MacDailyNews - Where Mac news comes first

hot hot hot

for once McToday finally does some serious Journalism

Believe it or not Wintel users believe that viruses do not even *try* attacking a Mac platform explaining that - or via misunderstanding - with security via obscurity.

Macs receive as many attacks per hour while connected as Windows platforms. If there were a security weakness remotely exploitable a Mac would be infected in minutes as a Windows platform. It does not happen not because Macs are so few HENCE not easily found (what the average Wintel user understands with *security by obscurity*) but because there are NO SECURITY flaws that are remotely exploitable.

A simpleton Wintel user once run this mental picture he had to explain the *obscurity*: "it is like getting the flu. If you are in a crowded room and one sneezes of course you get the flu. If you are alone in a stadium and one sneezes on the other end of it you will never get the flu"

I know, it really is an idiotic vision and shows the lack of understanding of how viruses propagates, how network works and - frankly - it is typical of the average Windows user level of understanding these things. At least the ones I happen to open their eyes from time to time.

If you are connected online, no matter what OS you use, you receive breaching attempts. If you are on Windows start praying, on Linux configure yourself so to be safe, on OS X just do nothing - for the time being - you are safe already.

But the article goes on to say:

"There were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls. That pattern was not surprising, as Windows PCs make up 90% of the computers connected to the Internet, and the vast majority of automated attacks are designed to locate and exploit widely known Windows security weaknesses."

This is kind of a pissy thing to say in the face of cold hard data.

I guess the real question to ask is how many of those exploit attempts were written to exploit the Mac OS? MDN's take sounds good and I believe the Mac IS more secure, but just to say there were 339 attacks with no break ins isn't telling the whole story.

The actual issue, a message that slowly is making its way through sleeping minds, is that the vast majority of automated attacks are design to exploit security weaknesses which - as a matter of fact - are present by the truckloads on Windows OSes and not on others.

If you were a petty thief, who would you attack? The idiot drunk with all its money visible in his pockets wandering hopelessly in the street or the gym fit athlete marching along with a secure step and a sharp alert eye on the other side of the street?

Even more if the drunk abounds. Is no excuse for drunken idiots that they are in the majority. It actually is a double offense.

Jump, what the test shows is that if there is a remotely exploit on any OS you have - today - all the reason to release a virus. There are MILLIONS of machines for any OS around. And those machines are used to connect to banks, behind there are people with money, for a cracker there are no less reasons to hack a Mac than a Windows machine.

The difference is that s/he can easily do that on a Windows machine. You would be able to infect a Mac in minutes if it was possible. The security via obscurity has always been a risible thing for people lacking technical background.

Actually, since there is also this other myth that Macs are expensive and only the rich snobs can treat themselves with, there would be a higher incentive to break a Mac than the average PC at $399 with Joe Sixpack behind the screen.

"You would be able to infect a Mac in minutes if it was possible." -- Seahawk

Indeed, I will be able to show this article to Windows apologists. Their take is that a virus would take forever to even find a Mac on the net, hence it is crazy to waste time writing a virus for the platform. If there were enough Macs on the net THEN there would be viruses for it as well.

I lost my voice trying explaining them that a Mac is as visible as a Windows machine to a virus but they call me Mac zealot and cultist. They simply do not get how network and computers connect. Idiots.

How do you see if your machine is being atacked? Is there some Terminal comand I can use to montor attacks, etc ...? Would be interesting to see. I guess they slow down your internet experience regardless of whether you are on a Mac or PC, no?

Seahawk, I fully believe that the Mac OS is far more secure than Windows and I'm glad to see this article. But, unless they can show that some of those exploits were written for a Mac, the article doesn't really do anything to prove the security of OS X.

hackers love to get big news and make a big splash, but you see so many Winblows virii out there they are lost in the shuffle. If a REAL virus were to successfully attack the Mac community, it would be a huge story. Obscurity my ***

We all know XP sucks wind...what I want to know is where the hell is iTunes music store for Canada??!!!!!

PP

Predators attack the weak for reasons of economy. They benefit the herd by weeding out individuals less fit to pass their genes on. This analogy holds for Operating Systems: Windows is a weak OS. For such predators, the Mac would taste better and provide a more satisfying meal. But it's not worth expending the effort to make a Mac-targeted attack because the pickings in Windows are too easy.

Lets re-read, shall we...

By contrast, there were fewer than four attacks per hour against the Windows XP updated with a basic firewall and recent patches (Service Pack 2), the Linspire with basic firewall and the Windows XP with ZoneAlarm firewall.


"The firewalls did their job," says Russell. "If you can't get to them, you can't attack them."

While attempted break-ins never ceased, successful compromises were limited to nine instances on the minimally protected Windows XP computer and a single break-in of the Windows Small Business Server. There were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls. That pattern was not surprising, as Windows PCs make up 90% of the computers connected to the Internet, and the vast majority of automated attacks are designed to locate and exploit widely known Windows security weaknesses.

Lets face it, OS X kicks a$$, but, and I know all you mac lovers out there will hate to hear it, if 90% of users are wintel users, then there are 90% more virues, worms, and blah out there for them, and that is the hard truth. Macs just don't have the masses, at least not yet...

P.S. mac daily news, why am I typing in a "password"? Are you monitoring my activities? mmmmm........

Windows has tens of thousands of viruii but Macs OS X has none. None is a lot less than 10% of tens of thousands.

Actually if you go at it mathematically there is an INFINITELY larger number of viruses for windows than for OS X. (anything divided by zero is infinity)

If just one OS X virus surfaces, there will be 80,000 times more windows viruses since I believe windows is cruising at around 80,000 viruses right now.

But even if things got EIGHTY TIMES WORSE and there were 80 OS X viruses instead of just one, there would still be around ONE THOUSAND TIMES more viruses for winblows.

Actually, there's a reference to this on slashdot.

One interesting thing, according to the people who did the research and posted on slashdot, was that their "Mac guy" actually turned on Windows File Sharing on the Macintoshes, just because Mac users might have it turned on. That's what all of the attacks were against.

Of course, again, the Windows machine was 0wn3d in about four minutes. The Mac, using the same protocols, remained secure.

When I check my httpd and ftpd logs in console, I see I get hit daily from China and Russia using all kinds of tactics from trying to FTP anonymously into my equipment to sending long URLs to my machines. Not once I have I had any data compromised.

Even with following basic security protocols, my Wintel laptop has been compromised and literally destroyed three different times. On one occasion, it happened within 30 minutes of me initializing the drive and connecting back to the internet. I am so glad that laptop was just a toy machine used for research and Excel and not much more than that.

For the life of me, I can't see why people put up with Windows when there are more capable platforms that exist.

In some sectors Macs are not a minority, more like a majority with 80% market share - so where are the viruses? Ditto web servers, yet still all the viruses are for Windows ....

wow GREAT article.. the mac is actually being attacked but none of the attacks are doing a damn thing..

amazing! ballmer MUST read this..

"Compromised PCs fueled a 150% surge in suspicious security activity per machine per day in the third quarter of this year, compared with a year ago, security vendor VeriSign said in a report in November."

CONCLUSION: Windows should be outlawed as it fuels illegal activities!!

Actually if you go at it mathematically there is an INFINITELY larger number of viruses for windows than for OS X. (anything divided by zero is infinity)
-- Jack A
-------
I thought anything diveded by zero was undefined for real numbers. I have no idea why the Mac OS X calc comes up with the infinity statement.

I think people are getting confused here, or I am. As I read the article, it was not about viruses, it was about people hacking into the machines. Of course, this was an automated process, the attacker (usually script kiddies) just type in a start and end IP address and it churns through them doing a ping, then port scan to find services, and if it finds something for which it knows an exploit, it tries to gain entry. Therefore the Mac box had lots of attacks because windows file-sharing was turned on but the firewall was not. So the number of attacks shown was not a 'fair' comparison, but it work well, because it showed that even with the same number of attacks OS X didn't simply roll over.

"There were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls. That pattern was not surprising, as Windows PCs make up 90% of the computers connected to the Internet, and the vast majority of automated attacks are designed to locate and exploit widely known Windows security weaknesses."
False reasoning indeed. Given the way these autorooters work, as far as any particular machine is concerned it doesn't matter at all how much market share it has, it will get scanned (and attacked if it is vulnerable). They do exploit widely know Windows security weaknesses, but any weaknesses in OS X would also be widely known (hell, even false alarms have become widely known, like 'Opener'). It is a pity that arstechnica falls into this sort of ignorance.

I found this on the web regarding anything divided by zero:
-------------------------------------------

When something is divided by 0, why is the answer undefined?

The reason is related to the associated multiplication question. If you divide 6 by 3 the answer is 2 because 2 times 3 IS 6. If you divide 6 by zero, then you are asking the question, "What number times zero gives 6?" The answer to that one, of course, is no number, for we know that zero times any real number is zero not 6. So we say that
division by zero is undefined, for it is not consistent with division by other numbers.

-Doctor Robert, The Math Forum


But maybe you're thinking of saying that 1/0 = infinity. Well then, what's "infinity?" How does it work in all the other equations?

Does infinity - infinity = 0?
Does 1 + infinity = infinity?

If so, the associative rule doesn't work, since (a+b)+c = a+(b+c)
will not always work:

1 + (infinity - infinity) = 1 + 0 = 1, but
(1 + infinity) - infinity = infinity - infinity = 0.

You can try to make up a good set of rules, but it always leads to nonsense, so to avoid all the trouble we just say that it doesn't make sense to divide by zero.

What happens if you add apples to oranges? It just doesn't make sense, so the easiest thing is just to say that it doesn't make sense, or, as a mathematician would say, "it is undefined."

Maybe that's the best way to look at it. When, in mathematics, you see a statement like "operation XYZ is undefined," you should translate it in your head to "operation XYZ doesn't make sense."

-Doctor Tom, The Math Forum
http://mathforum.org/dr.math/

For those wanting to briefly delve into some of the basic math axioms of dividing by zero, try http://mathforum.org/dr.math/faq/faq.divideby0.html . It offers a wide variety of freshmen-level explanations.

I am very glad to see the Apple Calculator display the more accurate "Infinity" rather than the "Error" that most calculators do.

In short, our system of mathematics is fine for our day to day finite lives, but it quickly fails miserably in many scientific areas, such as physics, requiring analyses into extremes of space and time. A first year electronics engineering student needs to know how to manipulate the square root of -1 (crudely called the "imaginary number"; symbol is "i") in order to explain simple electron principles. We need a better math system, rather than the 5,000 year old one based on counting olives in a basket. It is perhaps this assumption that our math, however feebly manipulated to explain infinity and imaginary numbers, that prevents us from discovering the truth of the universe; keeping us from communicating and physically traversing through millions of light-years of space.

mi2g Study
Conclusion

"More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004," according to DK Matai, Executive Chairman, mi2g. "For how long can the truth remain hidden that the great emperors of the software industry are wearing no clothes fit for the fluid environment in which computing takes place, where new threats manifest every hour of every day. There is an accelerating paradigm shift visible in 2004 and busy professionals have spotted the benefits of Apple and BSD because they don't have the time to cope with umpteen flavours of Linux or to wait for Microsoft's Longhorn when Windows XP has proved to be a stumbling block in some well chronicled instances."

another mi2g study
"As a trend the estimated economic damage per installed machine in 2004 is significant to the Total Cost of Ownership (TCO) calculations for Windows, which most responsible CFOs are revisiting with their CIOs for 2005," said DK Matai, Executive Chairman, mi2g. "On the other hand, it may not be sufficiently large to cause dramatic shifts away from Windows given the inertia of the massive installed base and associated deep knowledge of software behavioural response in users' minds."

"The legacy investment write-off required to shift away from Windows to other mainstream platforms such as Linux, BSD or Apple Mac OS X, has been historically projected to be higher in the new year's budget spreadsheets put together by board-level executives of reputable corporations. The TCO arguments have come out in favour of Microsoft especially when the migration costs measured in terms of stakeholders' inconvenience, time allocation and refinancing; requirement for retraining administrators, personnel, key suppliers and customers; as well as porting in-house software applications and databases to the new environment, have been taken fully into account."

"It remains to be seen what is the net impact in 2005 of '2004', the year of the global malware epidemic, on the established base of Windows aficionados within the decision makers' clique at board level. Over the last few years, it has been a case of better the 'devil' we know than the one we don't."

I didn't say it, they did. Enough said

While this isnt news to Mac heads, its sure nice to see that others are writing about it, making the case for Macintoshes ..and against WinTel machines....

But, if JadisOne ... or anyone else can tell me how to monitor suspicious activity in the console, such as the activity mentioned above... it would be appreciated

Anyone know if the following statement carries any weight? That another reason for OSX's security is because the hacking "community" mostly uses UNIX and they don't want to "shit in their own backyard."

mac dood, you are asking a big question here. Before you know what is suspicious, it helps to know what is normal. In this study they setup some honeypots - machines specifically set up to be hacked into. As they are not normal machines on the network, ANY traffic to or from them is suspicious. I do suggest to install Snort (via the Henwen application) as your Network Intruder Detection System. Then your firewall should be running, with any services you don't need turned off. You can use Ethereal to monitor traffic, nmap to scan machines on your network looking for ports which shouldn't be open, lsof to find out what programs are listening at the ports, netstat to get a local listing of network connections, Little Snitch to do egress filtering, portsentry to slam the door in attacker's faces, etc. Take a look here: http://www.insecure.org/tools.html for a good listing of useful tools. You could also do with a tripwire system to tell you what has been done if you are hacked (eg osiris), although I have had difficulty compiling that lately. hping2 and dsniff are also very useful. It is a big subject.

To mac dood,

Launch the console and click the Logs button in the toolbar. That should split the text pane into two panes. In the left pane, there will be a list of logs. The logs of interest for remote access to your machine will be in the /var/log set of logs. Turn down the arrow next to /var/log. If you have personal web sharing and/or FTP active, you will see 'ftp.log' or 'httpd' with an arrow next to it. If you want to examine the FTP log, just click on it and the contents of that log will display to the right. In the FTP log, for each entry, there will be a date, time. the IP address or local name of your machine, ftpd[port of access], and a message. That message will tell you connection from <domain or IP address> to <your machine> or an error message like ANONYMOUS FTP LOGIN REFUSED FROM <domain or IP>.

When you turn down the arrow next to 'httpd', there should be at least two logs in there, 'access_log' and 'error_log'. Click on the 'access_log' and you will see who has been sending HTTP requests to your machine (usually over port 80). Each log entry will be formed like: <ip address> - - [date time] "<the text of the HTTP request>" [response code] [# of bytes sent to requesting machine]. When folks are trying to compromise your system, the HTTP requests usually look like this: "GET /scripts/nsiislog.dll HTTP/1.1". Since you are running OS X, the response code is usually 404, which means that the file is not found. Now click on the 'error_log' and you will see a list of errors that were issued to machines sending requests to your computer. Again, usually, it will be a "File does not exist" error.

If you keep your firewall turned on and your passwords complex, or if you turn off services you don't need, you will more than likely be just fine.

I typically check the log once a day.

Alunap...

uhhh... Being than I'm just your average Mac head, with no knowledge of the underpinnings, most of what you say is way over my head...but, I have never (knowingly) turned on things like Web Sharing, FTP or the like on any of the machines on my network...
As far as Firewalls are concerned, I have whatever comes with Panther, and whatever comes with my broadband modem... I dont know enough to mess with either of them....

However,
JadisOne.... What you say... while somewhat technical... seems like something I can do with some confidence...

My thanx to both of you !

mac dood, yes I realize that it might be, I was just trying to point you at some tools. Henwen is a standard Mac app, you can google for it. Most of the others are available from Fink. There is a cocoa wrapper for nmap called NmapFE. As I said, in order to find out what is unusual you have to recognise what is usual, and there is no substitute to understanding TCP/IP and related protocols. Ethereal (available from Fink) lets you watch the traffic on your network. From the point of view of being secure, the main things are, turn on your firewall (and if you have more than one machine on your network you need a firewall between your network and the internet), good passwords, install all security updates, turn off any services you don't need, install Little Snitch and Henwen, and I would also recommend installing PortSentry (from Fink). You shouldn't have much trouble. Beyond that it is a learning curve.

Henry, Henwen pops up an alert every time someone hits your computer, whether a portscan to see what services you are running, or a known exploit against IIS or Apache, MySQL or PHP. It can tell you if someone is launching a DOS attack against you, and so on. There is even a link to a web page explaining the alert. Henwen is the Mac application which runs the open source Snort Network Intruder Detections System. It is free. Recommended.

There is no security through obscurity on the Internet.

Say this over and over until your pro-Windows subject has been hypnotized:

An IP address is an IP address.
An IP address is an IP address.
An IP address is an IP address.
etc.

Good morning. Illusions are art, for the feeling person, and it is by art that you live, if you do.
I am from Herzegovina and now study English, tell me right I wrote the following sentence: "Browse through our selection, we are positive you will find the perfect wall clock."

With respect , Keaton.