by santuccie - 8/3/09 12:38 AM
In Reply to: feature by puma
First off, do you know what a Trojan horse is? I do remember you saying a long time ago that you were some kind of technician (don't remember verbatim, much less the whole post, but it was something like, "Being a Windows tech, I hate to compliment OS X, but...;" of course nothing more than a preemptive attempt at a disclaimer for someone who would go on to make a career of bashing Windows and pushing OS X). If you were a Windows tech, regardless of which specialty(ies) you took to complement Core Components, you would know the difference between a Trojan horse and an exploit. Hint: same purpose, different attack method.
That said, and since this is an XP forum, I will first mention the fact that XP users (and 2K users) have plenty of ways to avoid infection, none of which require disconnecting from the Web or not using the computer at all (Cute, kid. How old are you again?). Some of these include sandboxing (virtual and policy), browser protection, and Invincible Windows. Three of the most widely used antivirus products (Norton, McAfee, and AVG) include browser protection to block drive-by downloads.
Then we get into newer OSes. After three years, we have yet to see any ItW exploits for Vista. And with a new technology in Windows 7 called "Safe Unlinking," it's going to be even tougher. As is already, Charlie Miller says you can find and exploit 5-10 bugs in OS X in the amount of time it takes to find one in Vista, even with UAC disabled. And Nils made his demonstration on Win 7 beta in March, two months before Safe Unlinking debuted. How much harder will it be next year?
While there is no consensus on how long it will be before we see ItW drive-by downloads for OS X, it is speculated that criminals will focus their full attention on the Mac if they start running out of reachable (vulnerable) XP machines. Along with more and continuously evolving anti-drive-by-download solutions, a lot of reviewers are heralding Windows 7 an "XP killer." It's been almost three years since I had an infection on any of my productive machines (I do have VPCs with which to test different products, including antimalware scanners). Of course most Mac (and Linux) users have been using their Windows alternatives much longer, also with no infections. But you can't assess the effectiveness of your Kevlar vest until someone actually fires at you. I have family who use credit cards on their Macs and, frankly, I am a little concerned.
If we were to consider the fact that someone has already assembled an "iBotnet" comprising a few thousand Macs, and recall that it took 2-3 years following the release of XP and IE6 for the first drive-by downloads to turn up, I wouldn't give it much longer. The hackers need time to get familiar with your platform, but they already have the advantage of knowing what an exploit is, what types of vectors to look for, and how easy it is to pull it off on a Mac (which has an added disadvantage of very few users running security products, none of which presently offer dedicated browser protection).
What's left? Oh yeah, Trojan horses, which exist for all platforms. Unless someone is trying to hide malware inside a data file, such as a Word document or PowerPoint slideshow, it doesn't take a buffer overflow or privilege escalation to infect a computer with an executable run locally. It could be a red flag if you have to sudo for a child program, but I've read in a couple of blogs that there are more privilege escalation vulnerabilities for Apple than there are for Windows anyway. I'll admit that I have no evidence to validate this hearsay, but I must say it seems reasonable, given the fact that security researchers say unanimously that OS X is the most vulnerable of all platforms on the market today. Snow Leopard will raise the bar a little with ASLR, but you'll still have to wait for NX, Safe Unlinking, and a few others before you can claim to be anything more than a sitting duck, putting your fate in the hands of the hunter and hoping he'll pass you over for a larger animal.