Posted on 04/03/2005 9:05:37 PM PDT by Swordmaker
Enterprises using Apple's Macintosh shouldn't smirk too much over their perceived immunity to the kind of security problems that plague Windows users, a research analyst said.
"It only takes one exploited weakness to cause trouble," said Gartner analyst Martin Reynolds.
Reynolds' cautionary comment comes just a week after Symantec released its semi-annual Internet Security Threat Report, in which it noted that vulnerabilities in the Macintosh operating system were increasing.
And while Symantec noted 37 vulnerabilities in Mac OS X during 2004, it said that companies and individuals using Apple's hardware and OS should prepare for more to come.
"It's clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various UNIX-based operating systems," Symantec's report said. "Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it."
The new Mac mini, aimed at less security-savvy users and projected by some to double the Mac market share to around five percent, is another reason why users should expect more vulnerabilities to surface, said Symantec. "Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code[and] the number of vulnerabilities can be expected to increase, as will malicious activity that targets them."
But although Gartner's Reynolds warns Mac users to take precautions, he's not convinced Symantec's more dire predictions are on the mark. "Symantec's trying to drum up Mac security business," he said.
"Any major security vulnerabilities in Mac OS X are down the road," he said. "The OS is good at keeping out attacks, and Apple has a good patching system. What I would be concerned about is directed attacks or maybe spyware."
Enterprises using Macs should worry about vulnerabilities being exploited by individual hackers and aimed at them explicitly, perhaps by employees or former employees, Reynolds said. "Another potential problem is spyware. Although it's almost nonexistent on the Mac platform today, problem spyware could emerge. Spyware that exploits vulnerabilities would be nearly impossible to get out of the machine."
The traditional Windows-centric method of hackers to gain control is via a mass-mailed worm, but even with its increasing popularity, that's not a likely avenue of attack on the Mac.
"I don't expect to see a worm attack," Reynolds said. "The Macintosh still has far too low of a profile."
Even if, as Gartner estimates, the Mac has about a 3 percent market share, that means any Mac worm wouldn't spread 97 percent of the time. "A hybrid worm targeting both the Mac OS and Microsoft Windows could be developed, but such an attack would be difficult to orchestrate," he added.
Still, it pays be prudent, Reynolds said. "Don't assume that your Macintosh systems are immune. Make sure you have the proper protection, like firewalls and filtering. and guard against spyware infestations."
As if to emphasis Mac OS X's vulnerabilities -- and the patches that it puts in place to plug those holes -- Apple last week released an update that took care of 10 vulnerabilities, including one in its Safari Web browser. Apple now rolls out security updates on a regular monthly schedule.
Apple's latest update can be downloaded from here; Server OS X users should head here instead.
"...But although Gartner's Reynolds warns Mac users to take precautions, he's not convinced Symantec's more dire predictions are on the mark. "Symantec's trying to drum up Mac security business," he said."Any major security vulnerabilities in Mac OS X are down the road," he said. "The OS is good at keeping out attacks, and Apple has a good patching system. What I would be concerned about is directed attacks or maybe spyware..."
... shows that the headline really doesn't match the content of the article.
PINGOMG the Mac Ping List.
If you want on or off the Mac Ping list, Freepmail me.
"... The traditional Windows-centric method of hackers to gain control is via a mass-mailed worm, but even with its increasing popularity, that's not a likely avenue of attack on the Mac."I don't expect to see a worm attack," Reynolds said. "The Macintosh still has far too low of a profile."
Even if, as Gartner estimates, the Mac has about a 3 percent market share, that means any Mac worm wouldn't spread 97 percent of the time. "A hybrid worm targeting both the Mac OS and Microsoft Windows could be developed, but such an attack would be difficult to orchestrate," he added.
But he doesn't say how a mass e-mailed worm would infect a Macintosh which does not allow executables to be installed without a password, or allow them to run from e-mail. For a mass emailed worm to work, it has to be installed and executed. How likely is that? Somewhere between zero and none.
On top of which, no Mac browser can be hijacked like IE on Windows can to install spyware. Won't happen. ("ActiveX? What's ActiveX?")
"It only takes one exploited weakness to cause trouble," said Gartner analyst Martin Reynolds.
As opposed to the hundreds, if not thousands of exploited weaknesses in Windows?
Show me an actual exploited system, and I'd be concerned.(if I had a MAC that is)
Exactly... and I do have a Mac... as well as Windows boxes.
Four years and were still waiting to see the first OSX Mac virus... the one you say you could easily write...
You know... if Bush2k actually wrote a virus and sent it to me... I swear I'd run the thing.
Any computer user who thinks he's invulnerable is a drooling idiot. However, many can rest assured that their platform is relatively more secure than many others on the market.
There are 14,000,000 OSX users out there...
Most anti-virus companies sell their services for about $30 a year. If even half of the OSX Mac users bought their products that's a $210,000,000 market.
Four years and still waiting for the first malware.
Everyone uses weasel words when discussing this stuff because anyone with a brain knows that no software is perfect.
And, as I said before, an actual working virus would be even more effective.
In the past year there has been a demonstrated attack against a hardware firewall product that had just 50k potential victims on the internet, yet it took less than 24 hours to compromise the entire vulnerable and exposed population.
Surely even Macs are a bigger population than that. If these systems were as easy to compromise as these anti-virus shills claim, we'd see something.
Not true - there are XPI-based exploits for Moz/Firefox. Still relatively rare, and the browser defaults are tighter now than they used to be to help prevent them, but they do exist.
Words, words, words. Talk is cheap and you can't get sued for merely talking about it.
You infer what is not being implied... poor form, Bush. The above statement is true... the article is spreading FUD without any proof... merely their unsupported assertions.
#4: "On top of which, no Mac browser can be hijacked like IE on Windows can to install spyware. Won't happen. ("ActiveX? What's ActiveX?")"
Another true statement as of this time. Please provide an example of a Mac browser that can be hijacked like IE. It also does not imply what you infer... it makes a statement of current fact.
#5: "Show me an actual exploited system, and I'd be concerned.(if I had a MAC that is) "
That's a challenge, Bush. Show him one.
#8: "Four years and were still waiting to see the first OSX Mac virus..."
That is also true... and implies only that it has not yet occurred... and we are STILL waiting.
#11: "Hard to take it serious when it hasn't happened yet..."
It hasn't happened yet... and despite all of your past claims that it is only a matter of time, it still hasn't happened.
... Mac Moonies... maroons...
When you can't argue facts, attack the other side. Argumentum Ad Hominem is a logical fallacy, Bush. Smearing your opponents only reflects badly on you.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.