Skip to comments.
Macs More Vulnerable, Spyware A Danger
Yahoo! News ^
| Tue Mar 29, 2:06 PM ET
Posted on 04/03/2005 9:05:37 PM PDT by Swordmaker
Enterprises using Apple's Macintosh shouldn't smirk too much over their perceived immunity to the kind of security problems that plague Windows users, a research analyst said.
"It only takes one exploited weakness to cause trouble," said Gartner analyst Martin Reynolds.
Reynolds' cautionary comment comes just a week after Symantec released its semi-annual Internet Security Threat Report, in which it noted that vulnerabilities in the Macintosh operating system were increasing.
And while Symantec noted 37 vulnerabilities in Mac OS X during 2004, it said that companies and individuals using Apple's hardware and OS should prepare for more to come.
"It's clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various UNIX-based operating systems," Symantec's report said. "Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it."
The new Mac mini, aimed at less security-savvy users and projected by some to double the Mac market share to around five percent, is another reason why users should expect more vulnerabilities to surface, said Symantec. "Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code[and] the number of vulnerabilities can be expected to increase, as will malicious activity that targets them."
But although Gartner's Reynolds warns Mac users to take precautions, he's not convinced Symantec's more dire predictions are on the mark. "Symantec's trying to drum up Mac security business," he said.
"Any major security vulnerabilities in Mac OS X are down the road," he said. "The OS is good at keeping out attacks, and Apple has a good patching system. What I would be concerned about is directed attacks or maybe spyware."
Enterprises using Macs should worry about vulnerabilities being exploited by individual hackers and aimed at them explicitly, perhaps by employees or former employees, Reynolds said. "Another potential problem is spyware. Although it's almost nonexistent on the Mac platform today, problem spyware could emerge. Spyware that exploits vulnerabilities would be nearly impossible to get out of the machine."
The traditional Windows-centric method of hackers to gain control is via a mass-mailed worm, but even with its increasing popularity, that's not a likely avenue of attack on the Mac.
"I don't expect to see a worm attack," Reynolds said. "The Macintosh still has far too low of a profile."
Even if, as Gartner estimates, the Mac has about a 3 percent market share, that means any Mac worm wouldn't spread 97 percent of the time. "A hybrid worm targeting both the Mac OS and Microsoft Windows could be developed, but such an attack would be difficult to orchestrate," he added.
Still, it pays be prudent, Reynolds said. "Don't assume that your Macintosh systems are immune. Make sure you have the proper protection, like firewalls and filtering. and guard against spyware infestations."
As if to emphasis Mac OS X's vulnerabilities -- and the patches that it puts in place to plug those holes -- Apple last week released an update that took care of 10 vulnerabilities, including one in its Safari Web browser. Apple now rolls out security updates on a regular monthly schedule.
Apple's latest update can be downloaded from here; Server OS X users should head here instead.
TOPICS: Computers/Internet
KEYWORDS: mac; osx; security
Navigation: use the links below to view more comments.
first previous 1-20, 21-36 last
To: jdm; Swordmaker
So would I -- where is the exe?
I'll tell you exactly how I would create a virus for the Mac. I'd look through all of the Mac security advisories for a local exploit involving kernel buffer overflows in BSD or OS X-specific extensions (ie. drivers, etc). There have been numerous ones. Once you know which API/driver causes the overflow, crafting an EXE which calls it with a carefully packaged buffer to trigger a stack overflow isn't terribly difficult (
http://www.securiteam.com/unixfocus/5WP031535U.html). It would be more challenging to exploit a heap buffer overflow but, given the fact that kernel memory allocation is fairly predictable (or, at least, CAN be predicted based upon known characteristics of the heap manager), this, too, wouldn't be all that difficult.
Seriously speaking, you guys are deluded if you think that this can't be done. I could do it within a day. The reasons that I wouldn't consider it is (a) it's malicious (even if it's research), (b) I don't want to get sued, and (c) I don't need to prove my skillz to you bozos (I already know what I can do). The fact that you debate the possibility of creating a virus proves the contention of the article.
21
posted on
04/05/2005 10:00:03 AM PDT
by
Bush2000
To: Swordmaker
Words, words, words. Talk is cheap and you can't get sued for merely talking about it.
No kidding, troll. But DOING IT can get you sued.
22
posted on
04/05/2005 10:01:17 AM PDT
by
Bush2000
To: Swordmaker
You infer what is not being implied... poor form, Bush. The above statement is true... the article is spreading FUD without any proof... merely their unsupported assertions.
Wrong. It is academic to assert that OS X can be exploited: Numerous vulnerabilities have been found. It isn't a leap in logic to go from vulnerability to exploit. You call that assertion "FUD". Which is tantamount to saying it's impossible. Nice try. You lose.
Please provide an example of a Mac browser that can be hijacked like IE. It also does not imply what you infer... it makes a statement of current fact.
Refer to post #15. You have a lot to learn, grasshopper.
That's a challenge, Bush. Show him one.
You've already stated explicitly above that you don't think that's possible. I'm not going to argue with a deluded lunatic.
That is also true... and implies only that it has not yet occurred... and we are STILL waiting...
Right ... and a dozen ragheads couldn't possibly take down a skyscraper by flying a plane into it, either. Oh, wait. Maybe it is possible.
23
posted on
04/05/2005 10:09:29 AM PDT
by
Bush2000
To: Bush2000; antiRepublicrat; HAL9000; jdm
security advisories for a local exploit involving kernel buffer overflow So your virus would require the virus writer to be sitting at the computer to be attacked? That's some vector...
Your link is quite interesting... firstly its from 1/2/2001... and secondly it states quite explicitly that " This is FreeBSD/i386 specific..."
While it does say some of the techniques COULD be used against other platforms you still have to get your package installed on the target computer.
. . . and (c) I don't need to prove my skillz to you bozos (I already know what I can do).
So, YOU are more skilled than all those malware writers who do like to prove their "skillz" but you won't do it because you are (a) too ethical and (b) too fearful of litigation.
Hordes of other crackers are neither ethical or fearful of litigation and probably have far better "skillz" than you... yet in almost five years THEY have not produced a virus for the Mac... despite the underground acclaim that would be heaped on the successful cracker.
"...you guys are deluded...", "... bozos..."
More ad hominem attacks...
To: Bush2000
". . . troll..." More ad hominem... This work in particular has a very negative meaning on FreeRepublic. The only one "trolling" on these Mac relevent threads is Bush2000.
To: Bush2000
Wrong. It is academic to assert that OS X can be exploited: Numerous vulnerabilities have been found. It isn't a leap in logic to go from vulnerability to exploit. You call that assertion "FUD". Which is tantamount to saying it's impossible. Nice try. You lose. Wrong. Vulnerabilities do not equal exploitation. Its a matter of DEMONSTRATION... not logic.
"I can make a million dollars selling lemonade from a little red wagon in front of my house in one afternoon," is an assertion. To prove such an assertion does not require logic, it requires proof that it CAN be done. Logically, can it be done? Certainly... if Warren Buffet happens to be walking buy, dying of thirst, and desperately needs something to drink... but will that happen?
I call spreading Fear, Uncertainty, and Doubt when they have NOT demonstrated what they claim... and have little basis to claim it except the desire to sell a product. They are hyping the threat in hopes that people who experience the FUD they have spread will send them money.
You've already stated explicitly above that you don't think that's possible. I'm not going to argue with a deluded lunatic.
I have? Where? I think it's possible, I just have not seen one yet... and the longer we go without a self-propagating malware, the stronger the evidence of how difficult it is.
". . . grasshopper." ". . . deluded lunatic."
More ad hominem...
To: Bush2000
I'll tell you exactly how I would create a virus for the Mac. I'd look through all of the Mac security advisories for a local exploit involving kernel buffer overflows in BSD or OS X-specific extensions (ie. drivers, etc). There have been numerous ones. That part is obvious. But you haven't told how you plan propagate it into Macs for execution in the first place, or how you plan execute it. You won't get your buffer overflow until the virus start running. And if your virus requires an escalation of access privileges, you'll have to figure out how to bypass the administrator password request, or trick the user into entering it.
Actually, the propagation part could be handled easily with Windows PCs. Put the Mac virus inside an Windows virus - then the infected Windows machines can extract and e-mail the Mac virus to everyone in the Outlook address book. Writing the Windows wrapper virus would be trivial compared to the effort needed to write the actual Mac virus.
The odds that you could write a successful Mac virus are about zero.
27
posted on
04/05/2005 8:04:16 PM PDT
by
HAL9000
(Get a Mac - The Ultimate FReeping Machine)
To: Swordmaker
So your virus would require the virus writer to be sitting at the computer to be attacked? That's some vector...
Local exploits are the primary attack vector against XP SP2 machines: email-based viruses, downloaded malware, etc.
Your link is quite interesting... firstly its from 1/2/2001... and secondly it states quite explicitly that " This is FreeBSD/i386 specific..."
I posted it as a general illustration of buffer overflow attacks, not as a Mac example.
While it does say some of the techniques COULD be used against other platforms you still have to get your package installed on the target computer.
This isn't very difficult. People download malware all the time through email and web sources -- sometimes unknowingly leeched onto legit software. Whenever I point out that Mac users are vulnerable to the same solicitations, you guys say crap like, 'Well...the worst that could happen is that somebody blows away my home directory.' Which is BS. A kernel buffer overflow can be exploited to elevate privileges. So you're just as vulnerable.
So, YOU are more skilled than all those malware writers who do like to prove their "skillz" but you won't do it because you are (a) too ethical and (b) too fearful of litigation.
Yeah, in fact I am more skilled than many of these guys.
Hordes of other crackers are neither ethical or fearful of litigation and probably have far better "skillz" than you... yet in almost five years THEY have not produced a virus for the Mac... despite the underground acclaim that would be heaped on the successful cracker.
Again, you're not worth the effort for these guys. There simply aren't enough of you to justify.
More ad hominem attacks...
This is a statement of fact
28
posted on
04/06/2005 12:59:24 PM PDT
by
Bush2000
To: Swordmaker
29
posted on
04/06/2005 1:02:05 PM PDT
by
mercy
(never again a patsy for Bill Gates - spyware and viri free for over a year now)
To: HAL9000
That part is obvious. But you haven't told how you plan propagate it into Macs for execution in the first place, or how you plan execute it. You won't get your buffer overflow until the virus start running. And if your virus requires an escalation of access privileges, you'll have to figure out how to bypass the administrator password request, or trick the user into entering it.
Simple. Many (if not most) people download and install apps from the Web or open attachments. The fact that those Mac apps don't currently have viruses attached to them is just plain luck, so far.
The odds that you could write a successful Mac virus are about zero.
Bzzzzt! Nope, thank you for playing. The odds are far greater than zero. Remote attacks against XP SP2 aren't a realistic attack vector, thanks to the built-in firewall which shuts down practically all of the ports. Most people contract malware when they download and install software from untrusted remote locations. Unless Mac users never download software, they're at risk. And that risk is far greater than zero.
30
posted on
04/06/2005 4:23:53 PM PDT
by
Bush2000
To: Bush2000
Simple. Many (if not most) people download and install apps from the Web or open attachments. The fact that those Mac apps don't currently have viruses attached to them is just plain luck, so far. You are confusing terms, Bush... what you are describing is a trojan... an application that has to be welcomed into your computer that carries malware as either part of the package or is itself the malware. Trojans are certainly possible. However, we are talking about A SELF PROPAGATING VIRUS, capable of sending itself and infecting other machines.
Remote attacks against XP SP2 aren't a realistic attack vector, thanks to the built-in firewall which shuts down practically all of the ports.
And reports are stating that less than 20% of XP users have bothered to install SP2... and you are aware that OSX has a built in firewall also, one that is turned on by default, aren't you?
Most people contract malware when they download and install software from untrusted remote locations.
The few known exploits against OSX have been trojans... all two or three users who installed them were attempting to install supposed pirated software. However, once a Windows malware is installed it can and does download and install MORE malware. This would not be possible on OSX without an administrator password... which still doesn't provide root level permissions.
By the way, thank you for completing two responses without resorting to ad hominem attacks.
To: Bush2000
Simple. Many (if not most) people download and install apps from the Web or open attachments. The fact that those Mac apps don't currently have viruses attached to them is just plain luck, so far. Lame. You claimed you could write a virus, not a trojan horse. How about one of those Windows-style viruses that install and spread without user intervention?
32
posted on
04/06/2005 5:52:01 PM PDT
by
HAL9000
(Get a Mac - The Ultimate FReeping Machine)
To: HAL9000
The odds that you could write a successful Mac virus are about zero.
Wow, I like macs too man but you are going a little too far. There have been a number of remote exploits found - I remember reading about one some time ago where malicious DHCP responses could end up granting root access. I believe this was because Apple would trust the DHCP server the have "good" LDAP information, but it has been a while.
In addition Macs shared the same ssh vulnerabilities that most other UNIX systems had, and root access was certainly attainable with that.
The thing is that traditional virus development is down even on PCs. It is so much easier to just propagate malware. And Mac browsers had the same URI issues that the rest of PCs had as well right?
NO modern networked operating system is 100% safe from viruses. Especially when the languages involved don't check for things like buffer overflows themselves, there is always a chance for human error.
-paridel
33
posted on
04/07/2005 9:37:38 AM PDT
by
Paridel
To: Paridel
There have been a number of remote exploits found - I remember reading about one some time ago where malicious DHCP responses could end up granting root access. I believe this was because Apple would trust the DHCP server the have "good" LDAP information, but it has been a while. Yes, but DHCP vulnerability was difficult to exploit in the wild. It required a rogue DHCP server to be on the same local subnet as the target. It was not a suitable mechanism for spreading a virus.
34
posted on
04/07/2005 3:42:45 PM PDT
by
HAL9000
(Get a Mac - The Ultimate FReeping Machine)
To: HAL9000
It required a rogue DHCP server to be on the same local subnet as the target
OK, but the ssh wouldn't be too hard. The point is that no machine is perfect, and that is basically what you seemed to be trying to claim. Given enough desire or monetary gain someone could write a virus for the mac. Like I said though there are easier ways to go about it, if you just want to root a bunch of machines it is easier to go after PCs with malware, if you really want to hit macs go after macs with malware and have the user actively download it... and if you want data from a particular machine it is much easier to get physical access.
In conclusion all I'm trying to say is that
1. macs being a smaller target +
2. potentially more difficult to crack than PCs +
3. less individuals with knowledge of mac internals
!= it is nearly impossible to write a virus for a mac.
Again, I'm not saying macs are crap, I like them, I wish my relatives would use them so I would to spend less time cleaning up crap from their PCs. But they aren't impenetrable.
-paridel
35
posted on
04/07/2005 5:30:03 PM PDT
by
Paridel
To: HAL9000
It required a rogue DHCP server to be on the same local subnet as the target.
Just as a side note... sometimes machines on local subnet's can't be trusted. I was in a network programming class a couple years ago and a lot of students code was stolen via TFTP servers... in a lab that was firewalled so you had to be on the same local subnet there as well.
I personally had an individual steal some of my code through a similar method, and it was a pain in the neck to clean up (proofing that it was mine to begin with that is).
Any case where root access is possible is ugly, because this means that if a hacker had access to one machine on the subnet he could have rooted all of them.
-paridel
36
posted on
04/07/2005 5:34:15 PM PDT
by
Paridel
Navigation: use the links below to view more comments.
first previous 1-20, 21-36 last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson