book and keeps repeating the same high school level plays over and over without ever realizing that they are 10 to 50 years out of date.

To keep restating the same arguments over and over again is silly.

Just back away. You are inconveniencing too many electrons.

MDN: "Richest market? Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts..."

"Richest" does NOT only mean "wealthiest" in terms of money or assets... In the cited article's context, it CLEARLY means plentiful, or abundant... Taken IN PROPER CONTEXT, Richest market clearly is the richest market, because there are more potential targets to exploit, and the likelihood of success is higher.

"...maybe you should ask a Mac user if their Macs have been compromised."

OS X security exploits are like Bigfoot sightings. People report them alright, but the only evidence they present is the solemn certainty of their pronouncements. Fools talking to fools, that's what these so-called security experts really are.

OS X "vulnerabilities" are also like the famous myth, cherished by generations of clueless Windows users, that there is "no software for the Mac." Now that Macs can run every desktop application in the Universe, this particular myth is bound to die, to be replaced by the equally spectacular myth that Macs are "as vulnerable as PC's." Nice try, suckers.

This is not the worst articel writen this week. Here in Finland one so called "computer" magazine (http://www.tietokone.fi) compared Vista to Linux and Mac Os X. They gave four stars out of five to Vista for security... five out five to Linux and four out of five to Mac Os X. Their conclusion was that the Vista is att least as secure as the Mac Os X and that the Linux is more secure and safer to user than the Mac Os X. Go figure. Mac Os X came last at that comparison. Linux won and Vista came second.

The total results were:
Performance:
Vista 3/5
Linux 4/5
Os X 5/5

Entertainment:
Vista 5/5
Linux 3/5
Os X 4/5

Enterprise use:
Vista 5/5
Linux 5/5
Os X 3/5

Security:
Vista 4/5
Linux 5/5
Os X 4/5

Total:
Vista 17/20
Linux 17/20
Os X 16/20

Feel free to send a message for them that they s*ck...
http://www.tietokone.fi/apua/palaute_lehti.asp

Here is quick reference in to Finnish language:
Palaute = Feed back
Kerro = Tell
Nimi = Name
Sähköposti = Email address
Lähetä = Send
Tietokone = Computer

Linux that was used was SUSE Enterprise Desktop 10
Windows that was used was Vista Ultimate

@ Mo

Good point, and I concur completely, all thee way up to my 24" iMac. Have I told anyone how much I adore this machine?

Let the fools that believe Windows is more secure think that way. I don't care. Those of us that actually have some intelligence definitely know better than that. And when (not if) the next major piece of malware strikes Windows and cripples the systems of millions of users, we can say that we knew better all along.

@WiseGuy:

Home users tend to go months, even years before doing a SU!

The main problem is bandwidth. How many home users can d/l ~300 meg updates?! The other problem is SU needs to be a bit more assertive in suggesting important updates.

I personally would PAY for a subscription to a Mac OS update mailing. Send the disks out, say, monthly or quarterly for regular updates, and immediately for critical security updates.

I've already written Apple, suggesting there should at least be a way to buy update disks through Software Update. So far Apple doesn't seem to think it's necessary...

Not all of us live in downtown LA; there are many places where broadband isn't even available. Until it is, getting these updates will remain difficult. :(

If Vista is as secure as OSX, is it made so by asking you every 10 seconds if it can do what it's doing? That's been my experience so far. And to tell you the truth, all those Cancel or Allows become invisible after a while, so I just hit Allow all the time. I'm sure I won't notice when something bad is happening, and I'll hit Allow, and then MS can say it's all my fault. Whatever. My Macs remain virus free.
One exploit in the last 10 years was due to a flaw in phpBB, in which the attacker hosed my bulletin board database. But that had nothing to do with OS X, and nothing else on my web server was touched. Two of my friends running phpBB on Windows also got hit the same month.
All this, and I spend zero time maintaining it. More time for pointless arguing on MDN.

-c