MacDailyNews - Where Mac news comes first

Apr 21, 09 - 05:32 pm Comment from: Macintosher

I think I knew what was in that article. It's common sense.

Apr 21, 09 - 05:36 pm Comment from: KingMel

Should add:

Is there an active exploit that is propagating in the 'wild'? Or is it simply a 'proof of concept'?

Does it require active user participation to enable the exploit, such as authorizing the installation of malware by entering an admin password?

"Does it require active user participation to enable the exploit, such as authorizing the installation of malware by entering an admin password?"

This is usually the #1 thing I'm interested in when I see an article.

Apr 21, 09 - 05:47 pm Comment from: Virus Free

Yea I got some sh*t from a PC user that said "There are two viruses for the Mac, it's no longer immune"

I quickly set him straight, telling him "those two viruses you mentioned are actually trojans, which require one to download, install and give their administrative password to it before it can do anything" I then said "any computer is vulnerable if the operator is stupid enough to install malware themselves"

"What the Mac offers is a high level protection from hackers and malware that self-installs, either over the internet or attached to files like viruses do, without your knowledge or consent"

He was flabbergasted to say the least. I raised his computer knowledge about ten fold and he conceded defeat right there in front of everyone.

At least he had the balls, I give him respect for that.

Apr 21, 09 - 06:09 pm Comment from: s

Virus Free said "if the operator is stupid enough to install malware"

Windows Vista?

Apr 21, 09 - 06:09 pm Comment from: LateRegistrant

An Analogy

Let's say you have a choice of two homes to live in. One house has a history of cockroach infestation and the current owner has to call in an exterminator every week. The other house was built so securely to begin with that the owner has never seen a bug.

To say, "Well, one house is free of pests now, but you know, it could get pests at any time", would be a silly way to make the comparison -- discounting the actual record of pest-free living -- but some prospective buyers seem perfectly willing to describe the choice in such a manner.

Apr 21, 09 - 06:10 pm Comment from: mike_in_helsinki

The latest clickwhore tactic ..... write a Mac security story about Mac security stories.

Buddy, you'd make better cash turning tricks with boys on the street corners of the Castro area in San Francisco.

Apr 21, 09 - 06:10 pm Comment from: Anonymous©

I give Kudos to the author for using the word "bated" properly. I've seen that one misspelled quite alot lately.

Equating a Trojan to a Virus is like equating a broken leg to malaria. Yeah, they both are bad for you , but the one is not the other!

Yeah, like alot.

This story is so erotic!

"Let's say you have a choice of two homes to live in. One house has a history of cockroach infestation and the current owner has to call in an exterminator every week. The other house was built so securely to begin with that the owner has never seen a bug."

With Windows it's more like: you live in a bad neighborhood in a large city. The people who built your house didn't add enough security so you call up a 3rd party security company who puts in a wall around your house, bars on your windows, security cameras around your house and an alarm system and posts a guard who checks all people coming in and out of your house and scans your house periodically for intruders hiding in it.

You sit back and watch while people rob and murder your neighbors who didn't do these upgrades.

On the Mac you live in sleepy little MacVille. Terrible violence happens every day in UnixVille, MacVille's large sister city, but the inhabitants of MacVille never really see any of that, because no-one really comes to MacVille to cause trouble they fool themselves that nothing bad could ever happen to them. It's been a while since there's been any violence in MacVille, such a long time that everyone in MacVille leaves the doors unlocked and never worries about intruders. Then one day a band of criminals come to town, robs all the houses and rapes and kills the naive and unprotected inhabitants. The distraught survivors vow never to let this happen again and install security systems.

Apr 21, 09 - 07:56 pm Comment from: HMCIV

@Gunner

If a Trojan breaks your leg then either:
a) See point #5 about history defending Apple Security
b) You found this site by accident while you were Googling for a picture or video of something else.

If the Geek Squad tells you your Mac has malaria and charges you $129 for quinine water, use one of the Trojans listed above.

Now that I think about, I do have a piece of malware installed on my Mac. It is called Windows XP and runs under Parallels.

It is only there to allow me to run a couple of unenlighted applications, and it is the only reason I have anti-virus software installed on my Mac.

Nice thing about virtualization is that each time XP picks up a bug, all I need to do is trash the infected XP and run an earlier clone.

"It's been a while since there's been any violence in MacVille, such a long time that everyone in MacVille leaves the doors unlocked and never worries about intruders."

Except OS X has security on a fundamental level, so your analogy doesn't work.

Nobody in MacVille has to worry about intruders because the doors automatically lock behind them and only allow other people into the house with the owner's express permission.

If one day some suspicious guy with a fake mustache shows up at the doorstep and asks to come in, then he clubs you over the head with a tire iron and robs the house after you unlock the door, then you just might be at fault for being an idiot more than the locks are at fault for not being idiot proof.

Contrast this with Windows, where doors are an aftermarket option.

"Let's say you have a choice of two homes to live in. One house has a history of cockroach infestation and the current owner has to call in an exterminator every week. The other house was built so securely to begin with that the owner has never seen a bug.

To say, "Well, one house is free of pests now, but you know, it could get pests at any time", would be a silly way to make the comparison -- discounting the actual record of pest-free living -- but some prospective buyers seem perfectly willing to describe the choice in such a manner."

There's something missing: Some of the well-built houses had a flea infestation because some people living in them adopted a stray dog. And the cockroach-house owner constantly says: "See, happens there, too."

I have an improved analogy:

One house is built from wood. It's constantly treated on the outside to prevent termite infestation, but the termites constantly evolve and adapt. If the outside treatment fails at some point, the whole house gets infected so badly that you have to rebuilt it from scratch.

Now, the other house has a brick or concrete base structure, with some nice wood additions. But each of the wooden structures are separated, and some of them are termite resistant. If some of them get infested, you only have to rebuilt those few. The basic house stays clean. Recently, some home-owners got some termites with some antique chair. But they were able to get rid of them with household items. Nevertheless, the wood-house termite sufferers think their houses are comparable cause the painting and basic shape is similar.

What happens if someone hacks MDN or MacRumors and injects a bad I-Frame redirect to a Mac based hacker site using Unix keyloggers and a Safari or new OS X Kernel vulnerability that ALL have ROOT without authentication.

YOU ARE OWNED!!


It is only time and don't be so fricken naive that it won't happen because you have a Mac. It just takes a brain to find the OS X Kernel hole and holes and BAM!!! Ownage of Macage!

Exactly right, Steve.

You Mackies' free ride days are numbered. The armageddon of macs is coming, and us PCs will laugh and finally be the ones back on our rightful throne with our smug faces. Ownage!

Once you go mac, it's never too late to go back.

"Nobody in MacVille has to worry about intruders because the doors automatically lock behind them and only allow other people into the house with the owner's express permission."

Really? There's magic code in Mac OS X which can tell whether a program being executed in the context of my user ID should be allowed to read files I can read or delete all my files based on automatically determining whether the code is malicious or not?

WOW. SOPHISTICATED.

Apple should at least document that somewhere. Except you're imagining this feature.

Mac OS X is susceptible to the same kinds of attacks as windows and had more exploitable holes discovered last year than Windows. It's not fundamentally more secure, just less vigorously attacked.

@Really:

"On the Mac you live in sleepy little MacVille. Terrible violence happens every day in UnixVille, MacVille's large sister city, but the inhabitants of MacVille never really see any of that, because no-one really comes to MacVille to cause trouble they fool themselves that nothing bad could ever happen to them."

Really? Can you point me to some news articles about violence in Unixville? All of the credit card losses I've researched in the last few years have happened on a Windows server, usually with a web interface. Cite me a few of those Unix compromises please.

"Now, the other house has a brick or concrete base structure, with some nice wood additions. But each of the wooden structures are separated, and some of them are termite resistant."

Again, you're imagining things. Once I find a hole on your system and get administrative access I can access anything and bury exploits so deep you'll never find them, at least not without some kind of software that scans for those exploits.

Better that you shut me out at the front gate than try to figure out what I did later.

The security hierarchy looks something like this from weakest to strongest:

1) Unpatched Windows box
2) Unpatched Mac
3) Fully patched Windows box
4) Fully patched Mac
5) Windows box running modern antivirus and firewall software.

elgarak

your analogy is good, but:

[...Even more frightening, this six-legged sneak is legendary for penetrating cement, brick, plastic, and other obstacles to get to food or water sources. A veteran of the Formosan termite war, Bordes has seen it all.

"We've seen trees fall on trucks; we've seen trees fall on buildings--all infested with Formosan termites," says Bordes. "They'll eat the seals out of high-pressure water lines to get to the moisture inside."]

This quote about the Formosan termite is from the USDA website.

Also,

[... Although they feed mostly on wood, they will eat other cellulose-containing materials such as cardboard and paper. However, they are known to chew through foam insulation boards, thin lead and copper sheeting, plaster, asphalt, and some plastics."] from Wikipedia.

I have 4 Macs running 2 anti-malware programs each. You can no longer go naked on a Mac. 3 on Vista in Bootcamp.

Watch the ad people!!!!!

It clearly shows that Macs are more secure than PCs.

I know it's all the proof I need.

@Steve

I'm surprised that 2 anti-malware programs exist for the Mac.

You'd be even more super-dooper protected if you wrapped your Mac in aluminum foil. Keeps out the crazy.

Apr 21, 09 - 11:32 pm Comment from: Scot Murphy

@"Steve" and "Jed" (the same person, no doubt):

"What happens if someone hacks MDN or MacRumors and injects a bad I-Frame redirect to a Mac based hacker site using Unix keyloggers and a Safari or new OS X Kernel vulnerability that ALL have ROOT without authentication."

Oh YEAH? Well, what happens if Sauron sends flaming meteorites at your Windows computer and wipes out your anti-malware protection? What happens if your Windows machine turns into a Terminator while you're asleep and shoots you? Huh? What then, Mr. Smarty-Pants?

Dear Anonymous©,

It is not a good idea to play spelling consultant when your own spelling is faulty in a low-class way. There is no such word as "alot," just as there are no such words as "ahorse" or "apenny." Correct spellings are "a lot," "a horse" and "a penny."

There are languages where the article is written as part of the word. English is not one of them, even though a lot of writers use the faulty "alot" spelling.

Apr 22, 09 - 01:15 am Comment from: Always Right

Let's end this now.

mac= Unix underpinning.

Root is SEPARATE from Admin.

Questions?
Keep them to yourselves.

Did I spell this all OK?

If not, FUCK YOU.

Mr Always Right,

Did you read Rich Mogull's article?

http://db.tidbits.com/article/10218

Note especially what he says under heading 5.

The entire article is good and worth reading, if not particularly unexpected in its conclusions, but Section 5 is what is of relevance to your comment.

@Scot Murphy

Nope Steve is just Steve. And Steve is into Mac security and 10% PC Security as my hobby. I am a Mac Geek. I own 4 iMacs 2 with BootCamp and I have 1 custom made Intel 330 Atom running "Untangle" Unified Threat Managment Server


http://www.untangle.com/video_overview/


I spend time listening to corporate penetration testers or good hackers that turned security experts. A high percentage of these guys use Macs now. They laugh at how naive the Mac community is on OS X security. The Mac/OS X is brought up on a regular basis because it is their OS of choice for some of their hacking.

Some of you need to spend 600 hours listen to security podcasts and you won't be so fricken naive about Mac/PC security.


I run Intego and PCTools iAntivirus. ClamXav sucks because the signatures are very rarely updated with OS X definitions. Avast for Mac is the same way, Avast is too lazy to go the a couple of Russian hacker sites to get a recent OS X trojan sample and asks a view of their forum to send it in. You have Bit Defender Beta, Sophos, MacAffee ; ) ,Symantec, and Protectmac to choose from.

Load code into a bad I-Frame that as been injected into MDN or MacRumors and Mac ownage on a large scale. Love them or hate them, Intego and the US Military are running the more aggressive honeypots for OS X at this time.

Intego’s security researchers have been examining some Mac OS X exploit code that was made public last month, and have discovered that one of these exploits could lead to malware that could have serious consequences. One of the kernel exploits mentioned here has an interesting way of operating.

Unlike current Trojan horses, which require that a user enter an administrator’s user name and password, this exploit could grant root access to malicious software with no password required. It takes advantage of a vulnerability that exists when volumes (hard disks, disk images, removable media or network volumes) are mounted in Mac OS X. When this occurs, root access can be obtained without needing a password. The volume itself must be “prepared” for this exploit to work, but such a malicious program can simply create a disk image when it is launched, mount the disk image, allowing the exploit to function, then unmount it.

The danger of such an exploit is obvious: since no password is required, users get no warning. A malicious program can be disguised as a graphic file, music file or PDF, or a simple application. Note that this only seems to affect Intel-based Macs.

Currently, there are no examples of malware exploiting this vulnerability in the wild, but Intego has updated the virus definitions for VirusBarrier X5 to protect against the possible use of this flaw. Apple is certainly aware of this vulnerability, and we hope they will be issuing a security update to prevent this flaw from being exploited.

Apr 22, 09 - 09:14 am Comment from: silverhawk

These security articles sure bring the windoze lunies out.

"Root is SEPARATE from Admin."

Yes, but if you have admin you can enable/get root. So "Separate" from a hacker's point of view is a small distinction.

The Naive citizens of MacVille are just on the edge of understanding that big city problems are coming to their little backwater town.

"Mac OS X's Unix core was a powerful security defense for many years, especially the requirement to enter a password before installing most kinds of software, but modern attack methods are able to circumvent that protection."

This is where the authors leaves it‚ leading the reader to believe that these are live threats to Mac users. OK: what kind of attack methods are we talking about? Can you cite an example of one that has been discovered? Do you need physical access to the system to implement these attacks? If Macs are now more susceptible than the current version of Vista‚ WHERE IS THE PROOF?

Dropping in passages like this and not substantiating them puts this security writer in the same category as the anti-virus/malware firm marketing engines.

Firefox just updated on my Mac. It asked me if I wanted to install the update, but it didn't require an admin password, so it could just as easily could have not bothered with the question.

The Mozilla foundation is going to ask me before installing new software, but are the black hats?

Apr 22, 09 - 12:43 pm Comment from: ElderNorm

To all the MS users and even you M$ trolls out there:

"Some days it seems the entire world is waiting with bated breath for the eventual fall from grace of the long-vaunted Macintosh security. "

YES.... Yes they are waiting.

If Macs are really more secure,,,, then they have been fools all this time. Dumb fools who saved a nickel and were at risk.

If Macs are not really more secure... then its OK.. They have a reason to put up with cranky, leaky, insecure M$ for an even longer time.... cause.... you know.......... both systems are really equal. ----- Like the Titanic and the Queen Mary, cause they both could sink.. Don't you know. LOL

Its buyers remorse .... in advance. If Macs will eventually be as insecure. then I can save my money now and buy a cheap PC.


Just a thought.
en

"Like the Titanic and the Queen Mary, cause they both could sink."

That's a really good analogy. The passengers on the Titanic were happy with the lack of lifeboat space for everyone because they were convinced the ship could never sink. That's a lot like today's Mac users.

What were the outcomes of the disaster? Now every ship must carry enough lifeboats for everybody.

After the first widescale Mac Virus/Trojan/Worm disaster and the bloodbath it causes, the passengers on future "unsinkable" MacTanics will demand lifeboats.

"Really? There's magic code in Mac OS X which can tell whether a program being executed in the context of my user ID should be allowed to read files I can read or delete all my files based on automatically determining whether the code is malicious or not? "

You fail at reading comprehension.

"You fail at reading comprehension."

You fail at operating system threat comprehension.

And presumably also comprehension of the difference between your arse and your elbow.

You mean the widescale Mac Virus/Trojan/Worm disaster that's been lurking around the corner just waiting to pounce and destroy us all, which has failed to materialize for eight solid years now despite the continuous wide-eyed hysteria from Microsoft's legion of squawking PR parrots, IT professionals terrified of losing their job to a computer that doesn't need around the clock maintainence, and antivirus companies with a product to sell claiming that Macs face impending malware doom at any given moment?

Yawn.

Wake me up when the crackpot doom and gloom predictions actually come true. And since you've confused the Queen Mary for the Titanic, I suggest you don't hold your breath.

"You fail at operating system threat comprehension."

I presume you were typing that as you looked in a mirror.

"Wake me up when the crackpot doom and gloom predictions actually come true."

Don't worry, I don't need to. Losing everything on your computer, or your identity will be enough of a wakeup call.

Until then, stay happy with your "She'll Never Sink" mentality.

If ignorance is bliss, at least you deserve to enjoy that bliss a bit longer as compensation for the coming pain.