Mac community must wake up to security

Apple Macintosh users believe they are immune from security problems and need to wake up to the potential of attack -- before they are rudely awoken by a destructive piece of malware.

At the University of Otago in New Zealand, where around 40 percent of the computers are Apple Macintosh systems, IT security manager Mark Borrie has been educating his OS X users in security best-practices. He said many of those users believed they were immune to security problems -- a trap many Mac fans seemed to have fallen into.

Borrie told ZDNet Australia  that although the Mac is generally a safer operating system environment than Windows -- because it is attacked less often-- it still contains vulnerabilities that at some point will be exploited by malware authors.

"On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like," said Borrie.

"If I can get our Mac users up to speed and say 'you are not immune' -- so when [the malware] hits, hopefully we will be pretty safe," he said.

The University of Otago's Apple desktops are all loaded with antivirus protection just in case of an outbreak.

"We want to be ready for the first big Macintosh virus -- because it will come. Some day, somebody will say 'I am going to create a headline and write a virus for Mac'," said Borrie.

Borrie admits to being a Macintosh fan and claims to have used one 'since the day they were launched', but he said the problem with loyal communities like Macintosh users is that when it comes to security, the conversation is usually 'religious' rather than constructive.

Secure by design or secure by accident?
"I don't care what operating system I use. The issues are the same but unfortunately people do not agree. It becomes a religious argument and I really try and avoid that," said Borrie.

Paul Ducklin, head of technology in Asia Pacific for antivirus firm Sophos, agrees that security discussions about Mac OS -- and Linux -- are not constructive because too many users believe they are "secure by design".

"I know a lot of people that are 'linux heads' and they believe they are secure by design rather than accepting that they are actually secure by accident," said Ducklin, who pointed out that last year a very dangerous piece of malware was discovered for Mac OS X.

Dubbed Renepo (alias Opener), Ducklin said the malware: "turns off system accounting, turns off the OS 10 firewall, turns off auto updates, turns file-sharing on, opens an SSH back door, downloads and installs an open source video conferencing program and opens it in 'do not advise the user mode'."

Ducklin also agreed that generally the Mac is a safer platform than Windows, but he said OS X users should see its existence as a reminder that the Mac platform is not immune.

"It is pretty calm for the Mac but [Renepo] should be a sanitary reminder that these things are not impossible," said Ducklin.

Mac users have got used to being in a 'comfort zone', according to Michael Warrilow, an independent analyst (formerly of META Group).

"Mac users (mainly home and small office) could be in a 'comfort zone' regarding spyware in particular. In my opinion, this is a similar level of comfort as to most Windows home users - but with the benefit of 'security by obscurity'," said Warrilow.

Adam Biviano, senior systems engineer at Trend Micro Australia and New Zealand, said that the Mac will become more of a target for both spyware and viruses as its popularity increases.

"If you are trying to propagate your spyware you are still going to look at the most popular platform to attack. However, spyware allows the author to gain profit and if they can see profit by hacking into a platform other than Windows, I don't see why they wouldn't do it," said Biviano.

Biviano also expects to see a Mac virus in the foreseeable future: "I definitely see a day where the Macintosh platform could be compromised by a virus -- you still have to apply patches to the Mac," he said.

Has Microsoft leapfrogged Apple?
The University of Otago's Borrie also believes that over the past three years, after so many high-profile embarrassments, Microsoft has finally delivered more secure products and created an impressive patching infrastructure, which he believes has left Apple "a few years behind" the Redmond giant.

"I put Apple a few years behind Microsoft in understanding how to manage security for the users. I put Microsoft a number of years behind the Unix community because the first systems that got hurt -- ten or fifteen years ago -- were Unix systems. Microsoft had to fix the security because it had such a bad reputation and to its credit, the company has really turned it around, " said Borrie.

Borrie justifies his comments by pointing out that Microsoft has had a lot of practice dealing with malware attacks, which has made the company very responsive: "The early warning system and the methods Microsoft has put in place to distribute updates is really important. I don't think Apple's responsiveness is up there -- it is certainly not as good as Microsofts'."

Apple disagrees it has been left behind by Microsoft. A spokesperson for Apple told ZDNet Australia  that the company takes security very seriously and any suggestion to the contrary is "not correct".

"Who is suggesting we are not keeping up? We are constantly vigilant about security. The fact that our customers did not suffer when the most recent worm brought down the likes of CNN.com would suggest that we're doing a good job of maintaining a vigilant approach to security. Go to Sophos and look at the top 10 viruses for the past month. They are all W32 related," the spokesperson said.

However, Sophos's Ducklin said his company's Web site also contains some 'alarming' reading for Apple's customers: "There is not a clear and present danger like there is with Windows but the same risks apply. Anyone who doubts it should go to our Web site and read the technical section on Renepo," he said.

Advertisement

Print feature brought to you by Adobe

Talkback 90 comments

    Mac is more secure by design AND religion Noah Burton Greenstone -- 09/09/05 (in reply to #120120868)

    The problem of course rests with the moneygrabbing people and policies at Microsoft; and their history of anticompetitive business practices. Mac has always been the 'healthy alternative' to PC, not only because the OS is open-sourced and transparent, but because it has always worked well. as long as the microsoft behemoth continues to dupe users into a false sense of security (And quality) by releasing substandard products at exhorbitant prices; squeezing out their competitors with unfair prtactices, as well as spying on their users with the latest regime of 'Verification', Apple / Mac, UNIX and Linux etc will always be the OS of choice for those who enjoy true freedom as well as product integrity and quality.

    Histroy repeat's it self !!!!!! Anonymous -- 09/09/05 (in reply to #120120869)

    If you look back at Mac history , you will see that at one time there were more virus written for the mac as appose to the PC or windows at that time , it amazes me that some people have short memories of there beloved system past and that to state that MAC have always been safe , is bullshit , first of , wake and smell the roses , and secondly there is no such thing as a secure system whether it be PPC or PC , you what a secure system unplug the dam nit and stick it in a hole in ya backyard.

    Stupidity John -- 09/09/05 (in reply to #120120871)

    It is the same great unwashed who only remember that Mac is only recently UNIX byproduct, it was proprietary software for a very long time before this.

    you're full of it Anonymous -- 10/09/05 (in reply to #120120871)

    In Classic's hayday there were less than 300 viruses. I switched to the Mac around the OS 9 times, and there were no active viruss from 8.5 onward into OS X. At that time, I had over 300 viruses crawling in my 95 box. Your point is moot and you don't know enough to comment. Go back to excel, slave!

    you're full of it Anonymous -- 10/09/05 (in reply to #120120905)

    300 Viruses?

    You should not be allowed touch a computer.

    I rarely use antivirus software and when I do I never have any viruses. I use W2K and WinXP with no problems

    Get the facts right! Anonymous -- 11/09/05 (in reply to #120120871)

    Depending on what authority you want to go with (and how you want to count variants as independent viruses or as just one of a type) there have been between 42 and 108 viruses which specifically targeted Macintosh System 3.0 through Mac OS 8.5. There have been NO viruses (as in zero, none, one over aleph null, etc.) which have specifically targeted Mac OS 9.x or any variant of Mac OS X.

    In the same time frame (Macintosh System 3.0 through Mac OS 8.5) there were several thousands to tens of thousands of viruses specifically targeting DOS through Windows 95 (again depending upon how you want to count variants).

    Stating there was any point in time where there were more viruses specifically targeting the Macintosh platform than targeting the DOS/Windows platform is simply NOT true. Going as far back as 1989 I had to deal with more viruses on DOS/Windows than on Macintosh.

    More points to make about security. Anonymous -- 11/09/05 (in reply to #120120952)

    Not only are there ZERO viruses currently for OS X, the antivirus product that is sold by Symantec for OS X currently only scans Microsoft Office documents for macro viruses. It does nothing else. Microsoft Office macro viruses don't work on OS X, but the antivirus product will clean them so they won't do damage if they ever find they way to a Windows computer.

    The author wonders when viruses will be written for the Mac. It's probably not worth writing a traditional virus for Unix or Mac. The reason is that most users in unix and MacOS run with reduced privilege. The Mac applications and operating system are protected from the user and his viruses. On Windows, running with reduced privilege results in a frustrating user experience, so most users do their everyday work as an administrator, making their computer much more vulnerable. Microsoft is attempting to address this in their next version of Windows.

    Any computer that opens a port on an untrusted network is vulnerable to attack from the network. Any user account is at risk from malware. If you can trick some into running malware, then anything that user has privilege to manage is at risk. Apple and Unix make it easier to limit privilege without frustrating the user. It's true that Mac (and linux) users should be aware of security best practices. No one is immune and no operating system is perfect. The author makes the point that Apple is relatively bad at quickly addressing important security issues. I've seen Apple stay in denial about a security flaw for weeks before patching.

    Windows has other oddities that don't help matters. For example, there are about 10 different places where you can tell Windows to launch an application when the user logs in. Eight of these are hidden in places like the registry where the average user can't see or manage them. Malware use this places to stay active across logins. (There is a program called "Autoruns" that will enumerate all the startup items on your system. It's looks like there are more than 10.)

    I manage a domain of Windows PC's. They do take more care and feeding than Unix/Linux/Mac's. But we've been running for about 3 years with only one virus infection and one case of malware. Not bad. During that time, we also lost a Debian linux box that was fully patched. So what do I know? :)

    ##Your all idiots!!## geekman -- 20/09/05 (in reply to #120120952)

    ok heres the thing i use windows and linux alot, i hate macs and especially those ipods i got one from my parents and they just dont work after full charging, it lasts at most 15minutes and im not the only one. So anyway im not saying windows is better than mac, they are worse, i bag out microsoft all the time! But you mac users are sooooo cocky about security its unbelieveable! My cousin has a mac and is a mac lover, he doesnt think for a second that he will be attacked. This article, to isnt saying mac is crap or windows is good, but that you have to be ready for the inevitable you WILL get many viruses in the near future and you must wise up. I can accept mac and its OSX as a good product but geez u guy **** off you have to stop being so full of it, even all of you IT guys, infact especially you, you should know better. I guess all of you have been blinded by love. JUST STOP IT MAKES ME SOOOO ANGRY >:(

    So, why post it twice? kill the geek -- 04/10/05 (in reply to #120121243)

    Because all of your experience has your head so far up your **** that you can't see your keyboard? Probably. Get off your high horse. You clearly don't have a clue.

    jack**** not interested -- 04/10/05 (in reply to #120120871)

    when was this imaginary time?

    You have been brainwashed by Microsoft Noah Burton Greenstone -- 06/10/05 (in reply to #120120871)

    It's a sad thing when people who are supposed to be 'creative' are the ones being led by the machine...

    Mac is NOT open source Max Riethmuller -- 05/10/05 (in reply to #120120869)

    Ah excuse me, but Mac OS has never been open source. Unix (which it has only been based on since OS X) is NOT open source. You are getting confused with Linux.

    Sorry, you're WRONG! Anonymous -- 07/10/05 (in reply to #120121703)

    The core of OS X is the best of three different versions of BSD Unix: OpenBSD, NetBSD and FreeBSD. All of which are open source and IIRC, all of which are older than linux. Heck, linux isn't even an operating system, it's just a kernal and on top of that, linux is not the foundation or beginning of FOSS. FOSS has existed long before Linus Torvalds ever dreamed of the linux kernal.

    MAC OS X is not open source Max Riethmuller -- 20/10/05 (in reply to #120121763)

    MAC OS X is not open source no matter which way you read it, which is what I was objecting to. UNIX is based on open source code, but UNIX is not a free os. Linux is. Even if it is kernal as you say, it is still free to use and install. Unix is not. (Last time I checked, you don't need a UNIX licence to install Linux.) So the poster who said MAC OS X is free because it is based on UNIX was completely off track.

    Apple is not even close to being open source mcepat -- 04/11/05 (in reply to #120122243)

    ok yes based on UNIX but thats where it ends, they have taken UNIX and wrapped it in there little package and closed all the doors, but Apple has always been this way with IPOD, ITUNES and all there operating systems, when a developer creates a addon like for example konfabulator, Apple just steals it and calls it there own, actaully other then Microsoft, Apple is probably the biggest closed propieritary company I of today

    OS X IS based on Open Source Jason -- 07/03/06 (in reply to #120122790)

    Actually Mac OS X is built on an Open Source core. It's called Darwin and is based on Free BSD: http://developer.apple.com/opensource/index.html

    "With its open-source core based on FreeBSD 5.0 and the Mach 3.0 microkernel, Mac OS X is the best Macintosh operating system ever for UNIX users...."

    Asking anti-virus vendors about security Anon-e-Mouse -- 09/09/05

    is like asking the diet industry about junk food vendors.

    Yes, there are Linux viruses, but ten thousand times less than for Windows.

    That's not the important question.

    Here's the important question.

    Have you seen these viruses spread?

    No.

    Why? Well, because Outlook, IE and Office are _not_ available for Windows and Linux is locked down by default.

    Explanation? Anonymous -- 09/09/05

    If one states that the Mac OSX is not more secure than Windows by design, I would expect an explanation why it isn't so, but I have found none. On the other hand, there are lots of explanations as to why it is more secure by design. I shan't repeat them here, though.
    And please not that I say 'more secure' not 'totally secure'...

    An interesting hypothesis... Anonymous -- 09/09/05

    As to why Macs are likely to remain a generally safer platform in the long term...

    http://daringfireball.net/2004/06/broken_windows

    Makes sense to me.

    Foolishly leaving out critical facts Brent Billman -- 10/09/05

    Rediculous story. It wouldn't have hurt to mention OS X has a more advanced permission system, "root" user is disabled by default on all systems, Admin password is required for all system file additions or modifications, and various other security features that Windows Vista is adding and XP could only dream of.

    UNIX More Secure by EVOLUTION james hammett -- 10/09/05

    The UNIX boxes were victims of worms, hackers and virus's long before Windows even had a built in TCP stack.

    As a result UNIX developers have been making it more secure for decades.

    The biggest vulnerability that Mac's have is people using a weak password or not have good password security. Just because you have an airbag, doesn't mean you stop wearing your seatbelt.

    Try doing an nmap scan of a newly installed windows box, vs an NMAP on a newly installed MacOS X Box. Compare the number of ports that are open.

    A virus infected program does have a few more hurdles to overcome, but it could spread on OS X.

    Didn't the Author Research before he wrote so many Errors? James Jones -- 10/09/05

    Technically the Mac cannot get a Virus, it's not designed in anyway similar to Windows. In 10 years, Authors will be saying the same thing. "Just wait, Macs will get a Virus sooner or later" Well, it is later, and the Mac cannot get them... Here are the reasons:

    Here is my reasoning why Mac OS X is superior in security:

    1) 30+ years of UNIX, Live 24/7 network development. No other consumer OS is this battle tested on the Internet.

    2) Known insecure networking ports are turned off by default.

    3) Automatic Software Update is turned on by default.

    4) All administrative actions require a password. In other words, for Virus to move from machine to machine, a Virus writer must go into every house/office then figure out the user's password, then hit return. (now you know why there are Zero viruses on Macs)

    5) Root administrator account is turned off by default.

    6) Apple's quick response with security patches.

    7) The open source nature of the operating system allows flexibility. If Apple doesn't provide the patch quickly enough I can download the source code and install it myself.

    8) Like Windows, Mac OS X provides an easy to use user interface which exposes many of its UNIX underpinnings making it easier to administrate for beginners.

    9) Mac OS X by default supports secure encryption and communication protocols for authentication: Kerberos, SSH, VPN, MS-CHAP2, DIGEST-MD5, CRAM-MD5, DHX, OTP, SMB-NT, APOP.

    Many of these features are cited by the National Security Agency as pluses in favor of Mac OS X. You can read it about in their publication:
    http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf

    Finally, many of Mac OS X's security problems are only theoretical and can never materialize, nor propagate in the wild. Apple contracts agencies to find security holes in its operating system before the hackers do. They work with the CERT (http://www.cert.org/) and the FreeBSD community (http://www.freebsd.org/security/) to address security issues. They also belong to FIRST (http://www.first.org/). In short Apple takes security seriously and if you work with Macs as I do you'd know it.

    Windows Security vastly improved since Windows 98 Max Riethmuller -- 05/10/05 (in reply to #120120885)

    If you worked with windows the way I do you'd understand that the biggest threat to security is user's clicking on things or opening things they shouldn't. Of all the windows machines I manage, we only ever get viruses when people visit porn sites or other crap sites, or open attachement they shouldn't.

    If you worked with windows (thousands of machines over several years) the way I do, you'd realise that MS have addressed many of the issues you raise.

    MS is continually improving their security, yet MAC users persist in believing that nothing has changed since Windows 98.

    Windows Security vastly improved since Windows 98 Max Riethmuller -- 05/10/05 (in reply to #120120885)

    If you worked with windows the way I do you'd understand that the biggest threat to security is user's clicking on things or opening things they shouldn't. Of all the windows machines I manage, we only ever get viruses when people visit porn sites or other crap sites, or open attachement they shouldn't.

    If you worked with windows (thousands of machines over several years) the way I do, you'd realise that MS have addressed many of the issues you raise.

    MS is continually improving their security, yet MAC users persist in believing that nothing has changed since Windows 98.

    Mac OS X Security Anonymous -- 10/09/05

    According to my business partner, who is in his 45th year as a database architect, 23 years with IBM and a PHD in business systems here are the security facts as they relate to the UNIX kernel therefore the BSD underpinnings of MacOSX.

    None of the following applies to Mac OS X applications or to the Mac OS X GUI. With that said those areas are very easy to manage from a security point of view. Now, back to the UNIX kernel.

    Forty years a ago, IBM and the original internet, DARPA, got together to develop a level of security within the then UNIX kernel. The concept of 'services' was born and implemented for this flavor of UNIX which was then passed on to the 'community'. No memory addresses existed then and they don't exist today. Specifically in the BSD version of UNIX (reputedly the most secure and stable of the 110 flavors of UNIX) as used by Apple for MacOSX. In fact, each service, when installed on a specific machine is installed randomly. Services are installed in different locations on each machine.

    According to the good doctor malware writers must have an 'address' to install their applications against. UNIX has none. Windows is totally 'memory addressed' based. So was the original Mac Classic OS. And each installation of the OS is the same as the machine sitting next to it.

    Remember, this was developed for DARPA, which had to be extremely secure. Let us also remember that UNIX was designed to be shared from day one. MS-DOS/Windows was never designed to be shared from the get go.

    All of the above according to someone who was there and contributed to the development of IBM's version of UNIX in the 1960s.

    Are you on drugs?!? Anonymous -- 10/09/05 (in reply to #120120886)

    "<i>In fact, each service, when installed on a specific machine is installed randomly. Services are installed in different locations on each machine.</i>"
    <br><br>
    This is so ridiculous and wrong that I don't even know where to begin to refute it.
    <br><br>
    If you're talking about where the service is installed <i>in memory</i> when they run, well duh - of course they're "in different locations", it's a UNIX, programs don't run in fixed locations in memory.
    <br><br>
    As for your IBM friend working on UNIX 40 years ago - UNIX was invented and developed at AT&T Bell Laboratories, not at IBM; and it was developed starting in 1969, which is 36 years ago not 40, last time I checked.
    <br><br>
    Signed,
    <br><br>
    Someone who has worked with BSD UNIX since 1984 and actually knows its history (unlike your IBM friend)

    author is happy.. Anonymous -- 10/09/05

    getting a lot of hits for this bullshit. eg. linux is "..secure by accident", like somebody tripped over themselves and suddenly it's secure -- bloody hell.

    This article is absurd Anonymous -- 10/09/05

    I don't want to give this article any more attention than a simple reply: there is no substance to its claims whatsoever and its ignorance is staggering. Security doesn't happen by "accident" and it's not luck that has resulted in zero viruses for OS X as opposed to thousands and thousands for Windows.

    Also, btw, OS X's security model is based on and derived from UNIX's, dummies.

    This article is just plain stupid.

    The REAL reason Mac is virus-free Anonymous -- 10/09/05 (in reply to #120120888)

    The author reveals his youth and ignorance by what he fails to mention.

    There HAVE been viruses for the Mac -- back in the System 6/7 days. The reason viruses were so rare then is that the good folks at University of Illinois (as well as others) created and maintained anti-viral tools and released them FREE to the Mac community. Viruses were eradicated within hours, not days as they are on the Windows platform.

    Probably a paid ad from microsoft Anonymous -- 11/09/05 (in reply to #120120888)

    This is from the web-site regarding this supposed vulnerability,
    "Note that any attacker trying to plant this worm in your network would need to get root access on one of your boxes first, meaning that you would already be "owned"."

    Get real Anonymous -- 10/09/05

    This is a ridiculous story and a non-story at that. Mac OS X is secure by design but that does not mean it is impregnable. The so-called malware was written as a demosntration piece and has not affected anyone. Microsoft ahead of Apple in security? That has to be one of the most ridiculous statements Ihave ever heard in 15 years of IT.

    Opener? More like door knocker Anonymous -- 10/09/05

    If I remember correctly "renepo", like all other software on the Mac requires the user to enter their password before installing.

    I have never read of a single case of infection by renepo and while I have antivirus software for Mac it is because i came from the Windows world. I only use it once a quarter as a check.

    There are NO Mac OS X viruses. Check the databases yourself.

    I would fire Borrie Anonymous -- 10/09/05

    "The University of Otago's Borrie also believes that over the past three years, after so many high-profile embarrassments, Microsoft has finally delivered more secure products and created an impressive patching infrastructure, which he believes has left Apple "a few years behind" the Redmond giant."

    If I were the University I would fire Borrie for his ignorance.

    I am on TruSecure's IT Security Alerts mailing list. 2 days ago there were no less than *6* new alert updates for Windows worms/viruses. The notion that Microsoft has overtaken anyone in the security area is patently absurd. (Let's see ... how much adware/spyware is allowed to get onto my Mac ... none)

    Sophos' shill drags up the year-old Opener/Renepo issue. For one thing, that was a Trojan Horse, *not* a Virus. For another, as many people on MacInTouch pointed out, it had to be installed by an Admin user, which would've provoked an alert if it was delivered somehow in some fashion that required an installer to be run. The instances where people got that on their systems were classic - i.e. they got hacked and rooted, it wasn't something that was spread, like Windows viruses. You will never get a Virus for your Mac by opening up a document in Mail.app!

    Anyone knows that you have to keep up on security updates and use best practices (use the Firewall if you're savvy enough, use Little Snitch, close unnecessary ports, blah blah). Whether it be OS X or Linux or BSD, there will always be buffer overflows or other exploits discovered (I get several TruSecure alerts daily; many of them are for UNIX/Linux systems). Be vigilant and you will be in good shape. But Apple behind Windows in security? Thanks, I needed a good laugh this morning ...

    geez.. Harry -- 10/09/05

    How did this administrator agree to even go on record with these comments? He is displaying his absolute ignorance on IT matters. Anti-virus on his Macs? hahah..OK? Security best practices? Yes, and all computer users should be educated about this, but Macs are much more secure because OS X has been designed from the core out, or bottom up with security in mind. Microsoft ahead? HAHAHA...that's like claiming the Polish have the best military in the world since they have been attacked, occupied and conquered so many times. Ignorance. Were I a user or a manager on this guy's network, I'd be pretty darned concerned with his abilities right about now. Possibility of Mac malware? Sure. But no evidence. Opener? Uh..yeah in a lab and you had to have elevated privledges to INSTALL it. There was no way it was installed by itself via email or network attack.

    "...but the same risks apply..." Anonymous -- 10/09/05

    Give me a break. On the Sophos Web site, in the "Advanced" section of this worm description, they write:

    "Note that any attacker trying to plant this worm in your network would need to get root access on one of your boxes first, meaning that you would already be "owned". Nevertheless, SH/Renepo-A collects into a single script a wide range of anti-security attacks. Once the worm has run on your computer, it will compromise system security in many ways, including..."

    That's a big "Nevertheless!" So it has to go like this:

    1. A person first has to have access to your computer.

    2. Then they have to get access to an admin account.

    3. Then they have to get access to the root account, assuming the current administrator hasn't already changed the password for the root account.

    That's a whole lot of assumptions for my taste! I also find it "interesting" that this information is in the "Advanced" section and not in the "Summary" or "Description!"

    Not quite but close enough Anonymous -- 10/09/05 (in reply to #120120896)

    Having an admin account on OS X is the same as having root. An admin account can use sudo on the command line to get a root shell. I recommend not running your daily work on an admin account. OS X makes it pretty easy to use an alternative login name when you need admin privileges.

    Other than that, you are dead on. A trojan like renepo is not much of a threat since a user has to type their password to an admin account for it to be installed.

    Not really Graham Fluet -- 28/11/06 (in reply to #120120899)

    actually there are THREE levels of accounts in mac the root, the admin, which can modify minor system things like the main applications folder and some parts of the library and can modify the system with the root password, and the standard, which can only modify thier home folder, although they can place programs that don't need an password installer in thier home folder, and run them.

    What else should we worry about? Anonymous -- 10/09/05

    One day your IT department will get hit by an asteroid. Sure, maybe not today, maybe not tomorrow, but if you wait around long enough (a million years?) an asteroid is sure to strike your house. Good grief. A competent backup system is enough to protect you from harm without giving money to Mac Anti-Virus software vendors. The fact is that I am a flippant Mac user. I go where I like, I install all sorts of garbage on my Mac and enjoy myself! No harm has befallen me. I trust Apple and they will get my money.

    Microsoft Propaganda Piece Anonymous -- 10/09/05

    Anyone who actually has a clue, isn't a paid liar and Microsoft shill knows this article is pure bull ****

    You can create all the fear in the world and it won't save your **** when a virus is successful on the Mac because the reason it is able to work is Apple hasn't foreclosed that vulnerability yet and the virus companies only close past holes so anybody who is looking out the front windshield at viruses coming has a chance to do something and that is Apple only. So far their record is perfect. 100% success while Windows is simply a virus magnet that makes it an absolute certainty of being infected constantly.
    What would you prefer the chances of being killed by a meteorite on Sunday at 10:56AM or the chances of an infection while swimming and living under sewage all day every day. Of course if you have **** for brains you will choose the sewage because it's all you know. However if your brighter and are living fear free there is some chance that some Sunday some Mac user some where may have to go to his backup and flush some sewage from his Mac. Fortunately these morons who keep crying wolf are the only thing to fear. Fortunately the idiots are ignored and Apple keeps vigilant and has a 100% success rate so far. I'd put my faith in that track record over the absolute certainty of infection and death that is the daily and rightful fear of every moron living in the sewer pit that is Microsoft products.

    secure by obscurity? uh... no... Anonymous -- 10/09/05

    here's what a REAL security expert has to say on the matter:

    http://www.theregister.co.uk/2003/12/16/windowsstyle_security_hell_stalks_mac/

    95% of people reading this article... Anonymous -- 10/09/05

    evidently use Windows.

    What does it mean that not one of them share Borrie's audacity and back up anything he says in the article?

    The boy should be fired.

    Mac OSX FUD RON NORRIS -- 10/09/05

    There are "NO" OSX 10, Tiger viruses. Against over 65,000 for Windows. Stop spreading these lies about the Mac.

    The effort is worth it Anonymous -- 10/09/05

    Actually - All "user environments" are going to these
    "make it easy for the user" whizzy things that make it just as easy for the maleware installers.

    Just like you have to lock your door, and look carefully
    at the produce at the store, you have to keep your machine from automatically doing things for you, and
    look carefully before allowing something access to your
    machine. I do this by turning off all java, javascript,
    cookie, and plug-ins. I use a text-based email client.

    THen - if I believe I can trust a site, I'll use a second browser that has "only what's needed" enabled to utilize the features of the web site.

    This meant that I was not vulnerable at all to the Malicious Applescript vulnerability, because it relied on
    java in the browser to run the malicious applescript.

    Since java was turned off - I had effective locked the door, and the window next to it. Another vulnerability might be the equiv. of smashing the glass and breaking in the window, but for the one that relied on the door being unlocked - I foiled it.

    Alice Springs Woefully Unprepared for Tsunamis Anonymous -- 10/09/05

    The apparent lack of tsunamis doesn't mean that a tsunami, anxious to gain media exposure, won't appear and cause all the greater devastation for the utter lack of preparedness.

    Obviously, Mac OS X is more vulnerable to malware than Alice Springs is to tsunamis, but frankly it's hard to imagine a Mac virus even striking unprepared users as badly as numerous recent WORM and virus outbreaks have struck the allegedly prepared Windows community.

    OS X Anonymous -- 10/09/05

    ...Borrie's comments are nonsensical if OS X is behind Windows, and Windows is behind Unix, seeing as OS X is a Unix-based OS. He totally lacks credibility.

    I'm quite aware of security and that's why I use a Mac Anonymous -- 10/09/05

    I'm quite aware of security and that's why I use a Mac and OSX Tiger. It's more secure than any Windows PC could ever wish for.

    You and Dick Clarke (and me) Bart Simpson -- 10/09/05 (in reply to #120120910)

    This guy should know:
    http://en.wikipedia.org/wiki/Richard_A._Clarke

    OS X security Bart Simpson -- 10/09/05

    I can say this: I've been using OS X since its public beta in 2000 (or was it 2001?) - I've never had a virus, spyware - nada. I can also say this: I've been using W2K for the same time period - I've had to re-install countless times due to such malware, and have gotten into the habit of always going to Software Update upon login. That's not always enough though, as I've been nailed before even pulling up the site... Of course, WIndows patching forces you to install, restart, install, restart, install as it doesn't deal well with dependent patches, making it more likely that you'll get something along the way. OS X doesn't have this limitation - it can be updated from 10.3 to 10.3.9 with one visit to Software Update. With OS X, I fearlessly open attachments, surf the darkest corners of the web... without hesitation.

    Having said all that, I'm not stupid - a virus could hit me. People give Apple's OS X a lot of credit for its UNIX heritage, which they should. The BSD families of UNIX are the safest OS' out there. However, it's Apple that has introduced some seriously scary bugs of their own. Actually, it's just the one that I can remember, but it was a doozie - an easily exploited hole in Safari left users wide open to serious attack. Luckily, that never materialized.

    For this joker to claim that Windows is ahead of Apple in terms of security is pure silliness as Apples response to vulnerabilities has been every bit as fast as MS'... Obvious attempt to get hits...

    Facts Anonymous -- 10/09/05

    Where does the author get such information? Where is the latest Mac virus?? Since OS X has been out for the last few years where has the latest virus popped up? Security is always going to be an issue on any OS, but proportionally, even if Mac and Windows had the same numbers, Windows is ultimately and obviously less secure. Get the facts straight. The numbers don't lie.

    I just wrote Mac Scott Lahteine -- 10/09/05

    It asks for an admin password with a message about "routine maintenance" and then... ha ha ... erases the entire hard drive! I couldn't possibly get it onto your Mac - much less get it to execute - without direct physical access to your machine, but let's just ignore that fact and cling to the fear, shall we?

    As a consummate computer geek, I realize the potential for security flaws in any system. Linux has security flaws, Unixen have security flaws, and even the beloved Mac has security flaws. The question is how easily these flaws can be exploited, and what kinds of openings are there for such exploits? On Windows you have applications that can be exploited very very easily. Visit a web page with Internet Explorer, and software might be installed and executed on your system without your ever being aware of it. Open an email message or a Word file attachment, and you might find yourself host to a virus or worm. Microsoft has made it far too easy for malicious crackers to cause mayhem. For a Mac to be exploited it almost certainly would have to have a public IP address and have extra services running that aren't enabled by default.

    In general, the Mac *is* more secure than your average Unix system, because for most of us it isn't acting as a server open to the world. And the Mac is not only more secure than Windows, it is *fundamentally* more secure than Windows.

    Has Microsoft surpassed Apple in their approach to security? Not by a long shot. They would need a total redesign of their system from the bottom-up to get to the starting line in this race. Microsoft has improved their response time for exploits, but most Windows machines aren't being patched by common users.

    The day that some piece of software gets installed and executed on this here Mac without my being aware of it.. that's the day I'll put away my Apple rosary. Meanwhile, I'm quite happy being faithful to my chosen religion.

    I just wrote Mac "malware" Scott Lahteine -- 10/09/05 (in reply to #120120914)

    My original title got truncated. Weird.

    The Apple Rosary Anonymous -- 11/09/05 (in reply to #120120914)

    Amen Brother!

    Yeah, right. Anonymous -- 10/09/05

    What kind of crap story is this. Why wake up to something that doesn't even exist at this point?

    Wake up to the potential!!! What a laugh... Mr. X -- 10/09/05

    "wake up to the potential of attack"

    Well, there's always the potential that a meteor will strike the earth, so what do we do about that? Yet another ridiculous case of OS X FUD by the makers of anti-virus software!

    you've had 5 years to write a virus Anonymous -- 10/09/05

    for mac os X - where is it?

    not even one virus available in all that time?? against how many windows virii?

    not even one bit of malware etc as well??

    with millions of os X users, not a single infection reported??

    how can you say its not secure??

    what an absolutely bullshit article. this is journalism at its worst. as well as antivirus companies trying to make us paranoid to sell more product.

    the only protection you need for your mac is a firewall and little snitch.

    don't bother with an antivirus.

    Malware Statistics Martin Hill -- 10/09/05

    It is true that Mac users should not believe themselves immune to a *potential* malware attack sometime in the future, but even if/when that finally happens, they still have every right to feel immensely safer than Windows users.<br>
    <br>
    As Kelly Martin, the content editor for Symantec's publication SecurityFocus said in April 2005: "There are no viruses on OS X -- not a single one... Just as Windows users have become accustomed to 140,000 viruses, Apple users have become accustomed to none."
    http://www.theregister.co.uk/2005/04/21/apples_big_virus/<br>
    <br>
    Here are the raw statistics for your information:<br>
    <br>
    Microsoft Windows:<br>
    Viruses and Worms = 17,500 (symantec.com)<br>
    Spyware and Adware programs = 78,000 (www.pestpatrol.com)<br>
    Burrowers = 40 (www.pestpatrol.com)<br>
    80% of PCs infected with spyware (webroot.com)<br>
    Last year (2004) alone:<br>
    - 500 new Trojans (www.pestpatrol.com)<br>
    - 500 new keyloggers (www.pestpatrol.com)<br>
    - 1,287 new adware apps (www.pestpatrol.com)<br>
    - 7,360 new viruses and worms (symantec.com)<br>
    <br>
    Mac OS X:<br>
    Viruses and Worms = 0 <br>
    Spyware programs = 0<br>
    Adware = 0<br>
    Keyloggers = 0<br>
    Burrowers = 0<br>
    Trojans = 3 (symantec.com)<br>
    Last year (2004):<br>
    - 1 Rootkit (symantec.com)<br>
    <br>
    When you look at the actual data, it becomes pretty obvious that with zero worms, viruses, spyware or adware recorded targeting it, Mac OS X remains the safest, pest-free OS by an enormous margin. <br>
    <br>
    Note that Trojans can't spread by themselves - they are bits of code that pretend to be something innocuous and need to be downloaded and opened by an authorised user. In the case of the three targeting Mac OS X, two are harmless while the third deletes a user's home directory if run by that user.<br>
    <br>
    Note also the Rootkit discovered on a couple of OS X machines is a set of scripts that requires root access to be turned on (turned off by default on all Macs). The hacker then also needs to know the root password and the malware has no mechanism of spreading and infecting other computers by itself.<br>
    <br>
    Note that 37 vulnerabilities in Mac OS X noted last year (which were promptly patched by Apple) does not constitute "increased attacks on OS X" as some commentators have stated as no attacks using any of these vulnerabilities have been recorded. Security firm Mi2g states: "Mac OS X and BSD Unix are the "world's safest and most secure 24/7 online computing environments."<br>
    http://www.mi2g.com/cgi/mi2g/frameset.php?pageid=http%3A//www.mi2g.com/cgi/mi2g/press/190204_2.php<br>
    <br>
    The theory of "Security through Obscurity" (that there are not enough Macs to be a target for hackers) though certainly a factor, is not the whole story. This theory fails to explain the fact that the number 1 web server, Apache, with almost 70% marketshare has far fewer attacks (including viruses and worms) than Microsoft's IIS which has captured only 21% of the market (Netcraft.com). This theory also does not explain why the Windows Firewall product BlackIce with a marketshare a tenth the size of the Mac had a particularly destructive worm written for it while Mac OS X still has none.<br>
    <br>
    The old classic Mac OS suffered a number of viruses (mostly MS Word macros), but Mac OS X is still untouched.<br>
    <br>
    John Gruber has a useful article on why Windows suffers so much malware:<br>
    http://daringfireball.net/2004/06/broken_windows<br>
    <br>
    However, no software can be perfect and it would be foolish to say there won't eventually appear some malware targeting the 15 million+ OS X users out there - however, today is still not that day. Mac OS X has been sitting untouched for 4 years now pretty much without blemish which speaks to a very impressive security story even if/when some effective malware appears. <br>
    <br>
    -Mart

    Mac community must wake up to security Anonymous -- 10/09/05

    I am very surprised by your article. You must be a new reporter on technology. First I suggest you obtain a Macintosh and use it. This will help your future stories on apple products. Your article lacks what must writer should have creditibility. The fact that you do not have one reference to a real security breach speaks volume for your piece (oh, I mean article). Three weeks ago all systems at my company rebooted themselve from the zobot virus which was a security exploit of microsoft Operating system. Please how serious is microsoft about security, I bet you didnot ask those companies who lost countly millions of dollars in productivity to windows security breaches. Hey I was productive my workstation didnot reboot. Speaking about security did you compare apples firewall with Windows Which is better? which is more user friendly to configure. if I recall this is another piece I mean software to make you feel good that microsoft is serious about security. Lets see, I believe this didnot help to stop the zobot spread. But you must know that because you did your research. Did you say write articles for microsoft? are they your employer. By the way writing is not my strong suit just like your article on technology must not be yours.

    signing off.

    Stupid news strikes again Anonymous -- 10/09/05

    Web news companies post this type of news to generate web-hits and to generate web activity for banners floating above

    Can you say - National Enquirer??? type news for nerds?? Come on ZDnet! bring it up a notch!

    The Only Mac Viruses Anonymous -- 10/09/05

    It should be said:

    The Only Mac Viruses are Articles about Mac Viruses.

    Other than that, there is no concern for any users of OSX about Viruses.

    Wintel risk to National Security Anonymous -- 10/09/05

    This article totally misses the big picture. The author admits that Apple has managed a PC Operating system which is immune to viruses and then tries to turn on a system proporting some imagined risk, while very REAL Wintel computers are compromised every day. First off, let's give Apple kudos for 0 viruses in over 5 years. The adoption of Unix was a beautiful thing for the Mac community, bringing superior stability as well as security. But let's extend the scope and consider the current National Security implications and the real risk which Wintel computing currently poses to our nation's IT infrastructure. Is the convenience of Big Brother Microsoft too great a risk to National Security? Why doesn't Congress call Microsoft to the carpet for this after last months serious Virus outbreak and the actual impact it had on our nation's industry? The Apple folks aren't doing magic. All computers have the potential to be virus resistant by design like OSX, Linux, and the other flavors of Unix. Regardless of your stand on Apple vs. Wintel vs. Linux vs. Unix, in a time of war, we have pull together to do what's best for the nation, not simply what's best for the profit margins of one giant corporation. This issue has to get fixed and soon, before it's exploited to it's fullest and brings about devastating harm to our nation's economic fabric.

    Not quite so Anonymous -- 10/09/05

    It is certainly true that everyone on the Mac must take into account security issues. And I don't know where the author takes his information as to that Mac users wouldn't. The simple fact is, there has been no real security threat to Mac OS X vs 1000s to Windows. Downright absurd is the statement the M$ would be ahead of Apple in security questions. Apple constantly and rapidly fixes security wholes, in my experience much faster than M$. Also, the OS is far more secure, albeit not immune, of course. But the likes of Outlook and Explorer do invite malware. No such thing can be said on the Mac OS X side of things. Security issues on the Mac are a splinter as compared to a M$ forest. And Apple takes better care of their splinter than M$ of their forest. And yet, the splinter my sting at some time, that's for sure. But to say that, the article was way overblown.

    And all this time I thought O SX was a Unix system Anonymous -- 10/09/05

    "I put apple a few years behind Microsoft in understanding how to manage security for the users. I put Microsoft a number of years behind the Unix community because the first systems that got hurt -- ten or fifteen years ago -- were Unix systems. Microsoft had to fix the security because it had such a bad reputation and to its credit, the company has really turned it around, " said Borrie.

    I believe Apple is the most widely-sold UNIX-based operating system in the world.

    I'm glad he's not my IT guy.

    MS is Safest - Not Counting 2 Weeks Ago ... jbelkin -- 10/09/05

    Is that guy working on a grant from Redmond, where was MS when thousands of computers went down 2 weeks ago? In a parellel universe, no doubt MS is the safest OS on the planet but not in our universe.

    Now back in reality.... Martin Pilkington -- 10/09/05

    First off, i will point you all to this:

    http://www.unsanity.org/archives/000396.php

    Very nice post about the whole Opener thing. Anyway... Windows Vista is coming out next year and shall have a load of new security features that will help stop malware from being able to get such a strangle hold on a system. The thing is that many of these already exist on Mac OSX. For example, in order to have a virus completely wipe the whole OSX system you either need root enabled, which isn't on OSX, or you'd need to use sudo to change the permissions to something the user can delete, but that requires entering in your admin password.

    Saying that Macs would suffer just as much as windows if they had the same market share is kinda stupid, due to the fact that OSX doesn't have as many flaws as Windows. I mean, the majority of attacks on windows come from one place, Internet Explorer. Internet Explorer was rushed into the core of windows, along with ActiveX without any consideration for security. This meant that MS had given malware writers the tools they needed to access the core of windows. Coupled with the fact that an Admin account in Windows let's you do practically everything with very few warnings this has led to the huge increase in malware on windows.

    Now one point to consider, Linux has a few pieces of malware, not a huge amount but they exist. Linux also reportedly has an equal market share to OSX, about 3-4%. So why does Linux have more malware than OSX? You could blame it on Linux being used on webservers and such but really it is because some distro's of linux have features that allow malware to be there. The ones that don't have these features don't get affected. The same happens with OSX, there are very few known features that could allow for malware to spread, and if Apple is slow off the mark to fix them, then the Mac community isn't (in the case of the help:// exploit a patch was released by a 3rd party a day or so later while Apple took about a week and a half to fix it).

    The fact is, that while Macs aren't immune to malware, they are much better protected than Windows PC's. The mac community is unique in it's closeness and that is one of the biggest advantages the mac has against malware. If a piece of malware appears then there will be articles on what it does, how to get rid of it and how to stop it getting on your system, applications to patch the hole and death warrants issued for the writer, all within 24-48 hours of it appearing.

    And my last point, malware writers like to cause havock, but they also are very proud. With Mac users sneering in their faces about how secure OSX is you'd think that someone would have written something to get back at them. I mean, imagine the sort of pride it would give them knowing that they were the one to infiltrate OSX, the OS that most people thought was safe. Their malware would be all over the news. Yet we haven't seen anything yet

    Anyone else,... Bruce Jenner -- 10/09/05

    want more cool-aid? I have a extra tall glass for ya!

    Give me my Mac's and leave me alone,... Windows ahead of Mac, damn falling out your chair laughing hurts,....

    Permissions & Access Privileges Anonymous -- 10/09/05

    Like many similar articles, this article fails to mention user permissions or access privileges. Unfortunately, most Apple users are set up with admin privileges, thereby giving almost free reign (minus root access) over the entire hard drive. Therefore, applescript/shell script can run at the same privilege as the unsuspecting user, thereby creating havoc. If the user access privileges were changed, i.e. admin privileges removed, then many malware scripts would fail to succeed such as the one in the article that writes to the /System folder. A regular user, one without admin privileg, would not be able to change permission on any file/directory than the one he or she has created.

    Even though changing user access privileges does not protect against all malware/viruses/worms, it is a good place to start. This paradigm shift will go a long way in all OS systems, Windows included.

    Not quite... Paul Wilkinson -- 12/09/05 (in reply to #120120930)

    Although most Mac users will be created as Administrators, these users cannot access "System" files & directories without being prompted to re-enter their password. This is an huge difference to the situation on Windows.
    Of course, users need to be educated to ask "why am I being asked to enter my password", but hopefully with most users a password request seems a little more important that simply clicking "OK" on a "do you want to trust xyz" dialog.

    MAC users used to allowing system access Max Riethmuller -- 05/10/05 (in reply to #120120980)

    ah, actually I see it the other way around. On one the MAC is asking you if you want to allow something which the user doesn't know the source of. For all they know it's a legitimate system request (example you need to allow access to instal a printer driver for god's sake - so MAC users are used to allowing system access)

    On the other hand if a remote source request you "trust" them, people are more likely question it.

    Mac vs. MS security Anonymous -- 10/09/05

    Please observe that for malware that's run (e.g. by luring to user to do so) on Mac OS the user must still actively authenticate before a privileged action (such as changing any security setting) will execute, whereas on Windows the malware aquires the privileges and access rights of the user logged on (very often barely limited), which allows for privileged actions to be executed without the user ever noticing!

    I rather suspect that this aspect of MS Windows is not an unpleasant heritage, but designed as such, so as to enable certain "privileged" parties to make use of this feature.

    Nothing new here, just pass it by Anonymous -- 10/09/05

    Right up there with "insert new product name" will replace ipod stories. When did creating an alarming title that has no bearing on reality become a prerequisite for writing a technology article. ZD net continues to sink to new lows just to get traffice to sell its adds.

    Ridiculous Anonymous -- 10/09/05

    Anybody stupid enough to run a bash script and type their admin password shouldn't be on the Internet. Mac users obviously do understand a thing or two about security, as the Renepo 'virus' was reported in 2004 and has still not been seen in the wild. It's about as dangerous as the classic *NIX newbie prank 'rm -rf /'

    Recycling old FUD... Lefly -- 10/09/05

    Same Fear-Uncertainty-Doubt reporting by the same bad writer as the "Opener" spook story one year ago. Guess he ran out of ideas (or was paid off by Sophos) so he recycled the only article that anyone paid attention to-- dire predictions of Mac's impending security problems.

    Bottom line: Opener/Renepo is not a virus. It's a root kit shell script. It can not spread by itself. It requires local user interaction and an administrator's password to install. It's like calling "Apple Remote Desktop" malware because it allows people to (OH MY GOD!) control the desktop remotely!

    Sophos is obviously desperate for Mac money. If there are no viruses/malware for OS X, they can't sell their Anti-Virus software. They have to justify their development by fanning the flames of fear every year.

    LIES and the LYING LIARS WHO TELL THEM David Thomas -- 11/09/05

    It is incredible, that such bull-sh-t is still repeated. The Mac OS is only safe beause fewer people use it?! PURE B_LL_S__T!

    Early on, the MacOS was always safer for the very reason techno-nerds hated it. It's propiertary operating system. You had to buy the manuals and you were given access to a "tool-kit" ... the authors of this story and that professor probably need a few tutorials on what that was about, but ... --ck em! They can do it themselves if they can.

    By contrast, EARLY ON in the histor of windows (including DOS), Microsoft has intentionally buiilt holes and back-doors into their OSs. More for the reason to cause third-party apps to crash, rather than get information from your computer, but you would have to be a COMPLETE IDIOT to think information wasn't mined.

    Look at the two philosophies of the companies and the results of their efforts. Not marketing bull-**** If you still think Windows is a choice, then come to this country and vote another Bush into office.

    By the way, no offense to the UNIX and LINUX crowds. GET REAL. THE REASON FOR A COMPUTER IS TO ALLOW YOUR MIND TO FREE ITSELF UP, BE CREATIVE, AND NOT KNOW A DAMN THING ABOUT YOUR COMPUTER OR OS. Those kernels are great, that is why MacOS X is based on one. But beyond that, they are not targeted for consumers.

    Wake up? I did I bought a Mac in 1989 Neil Barham -- 11/09/05

    Once I saw a Mac dos was gone for me. Since windows is actually just window coverings for dos I have never seen any reason to go windows and since the internet and networking why would I ever want to use windows? Sure we have to start be aware of security issues and maybe we will get hit someday, but why do so many use windows which gets hit weekly?

    Windows no longer "runs on dos" Max Riethmuller -- 05/10/05 (in reply to #120120950)

    DOS no longer exists as an OS. It is only a commandline shell. Windows is no longer based on DOS. Perhaps you should get your facts right then come back with your comments?

    If you don't really know what you are talking about, please don't contribute....

    5 years NO virus - STOP FUD! Anonymous -- 11/09/05

    Almost 5 years with Mac OS X at our University. Thousands of Macs. Not a single virus. Not a single spyware. Not a single malware.

    Stop nonsense and FUD! The only viruses of Mac OS X are nonsense articles like this. Get real!

    BTW, more than 70,000 viruses on Windows to date and a lot of spyware and other malware. Wake up!

    Does the writer own Microsoft stock? Anonymous -- 11/09/05

    I believe that all comments about Microsoft's supposed security (guess what folks, it ain't) and Apple's supposedly being years behind MS when Vista comes out (the first Vista Virus has apparently already been released) should be accompanied by a statement as to what related stock the writer owns. Paul Allen has a huge stake in ZDNet which makes it impossible for this e-rag to be objective. And if you read John Carroll off the US version, it is just as bad.

    I own Apple stock.

    Bad journalism Carl B -- 11/09/05

    Yet another article from people who either make a living in security or sell virus software. Basically an advertisement for the anti virus clique.
    The sophos link was the clincher. A link to a trojan (not a virus), that required root access. Not even a trojan when you think of it. Apple patched this in early 2004 anyway, even though someone would need root access to your machine.
    I guess when you can't tell people everyday that they should be afraid of West Nile disease, or mad cow disease, or that terrorists will kill them, you need to scare them about their computers. A nonsensical article using sources with ulterior motives. Corrupted journalism.

    Notes on the state of things Anonymous -- 11/09/05

    There are several factors at work that determine the<br />
    security of any given system. These can be broadly collected<br />
    into the following categories:<br />
    <br />
    - Administrator competency<br />
    - Code quality<br />
    - Hardware<br />
    - High level design/execution flow<br />
    <br />
    The last category is a little ambiguous, but there you go.<br />
    <br />
    Linux is perceived as being less secure than OS X, and if<br />
    you follow the raw statistics, you could ``prove'' it to be<br />
    the case. Linux tends to be compromised more because Linux<br />
    users tend to follow the Mac mindset in that they believe<br />
    that they are unconditionally secure. Hence the vast number<br />
    of Linux servers and desktop machines that are running<br />
    outdated software (``we are secure, no matter what'') and<br />
    are running with the distribution's default security policy.<br />
    <br />
    Please wake up. No system is secure and the simple fact that<br />
    a machine appears to have never been compromised is more<br />
    likely to indicate that nobody noticed.<br />
    <br />
    Security policy tends to become more and more lax the more<br />
    ``commercial'' the OS gets. For example, a distribution such<br />
    as Slackware does not pretend to be user friendly. It is a<br />
    very simple distribution and by definition, more secure than<br />
    a system such as Suse. There are simply fewer attack<br />
    vectors. Unfortunately, the more customers a system has, the<br />
    more likely it is that it will be shipped with a convenient,<br />
    rather than secure security policy. Windows is the prime<br />
    example of an overly complex system that is arranged to be<br />
    convenient to the user rather than secure. Even the most<br />
    recent of service packs have done very little to address<br />
    this, apart from perhaps updating the general marketing<br />
    fury and popping up a password dialogue box now and again.<br />
    Ask your nearest MCSE why the Windows packet filter cannot<br />
    filter outbound connections.<br />
    <br />
    Proprietary software vendors generally do not care about<br />
    security. Case in point, the utterly idiotic<br />
    'AuthenticationService' installed by Macromedia products[1].<br />
    <br />
    Another common misconception is that you can somehow ``add<br />
    security features''. The only way to make a system more<br />
    secure is to remove as much of it as possible. This cuts<br />
    down on the number of possibilities of attack and allows the<br />
    administrator a simpler mental model of his/her system. Of<br />
    course, the more complex and commercial a system is, the<br />
    less chance there is of being able to remove components<br />
    without breaking the system due to the braindead way that<br />
    mostly vendors aggressively integrate components (without<br />
    documentation, I might add).<br />
    <br />
    A false perception of security is extremely dangerous. OS X<br />
    was NOT secure by default at 10.3 but things may have<br />
    changed in 10.4 (I have not used it, let alone audited it).<br />
    OS X did have the ``advantage'' of being PPC based. This, in<br />
    effect, supplies a certain degree of protection that even if<br />
    a piece of software shares common vulnerabilities with its<br />
    x86 counterparts, far fewer attackers have the necessary<br />
    skill to write working exploit code[2]. This is not to say<br />
    that Apple haven't taken appropriate steps. They have done<br />
    reasonably well for a system who's design criteria includes<br />
    being usable by grandparents. My prime concern for OS X is<br />
    the horrendously insecure default configuration of sudo.<br />
    <br />
    Apple have also faired quite well with their binary update<br />
    system, although I would appreciate it if it was a little<br />
    less like a black box and came with more precise information<br />
    on what it is about to do.<br />
    <br />
    The secret of security is simplicity[3].<br />
    <br />
    [1] Installed SUID-roo

    The same comment without the idiotic ZDNet mangling. Anonymous -- 11/09/05 (in reply to #120120970)

    There are several factors at work that determine the
    security of any given system. These can be broadly collected
    into the following categories:

    - Administrator competency
    - Code quality
    - Hardware
    - High level design/execution flow

    The last category is a little ambiguous, but there you go.

    Linux is perceived as being less secure than OS X, and if
    you follow the raw statistics, you could ``prove'' it to be
    the case. Linux tends to be compromised more because Linux
    users tend to follow the Mac mindset in that they believe
    that they are unconditionally secure. Hence the vast number
    of Linux servers and desktop machines that are running
    outdated software (``we are secure, no matter what'') and
    are running with the distribution's default security policy.

    Please wake up. No system is secure and the simple fact that
    a machine appears to have never been compromised is more
    likely to indicate that nobody noticed.

    Security policy tends to become more and more lax the more
    ``commercial'' the OS gets. For example, a distribution such
    as Slackware does not pretend to be user friendly. It is a
    very simple distribution and by definition, more secure than
    a system such as Suse. There are simply fewer attack
    vectors. Unfortunately, the more customers a system has, the
    more likely it is that it will be shipped with a convenient,
    rather than secure security policy. Windows is the prime
    example of an overly complex system that is arranged to be
    convenient to the user rather than secure. Even the most
    recent of service packs have done very little to address
    this, apart from perhaps updating the general marketing
    fury and popping up a password dialogue box now and again.
    Ask your nearest MCSE why the Windows packet filter cannot
    filter outbound connections.

    Proprietary software vendors generally do not care about
    security. Case in point, the utterly idiotic
    'AuthenticationService' installed by Macromedia products[1].

    Another common misconception is that you can somehow ``add
    security features''. The only way to make a system more
    secure is to remove as much of it as possible. This cuts
    down on the number of possibilities of attack and allows the
    administrator a simpler mental model of his/her system. Of
    course, the more complex and commercial a system is, the
    less chance there is of being able to remove components
    without breaking the system due to the braindead way that
    mostly vendors aggressively integrate components (without
    documentation, I might add).

    A false perception of security is extremely dangerous. OS X
    was NOT secure by default at 10.3 but things may have
    changed in 10.4 (I have not used it, let alone audited it).
    OS X did have the ``advantage'' of being PPC based. This, in
    effect, supplies a certain degree of protection that even if
    a piece of software shares common vulnerabilities with its
    x86 counterparts, far fewer attackers have the necessary
    skill to write working exploit code[2]. This is not to say
    that Apple haven't taken appropriate steps. They have done
    reasonably well for a system who's design criteria includes
    being usable by grandparents. My prime concern for OS X is
    the horrendously insecure default configuration of sudo.

    Apple have also faired quite well with their binary update
    system, although I would appreciate it if it was a little
    less like a black box and came with more precise information
    on what it is about to do.

    The secret of security is simplicity[3].

    [1] Installed SUID-root and world writable by default. There
    goes your entire system, silently and in one foul swoop
    at the hands of ANY process running under ANY uid. A
    quick remote FTP of a kernel module of your choice and
    you need never know that anything happened.

    [2] The arrangement of memory on the stack and the sometimes
    awkward (from an exploitation standpoint) numeric values
    of opcodes on the PPC platform make it more difficul

    Mac security and New Zealand ignorance Anonymous -- 12/09/05

    Like most New Zealanders who are fear based, this fellow should go back to the sheep farm. As a mac user since 1984, I have experienced 0, spelled zero, viruses. Spread the fear and make a buck off the poor souls who don't know any better. This guy should go into politics-maybe the Labour party. Get real.

    FUD all over ADAXL -- 13/09/05

    Of course, Mac OS X is not Virus-proof. We all know that. However, we also know the difference between a good, secure OS and the virus trap that is Windows. The author obviously doesn't. Has he ever seen a Mac up close?

    ...He's got a point but... Bob Roberts -- 13/09/05

    Ya know...
    I'm not saying that article doesn't have a point and the author had me interested and convinced until the end. This is where he lost me, he quotes; "Borrie also believes that over the past three years, after so many high-profile embarrassments, Microsoft has finally delivered more secure products and created an impressive patching infrastructure, which he believes has left Apple "a few years behind" the Redmond giant." but the "Redmond Giant" hasn't released an new operating system in 3 years so how could have leapfrogged over Apple in any area let alone security? Is he referring to XP's SP2 (which itself crashed number of computers as I remember)? To me that was what the OS should have been like when it was released.

    The same guy is then quoted further on in the article as saying: "I put apple a few years behind Microsoft in understanding how to manage security for the users. I put Microsoft a number of years behind the Unix community because the first systems that got hurt -- ten or fifteen years ago -- were Unix systems. Microsoft had to fix the security because it had such a bad reputation and to its credit, the company has really turned it around, " said Borrie. Apple's OS is base on the Mach Kernel that is a unix kernel, additionally Apple has almost always been more responsive to it's user community and releases securities updates to it OS once or twice a month, in almost the same manner the Microsoft does.

    The author has no idea what he's talking about... Anonymous -- 13/09/05

    ...or is trying to insidiously hock a product.

    He says Apple is behind, MS is ahead, and Unix is leaps and bounds ahead...yet Apple is using a UNIX core for it's OS nowadays...releasing yearly updates and regular security updates. ...and the "virus example" provided is a joke...it relies on a user manually executing a script and actively granting the privileges for it to run. You can bring ANY system to it's knees by executing something bad. This is just stupidity from a Microsoft or A/V shill.

    Anon comments Anonymous -- 16/09/05

    If you can't put yuor name to your comments, you don't deserve to be heard.

    User ignorance is the weakest link on any OS Max Riethmuller -- 05/10/05

    So when a Windows user opens an attachment and agrees to allow the attached exe to run, that is a windows weakness.

    But when a MAC user opens an email and agrees to allow a file to run as root, that is the user's fault and not the OS?

    Can't open attachment as root Anonymous -- 26/10/05 (in reply to #120121705)

    Sorry but 99.9% of Macs don't have Root access enabled - and to get root access you have to intentionally grant yourself access to it (and just the sight of Terminal will scare enough of the tinkerer's off!). Apple doesn't recommend it, and almost nobody does because you should never need to, it's not necessary to install software.

    Essentially Macs come with three levels of security: Root with disabled access, Admin - the user account for installing software (which can't be used for shell updates/changes) and finally a standard user. Apple recommends that the Admin account is not used for day-to-day operations...

    So it doesn't matter how you open an attachment, it won't ever be using Root access! So your assumption is wrong.

    Mac Insecurity Anonymous -- 20/08/08

    The inability to grasp that your Mac is vulnerable is just ignorant.

    The fact of the matter is that hacking has turned from a popularity contest to a money making process. The good hackers are hired by companies as security experts or programmers.

    The market share that windows holds over mac is so significant, that there is not a profit in writing malicious code for macs. Once that changes, so will peoples opinions about mac security. Yes, macs are secure by design, but so is Windows.

    The attitude that "I won't ever get a virus" will change for mac users within 3 years. Watch, wait, mark my words. It will happen. Mac users are about to have their world turned upside down.

Add your opinion

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Suzanne Tindal Love me, tender
    Considering how expensive and drawn-out tender processes can be to solve problems that might be very immediate, it's little wonder that the Victorian Police IT department tried to work the tender exemptions system.
  • Array 2009 funding drought rolls on
    For Australian start-ups looking for venture capital, 2009 was a very bad year. 2010 may be no better.
  • Array Can not-so-smart meters help the NBN?
    It was interesting to witness Conroy's recent enthusiasm to spruik the NBN's role in supporting the Smart Grid, Smart City initiative. What a pity that Conroy hadn't yet seen the damning report from the Victorian auditor-general about that state's smart-meter roll-out.
  • More blogs »

Tags

  1. 57 articles are tagged with accenture
  2. 237 articles are tagged with acquisition
  3. 41 articles are tagged with afact
  4. 140 articles are tagged with ato
  5. 1303 articles are tagged with broadband
  6. 60 articles are tagged with cepu
  7. 667 articles are tagged with cio
  8. 252 articles are tagged with conroy
  9. 132 articles are tagged with contract
  10. 46 articles are tagged with david thodey
  11. 9 articles are tagged with feed
  12. 129 articles are tagged with fujitsu
  13. 1031 articles are tagged with government
  14. 790 articles are tagged with hp
  15. 1304 articles are tagged with ibm
  16. 222 articles are tagged with iinet
  17. 350 articles are tagged with iphone
  18. 289 articles are tagged with isp
  19. 117 articles are tagged with legislation
  20. 13 articles are tagged with longhaus
  21. 35 articles are tagged with michael malone
  22. 1476 articles are tagged with microsoft
  23. 34 articles are tagged with mike quigley
  24. 50 articles are tagged with minchin
  25. 1126 articles are tagged with mobile
  26. 212 articles are tagged with national broadband network
  27. 389 articles are tagged with nbn
  28. 198 articles are tagged with new zealand
  29. 27 articles are tagged with nick minchin
  30. 929 articles are tagged with open source
  31. 882 articles are tagged with optus
  32. 20 articles are tagged with pipe networks
  33. 2650 articles are tagged with security
  34. 53 articles are tagged with senate
  35. 68 articles are tagged with separation
  36. 9 articles are tagged with sp telemedia
  37. 178 articles are tagged with stephen conroy
  38. 57 articles are tagged with strike
  39. 174 articles are tagged with sydney
  40. 60 articles are tagged with telecom nz
  41. 2434 articles are tagged with telstra
  42. 138 articles are tagged with tender
  43. 23 articles are tagged with thodey
  44. 31 articles are tagged with tpg
  45. 49 articles are tagged with twitter
  46. 110 articles are tagged with union
  47. 174 articles are tagged with victoria
  48. 201 articles are tagged with video
  49. 2 articles are tagged with win7au
  50. 88 articles are tagged with windows 7

Back to top

Featured