Posted on 09/19/2005 2:09:19 PM PDT by Panerai
Mac users are operating under a false sense of security, according to Symantec, and Firefox users will have to recognize that the open-source browser is currently a greater security risk than Internet Explorer.
Symantecs latest Internet Security Threat Report, published Monday, found evidence that attackers are beginning to organize for attacks on the Mac operating system. Researchers also found that over the past six months, nearly twice as many vulnerabilities surfaced in Mozilla browsers as in Explorer.
It is now clear that the Mac OS is increasingly becoming a target for the malicious activity, contrary to popular belief that the Mac OS is immune to traditional security concerns, the report said.
Symantec said OS X - based on BSD Unix - now shares many of the security concerns affecting Unix users. As Mac OS X users demand more features and implement more ports of popular UNIX applications, vulnerabilities and exploits targeting this operating system and its underlying code base are likely to increase, Symantec said in the report.
The number of security bugs confirmed by Apple has remained about the same over the past two six-month reporting periods, with no widespread exploits, Symantec said. But an analysis of a rootkit called Mac OS X/Weapox - based on the AdoreBSD rootkit - indicates the situation might not last much longer. While there have been no reports of widespread infection to date, this Trojan serves to demonstrate that as Mac OS X increases in popularity so too will the scrutiny it receives from potential attackers, the report said. Mac users may be operating under a false sense of security.
(Excerpt) Read more at macworld.com ...
I'm in exactly the same boat. In 23 years of moderate to heavy computer use, to my knowledge none of my Microsoft OS computers have ever been infected. I've been emailed many viral attachments, but was never careless enough to open one. I always kept my AV software updated and promptly installed OS patches. Doing "the basics" has worked well for me.
There was some luck involved. I have run code that might have contained viruses, that I downloaded from sources that seemed OK, but might not have been.
Each situation is different. For example. Outlook Express is "defaulted" not to load images, scripts, and music within e-mails, unlike "yesteryear" when OE users experienced "content rich" e-mails in all their exploitative glory.
Windows Update provides yet another hurdle to overcome. When you first go there, you get a browser redirect error page that simply states that "Your browser security settings are set too high", and guides the user on how to allow ActiveX content from Microsoft only, to be allowed to install and execute.
My point is, one has to be savvy enough to understand all of that.
Symantec, is merely plugging their product, because they are in the business of making money.
Just what I was thinking!
Given the behaviour on how Symantec's product detects a higher than normal "false positive" virus report, it's most likely true. PC Magazine ran a bench test of all the AV software out there when AVG came onto the scene, and Symantec scored toward the bottom of the list of about a dozen or so AV products out there. They concluded that Symantec detected a higher rate of "false positives" then the rest. AVG ended up being the "Editor's Choice" in that bench test.
Head in the sand?
Hackers will attack solely based on the number of users of an OS.
Any OS is crackable. The widespread deployment is the ONLY reason Microsoft products are repeatedly attacked. Open Source will just give them some more keys.
Another shot fired in the OS war bump.
Wrong
What's right?
The claim that popularity is the ONLY reason for attacks assumes that all platforms are equally vulnerable and designed equally. This is not the case. Each OS is designed differently with different strengths and weaknesses.
MS' weakness is security because its strength is ease-of-use and backward compatibility. Windows (and DOS beforehand) was/is designed for use by a single user at a single computer. During the initial design of DOS, the Internet was not even conceived, thus they didn't design for multiple entrances into a machine.
Also, they marketed the fact that each new system of DOS and windows would be backward compatible. Because of this, they needed access to certain ports and protocols. These ports and protocols allow access to portions of the OS/computer that external users should have access to.
OSX and other *nixes were built from the ground up with networks and multi-users in mind. This allows better security (note that nothing is totally secure at this point), and better design in terms of what program is allowed access to sensitive portions of the OS and computer.
As long as you don't log in as an Administrator, OSX programs do not have access to OS files, which is why there are not viruses on OSX.
http://ptech.wsj.com/archive/ptech-20031023.html
20 years as a Mac user and no virus protection (tried it once but it slowed my computer) and never had a virus.
Using Safari browser still and am happy with it.
OSX and Linux are nowhere near hack free and when it does get hacked it is far worse.
(Credit card breach exposes 40 million accounts In what could be the largest data security breach to date, one has their eye on the Windows machine, some one's sneaking in thru a Unix/Linux backend.)
If you keep DOS OS ie. Windows 98 which cannot be truly secure too long you are just asking for big trouble. And who's fault is that. The Internet is just like asking Chester the Molester into your home.
You just don't hear much about anything but Windows hacks.
Kind of like the MSM vs Republicans.
cell phone viruses exploit elements common to groups of cell phones: the protocol used, bluetooth, etc... These things transcend the manufacturer.
As Mac OS X users demand more features and implement more ports of popular UNIX applications, vulnerabilities and exploits targeting this operating system and its underlying code base are likely to increase, Symantec said in the report.
In other words FUD... Fear, Uncertainty, and Doubt... and incedentally, "Please buy our Mac anti-viral program... please... please... pretty please."
If you want on or off the Mac Ping List, Freepmail me.
Symantec's warning is just being made just in the public interest, right? I mean they are just a caring, unbiased observer right? I mean they take money for their security programs with only the greatest reluctance and all that, right?
< /sarcasm>
Personally, I think users of alternate OS'es are a touch overconfident about security issues. On the other hand, Symantec hasn't made a single product worth having for about six or seven years now. Seriously, their stuff blows any more, so they may be getting a bit desperate for new markets.
It was in full use by military, contractor and educational institutions. I was using it in that state. And it was run by UNIX. Is it any surprise that UNIX machines fare better in the Internet?
I remember when Norton/Symantec rocked. Their disk utilities were indispensable (defrag, error checking, and even setting the interleave on old drives), and their Norton Desktop made Windows 3.1 almost bearable (and zip files as folders didn't come back until Windows XP). But I haven't bought any of their products in years.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.