Posted on 04/30/2005 1:52:59 PM PDT by Swordmaker
INCREASED MAC OS X HACKING ACTIVITY
Current Assessment: Hype
Current Assessment Date: 04/06/2005
Executive Summary:
The attention devoted to the non-existent Mac OS X malicious code "problem" during the past several days is not warranted. However, it is possible to configure or use a system running Mac OS X in such a way as to make it vulnerable to malicious attackers. Proper configuration and use is critical with all Internet-connected devices.
Threat: Low
Vulnerability Prevalence: Low
Cost: Medium
Details: The past several days have seen a rash of technology press stories regarding Mac OS X ("ten") malicious code (malcode) and hacking. The stories originated with a security vendor's threat report that mentioned a number of vulnerabilities in the OS as well as the potential of increased malcode development as OS X's adoption rate increases.
Despite the low threat rate of OS X vulnerabilities and the non-existence of OS X malcode in the wild, many of the press took this as an opportunity to write misleading stories about the "problem" of Mac OS X malcode.
The hysteria was exacerbated when a research group released a document about the potential future development of spyware for OS X. Despite the fact that OS X spyware is not widespread (some argue that it doesn't exist at all), several stories appeared about Mac OS X's spyware "problem".
When a vendor that manufactures accessories for Apple products challenged the general public (and in particular the company that released the threat report) to write a Mac OS X virus (offering a cash bounty for the winner), more misleading stories began to circulate.
The vendor withdrew the challenge upon realization that they were offering money in exchange for illegal activity.
While irrelevant stories about Mac OS X viruses and spyware occupied the front pages of technology news sites, systems running the operating system were being compromised; however, they were not being compromised by viruses and spyware.
A default Mac OS X install results in a system that is resistant to common remote attacks, but it is possible to make configuration changes to that default installation. Poor configuration and usage of Mac OS X can result in undesired remote system access.
Many recent reports of OS X compromises appeared to result from poor configuration of Apache (the web server included with OS X) or a non-upgraded and enabled awstats (a log file analyzer). Apache can be configured (for better or worse) via OS X's graphical interface, as can file sharing, anonymous FTP, and SSH. Weak passwords for SSH and other remote access services can and often do allow unwanted access to a computer. Disabling and not using Software Update can result in unpatched vulnerabilities. OS X's command line utility and Unix-based kernel allow even more opportunity for a user to make his or her computer an easy target for malicious attackers. Exploit code for Mac OS X is being developed on a regular basis to take advantage of poor configurations.
Since OS X runs on a Unix-based kernel, it may be susceptible to future attacks intended for other Unix-based systems. It will not be susceptible to all such attacks, however, due to differences in its operating system and hardware architecture. Those differences may also be used to refute the oversimplistic argument that an increase in the OS X installed base will translate to the same rate of malcode that other operating systems experience.
Mitigations:
Mac OS X's default security should not be loosened unless the user has a need that necessitates it and understands how to properly configure the desired service. Strong passwords should be used for system accounts (especially if they are remotely accessible). The root (superuser) account should not be enabled. Software Update should be used on a regular basis (preferably with automatic update on). The built-in firewall should be enabled with only necessary port traffic allowed. Home directories should be encrypted with FileVault, especially on multi-user systems.
While no OS X viruses have been found in the wild, rootkits and trojans have been developed that could be utilized to compromise a system; however, owner assistance (or physical access to the system) is necessary for those attacks to be successful. Users should not open unexpected email attachments or untrusted applications.
OS X users in a corporate environment should be encouraged to run antivirus software if there is a significant possibility that they may pass along macro or email-borne viruses to Windows-using colleagues. Subscribers to Apple's .mac service have free access to antivirus software. Before installing any software on a system, its resource use and impact on system stability should be evaluated against its usefulness.
OS X users should not become so smug as to reject the concept of viruses and worms existing for their chosen platform in the future. However, they are currently far more likely to become victims of malicious attackers due to poor system configuration and use than because they are not running antivirus and spyware protection software.
If you want on or off the Mac Ping List, Freepmail me.
If I was really conspiracy minded I would say MS is paying them. :)
Thanks
I appreciate your pings and often forward them to my hubby!
If I were a hacker I would target MAC OS just to wipe the self satisfied complacent smile of smug superioroty of the faces of MAC users everywhere.
WTF??? One of the first things you should do on a new install is to enable the root account and give it a secure password - better that YOU do it before someone ELSE figures out how to do it remotely.
They must mean that you should not be internet-connected while you're the root user.
Thanks for the ping...
If you were good enough to hack it, you'd have a right to be proud.
I think they mean "lock" the root password, so that there is not a way to login as the root user. This way you must first log in as a normal user and then type the root password to do certain operations - thus two accounts need to compromised, not just one.
Okay. All systems whether mechanical or biological have weaknesses and flaws. With enough interest and effort, it is bound to happen. Returning to news.
Well, not being a geek, I wouldn't know about that. But I seriouly doubt that any sytem is unhackable, given enough determined hackers with enough incentive to do it.
I think a lot of knowldgeable people will agree that one reason Macs have been spared thus far is because of its limited market penetration -- especially in the business world.
You might be interested in reading this post. It applies to your claim as well.
Don't make me laugh so hard!!!
Herein lies the problem - the end user. This is how 90% or more of the worst problems occur as a general rule.
If you were a girl. would you throw acid in the face of anyone prettier than you?
I take your point, but personally I think your analogy fails on several levels.
But thanks for playing.
A "knowledgable" person was quoted by a leading magazine as saying "While it is probably possible to create an OSX virus. on a scale of one to ten the degree of difficulty is a nine." When asked where Windows was on that one to ten scale he replied "About two."
As to the "security by obscurity" canard... in the past year, hackers have targeted a router with fewer than 25,000 installed base and a cellular phone with fewer than 100,000 installed base. There are currently about 14,000,000 OSX Mac users... Newsweek cited 25,000,000 in an article last week... and there has never been a OSX virus seen in the wild. OSX has been out over 4 years... and no viruses or worms. Only two trojans have been reported. No spyware aside from tracking cookies has been discovered.
The real problem with writing a self-propagating virus or worm is the vector... how does it spread? Macs are designed to prevent this.
I think a lot of knowldgeable people will agree that one reason Macs have been spared thus far is because of its limited market penetration -- especially in the business world.
You are correct: no system is unhackable - not even OpenBSD. That being a given, OSX is a very secure OS.
I seriouly doubt that any sytem is unhackable
Hackers are just sociopaths; the reason for our smiles is that hackers are naturally attracted to that other platform.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.