Mac OS X: 2 articles about apple security
2 articles about apple security
by grimgraphix - 8/11/08 9:18 AMUsually I find that most articles on mainstream sites like yahoo are inflated and unrealistic alarms about how the apple is in imminent danger of being as vulnerable as a windows PC. I'm posting links to these 2 articles because they seem to be a more realistic assessment of where the apple may be sitting, security wise.
iPhones-Macintosh computers become apples of hackers' eyes
and
Are Macs vulnerable to viruses?
I am not so sure about the accuracy of some of the issues raised by the second article.
I had a question about this statement from the latter article... Most Trojan Horses work their way into your Mac through executable applications. Are there executable applications for macs that I am not aware of?
The article also suggests that opening unknown attachments in your email can cause a problem too. How could this be any danger if, again, there is no worry about executable programs ?
Executables
by mrmacfixit
- 8/11/08 10:26 AM
In reply to: 2 articles about apple security by grimgraphix
I'm going to say that the term "executable" is being used here to describe any application that runs on a computer, no matter what OS is being used.
.app indicates a Mac application while .exe indicates a Windows application.
Either way, they are both executables.
P
I had a conversation with someone that
by R. Proffitt - 8/11/08 11:04 AM
In reply to: 2 articles about apple security by grimgraphix
Needed a system that could not be infected. If we strip away the user's ability to install software then we end up with items like the XBox, PS3 and the like.
Since Microsoft, Apple can not vet all software unless we lock it down to what a game console does, do you feel that we need to move to such lockdowns?
Bob
Me ? Not at all.
by grimgraphix - 8/11/08 8:51 PM In reply to: I had a conversation with someone that by R. Proffitt
Computers can not do anything other than what they are told to do. No. I don't want to lock out the owner anymore than I want to go to a world where all applications are sitting on a server somewhere, and I have to join the network in order to use the software.
However, if someone raises the issue of just how it is possible that someone, somewhere, can remotely influence my equipment without my knowledge ? Well, of course I'm gonna explore the possibilities.
Then why would you install a trojan?
by R. Proffitt - 8/12/08 5:25 AM
In reply to: Me ? Not at all. by grimgraphix
So far, the owner has to install the trojan for the Mac. Why would you do that?
"Well, of course I'm gonna explore the possibilities."
I see this clearly as we lock out the user from installing what they want from any author if people truly want a trojan free world. That doesn't sound as if everyone would like that.
Bob
... "So far, the owner has to install the trojan"...
by grimgraphix - 8/12/08 9:30 AM In reply to: Then why would you install a trojan? by R. Proffitt
That is all you had to say.
Thanks
I'm in complete agreement.
by dj_erik - 8/15/08 8:58 PM In reply to: I had a conversation with someone that by R. Proffitt
No one wants to lock down their computer to a point where you're invulnerable. My suggestion is that if you really want to stay safe, follow the tips suggested in the article. Most power users will agree to them as common sense.
1. Don't open unknown emails.
2. Don't install software that you don't know where it came from.
3. Use secure passwords.
4. Get a firewall.
and I would add one more
5. Don't go to unknown websites.
If you really want to break the rules, I would suggest using a virtual machine to tinker around. This way when you're done with it delete the VM and start again fresh. This is actually what most people do when they are working in computer forensics, and know they will probably get into trouble. Only problem is with Apple you need to run OSX server, but this have changed as I haven't read my EULA lately:
http://db.tidbits.com/article/9277
Mac vulnerability
by GFW - 8/15/08 7:01 PM In reply to: 2 articles about apple security by grimgraphixIn an article by a Baltimore tech school computer instructor, he tells about hosting an FBI agent to talk about computer security. The agent came with a PC laptop, but indicated that all their desktop machines were Mac. The laptops were used for presentations and field reports because they were cheaper, but agents were not allowed to connect them to any network. Only Macs were allowed to be connected to the local network or the Internet, due to their lower vulnerability.
I came across the same statement originating from the British Secret Service - apparently they use Macs exclusively because they are easier to protect and less vulnerable to viruses and to hacking.
I'm no expert, but I have used Macs for about 15 years now. The closes thing I ever had to a virus was a MicroSoft software bug known as the Macro Virus.
macs can be hacked
by repete_smile - 8/15/08 7:45 PM In reply to: 2 articles about apple security by grimgraphixthe mac biggest vulnerabilty is the user that thinks his mac is invulnerable to virusses. It is easier to trick a mac user to install software than it is to trick a PC user, that is why ppl have invented self installing software for windows but not mac. Why waste the time making software self install when tricking the user is so much easier.
Not so
by BeatleMegaFan - 8/15/08 8:48 PM In reply to: macs can be hacked by repete_smileWhat makes you think Mac users can be tricked easier? Because they don't have viruses on the Mac platform yet? Many Mac users are former Windows users. Some of us still use Windows everyday. A lot of people know better than to install suspicious files. Some people will not be that bright, but even then, those things don't happen too much from what I hear.
Macs could be hacked in theory, but so far, no one has really done it yet. True viruses for OS X will most likely pop up some time in the future, but so far, this has not happened. You probably can't list any true viruses for Macs. There are none. I saw a report somewhere that the total count for OS X malware has reached 3. 3! And those have to be manually installed to work.
Honestly, the only way you could "infect" a Mac would be to actually try to (unless you are that clueless). It is not something that just happens.
-BMF
There will be blood
by 3rdalbum - 8/16/08 2:18 AM In reply to: Not so by BeatleMegaFan<<What makes you think Mac users can be tricked easier?>>
I remember when there was the first "first" Macintosh (OS X) trojan. Somebody posted it to a website, telling people that it was a Mac OS X virus. There were thousands of people who downloaded it and ran it, just to see what would happen.
I'd also remind you that, while many Mac users are former Windows users, many Windows users are not computer-intelligent enough to view anything coming down their internet connection as being suspicious. Lack of viruses is not the biggest reason for Windows users to switch to Macs.
The fact that there are very few trojans for the Macintosh (more than 3) does not belie the fact that Apple is still very lax about security design; in fact, I still get the impression that the Unix-y security system in OS X is treated by Apple engineers as something to work around, rather than something to work within.
...
by BeatleMegaFan - 8/16/08 8:06 PM In reply to: There will be blood by 3rdalbumI don't think Apple users would be as gullible as you guys may suggest. Anyone can be tricked, but just because people used OS X does not mean that they believe they can't get malware or viruses. Many people do know that installing unknown files will do something. If people downloaded a program (not a virus, as it would be able to self-infect) to see what would happen, then they were not tricked; they were curious, and blinded by the fact that OS X "does not have viruses". Also, the report I saw must not have included trojans, but rather, other forms of malware. It specifically listed 3.
While many computer users in general do not understand or think about viruses, for any platform, I would think that anyone switching to OS X would take into account that there is a lack of malware. Most people know that viruses hack into computers; that's why so many people have Norton AV or McAfee software. I hear many people say, "Macs don't get viruses," simply because they heard it on one of those Mac ads. This is true for now. Now is the keyword here.
You say that Apple is lax on security design. I guess you could say so, given the fact that Apple keeps quiet on most system vulnerabilities found within OS X, only to reveal the information after a patch is released. I doubt this behavior will change anytime soon, but this may not always be a problem. OS X Snow Leopard, due to be revealed/released by next Macworld (supposedly), will (supposedly) improve many core systems, adding some others to improve overall stability. Apple plans (supposedly) to upgrade the underlying infrastructure of OS X, which in turn, should provide even better security. All of this is hypothetical though. There are only a few details out and about. But, surely Apple must realize that they are gaining enough users to become a target for hackers? If they needed any incentive or push to add in better security measures to OS X, they will have one soon, if not now. Enacting preventive measures against possible online threats, in Snow Leopard, would be a good boost. Still, if Apple techs maintain their "lax" position, anything like this would be a long ways off.
-BMF
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
