Posted on 11/05/2015 11:57:39 AM PST by Swordmaker
5 times as much of it... though cyberthugs unsophisticated
Cybercriminals have stepped up their efforts to hack Apple devices because MacBooks are rising in popularity, both in homes and the workplace. Nearly half of organisations (45 per cent) are offering Macs as an option to their employees, according to stats cited by Bit9 + Carbon Black.
OS X vulnerabilities and malware have grabbed the security community's attention this year. One example is XcodeGhost, which inserts malicious components into applications made with Xcode (Apple's official tool for developing IOS and OS apps).
Additionally, it has emerged that OS X El Capitan, which launched in September, contains serious vulnerabilities in its Gatekeeper and Keychain features.
Flashback -- the biggest Mac infection vector to date, which infected 700,000 devices on the back of a Java-based vulnerability -- struck in 2012. What we're getting this year is therefore a higher volume of less infectious nasties.
Malware authors targeting Macs are using OS X-specific mechanisms, rather than typical UNIX persistence methods commonly present in traditional malware samples, according to the security software vendor.
Hackers are adopting a targeted approach to Mac OS X systems, undermining the comforting notion that Macs are much more secure than their Windows counterparts in the process.
There may be a far greater volume of Apple-biting nasties this year but Mac OS X malware still isn't that sophisticated. More than 90 per cent of the malware samples from 2015 analysed by Bit9 + Carbon Black were found to use an old load command that became redundant with the launch of OS X 10.8 in 2012.
Malware authors failed to begin using Apple's new load command until 2014, and even then it was found in only a tiny percentage of malware samples.
Whilst there are 13 documented persistence techniques used by malware to remain on the targeted system, the research identified that just seven were present in the vast majority of OS X malware samples examined. This lack of variation gives threat detection teams an easier ride, as there are fewer places they need to check for malware in comparison with Windows systems.
The report (registration required), --2015 -- The Most Prolific Year in History for OS X Malware -- is based on over 1,400 unique OS X malware samples, aggregated over ten weeks from independent research efforts, open sources, real-world Mac OS X incident response experience, peer research, black lists, and contagion malware dumps amongst other sources.
By comparison there have been more than one million samples of Android malware to date. Vendors largely stopped counting Windows nasties years ago, but where estimates exist, numbers exceed 20 million even on the more conservative counts.
Persistence means that malware stays on compromised systems after a reboot, a key goal for malware slingers whichever computing platform their creations infect.
I use Safari, FireFox, and Chrome, depending on the circumstances. At my office I need to use FireFox to pay a wage garnishee for an employee for childcare. . . But the California State Disbursement Office of Child Protection Services used Microsoft software to construct their dysfunctional payment website and it only works with either Internet Explorer on Windows or FireFox pretending its Internet Explorer. Their IT department claims they are Apple Mac and Safari compliant, but you cannot even log on, after it gives you a user name and password. Trying to talk to their customer service IT help phone line number gets you a recording that refers you to your local county Child Protective Services who refer you to the online customer service IT help phone line number that referred you to them in the first place. . . Email requests for help get an auto-reply referring you to your local county Child Protective Services . . . and so on. I have finally given up trying to contact anyone at the SDU. . . they simply DON'T want to talk to anyone, especially no one in their IT department wants to talk to anyone! All I can say is that their current website looks a hell of a lot better than the Ransom Note website it replaced. . . but that one at least worked with all browsers, even if it changed type faces every paragraph and font color every other line! Not to mention changing size, spacing, shapes, and location of buttons, and willy-nilly used radio-buttons, checkboxes, and drop menus randomly to take any required actions!
This has been going on now for four years. A phone call to Governor Brown's office got me a letter referring me to the online customer service IT help. . . You get the idea. All this despite the fact that consumer Mac and Safari usage in California is now approaching 35% and I assume that Mac users owe child support payments just as much as PC users. . . and by law, they have to be paid through the State Disbursement Unit.
So, I have to boot FireFox to pay one government required electronic transfer every time we do payroll. Pain in the nethermost oriface. . . Not a big deal, but it works.
Safari in developers mode can ALSO pretend to be Internet Explorer, sending all the identifying markers a normal website expects. . . but the SDU won't work in that mode with Safari either. . . and several times, it's even balked at working with FireFox. . . then I have to use our VIrtual Windows machine actually running Internet Explorer to make that damn garnishee payment withheld from our employee's pay!
We keep that VM PC running because of only one other website that was also constructed using Microsoft software and it's mission critical. . . and it won't work with anything except Internet Explorer running in a legitimate copy of Windows. Absurd requirement, but their IT director is a real Microsoft snob and absolutely refuses to change.
It’s all they have left.
J ust
A nother
V ulnerability
A nnouncement
I read your post twice. Kind of hilarious that they are too lazy to make their system usable with other browsers. Result: Them not being Mac/Safari accessible after all the billions Apple has poured into the California tax coffers.
Ya can’t get no respect! From that State of California agency at least!!!! :)
Firefox does not comply either unless (maybe sometimes) you using it in Explorer emulation mode....which I was not aware you can do
All other State of California websites are fully Acid 3 compliant as far as I've been able to ascertain, except this one. . . and it's only Windows compliant.
... which was designed by three guys on acid.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.