[liq2]

Hello all,

Working at a leading Network Security Company, I hear all the dirt as soon as it comes out. Here's a link from Wed am, that is making news with OS X.

Would love to hear some thoughts on this article.

http://www.securityfocus.com/news/11359

[production_coordinator]

From the article: "We are not pointing at the entire Mac OS X and saying you have to worry about the entire operating system," he said. "It is just that the Mac OS X is not entirely free of troubles."

It sounds less like they are saying "OS X is full of holes" and more like "OS X isn't perfect"

Anyone that says OS X is bulletproof regarding viruses and Trojans is kidding themselves.

[kcmac]

Originally Posted by liq2

Hello all,

Working at a leading Network Security Company, I hear all the dirt as soon as it comes out. Here's a link from Wed am, that is making news with OS X.

Would love to hear some thoughts on this article.

http://www.securityfocus.com/news/11359

You work at one, you tell us...

[tooki]

It's just FUD. The pull quote in that article says that it is "no longer true" that you are secure by running OS X. In fact, OS X is, if anything, more secure now than it was in the past.

Is it perfect? Of course not.

But the fact remains that while all these exploits have been identified, none of them have actually ever been exploited. Even the rootkit that people always bring up has to be manually installed by a user who explicitly grants the script administrator privileges. Hardly a real danger.

tooki

[mrmister]

What a crappy article--it's almost entirely content-free.

[liq2]

Unfortionately with the way that expoits are being created at an alarming rate, best guess is that within the next 6 months we can see some serious exploits coming into play. It is becoming easier to write these in a manner that allow them to exploite several different browsers with one packet. Firefox has had several major events in the last month, it is only a matter of time before safari is more specifically targeted. Only an IPS/IDS will prevent this.

Saying that the article is crap is exactly the kind of attitude that gets people in the industry in seriuos trouble. I can't tell you how many people I talk to at banks, hospitals, and government facilities everyday that think that because of what they are running on their machines or the fact that they have a firewall are "safe". Remember these are the people housing YOUR information!

We are in a new age of crime and we just need to stay ontop of it as a community.

[liq2]

BTW here is another new one. No exploit yet, just thought i would add it in:


Apple Mac OS X Java Remote System Access
-------------------------------------------------------
[Threat Summary]: Java could be exploited by remote attackers to place and execute malicious files on a vulnerable system.
[Affected Systems]: Mac OS X
[Impact]: Remote Code Execution
[Resolution]: Apple has released a patch
[Read More]: http://docs.info.apple.com/article.html?artnum=302913

[cybergoober]

Originally Posted by liq2

BTW here is another new one. No exploit yet, just thought i would add it in:


Apple Mac OS X Java Remote System Access
-------------------------------------------------------
[Threat Summary]: Java could be exploited by remote attackers to place and execute malicious files on a vulnerable system.
[Affected Systems]: Mac OS X
[Impact]: Remote Code Execution
[Resolution]: Apple has released a patch
[Read More]: http://docs.info.apple.com/article.html?artnum=302913

Emphasis mine

[ghporter]

I think this is less FUD and more a realization that a lot of people think OS X is invulnerable, invincible, and makes your dishes nice and shiney too. Realistically ANY OS is vulnerable at some level to some sort of exploit. OS X is pretty tough, though, and it's built around a very well designed and secure framework, so it's not an accident waiting to happen. I wish EVERY Mac user would at least acknowledge that user behavior is important to computer security, and abandon the idea that just because they're using a Mac they're safe.

Realistically, there are no current threats in the wild, and any really important threats are going to be at least a long time coming because of how OS X is built. That doesn't mean that there isn't an exploit sitting there waiting for the right circumstances to pounce, just that we're not in the same boat as Windows users-and that's at least mostly because Windows is such a juicy (and well known) target. Also note that there have been a number of security updates to the OS without any "major incident" being the proximate cause of these updates' release. That's another plus mark for Apple.

Feeling safer because you use a Mac is fine. Feeling three meters tall and covered with adamantine armor because you use a Mac is dumb. Be careful, don't help others spread Windows crapware, and don't be amazed when (not if) you hear about a real OS X exploit-even if that's 15 years from now and we're all using OS XX!. (I hope they move to Arabic numerals before the thirtieth OS comes out... )

[osxrules]

Realistically, any system is at most as secure as the person running it. If you download files from an unknown source and run an installer, the installer could ask for your admin password and it could install some hidden program or change a configuration that would compromise your system without you knowing.

People have been able to compromise government computers with similar techniques.

Does this make OS X any less secure? No, because there isn't a system that you can make to a certain level of functionality that cannot be compromised. However, OS X, being built on a tried and tested unix base offers the most protection from intrusions out of any of the currently available systems.

But even so, Apple makes a slip up now and then too:

http://secunia.com/advisories/11622/

but again, they issue fixes pretty quick.

[ghporter]

Originally Posted by osxrules

but again, they issue fixes pretty quick.

This is the big difference between platforms: Apple is not only proactive in fixing potential security problems, but upfront and active when actual problems crop up. MS is most likely to try tokeep problems quiet, even when they have a fix on hand and ready to distribute. They don't want to give the script kiddies ideas when they know that a good percentage of Windows users (particularly corporate IT shops) don't bother to patch things until there's a real threat to patch against, and letting everyone know "we found a problem and here's a patch to fix it" may point the kiddies in the "right" direction.

Your other point involves "social engineering." In computer circles it relates to a bad guy convincing the victim to victimize himself. The bad guy makes it look like the malware is really something else, and the victim installs it without enough critical thinking. Remember all the porn-based exploits against Windows a few years ago? That's a low-level version of social engineering. It's always a good idea to verify where something came from and who says it's OK before you install it-no matter what it is and no matter what platform you're on.

[drnkn_stylz]

So basically this article is saying that there are way of exploiting OSX, but they're still pretty minimal and not really dangerous. Still about 104478028922x better than Windows.

Would it be worth it getting some software like NetBarrier?

[ghporter]

Always use the OS X firewall. It can't hurt anything, it's built in and free, and you won't have to do much more than to tell it "go for it" for the firewall to protect you. I recommend buying or downloading a decent antivirus package; I like Symantec, but the Norton-branded Mac product appears to be dog doo from what I hear here. Of course I'm paranoid-and I've been professionally responsible for protecting hundreds of corporate computers, so I come by that naturally.

You're right that just using a Mac makes you lots less vulnerable than a Windows user is, but don't get to feeling invulnerable. Be suspicious of weird emails and funky web page behavior. Do not give your admin password to any process or program that YOU didn't INTENTIONALLY start-and always be aware of what it is you're running when you start a program. You don't have to be paranoid to be careful.

[SMacTech]

Originally Posted by ghporter

I recommend buying or downloading a decent antivirus package; I like Symantec, but the Norton-branded Mac product appears to be dog doo from what I hear here.

Friends don't let their friends drink n' drive, nor should they recommend anything Symantec makes for Macs.

[rlmorel]

Originally Posted by liq2

Unfortionately with the way that expoits are being created at an alarming rate, best guess is that within the next 6 months we can see some serious exploits coming into play. It is becoming easier to write these in a manner that allow them to exploite several different browsers with one packet. Firefox has had several major events in the last month, it is only a matter of time before safari is more specifically targeted. Only an IPS/IDS will prevent this.

Saying that the article is crap is exactly the kind of attitude that gets people in the industry in seriuos trouble. I can't tell you how many people I talk to at banks, hospitals, and government facilities everyday that think that because of what they are running on their machines or the fact that they have a firewall are "safe". Remember these are the people housing YOUR information!

We are in a new age of crime and we just need to stay ontop of it as a community.

Just curious...what did you base your six month estimate on?

Was it anything more than a warm fuzzy feeling?

Your code/virus expertise?

[rlmorel]

Originally Posted by SMacTech

Friends don't let their friends drink n' drive, nor should they recommend anything Symantec makes for Macs.

I am with you on that.

[TheSpaz]

I'm sick of seeing these discussions... we all know that just because there's no viruses for Mac OS X now... doesn't mean that Mac OS X is invincible.

[ghporter]

Originally Posted by SMacTech

Friends don't let their friends drink n' drive, nor should they recommend anything Symantec makes for Macs.

I've done well with the Symantec corporate product, but I can't say the same for any of their other products for the Mac... I don't recommend any of their "system utilities" for example, because they do Bad Things to Macs. But as I said, I have done well with Symantec Corporate Security.

[cybergoober]

No problems running Symantec Antivirus 10 here. Actually we HAVE to run it on all our systems, so as to not accidentally forward nasties to our PC brethren, so I have no choice in the matter. Though like I said, no issues here...

*knocks on wood*

[Grrr]

Originally Posted by drnkn_stylz

So basically this article is saying that there are way of exploiting OSX, but they're still pretty minimal and not really dangerous. Still about 104478028922x better than Windows.

To the power of 927.333333