“WHAT? Why would she have to do that. Wiping the hard drive and reinstalling is a simple task. “
No. Some keystroke loggers can reside in the hardware and swapping out the hard drive doesn’t remove them. Look up the topic on google.
My point is that a directed attack is easy on a Mac because the users hear that they don’t need to be concerned about security.
Hardware keyloggers are easier to remove than software ones. You simply unplug them. Unless you're talking about someone soldering something on. If you have physical access to the machine, no computing platform is secure.
If by "hardware based" you mean firmware, then whatever means was used to flash the firmware and install the keylogger can be used to flash the firmware back to normal. I can see circumstances where it makes more sense to replace the unit than to make the customer wait while you track that down, though.
My point is that a directed attack is easy on a Mac because the users hear that they don’t need to be concerned about security.
Directed attacks on naive users are easy, regardless of platform. To avoid malware on the Mac, don't download, install, and enter the administrator password for software of unknown provenance.
You said to Swordmaker — No. Some keystroke loggers can reside in the hardware and swapping out the hard drive doesn’t remove them. Look up the topic on google.
My point is that a directed attack is easy on a Mac because the users hear that they don’t need to be concerned about security.
—
LOL... you’re pretty funny here...
You say that someone can sneak into someone’s house, or else, be there when someone else isn’t around their computer and install a hardware-based keystroke logger — and that this represents some kind of special security risk for Macintosh users....
Excuse me..., I have to pick myself up off the floor from laughing so hard... LOL...
It goes to show you how desperate some people get trying to *show* that there is a big security risk for Macintosh users...
Ummm..., did anyone ever tell you that there is a risk to being robbed and things being taken out of your house, if you don’t lock your doors and windows?
I hear houses have a security risk, too... :-)
First of all, while there are commercial keystroke logger software apps available for OSX, they all require at least administrator access and passwords to install on a Mac. They do not install into any flash memory firmware.
To install any firmware patches to any Flash memory or writable ROMS on the computer itself would certainly require ROOT access, which is not activated on a default install Mac. The very few successful direct hacks of Macs did not achieve ROOT access, they merely got access at the level of the current user... and so far there have been no successful ROOT user access upgrade hacks.
Such hardware keyloggers would have to have their data stored and read on the physical machine... unless there were also malicious software installed on the computer to phone home over the internet to the hacker. That requires a more sophisticated attack. The only known firmware keylogger for Macs resides in the firmware of the keyboard. That one requires physical access to the computer or the keyboard to install. It is easily fixed by replacing the keyboard... or rewriting the firmware to factory specs, not replacing the computer. While the keyboard could be hacked, the code on the keyboard is not large enough or sophisticated enough to open a port to the external world through the internet and phone its data home. The hacker would have to harvest the data either through physical access of the computer, or by re-hacking into the computer to pick up the file. That's why it is not much of a risk.
I assure you if there were a hardware keystroke logger for OSX for the Mac that can install itself into the hardware itself I would have heard about it and it would be all over the blogosphere. This would be screaming headline news in the Computer punditry. The FUD spreaders would be all over it. It simply has not happened, Kirkwood.
Hardware keyloggers are USB dongles that plug into any USB port available. One installed on a Mac would be obvious and easy to remove. Some Macs have an internal USB port... but installing it would require opening the Mac, physical access. Removing it would be the same. Open the computer, remove the USB dongle. Again, not requirement to replace the computer. This sounds like urban legend stuff to me. . . and it doesn't even rise to that because urban legends would be being spread much farther than your claim.